HKSM

A hierarchical outline that groups risks by type or shared traits (for example, financial, technical, or safety) so related risks are organized together for clearer identification and analysis.

Key Points

• Tree-style structure that clusters risks by category and subcategory.
• Categories can be tailored to the project or organization (e.g., financial, technical, safety, regulatory, schedule).
• Helps ensure completeness during risk identification and supports assigning owners.
• Complements the risk register and prioritization tools by providing a clear grouping framework.

Example

On a software payment platform project, the team builds an RBS with top-level categories: technical, financial, compliance, operational, vendor, and safety. Under technical they list risks such as API instability and performance bottlenecks; under financial they include currency fluctuation and cost overrun; under compliance they include PCI-DSS gaps; under operational they include on-call coverage; under vendor they include SLA breaches; under safety they include data center access hazards. The team uses this structure in workshops to make sure no areas are missed and to assign risk owners.

PMP Example Question

During Identify Risks, the team wants to ensure comprehensive coverage and avoid missing categories. Which artifact organizes risks into hierarchical categories such as technical, financial, and safety?

1. Risk register
2. Risk Breakdown Structure
3. Work Breakdown Structure
4. Probability and impact matrix

Correct Answer: B — Risk Breakdown Structure

Explanation: An RBS groups risks by category to structure identification and analysis. The risk register records individual risks, the WBS decomposes work, and the probability and impact matrix is used to assess risk severity.