If you ask people which technique they use to identify risks, most will include brainstorming in the list,
usually conducted as part of a facilitated workshop. Indeed for many, brainstorming is not just one
technique among several; it’s the only one they use. Brainstorming is popular for a range of reasons:
- Everybody feels involved, with an opportunity to share their opinion openly
- It produces visible results quickly as the flipcharts fill up around the room
- It’s usually conducted in an atmosphere of fun away from the usual workplace
- It gives people the chance to be creative and “think outside the box”
- It encourages team-building and creates a sense of shared ownership of the output
But there are some drawbacks to brainstorming which can lead to it becoming ineffective, for example:
- It can be difficult to get the right people to attend, and if key stakeholder perspectives are not
present, important risks may be missed.
- The way the group functions can be influenced by groupthink and other subconscious biases.
- Strong individuals can impose their view on the session and inhibit others from contributing.
- The creative non-critical approach often results in identification of other things which are not risks (such as problems, issues, worries etc).
These can be overcome by simple steps such as effective facilitation by someone skilled in managing
group dynamics, good preparation by participants before attending the session, and commitment by all to
honesty and mutual respect. But even with these in place, brainstorming can run into difficulties.
Part of the problem is that traditional brainstorming was not intended for identifying risks. The technique
was originally developed for problem-solving, and has two key principles. First is deferred judgement. Idea
generation must be separated from evaluation, otherwise the creative flow might be disrupted. Second is
that quantity breeds quality. The first idea is rarely the best, so finding more ideas increases the chance of
getting good ones. These two principles are expressed in the four rules of brainstorming:
1. Creativity and free thought are welcomed and encouraged, even if they appear unproductive
2. No criticism is allowed during the session, with judgement being deferred until later
3. Combination and improvement are sought, to produce better ideas by building upon others
4. Quantity is required, since more ideas increase the chance of finding a solution
When brainstorming is used for risk identification, we need to be sure that we identify as many risks as
possible from a wide range of sources across the project. Unfortunately the creative process can result in
identification of things which are not risks. It is common for a brainstorm session to concentrate on areas
where participants are comfortable, such as technical risks, ignoring other important areas such as
commercial or external risks. It is also possible for a brainstorm session to go down a blind alley, with
people being very “creative” about unrealistic risks (such as an alien invasion, everyone dying from a
mystery disease, or the project manager becoming a millionaire).
To avoid these shortcomings, the rules of brainstorming need to be modified when it is used as a risk
identification technique. For example it helps to have some evaluation of the ideas initially generated, in
order to remove non-risks. Use of a standard risk description (or risk metalanguage) can help to ensure
that only genuine risks are captured. It can also be helpful to structure the creativity in a risk identification
brainstorm by using risk categories or a Risk Breakdown Structure, to be sure that all possible sources of
risk are considered.
Everybody loves brainstorming, but it must be used carefully and intelligently for risk identification if it is to
achieve its purpose of allowing key stakeholders to identify as many risks as possible in a creative and fun
[© Copyright 2007, David Hillson/Risk Doctor & Partners]