Risk register – OPEN

Add your own custom notes.

You need to login before you can record your own custom course notes.

Registration is easy, and completely free.

Topic 7.14: Risk register

Likes people like this topic - including you!

SharesThis topic has been shared 25 times!

Progress2,617 people have passed the quiz

A risk register (or risk log) is a master document created during planning and updated throughout project delivery.

The risk register is a high level, summary view of all project risks and their status, and records:

A summary description of the risk

A risk owner – the person responsible for managing the risk

Its probability and impact ratings

A high level summary of our risk treatment

Its last and next review dates, and

The status of the risk.

Once again, we can use traffic lights to highlight the current status of the risk.

Intuitively, a green light means the risk is low and acceptable, yellow means the risk is medium, and red means that the risk is high and demands immediate attention, as per our organisational risk thresholds.

A risk dictionary further elaborates on each risk identified in the register

Each dictionary entry should be written to a level of detail that corresponds with the priority ranking and the planned response.

Often, the high and moderate risks are addressed in detail; whereas risks judged to be of low priority are included in a ‘watch list’ for periodic monitoring.

Dictionary detail can include:

Identified risks, their descriptions, area(s) of the project affected (for example, WBS element), their causes and how they may affect project objectives

Risk owners and assigned responsibilities

Outputs from the qualitative and quantitative analyses

Agreed response strategies

Specific actions to implement the chosen response strategy

Triggers, symptoms, and warning signs of risks occurring

Budget and schedule activities required to implement the chosen responses

Contingency reserves, plans and triggers that call for their execution

Fall-back plans for use as a reaction to a risk that has occurred where the primary response proved to be inadequate

Residual risks that are expected to remain after planned responses have been taken, as well as those that have been deliberately accepted, and

Secondary risks that arise as a direct outcome of implementing a risk response.

As a rule of thumb, the dictionary should provide sufficient, up-to-date detail so that if the risk owner wins lotto and flies to the Bahamas tomorrow, a new owner can step seamlessly into the role.

Ultimately, stakeholders’ perception of the effectiveness of risk management is conditioned by the way in which risks are handled as they occur, and by the number or characteristics of such events.

It is therefore crucial that whenever a risk is realised, that information about the event – as well as the progress and effectiveness of the responses – be communicated at regular intervals and in an honest manner adapted to the needs of each stakeholder.

Leonardo da Vinci understood proportion

Nevertheless, the degree, level of detail, sophistication of tools, and amount of time and effort applied should be in proportion to the characteristics of the project.

A large project that consumes a significant amount of organisational resources will obviously require a higher degree of proactive risk management than one that is smaller with flexible deadlines.

For that reason, project risk documentation should be scaled to be appropriate to the project.