The most common methods and techniques of risk identification
Observation
- A basic technique to start with if you have nothing else. A risk list based on practice and observation will certainly be a good starting point
Brainstorming
- Brainstorming is usually the second technique that pops to mind when it comes to risk identification.
- One of the best techniques.
- Plan your brainstorming questions in advance.
Incident analysis
- If you have an incident log available, this is a great starting position. From them, you can definitely identify the risks due to which incidents have occurred.
- This is a good way for example for OSH (work accident analysis) or for IT security (security incident analysis) or analysis of insurance claims.
Process analysis, know your processes
- Poor processes are one of the key sources of risk and therefore process analysis is a useful resource for their identification
Asset analysis, know your assets and workplace
- Like processes, assets are also a key source of risk. It is a common method in information security. For example, dangerous factors in the workplace.
Interviews
- Select key stakeholders. Plan the interviews. Define specific questions. Document the results of the interview.
Checklists
- If your company has a list of the most common risks. It is recommended to use risk checklists that are common in your industry (industry standard list of risks)
Threats and Vulnerabilities analysis
- Risk analysis technique is usual in IT security risk management
Affinity Diagram
- This technique is a creative and beneficial exercise. Similar to common brainstorming. Participants are asked to brainstorm risks.
- I ask participants to write each risk on a sticky note.
- Then participants sort the risks into groups or categories.
- Finally, each group is given a title.
Cause and effect diagrams
- Cause and Effect diagrams are a powerful source for risk identification. You can use this simple method to help identify root causes that give rise to risks. And if we address the causes, we can reduce or eliminate the risks