The Project Manager works with the project team and other stakeholders to identify and document risks in the RAID log. The broader the consultation about project risks, the better and more thorough the risk data will be. A number of techniques can be used to gather risk data: facilitated brainstorming sessions, questionnaires, document review, assumptions and constraint analysis, interviews or cause and effect diagrams.
Risks are initially identified in the initiation and planning stages but they are reviewed and revised frequently throughout the project. New risks are added as the project progresses and other risks may be updated or closed. The project manager will review the project risk register or RAID log with the project team and project governance at regular and frequent intervals.
If risks in the risk register or RAID log have, high or very high ratings, they may be escalated to the governance for the project. Some institutional risks might fall under Policy 11. In which case they should be managed according to the Risk Management Reporting Guideline.