How many risks should a project track?

There is no fixed number, but most projects actively manage 10-30 risks. Focus on the top risks that could genuinely impact the project. A risk register with hundreds of items becomes unmanageable. Prioritise using risk scores (probability × impact) and focus management attention on the highest-scored risks.

When should risks be reviewed?

Risk registers should be reviewed at least weekly for active projects, with a formal risk review at key project milestones. In Agile projects, risks are typically reviewed during sprint planning and retrospectives. Any team member should be able to raise a new risk at any time, and the register should be updated promptly.

What is the difference between a risk and an issue?

A risk is something that might happen in the future and has a probability of occurrence. An issue is something that has already happened and needs to be resolved. When a risk materialises, it becomes an issue. Risk management is proactive (planning for potential problems); issue management is reactive (dealing with actual problems).

Book Free Assessment Calculator

Risk Register

Also known as:risk logrisk trackerrisk management register

A document that records identified project risks, their likelihood and impact assessment, mitigation strategies, owners, and current status throughout the project lifecycle.

In-Depth Explanation

A risk register is the central repository for managing project risks. It captures, assesses, and tracks risks from identification through resolution, ensuring that risks are proactively managed rather than reactively addressed.

Risk register contents:

Risk ID: Unique identifier for tracking
Description: Clear description of the risk event
Category: Type of risk (technical, schedule, resource, budget, external)
Probability: Likelihood of occurrence (typically High/Medium/Low or 1-5 scale)
Impact: Severity if the risk materialises (typically High/Medium/Low or 1-5 scale)
Risk score: Probability × Impact (used for prioritisation)
Response strategy: How the risk will be handled
Mitigation actions: Specific steps to reduce probability or impact
Owner: Person responsible for managing the risk
Status: Current state (open, in progress, mitigated, closed, occurred)
Trigger indicators: Early warning signs that the risk is materialising

Risk response strategies:

Avoid: Change plans to eliminate the risk entirely
Mitigate: Take action to reduce probability or impact
Transfer: Shift the risk to another party (insurance, outsourcing)
Accept: Acknowledge the risk and prepare to deal with it if it occurs
Escalate: Raise the risk to a higher authority for management

Risk register management practices:

Create during project planning and update throughout the project
Review risks at regular intervals (weekly or sprint-level)
Add new risks as they are identified
Close risks that are no longer relevant
Track risk response action completion
Report top risks to stakeholders
Learn from risks that materialised for future projects

Business Context

A well-maintained risk register enables proactive risk management, reduces the likelihood of unpleasant surprises, and demonstrates due diligence in project governance.

How Clever Ops Uses This

Clever Ops maintains risk registers for all client projects, conducting regular risk reviews and proactively managing identified risks. We help Australian businesses establish risk management practices that protect their project investments and improve delivery predictability.

Example Use Case

"A project risk register identifies "key developer departure" as a medium-probability, high-impact risk, with mitigation actions including cross-training, documentation, and maintaining a relationship with a specialist contractor."