Risk Register
A structured document that records identified risks along with their analysis, treatment plans, and current status.
Also known as: Risk log, Risk tracker
Category: Business & Economics
Tags: risk-management, project-management, governance, documentation
Explanation
A risk register (also called a risk log) is a foundational risk management tool that provides a centralized record of all identified risks, their assessment, planned responses, and current status. It serves as the primary document for tracking and managing risks throughout a project, program, or organization.
**Typical risk register contents**:
- **Risk ID**: Unique identifier for tracking
- **Risk description**: Clear statement of the risk event and its potential consequences
- **Category**: Classification of the risk type (financial, operational, strategic, etc.)
- **Likelihood**: Probability of the risk occurring (often on a 1-5 scale)
- **Impact**: Severity of consequences if the risk materializes (often on a 1-5 scale)
- **Risk score**: Calculated from likelihood × impact
- **Risk owner**: Person accountable for managing the risk
- **Mitigation actions**: Planned and implemented responses
- **Status**: Current state of the risk (open, mitigating, closed, materialized)
- **Residual risk**: Risk level remaining after mitigation
**Best practices**:
- Review and update regularly (at minimum quarterly, monthly for active projects)
- Ensure all risks have clear owners
- Track mitigation action completion
- Use consistent scoring criteria across the organization
- Make the register accessible to relevant stakeholders
- Record lessons learned when risks materialize or are closed
**Common pitfalls**:
- Treating it as a one-time exercise rather than a living document
- Listing risks without clear ownership or actions
- Using inconsistent or unclear rating scales
- Focusing only on negative risks and ignoring opportunities
- Creating overly complex registers that discourage use
Related Concepts
← Back to all concepts