Risk Identification Assignment
How to identify and describe negative risks (threats) and positive risks (opportunities) across broad categories, structure your document correctly, format your cover page, and write APA references — without guessing what your instructor actually wants.
Four pages. Cover page, risk identification section, references. That’s the whole assignment. But students get stuck because the instructions are deceptively thin — “describe up to eight negative risks and at least two positive risks” doesn’t tell you how long each description should be, which risk categories to use, or how detailed to go. This guide walks through every piece so you can build the document with confidence.
What This Guide Covers
What the Assignment Is Actually Asking
This is a risk identification document — specifically the first major section of what would become a full risk management plan. You’re not being asked to analyze risks in depth, build a risk register with probability scores, or develop mitigation strategies. Those come later. Right now, the task is to identify the risks and describe them clearly enough that a reader understands what each one is and why it matters.
The phrase “broad categories” is key. It means your risks should cover different types of exposure — financial, operational, schedule-related, legal — rather than eight variations of the same theme. And the mix of negative (threats) and positive (opportunities) risks is deliberate: it reflects how professional risk management actually works. PMBOK defines risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” Both types count.
Eight Negative Risks Max
“Up to eight” means you can write fewer — but eight gives you the strongest foundation for a 4-page document. Each one should belong to a different or clearly distinct risk category. Repeating the same type of risk (three schedule risks, for example) signals you haven’t thought broadly enough.
At Least Two Positive Risks
Most students forget these or treat them as an afterthought. They’re not. A positive risk is a genuine uncertain event that could benefit the project — finishing early, under budget, or discovering a more efficient process mid-project. Write them with the same level of care as the negative ones.
Pick a Real Project or Company
The cover page asks for a project or company name. Use something specific — a real or fictional software launch, a construction project, a nonprofit campaign. Generic risks are harder to write and less convincing. Specific context forces you to think about risks that actually apply.
How to Structure the Four Pages
Four pages sounds tight, but it’s actually generous if you write one solid paragraph per risk. Here’s how the page count breaks down in practice:
The cover page is its own page. The risk identification section fills the bulk of the document — two full pages is realistic if you write a solid paragraph (four to six sentences) for each of your ten risks. The references page comes last and is separate from the body page count. So you’re really writing two pages of substantive content, which is manageable.
Don’t write ten risks in one undivided block. Break the section up using the risk category names as subheadings. Group related risks together — for example, all financial risks under a “Financial Risks” subheading, then operational risks under their own heading. This shows your reader you’re organizing by category, which is exactly what the instruction means by “broad categories.”
Risk Categories to Use
The assignment says to organize risks by “broad categories.” If your instructor hasn’t specified which categories to use, the standard project management categories from the PMBOK framework are the right default. These are widely recognized and will be familiar to any project management instructor.
| Risk Category | What It Covers | Example Risk Type |
|---|---|---|
| Strategic Risk | Threats or opportunities tied to the overall project goals, direction, or competitive environment | Change in stakeholder priorities, market shift, competitor action |
| Operational Risk | Day-to-day execution failures or improvements — processes, systems, people | Key team member leaving, system failure, process bottleneck |
| Financial Risk | Budget, cost overruns, funding gaps, or unexpected savings | Supplier price increase, currency fluctuation, early cost savings |
| Compliance / Legal Risk | Regulatory requirements, contractual obligations, liability exposure | New regulation mid-project, contract dispute, data privacy requirement |
| Schedule Risk | Delays or early completion tied to timeline dependencies | Vendor delivery delay, predecessor task overrun, early milestone achievement |
| Reputational / Stakeholder Risk | Public perception, stakeholder trust, communication failures | Negative press coverage, stakeholder resistance, unexpected community support |
| Technical / Quality Risk | Technology performance, quality standards, integration failures | Software bug in a critical module, new technology that outperforms expectations |
| Resource Risk | Availability of people, equipment, materials, or knowledge | Skilled contractor unavailable, equipment shortage, additional funding secured |
You don’t need all eight categories. Pick the six or seven most relevant to your chosen project or company. The goal is coverage across different types of risk, not checking every box on the list.
Writing the Eight Negative Risks (Threats)
A negative risk is an uncertain event that could harm project objectives. It hasn’t happened yet — it might not. That uncertainty is what makes it a risk rather than a known problem. Each threat you describe should feel like something genuinely plausible for your specific project, not a generic worst-case scenario copied from a textbook.
Students often write risk descriptions that read like a list of problems: “The project could run over budget. The team might not have enough time. The technology might fail.” These are vague and interchangeable across any project. A good risk description names the specific uncertain event, explains why it could happen given your project’s context, and describes what would be affected if it occurred.
Here’s how to think through eight negative risks that genuinely span different categories:
Budget Overrun from Scope Creep
Uncontrolled additions to project scope drive up costs beyond the approved budget. Common in technology or construction projects with multiple stakeholders who keep adding requirements.
Vendor Delivery Delay
A key supplier or contractor fails to deliver a dependency on time, pushing back downstream tasks. Most projects rely on at least one external party, making this a realistic threat.
Loss of a Key Team Member
A critical subject-matter expert or project lead leaves mid-project. Knowledge transfer gaps and ramp-up time for a replacement can significantly affect quality and schedule.
Integration Failure Between Systems
New software or technology fails to connect with existing systems as expected. This often isn’t discovered until testing, which is late in the project lifecycle.
Mid-Project Regulatory Change
A new law or regulation takes effect during the project that changes requirements — for data handling, safety standards, or reporting — forcing rework of already-completed deliverables.
Stakeholder Priority Shift
A key executive or sponsor deprioritizes the project following an organizational change, reducing funding, attention, or decision-making support mid-execution.
Negative Public Response
An external announcement or product launch generates unexpectedly negative media coverage or community backlash, damaging the organization’s brand and affecting stakeholder confidence.
Specialist Skill Shortage
Qualified contractors or internal staff with a required technical skill are unavailable or too expensive for the project budget, forcing the team to work with less experienced resources.
These are starting points — not the exact descriptions you should copy. Your job is to tailor each one to your specific project context. A software project has different integration risks than a construction project. An NGO has different reputational risks than a tech startup. The more project-specific your descriptions, the stronger your document.
Writing the Two Positive Risks (Opportunities)
Positive risks trip people up because the term feels counterintuitive. A risk that’s good? Yes. The point is uncertainty — if a beneficial event is guaranteed, it’s not a risk, it’s a plan. An opportunity is a favorable event that might happen and that you haven’t built into the baseline schedule or budget.
Early Completion of a Phase Enabling Accelerated Launch
If a key project phase is completed ahead of schedule — due to higher team productivity than estimated, better-than-expected vendor performance, or simplified requirements — the project could move to the next phase earlier. This could create an opportunity to launch the final product before competitors or ahead of a favorable market window, delivering greater business value than the baseline plan projected.
Why this works: It names a specific uncertain event (early phase completion), explains what could cause it, and describes the upside (earlier launch, competitive advantage). It’s bounded and believable — not just “things could go really well.”Technology Performance Exceeding Specifications
A new tool, platform, or process adopted for the project could outperform its documented specifications, reducing processing time, error rates, or resource consumption beyond what was planned. If this occurs, it may allow the project to reduce costs, reallocate resources to higher-priority work, or expand scope without additional budget — outcomes the project plan did not account for.
Why this works: Again, it’s uncertain (the technology might outperform, or it might just meet spec), it’s connected to a real project element, and the upside is concrete and specific.There’s a difference between a positive risk and a vague consolation. “The project might succeed” is not a positive risk — it’s a goal. A positive risk is a specific, uncertain event that, if it materializes, produces a benefit your project didn’t plan for. Finishing two weeks early, finding a supplier who costs 15% less than budgeted, or discovering a process improvement mid-project — these are opportunities.
How to Describe Each Risk
The assignment says “describe” — so each risk needs more than a label. Here’s the structure that works well for a risk identification document at this level:
Name the Risk Event Clearly
State what could happen. “A key team member may resign before the project is complete” is a risk event. “Team issues” is not. The event should be specific enough that someone unfamiliar with the project would understand exactly what you mean.
Explain Why It Could Happen
What conditions or causes would trigger this risk? For a team member leaving, the cause might be a competitive job market for the specific skill set involved, or a long project duration that increases the probability of personal circumstances changing. This shows you’re thinking about root causes, not just outcomes.
Describe the Impact on Project Objectives
Which project objective is affected — scope, schedule, cost, or quality? How severely? A vendor delay might push the launch back by three weeks. A regulatory change might require reworking 20% of already-completed deliverables. Be specific about what gets hurt.
Name the Risk Category
State which broad category this risk falls under. Some instructors want this as a label (bold text or a heading), others prefer it embedded in the description. Either way, the category needs to be visible. It demonstrates that your risks are organized by type, not just listed randomly.
Setting Up the Cover Page
The cover page is the easiest part of this assignment — and the easiest place to lose marks for forgetting something. The instructions are explicit: your name, the project or company name, and the course name and number.
What Goes on the Cover Page
- Your full name (as it appears on your enrollment)
- Project name or company name
- Course name and course number (e.g., “PMGT 4320: Risk Management in Projects”)
- Assignment title: “Risk Management Plan: Risk Identification”
- Instructor name (if your course expects it — check the syllabus)
- Submission date
- University or institution name (usually expected)
Formatting the Cover Page
Center all elements on the page. If your course uses APA 7th edition, the APA student title page format applies: title in bold, double-spaced, with your name, institution, course, instructor, and date on separate centered lines below. Don’t add a page number to the cover page — start numbering from page 2. Check your course’s style guide; some instructors have specific templates.
The cover page asks for a project or company name. Pick something concrete: “SafePath Mobile App Development Project,” “Riverside Community Center Renovation,” “NovaTech CRM Implementation.” A specific project forces you to write risks that actually apply to that context, which makes the whole document stronger. Vague names (“General Company,” “IT Project”) signal a lack of engagement with the assignment.
APA References Section
The references section comes last, on its own page. The instruction says to include any resources you used — company websites or textbooks. In APA 7th edition, references are listed alphabetically by author last name, with a hanging indent, double-spaced.
Project Management Institute. (2021). A guide to the project management body of knowledge (PMBOK guide) (7th ed.). Project Management Institute. — This is the standard citation. Note: the organization is both author and publisher, which is correct in APA 7 when the same entity fills both roles. Italicize the title. The edition number goes in parentheses after the title, not italicized.
Author, A. A., & Author, B. B. (Year). Title of the book: Subtitle if there is one (Xth ed.). Publisher Name. — Capitalize only the first word of the title, the first word after a colon, and proper nouns. Don’t capitalize every word in the title (that’s a common APA mistake). If there’s a DOI or URL, add it at the end.
Organization Name. (Year, Month Day). Title of the specific page. Website Name. URL — If no date is available, use (n.d.) instead of a year. If the author and website are the same organization, you don’t need to repeat the site name before the URL. Include the retrieval date only if the content is likely to change (like a live database or wiki).
The heading “References” should be bold, centered, at the top of the page. Each entry uses a hanging indent (first line flush left, subsequent lines indented 0.5 inches). Double-space all entries. Alphabetize by the first author’s last name, or by the organization name if there’s no individual author. In Word, use the paragraph settings to set hanging indent rather than manually tabbing — it’ll look cleaner and stay consistent.
The assignment says “add any resources you used.” In practice, a document of this type should reference at least the primary risk management framework you’re drawing from (usually PMBOK or your course textbook), plus any company or project information sources you used. If you also cited an article or website to support a specific risk description, include that too. Three to five references is a realistic target for a 4-page document.
Mistakes That Cost Marks
Treating Positive Risks as Mitigation Strategies
“We could train the team to reduce errors” is not a positive risk — it’s a planned action. A positive risk is an uncertain beneficial event, not a contingency plan. The difference matters. Read your positive risk descriptions and ask: is this something that might happen, or something we plan to do?
Frame Positive Risks as Uncertain Beneficial Events
“If the team’s productivity exceeds projections in phase one, the project could complete two weeks early, allowing an earlier-than-planned market entry” — that’s an opportunity. Uncertain. Beneficial. Specific. Write them the same way you write threats, just with an upside instead of a downside.
Writing All Risks from the Same Category
“Risk 1: Schedule delay. Risk 2: Another schedule delay. Risk 3: Related schedule problem.” This shows you didn’t engage with the “broad categories” instruction. Eight similar risks bunched in one category fail to demonstrate awareness of the full risk landscape a project faces.
Spread Risks Across Different Categories
Aim for risks from at least five or six different categories. Financial, operational, schedule, compliance, technical, and strategic each represent a different type of exposure. A well-rounded risk identification section shows you understand that projects face threats from multiple directions simultaneously.
Confusing Risk with Certainty
“The project will go over budget because construction projects always do.” If it’s certain, it’s not a risk — it’s an assumption or a known constraint. A risk has to be uncertain. If it’s already happening, it’s an issue, not a risk. Use language like “may,” “could,” “there is a possibility that,” or “if X occurs.”
Use Conditional Language Consistently
“If material costs increase beyond the 10% contingency buffer due to supply chain disruption, the project will require a budget amendment” — that’s risk language. It names the trigger condition and the consequence. It’s uncertain (supply chains might be fine) and specific (the buffer threshold is 10%).
Skipping the Category Label
The instruction specifically says to describe risks “based upon broad categories.” If you write ten risk descriptions without labeling which category each belongs to, you’ve only half-answered the prompt. The category label is a required element, not optional formatting.
Use Category Labels as Subheadings or Bold Tags
The cleanest approach: use the category name as a section subheading (e.g., “Financial Risks”) and list all risks in that category beneath it. Alternatively, bold the category name at the start of each risk description. Either way, the category needs to be visible and consistent throughout the section.
Frequently Asked Questions
Need Help Getting This Assignment Done Right?
From risk identification and document structure to APA formatting and full paper writing support — our project management specialists work across business, PM, and operations courses at all levels.
Business & Project Management Help Get StartedPutting the Document Together
Risk identification is the first real thinking task in any risk management plan. It’s where you prove you understand your project well enough to see what could go wrong — and what could go unexpectedly right. That takes specificity.
Generic risks produce generic documents. A vendor delay risk written for a software project looks different from one written for a hospital construction project. A compliance risk for a fintech startup looks nothing like one for a nonprofit. The more you ground each risk in the actual context of your chosen project, the more your document reads like something a real project manager would write — not just a list assembled to meet a word count.
Get the structure right. Label your categories. Write descriptions that name the event, the cause, and the impact. Format your cover page cleanly. Build your references from the sources you actually used. That’s four pages done.