A Risk Register is the backbone of the Risk Management process. It is used to record and manage risks (threats and opportunities). The Risk Register should be populated at the start of a project and regularly updated throughout the project. Agreed mitigating actions are carried out and monitored for effectiveness.
Typically, a risk entry to the Risk Register will include:
- Risk Number. A unique number that stays with the risk to project completion.
- Risk Description. A full and concise description of the risk including what may happen, cause and consequences. You will find use of the phrase ‘There is a risk that……….. Due to………. Resulting in……..’ helpful when describing risk.
- Probability of occurance
- Consequences should the risk occur
- Risk Exposure (pre-mitigated)
- Mitigating action
- Action owner
As the project progresses, some risks will become no longer valid but new risks will appear. Throughout the project lifetime a risk is given a unique ID. History of each risk is traceable.
Whether it is in the format of a simple spreadsheet or a web based database, what is important is how it is used.