How to prepare Risk Register?

Risk register (also called as Risk Log) is a master document that provides the details of all identified risks and their characteristics. Though it is created during risk identification process, it is periodically updated throughout the project management life cycle & it is an important risk management document in every project.

Risk Register Sample

Risk Register Sample

A sample risk register is shown above. Risk register has complete information about project risks. Here are the list of data fields part of a typical risk register:

  • Risk ID – Unique ID to report/review/communicate the risk
  • Risk description – Short description about the risk event
  • Risk owner – Name of the risk owner
  • Risk Category – Category of the risk
  • Cause of the Risk – Information about the risk trigger
  • Effect or Impact of the Risk – Information about the effect or impact if the risk occurs
  • Project phase detected & affected
  • Ranking – Ranking of the risk
  • Affected WBS activity – WBS ID if it affects a specific work package
  • Probability of risk occurrence – This is from qualitative risk analysis
  • Frequency of risk occurrence – This from qualitative risk analysis
  • Potential responses – Possible responses for the risk. It can be more than one
  • Approved final response – Response selected for implementation
  • Contingency plan – Plan in place to reduce the risk effect in case a risk trigger occurs
  • Fallback plan – Plan in place suppose primary response didn’t work effectively as expected
  • Risk Triggers – warning signs of a risk occurrence
  • Last occurrence – Last occurred date/time
  • Cost of mitigation/fallback plans – Cost estimated for mitigation or fallback plan execution
  • Time required for risk responses – helps in schedule plans
  • Reserves – Management & contingency reserve information if available
  • Risk review audit information – Comments about the risk based on risk review audit
  • Current status of the risk – Closed (or) Open (or) Trigger event identified, etc.

There is no limit to the level of details captured in risk register but it depends on benefits of the information and the efforts to update the data. More information captured enables possibility of more detailed reporting.

Let us review uses of risk register:

  • Risk register provides main details about all identified project risks with its characteristics (like probability, frequency, category, cause/effect, etc.) along with potential responses and it tracks current status
  • Information about secondary & residual risks are also documented in risk register
  • Risk register provides key information to all other risk management processes
  • It is primary source for risk review process & all kinds of risk reports

Here are the general steps in preparing Risk Register:

  • Documenting risk register in spreadsheet software gives more flexibility to manage it. Risk repository database software can also be used
  • Identify required information fields that should be included in risk register
  • Employ any one or more tools & techniques to identify and document the risk. Many tools and techniques are available for risk identification like brainstorming, interviewing, root cause analysis, checklist analysis, assumption analysis & diagramming techniques
  • Record all identified risks with its details. Document the responses in case, if it is available
  • Periodically review and update the risk details as and when information about fields like responses, last occurrence, etc. are available
  • Document new risks, secondary and residual risks if anything is identified later in the project life cycle


  1. Use a Risk Breakdown Structure (RBS) to Understand Your Risks, David Hillson, Proceedings of the Project Management Institute Annual Seminars & Symposium October 3–10, 2002, San Antonio, Texas, USA
  2. The controlling influences on effective risk identification and assessment for construction design management. International Journal of Project Management 19 (3), Chapman, R.J. 2001
  3. A Guide to the Project Management Body of Knowledge (PMBOK) Fifth Edition, Project Management Institute Inc., USA, 2013

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s