Community Discussions:

Communication is one of the most important features of the communities, and the community discussion forums lets you interact with your peers around the world. Ask a question, share insights and experiences, and develop best practices.

Want to take advantage of this great feature? Login or join PMI to gain full access to this community.

Already a Member?

Login
Not a Member Yet?

Join Now
If you have any questions, please contact us at vcpsupport@pmi.org

Active Forums

Minimize
Taxonomy-Based Risk Identification
Last Post 26 Dec 2013 12:33 AM by David Hillson - The Risk Doctor. 10 Replies.
Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
Craig Jones, PMP New Member New Member Posts:6

--
07 Sep 2010 08:12 AM
    Is anyone using Taxonomy-Based Risk Identification to identify sources of risk in their projects?

    Definition: taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.

    To me this sounds very much like using a risk breakdown structure (RBS). How many risk practitioners are using a set of questions based on a RBS or a Taxonomy?
    Steven Peck New Member New Member Posts:15

    --
    21 Sep 2010 06:47 PM
    Most of the big four's enterprise risk based consulting practices use this approach to indepdently assess risk on projects for clients. The risk templates spans across many levels of an organization and type of project and phase. I know of many of my clients have developed their own standard risk assessment templates and you will see them used a lot by the internal audit groups within the organization. The benefit is that these templates help organize risks into specific areas that also have "default" response plans associated with them. It also allows some comparison of projects from a risk basis across the portfolio due to the use of standard classifications of risk areas. I would agree that these are flattened Risk Breakdown Structute (Risk RBS) and recently I have started to see clients use Risk RBS to illustrate risks.

    However, this is not to suggest that these templates are exhaustive or all-inclusive. Like any best practice they must be adapted and made to fit the specific project, and organization. There is never a one size fits all template. Risk templates cannot replace experience and professional judgement which are important inputs to risk identification.
    David Hillson - The Risk Doctor Basic Member Basic Member Posts:143

    --
    22 Sep 2010 06:08 AM
    I invented the Risk Breakdown Structure (RBS) in 2001 specifically to provide a consistent taxonomy of risk sources. The original papers can be downloaded free from the Risk Doctor website http://www.risk-doctor.com/ (go to Publications area, use the Search function and enter RBS). the RBS has become recognised as a powerful aid to the risk process, assisting with risk identification, assessment of risk exposure, finding root causes, developing generic risk responses, and structuring lessons learned. It is widely used, in my experience.

    I also developed a risk id checklist based on a generic RBS, which appears in Appendix A of my 2007 book "Practical project risk management: The ATOM methodology" (Figure A.2). A cut-down version can be downloaded from the templates area of the ATOM website at http://www.atom-risk.com/templates.html.

    Hope this helps. DH
    Craig Jones, PMP New Member New Member Posts:6

    --
    28 Sep 2010 08:00 AM
    Thanks for the discussion. I really like the RBS methodology. To me it clear and easy to focus in on root causes of risk.
    Edmund Conrow New Member New Member Posts:22

    --
    20 Nov 2010 02:17 PM
    Taxonomy-based techniques are widely used on for software risk identification and other forms of risk identification. Three widely cited references that have been used on numerous actual projects for software risk identification are contained in:

    Boehm, B., “Software Risk Management,” Institute of Electrical and Electronics Engineers Computer Society Press, Los Alamitos, 1989.
    Carr, M., Konda, S., Monarch, I., Ulrich, F., Walker, C., “Taxonomy-Based Risk Identification, Technical Report,” CMU/SEI-93-TR-6, Pittsburgh: Carnegie Mellon University, 1993.
    Conrow, E., and Shishido, P., “Implementing Risk Management on Software Intensive Projects,” IEEE Software 14(3): 1997, pp. 83-89.

    The taxonomies contained in the above three references are in varied levels of completeness and sophistication. It might be helpful to compare the three taxonomies against each other both for application to candidate projects of differing levels of size, complexity, etc., and to see how they can be modified for non-software projects. The project manager for a complex $250 million USD software development project remarked that he would immediately apply the Conrow and Shishido approach to his project (the very same day he first discovered it). I had to politely remind him that one pitfall of taxonomies (and checklists) is that the user/analyst doesn’t fall into the trap that the approach contains all of the items/questions that need to be queried for risk identification. This will almost certainly lead to candidate risks being missed and later coming back as very expensive issues or problems to resolve. Hence, while taxonomies can be helpful for risk identification they are never self-sufficient or complete and the user/analyst must “think outside of the box” and ask questions like “what other potential items or concerns may apply,” “how should the taxonomy be modified for our particular project to account for XXXX, YYYY, etc.” and so on.

    Regards,
    Dr. Edmund (Ed) H. Conrow, CMC, CRM, PMP
    INCOSE Fellow (Risk Management, and Cost, Performance, Schedule Trade Methods)
    www.risk-services.com
    David Hillson - The Risk Doctor Basic Member Basic Member Posts:143

    --
    06 Dec 2010 10:52 AM
    These are rather old refs though (1989, 1993, 1997), and things have moved on a bit since then don't you think?
    Robert Higgins New Member New Member Posts:14

    --
    06 Dec 2010 01:26 PM
    I think that as a starting point time does not impact a taxonomy. But I propose that the Risk Management COP should utilize the WIKI feature http://risk.vc.pmi.org/Community/Wikis.aspx to create a live dynamic RISK ID taxonomy.
    Edmund Conrow New Member New Member Posts:22

    --
    08 Dec 2010 08:02 PM
    Thanks for your interest in risk identification taxonomies.

    The basic nature of a subject-specific taxonomy will not substantially change with time unless major technological, design, or other advances occur. (For example, a number of new software development environments should be examined to see how they would contribute to and/or modify the three software taxonomies I supplied references to. However, even with these new software development environments, many of the items listed in the three taxonomies will still be valid.) There are a number of poor taxonomies and other items available—the three software taxonomies have been used on a variety of actual programs. Finally, the software taxonomies are all copyrighted by their respective publishers. Hence, source material and copyright issues must be dealt with should the Risk Management VCP consider developing any taxonomy in the future. (The Risk Management VCP Council is aware of the copyright question--it will be addressed in the future.)
    David Hillson - The Risk Doctor Basic Member Basic Member Posts:143

    --
    09 Jan 2011 10:25 AM
    Ed's comment reminds me of another important point which limits the applicability of three refs he recommended. All three (Boehm 1989, SEI 1993, Conrow & Shishido 1997) relate specifically to risk in the software development project environment. The Risk Breakdown Structure approach has the advantage of being generic and domain-independent. That's why RBS is recommended in PMBoK Chapter 11 as a basis for risk identification.
    Liliana Buchtik New Member New Member Posts:1

    --
    26 Nov 2013 10:58 AM
    I do use an RBS but not a related questionnaire. Before risk identification we always develop the RBS for that specific project, sometimes we can use an existing RBS (or RBS template) that can be used as a starting point and adapted, then we start brainstorming and finding risks associated to those categories, and sometimes sub-categories, but we don't have a formal questionnaire to support the RBS use. We do have though a formal RBS that we always use in risk identification. We use the RBS among other tools for risk identification. I am still not clear what the difference is between a taxonomy based risk identification and an RBS, because when you look at both definitions for me sounds like the same, despite the fact that the taxonomy based seems to have been created in the software industry (Am I right?) but I believe its concept can be used in any industry. So I still can´t see clearly the difference between both. If I am not wrong PMI mentions both concept in the PMI-RMP exam spec outline. Any comment to further clarify the difference is appreciated.
    David Hillson - The Risk Doctor Basic Member Basic Member Posts:143

    --
    26 Dec 2013 12:33 AM
    Good point Liliana. I think the two terms mean essentially the same thing, with one exception. "Risk Breakdown Structure" (RBS) is a generic hierarchical structure that can be used in many different ways in the risk process, for example to support risk identification, or as a framework for risk categorisation, or to tag risk-related lessons learned etc. "Taxonomy-based risk identification" on the other hand is specific to one part of the risk process, suggesting that it is tied to risk id.

    So I think RBS is the more generic term and I prefer to use that. And you can use an RBS to perform a taxonomy-based risk id, because an RBS *is* a taxonomy!

    Hope this clarifies.
    You are not authorized to post a reply.