Skip to main content
Key Takeaways

The Mighty Risk Register: The purpose of a risk register is to track and report on risks throughout a project's life cycle, so you can tackle them effectively and reduce delays and budget increases.

Accounting For Risk: A risk register centralizes all potential risks, their impacts, and planned responses, which helps set expectations and boost accountability among stakeholders and team members.

Bring Clients In: Involving clients in risk mitigation planning builds trust and reduces blame, so you can pave the way to smoother project execution with fewer delays and budget overruns.

All The Deets: In your risk register, include a description, response plan, risk owner, impact and probability assessment, priority level, and status for each risk to give everyone a complete picture.

A risk register is an important project document that allows you to effectively tackle risks and issues when (not if) they appear on your project, and reduces time spent finding solutions to issues, major project delays, and unnecessary budget increases.

In this article, I'll cover the value of a risk register, how to create one, and best practices for project risk management to save you from painful project issues and the ensuing uncomfortable conversations with clients.

What Is A Risk Register?

A risk register is a document used to track and report on project risks throughout a project's life cycle. It is an essential part of the risk management process, and includes all the risks or issues that may occur (even the minuscule ones) so key stakeholders are aware of the impact.

The contents of a risk log will vary based on a number of factors such as client needs, project scale and complexity, and the type of project.

What Is The Purpose Of A Risk Register?

The purpose of the risk register is to serve as a central place for all potential risks, their impacts, and how you plan to address them.

It helps to manage stakeholder and team member expectations around avoiding or mitigating the identified risks and creates a sense of accountability and urgency to address them before they become catastrophic problems that are more difficult to fix down the line.

Clients appreciate (and sometimes require) upfront planning for risk management, as it helps avoid unnecessary delays or budget increases. Involving them in risk mitigation planning establishes a high level of trust and they are less likely to play the blame game if an issue does arise.

Note

Note

You might prefer to use a RAID log for tracking risks. These tend to be more comprehensive than risk registers, and include assumptions (or actions), issues, and dependencies (or decisions).

Sign up to get weekly insights, tips, and other helpful content from digital project management experts.

Sign up to get weekly insights, tips, and other helpful content from digital project management experts.

This field is hidden when viewing the form
Consent
By submitting you agree to receive occasional emails and acknowledge our Privacy Policy. You can unsubscribe at any time. Protected by reCAPTCHA; Google Privacy Policy and Terms of Service apply.
This field is for validation purposes and should be left unchanged.

What To Include In A Risk Register

For each risk logged in your register, you'll need to include:

  • Risk identification number or name: Each specific risk should have a number attached to it that is used consistently in tools and status reports.
  • What could go wrong? Provide a description of the risk (e.g. resource capacity issues on the team may slow progress and create delays).
  • What can we do about it? Detail the mitigation or risk response plan to avoid or lessen the impact of the risk (e.g. create a detailed week-by-week resource plan of when specific resources are needed.
  • Risk owner: This is the person responsible for reporting on the impact and likelihood of the risk. They are accountable for solving the risk and notifying you of any changes to the risk.
  • Risk impact and probability: Also known as a risk analysis, this is your assessment of how likely it is that the risk event will occur, and what level of impact it will have on your project.
  • Risk priority: Based on your risk probability and impact assessments, you'll assign a priority level to each risk and your planned response to it.
  • Risk status: Statuses might include open & planning, open & monitoring, closed, and realized.
  • Risk category: This is the area of the project that will be impacted or that this issue falls under.

How To Create A Risk Register

Here are the steps to create a solid and effective project management risk register:

1. Identify Risks

Brainstorm all the possible risks that might occur on your project. Here are some questions to ask that might spark ideas:

  • Is there a large or small client team? 
  • How many levels of decision-makers are there? 
  • Is there a board involved that needs continuous reporting on the project or has high-touch involvement in the decision-making process?
  • Does this project impact others within the organization?
  • Does your client have high attention to detail and want to be in the know about details, or do they trust you and your project team members?
  • Is there a high or low level of complexity? 
  • Are there a number of business departments involved in the project? 
  • Is there a large number of resources involved?
  • Is there high attention to data and/or security requirements?

You may not have the expertise to identify all the potential risks, so make risk management a team exercise during project planning. Have a separate conversation with your client team and complete the same exercise.

2. Estimate Risks

Conduct a risk assessment of how likely each risk is to occur and what impact it might have on your project. It can be helpful to plot this kind of qualitative risk analysis on a risk matrix to visualize relative levels of potential impact and likelihood.

example risk matrix
Here's an example risk matrix you might follow.

At this stage, you'll also note risk category (e.g. is it a threat to the project schedule, budget, etc.) and priority level according to your impact and likelihood matrix (the risks in the top right are your highest priorities).

Assign a status to each risk as well. If you're still in the planning phase of your project, all risks will be "open" or "planning", but as you progress through the project and risks occur (or don't) update the status to monitoring, closed, and realized (as appropriate).

Hot Tip

Hot Tip

Depending on the number of risks in your log, you might categorize them by the phase where they have the highest chance to occur.

3. Create Risk Response Plans

Plan your response to each risk. What will you do if it occurs? What steps can you take to avoid it or mitigate its impact?

There are a variety of risk management strategies you can use, but risk responses generally fall into four major categories of risk response:

  • Avoidance: This involves taking concrete steps to eliminate the chance of the risk being realized.
  • Transference: This means shifting risk ownership and responsibility elsewhere (e.g. outsourcing data storage and security to a third-party vendor).
  • Mitigation: This involves taking steps to reduce the negative impact of the risk. This is used when you can't avoid the risk entirely.
  • Acceptance: This means acknowledging the risk but not implementing a contingency plan unless the risk is realized.

When considering responses to each risk, you need to factor in the potential impact of the response itself. Here are some potential knock-on effects to keep in mind:

  • Inherent risk: These are the risks that you've identified on the project.
  • Residual risk: Risks that remain even after a risk response or controls have been implemented
  • Secondary Risk: A new risk that arises from implementing a response to another risk
illustration of inherent risks falling into a funnel where residuals risks drip out toward secondary risks
There are three main types of risk that need to be considered.

Your overall approach to and process for managing risk should be documented in a risk management plan, which you can use to guide your risk response planning at this stage.

4. Assign Owners

Assign someone on your team or on the client's team to be responsible for each risk. This is the person that will implement and oversee the planned risk response and monitor the status of the risk throughout the project.

As the project manager, you are responsible for the majority of risk on the project, but it doesn't need to be completely on your shoulders. For example, you might make the client responsible for the backup plan if they aren't able to deliver their website content when they promised (jeopardizing the project timeline).

Risk Register Template 

Here is a risk register template with varying levels of complexity (you’ll need to be a member to access the template).

Here's the first level of complexity in the template:

barebones risk register template screenshot
The barebones risk register template.

Use the barebones risk register when the majority of the risks are within the control of the project and client team, and have low impact on other areas of the business.

barebones risk register sample screenshot
An example of how the barebones register might look when filled in.

The second level of complexity is the lightweight risk register.

lightweight risk register template screenshot
The lightweight risk register template.

Use this when there are low to mid-level areas of the business that might be impacted and you, your client, and your team have more control of the action plan.

lightweight risk register sample screenshot
Here's a risk register example showing how the lightweight register might look when filled in.

Here's what the most complex level of risk register in the template looks like.

complete risk register template screenshot
The complex risk register template.

Use this when other areas of the business may be impacted or are responsible for the risk. It involves a high level of reporting on financial impact and severity. The likelihood of these risks may be out of your control, but you need to account for and report on them.

complete risk register sample screenshot
An example of how the complex risk register might look when filled in.

Find more project management templates here.

Risk Register Best Practices

Here are a few risk register best practices to follow throughout your project.

Put the risk register in a visible place for all parties to see on a regular basis, such as the project management software or risk management tool you're using.

risk register monday.com screenshot
Here's how you might track and monitor risks in a project management tool such as monday.com.

Treat risk as you would budget, time, and scope. Review it in your status meetings and in your status reports so all involved are aware of their accountabilities. This also reduces surprises that might halt a project or tarnish a relationship.

For smaller projects where a complex project risk register is overkill, create a card or item in your project management tool and add risks as sub-items for a lightweight way to track them. You can write comments about solutions or changing levels of severity or priority in a cleaner way than an Excel spreadsheet.

risk register details monday.com screenshot
Using a project management tool can also help you keep track of mitigation plans and risk-related decisions.

What's Next?

For a deeper dive, try out one of these leading risk management courses.

Want to connect with other digital project managers to share resources and best practices? Join our membership community and get access to 100+ templates, samples, and examples and connect with 100s of other digital project managers in Slack.

Kelly Ostrowercha

Kelly Ostrowercha is an operations leader with a strong focus on workflow automation and operational efficiency. With over 15 years of experience, she has successfully developed people, teams, and processes in marketing agencies, small start-ups, and larger corporations. Her people-first leadership style has fostered collaborative and supportive work environments, leading to successful projects and positive outcomes for teams and business units. Her expertise in workflow automation and operational efficiency has consistently led to streamlined operations and continuous improvement in a wide range of industries.