Project risks should be documented in the risk register, a list of all of the identified risks, their root causes, categories and responses. Because the assessment of risk is an on-going activity, the risk register will be updated continuously throughout the life of the project.
All project team members should be encouraged to identify risks and this is an iterative process because new risks may become known as the project progresses. The process of identification should involve the project team so they can develop and maintain a sense of
ownership and responsibility for the risks and associated risk response actions.
The risk plan defines the level of risk that is considered tolerable for the project, how all this will be managed, who will be responsible for them, what time and cost is needed for each, and how risk will be communicated.
The stakeholder register lists all of the project stakeholders as well as describing and classifying them. This information will be useful in soliciting inputs for identifying risk, as it will ensure that key stakeholders participate in the process. Other elements of the overall project plan that describe how cost, schedule and quality are to be managed and implemented will have a bearing on project risk, as will information on how project human resources are going to be defined, staffed, managed, and eventually released.
The scope of the project in terms of the products to be created and the activities required will be a source of risks. Any estimates of cost and duration are useful in identifying risk as they provide a quantitative assessment of the likely cost to complete scheduled activities. Reviewing these may indicate that the estimate is insufficient to complete the activity and hence poses a risk to the project. These include, assumptions log, work performance reports, earned value reports, network diagrams, baselines, and other project information proven to be valuable in identifying risks