Risk register

The risk register aims to capture and maintain information on identified threats and opportunities related to the project, supporting the practical application of the risk practice.

It is a central record of project risks, providing details on their status, history, response actions, and ownership. The register is continuously updated throughout the project and is a key tool for tracking, managing, and reporting risks.

Timeline

The risk register records key details of all identified project risks and monitors, reviews, and manages them throughout the project lifecycle:

• During starting up a project, the risk register is not yet used — any early risks are recorded in the daily log and transferred later if the project proceeds.
• The risk register is created during the initiation stage (initiating a project process) by the project manager. Its format and use are defined in the risk management approach.
• It is updated regularly during the controlling a stage process as the project manager identifies new risks and reviews the status of existing ones.
• During the managing a stage boundary process, the register informs the end stage report, helping assess the project’s current exposure and trends.
• In the closing a project process, the register is archived, and the project manager highlights any residual risks that may impact operations or ongoing product use.

Source data

Risks can be identified throughout the project lifecycle and should be recorded in the risk register as soon as they are recognised:

• The format and structure of the risk register are defined in the risk management approach.
• The project mandate may already highlight initial risks known at the outset.
• Risks noted in the daily log during the starting up a project process can be transferred into the risk register once the project is formally initiated.
• A new entry is added to the risk register whenever a risk is identified.
• Risks can be discovered at any stage, for example, during:
  • Creation of the project brief
  • Appointment of the project management team
  • Definition of project controls
  • Development of the product breakdown structure
  • Writing or reviewing product descriptions
  • Issuing or reviewing work packages
  • Creating or updating plans

Format

The risk register can have various formats, such as:

• Document, spreadsheet or database. This is usually a spreadsheet
• Part of an integrated project register for all risks, actions, decisions, assumptions, issues, lessons, etc.

Quality criteria

The risk register should be accurate, consistent, and support effective communication and control of risks throughout the project:

• Risk responsibilities are clearly defined and understood by both the customer and supplier.
• The risk management procedure is clearly documented, approved by the project board, and understood by all relevant stakeholders.
• Scales for probability, impact, expected value, and proximity are clearly defined and aligned with organisational standards.
• The scales used are appropriate for the level of control and complexity of the project.
• Risk reporting requirements are clearly specified in the risk management approach, ensuring consistent monitoring and escalation.

Tips

Here are some practical tips to help you manage and maintain an effective risk register throughout your project:

• Use a standard risk register template for consistency across the project.
• Learn to write risks using the format: “due to [cause…], there is a risk that [event….], which could lead to [impact….].”
• The project manager should allocate regular time to review and update risks.
• Ask the project board how they prefer to be kept informed about significant or emerging risks.
• Store the risk register securely if it contains commercially sensitive or confidential information.

—o—

Written by Frank Turley.

If you have questions or doubts after using this wiki, you can ask for help on the Facebook or LinkedIn study groups.