The first step in dealing with risk is recognizing or acknowledging its existence. The most common risk management mistake is to ignore the presence of a risk altogether. When that occurs, all subsequent planning is automatically flawed.
The most important pre-requisite for risk identification is an open mind. ‘Sacred cows’ (unassailable assumptions) must not be tolerated. In fact, once identified, such assumptions must be examined under a strong and fresh microscope.
It’s also important to always keep in mind that the past does not predict the future. In other words, just because a particular outcome has never been experienced or documented, doesn’t mean it can’t happen. On September 10th, 2001, the use of kidnapped American airliners to attack various high profile American targets was unthinkable. Few security analysts assigned a non-zero probability to such an outcome. The lesson is that we must think the unthinkable, and prepare for the unimaginable.
It is, of course, impossible to anticipate every risk, but it’s critically important to try.
Keep in mind that the risk classifications provided in the risk types section of this site are human constructs. Labels alone are not sufficient. Any uncertain outcome is potentially a risk, even if it is difficult to understand or classify.