The initial risk identification can involve a combination of one of the following activities:
- Environment scanning and corporate appraisal.
- Market intelligence gathering and management information system.
- Critical incident investigation.
- Process audit.
- Periodic checks and inspection.
- Examining project plans and supply chain maps for identifiable vulnerability.
- Conducting formal risk assessment especially for high value projects.
- Employing 3rd party audit and risk consultants.
Risk identification should be an on-going process as the organization‘s contractual risk profile may continually change presenting new risks or turning slight risks into potential crisis. A comprehensive list of identified risks should be compiled on a risk register for major