Your Cart

Effective Risk Management

Identifying Threats and Opportunities


Each project operates in a particular environment; external and internal factors may influence the project risk assessment. Project teams need to decide which tools, templates, and techniques to use for risk assessment and associated structured questions. A project team can pinpoint potential threats and opportunities by going through the risk identification process. This empowers the team and stakeholders to gauge the project’s risk exposure and make informed decisions.

As project managers, our goal is to understand the risk before taking any action. This article explains the most effective way of identifying threats and opportunities. Without identifying the risks properly, project teams cannot evaluate the impact of specific categories of risks (process, technology, task, and structure) on project performance.

Introduction to Effective Risk Management

To succeed, projects and programs require thousands of things to go right. To fail, only one thing needs to go wrong. The aim of risk management is to utilize tools, templates, and techniques, accompanied by structured questions, to help a project team recognize potential risks, threats, or opportunities. This process allows the team to comprehend and evaluate the project’s level of risk exposure. In addition, secure support and agreement from all concerned parties.

Risk management is an ongoing process carried out continuously throughout the project lifecycle to develop a compressive list of all known uncertainties that could impact the portfolio, program or project. We cannot effectively mitigate, act upon, expand, or transfer risks without first identifying risks correctly. Improper risk identification means that we might experience more and more risks in our projects and spend time resolving symptoms and not the root cause of the problem. There is lots of data to prove this theory; we can accept it as a fact. It is not “unknown” anymore. There are many horror stories to share as examples, from NASA’s launch of the Mars Orbiter to canceled big mergers or failed enterprise system rollouts. According to the PMI’s research published in the Pulse of the Profession 2018, “10% of every dollar is wasted due to poor project performance— that’s $100 million for every $1 billion invested”.

Implementing Risk Management

One of the main reasons projects fail is that we are not properly identifying threats and opportunities. As a result, too much money is wasted on reactively addressing and mitigating risk symptoms, not root causes, and not identifying the correct threats and opportunities. We have to consider not just the project cost; operation resources will be called upon if there is a major problem. Spending time on avoidable tasks causes unnecessary delays in project implementation and leads to re-work. This can result in lost opportunities and unrealized value. Imagine the value added when you have a simple, consistent, replicable risk management approach that all team members could utilize to tackle unknown risks. Successfully identifying and managing risks in projects is one of the few ways to prove yourself and gain recognition within your organization. Just picture the ability to efficiently identify and handle complex risks, resolving them promptly with the agreement and dedication of all parties involved. In that case, it brings positive recognition and will impact your well-being.

There are a wide variety of methods, approaches, tools and techniques to use to identify threats and opportunities. However, good risk identification practices follow the divergent and convergent thinking process regardless of which tools and techniques you use. Our goal is to use divergent and convergent thinking with experts to gather data and find innovative solutions.

Divergent and convergent thinking

This approach was developed to help identify potential threats and opportunities in any situation. Divergent thinking focuses on gaining a comprehensive understanding of the problem at hand. It involves breaking down a given problem. The aim of doing this is to get insight into the various aspects of the risk. This process is spontaneous and helps to generate different ideas for the risks considered. Convergent Thinking generates and evaluates expert guesses to narrow down appropriate responses and resolutions. It involves organizing the ideas and information generated during Divergent Thinking to identify whether it is a threat or opportunity.

Whether you are using SWOT, the root cause or assumptions and constraints analysis, or employing prompt lists or checklist tools. This approach uses commonly structured questions to guide you and your team through the identification phase quickly and effectively. The idea behind this thinking is to encourage team members to ask the right questions to generate quality data. Thus promote intuitive deductive reasoning from Subject Matter Experts to reach a conclusion.

The most basic purpose of critical thinking is to ensure that the right information sources are to answer pre-defined questions. Recognizing the situation would enable the project team to have a successful solution. In addition, this approach would empower project managers to reach out to stakeholders. This would stimulate innovative thinking and identify threats and opportunities in less time with fewer resources.

The steps to apply this approach are quite easy:

  • Gather the right people; if you are unsure who these people are, gather everyone related to the risk type you assess.
  • Ensure everyone involved in the process receives the same information and shares their ideas with the group.
  • The information generated should be visible to all interested parties to help the team arrive at a commonly supported list.

Our goal is to understand the risk before taking action and collaborate with the correct resources to increase success. Remember, it is not about bringing the “best brains” but rather a case of the “most appropriate” brains.

Using a common divergent and convergent thinking approach and metalanguage* enables the team to quickly and accurately identify threats and opportunities. This approach works for any situation, no matter your role. Try it out and let us know how it works for you!

If you are interested in learning more about our customized workshops on Risk Management, contact us.


  1. Metalanguage: Metalanguage is a type of language used to describe and discuss language itself. It includes concepts such as grammar, syntax, and semantics. It can also refer to the description of any domain or knowledge area, allowing us to understand that domain better. Using metalanguage in your team discussions helps everyone speak the same language and arrive at a shared understanding. This leads to a more precise analysis of threats and opportunities. Additionally, metalanguage increases the efficiency of communication, as it helps team members communicate precisely what they mean with fewer words. Ultimately, this approach enables teams to work quickly and accurately in any scenario. Try using metalanguage on your next project! Risk Metalanguage offers a useful way of distinguishing risk from its cause(s) and effect(s). It describes each risk using a three-part statement: Cause (fact or condition), Risk (Uncertainty) and Effect (Possible result).
  2. Reference: The Standard for Risk Management in Portfolios, Programs and Projects (2019)
  3. This article was initially published at PMI Risk Management Professional Exam Community.

Any questions? Drop us a line here.