What Should Be Included In A Risk Register?

All identified and perceived risks to a project should be included on a risk register, to enable everyone involved in the project to be aware of the risks and to identify who has the primary responsibility for that risk.

What Does A Risk Register Look Like?

A risk register is usually compiled electronically, so that it can either be printed out and reviewed in meetings or shared via e-mail.

Generally a risk register will be formatted using an Excel spreadsheet, and using this format means that it can easily be updated as the project progresses.

What Information Does A Risk Register Contain?

Obviously a risk register will contain all the risks that have been identified, but there is much more to a risk register than this. The register needs to contain information about the severity of the risk. This information comes in two different formats, so there is information about the likelihood of the risk happening and then the severity of the risk if it happens.

For example, in a project which is setting up a new line of business selling Christmas type gifts, a risk identified could be that one of the major suppliers fails to deliver the toys in accordance with the agreed time schedule. The likelihood of this happening should be low, because the contract between the supplier and the client should have been drafted in such a way that the supplier will be heavily penalised should this happen. However, the impact that late supplies would have could potentially ruin the business and as such, the impact would be ‘graded’ as severe.

The risk register should also identify key players who have ‘ownership’ of the risks. So members of the Project Team will be identified on the risk register and then at team meetings they can report on progress and how that risk is being managed.

Updating The Risk Register

The risk register needs to be constantly updated to ensure continuous management of risks. It is not enough simply to create the register, allocate ownership of these risks and then assume that everything is fine. The register needs to evolve as the project is underway.

Updating the register keeps everyone informed and aware of what is happening. That is important, not just for the members of the Project Team, but also for members of the Steering Board or Steering Group, if there is one.

Because members of the Steering Board are not directly involved in the day to day management of the project, they need to be aware of how things are progressing. But because they are not involved on a day to day basis, they can also cast a fresh pair of eyes over the register and provide guidance on any potential impact of risks that may have been overlooked by the Project Management Team. Obviously this should not happen, but on any project there is always the risk of human error!

Alternatives To The Risk Register

The compilation of a ‘risk register’ is not set in stone. There are various alternatives. The risks could simply be collated into a Word document and then updated periodically. On very small projects, the risks are often given a special heading in the minutes of meetings and then at each meeting the risks are discussed and an update provided for each one.

Some projects may even just have the risks on a board that is updated ‘as and when’ but this is only appropriate for the smallest of projects, since any project should always have a proper record of the risks and how they have been managed.


Check out our video below on risk registers and risk logs.

Be Sociable, Share!


Leave a Reply