Risk Register

A risk register is the central repository for managing project risks. It captures, assesses, and tracks risks from identification through resolution, ensuring that risks are proactively managed rather than reactively addressed.

Risk register contents:

• Risk ID: Unique identifier for tracking
• Description: Clear description of the risk event
• Category: Type of risk (technical, schedule, resource, budget, external)
• Probability: Likelihood of occurrence (typically High/Medium/Low or 1-5 scale)
• Impact: Severity if the risk materialises (typically High/Medium/Low or 1-5 scale)
• Risk score: Probability × Impact (used for prioritisation)
• Response strategy: How the risk will be handled
• Mitigation actions: Specific steps to reduce probability or impact
• Owner: Person responsible for managing the risk
• Status: Current state (open, in progress, mitigated, closed, occurred)
• Trigger indicators: Early warning signs that the risk is materialising

Risk response strategies:

• Avoid: Change plans to eliminate the risk entirely
• Mitigate: Take action to reduce probability or impact
• Transfer: Shift the risk to another party (insurance, outsourcing)
• Accept: Acknowledge the risk and prepare to deal with it if it occurs
• Escalate: Raise the risk to a higher authority for management

Risk register management practices:

• Create during project planning and update throughout the project
• Review risks at regular intervals (weekly or sprint-level)
• Add new risks as they are identified
• Close risks that are no longer relevant
• Track risk response action completion
• Report top risks to stakeholders
• Learn from risks that materialised for future projects