You can identify and mange risk by first creating a plan to handle risk. Depending on your organization, you might want to look at any existing policies, procedures, templates, or project management tools that are being used currently or have been used in the past to identify and manage risk. Using past project reports or "lessons learned" can help in risk planning. After you have a plan to attack risk you need to start identify it by creating a list of known risks. This list can be created by sitting with your project sponsor, your project stakeholders, project team members, end-users and business users. Everyone involved in your project can help with risk identification. Also, review your project charter for constraints and assumptions which can help you identify potential risk. You will want to categorize your risk from your list and then apply a rating system to the risk list. (The risk list is also know as a risk register) This will help you to determine the impacts and probabilities of the risk within your project. You don't want to spend time managing risk that has a 10% chance of happening or a risk that has a small overall affect on your project. The rating system is highly subjective and the scales can be created by you and your sponsor. (Note: the risk acceptance tolerance should be determined by you project stakeholders/owners) 2 other means of identifying risk is Qualitative and Quantitative Risk Analysis. Qualitative is done first and I briefly describe it above. This is categorizing the risk and applying ratings. Quantitative risk is applying numerical analysis to the HIGHEST risks on your list. This might not be needed depending on the type of project you are working on. After all this you need to develop a risk response plan or "How do you respond to risk when it occurs". This can be done by determining contingency reserves or management reserves and a plan for when they will be used. Also, understanding and documenting risk triggers and creating fallback plans if risk contingency plans don't work is key. From personal experiences I would also determine risk owners for your project. The PM shouldn’t necessarily handle all the risk alone but he/she should identify them all. Finally you need to monitor and control the risk. I do this by using the documented risk list and risk plan in each of my status meetings and review it with each member/risk owner to make sure we are in control of the risk and to see if any changes have occurred with the risk. Risk indentifying and managing is iterative. It happens throughout the project. Make sure you do this all at the beginning of your project as it is more costly and more time consuming to deal with risk as your project matures.l