What Is a Risk Register & How to Create One


You’ll never be able to anticipate every risk event that could occur in a project, but by using a risk register, you’re prepared to respond quickly before project risks become real problems and sidetrack the whole project.

What Is a Risk Register?

A risk register is a tool in risk management and project management. It is used to identify potential risks in a project or an organization, sometimes to fulfill regulatory compliance but mostly to stay on top of potential issues that can derail intended outcomes.

Related: Risk Register Template for Excel

While the risk register is mostly used during the execution of the project, it’s part of your risk management plan, which must be given serious consideration by project managers during the project planning phase. There is no time too early to start thinking about risk analysis in your project. Therefore, having a project risk register on hand and ready is essential in managing risk.

Once you have your risk register to identify and track risk events, then you need project management software to take action. ProjectManager has risk management features to view risk in the product menu. You can assign, prioritize and view risk history directly from the risk card. This makes it easier for teams to collaborate on risks and for managers to track their progress in real time. Get started with ProjectManager today for free.

risk management in ProjectManager
Use ProjectManager’s risk management feature to resolve risk. Learn more

Having a risk log to track project risks, whether by a simple spreadsheet or as part of a more robust project management software solution, is a good idea to tackle in any project plan. There is risk inherent in everything, and that goes doubly for managing a project with lots of moving parts.

Why Do You Need a Project Risk Register?

If you know what risk management is, then you’ll know that the next step to managing risk is strategically working to control the potential issues that are most likely to occur when you’re managing a project. Therefore, you should have a risk analysis mechanism in place to collect potential risks and then map out a path to mitigate risks and get the project back on track, should those risks become realities.

What Is Included in a Risk Register?

Risk registers may vary depending on the organization and the project. However, most risk register templates share these commonly used elements:

  • Risk identification ID: A name or ID number to identify the risk.
  • Risk description: A brief explanation of the risk.
  • Risk breakdown structure: A risk breakdown structure is a chart that allows you to identify all your project risks and categorize them.
  • Risk categories: There are many risk categories that can impact a project such as a schedule, budget and technical and external risks.
  • Risk analysis: The purpose of risk analysis is to determine the probability and impact of a risk. You can either do a qualitative risk analysis or a quantitative risk analysis.
  • Risk probability: You’ll need to estimate the likelihood of each risk and assign a qualitative or quantitative value.
  • Risk priority: The risk priority is determined by assigning a risk score to each risk, which is obtained by multiplying the risk impact and probability values. If you’re using qualitative measurements, you’ll need to prioritize risks with the highest impact and highest probability.
  • Risk response: Each risk needs a risk response to mitigate its effect on your project. Those risk responses are also documented in a risk response plan.
  • Risk Ownership: Each risk needs to be assigned to a team member who becomes a risk owner. The risk owner is responsible for deploying the appropriate response and supervising it.

Risk Management Process

The first step in the risk management process is risk identification. Projects are all different, of course, but for organizations that run similar projects year over year, there might be historical data to review to help identify common risk categories to those types of projects.

Additionally, you can anticipate some project risks based on market forces (supply and demand risks, for example), or based on common project management issues, or even based on weather.

Collect the Project Risks

Collecting the possible risks that can show up when managing a project requires a systematic approach to make sure you’re as thorough as possible. The project risk register is a system, which can then track that risk if it in fact appears and then evaluate the actions you’ve set in place to resolve it.

When registering these risks on a risk log spreadsheet or within your project management software, you have a place to put all this data and follow the specific risk event throughout the project, thereby seeing if the risk response actions you’ve put in place to remedy the risk are working. A risk tracking document, therefore, keeps project risks on a tight leash to mitigate their impact so they don’t ruin your project.

Document the Project Risks

Documenting project risks using a risk register is vital to the success of any project. It gives you a single place to identify the risk, note its history—from where it first occurred to where you finally resolve it—and even tag the risk to the person who identified it and owns its management. On the risk log, you can note the risk score and how likely the risk will impact the project and so much more.

Monitor the Project Risks

As mentioned, you can assign risks to your team members in your project risk register. That person then is responsible for monitoring the risk and leading any risk response actions required to mitigate the impact of that risk event or address it once it becomes an issue. By documenting this process in a project risk register, you’re less likely to lose track of project risks over the course of a busy project, which means the risks aren’t turning into real issues that can negatively impact the project budget or schedule and compromise the success of the project.

Resolve the Risks

Finally, when the project risk is resolved, you can close it. Nothing is better than checking off that risk in your risk log as no longer a problem in the project. Also, if the risk event has been remedied, then you don’t want to continue putting resources against a problem that no longer exists. It simply gives you more control over your risk management plan and fosters better communications with your project team and stakeholders.

How to Create a Risk Register

Let’s go through all the steps to create a risk register so we can get the most out of this risk management tool when we use it.

1. Risk Identification

Get the project team together to brainstorm potential risks. Every team member is responsible for different areas of the project, so use their expertise to help identify potential project derailing risks. You’ll also want to speak with stakeholders to make sure you’ve brought their concerns to mind, and are tracking their risks, too. Be sure to exhaust all risk categories of potential impact, from market forces to resources to the weather.

2. Describe Project Risks

The next thing you want to do is describe the project risk. Try to be as thorough as you can while keeping the description to the essentials. Having too vague a risk will make it a challenge to truly understand whether a risk has become a real issue or not. For example, don’t write, “The Weather,” for a risk contingent on the weather. Rather, go for something specifically related to your project, such as, “Monsoon season in India could cause shipping delays for copper.”

As you identify and describe risk, ProjectManager will help you assign ownership to a team member, set the priority and attach any relevant files. Teams can collaborate, share the risk, add comments and tag people. Managers get visibility into the work and everyone is working on the same updated and life data.

Risk management in ProjectManager
Oversee and mitigate risks directly from our software. Learn more

3. Estimate Risk Impact

Include everything that the risk can influence, so you can develop a strong strategy to deal with it. For example, if layoffs have been rumored in your business sector regionally, identify the actual impact that might have on your project schedule if it came to pass. For example, “Projected layoffs in Southeast manufacturing could risk production schedules in June. This could delay the entire project execution by three months unless alternative production options are considered. This tells the risk owner to investigate potential options for manufacturing facilities outside of that region, so a real risk management plan is in place.

4. Create a Risk Response Plan

This is the heavy lifting in the project risk register, so give it the time and effort necessary to complete it properly. You want to be thorough, but not excessive. Keep the risk response plan short and to the point. Do your research, so if the risk shows up in the project you can go right into action. Document all response plans and implementation strategies. If this requires a long document, add a link or add an attachment to the risk response plan document to point directly towards the planned response.

5. Prioritize Project Risks

Not all project risks are created equally. Some of them have a greater impact than others, so you have to decide here which are going to move to the front of the line and which are okay to ignore if you don’t have the time and resources. Here you’ll determine the level of risk: high, medium or low. This way you can filter your register and then prioritize.

6. Define Risk Owners

Finally, assign an owner to each risk. If you don’t have a risk owner for each and every potential risk, then you might not know about it until the impact of that risk is irreversible.

7. Notes

There is one last column in your risk register, and that’s a place to collect any notes that don’t fit under the categories already discussed. It’s important to have a place to put these ideas so they don’t get lost in the endless churn of a project.

Using ProjectManager to Track Risks

ProjectManager is an award-winning project management software with integrated risk tracking features that allow you to list, manage and collaborate with ease. Once you’ve selected a certain risk, there’s a simple and fast way to edit every aspect of the risk, including its name, description, which it is assigned to, and its level of priority. Even better, you have the ability to add notes, files, images and other attachments to that specific project risk.

dashboard for tracking risks in risk register

One of our most powerful risk management features is our real-time dashboard. Our project dashboard gives you a snapshot of your project status and is ideal for catching risks ahead of time before they become issues. This unique feature is valued by project managers all over the world, in major companies like Volvo, NASA and Bank of America.

ProjectManager is online project management software that offers a collaborative risk tracking tool that gives you all the features you need to identify, track and resolve risks as they become issues in your project. Try it yourself and see how it can make managing risk and the whole project that much easier. Take our free 30-day trial today!

Related Posts

Deliver your projects
on time and under budget

Start planning your projects.

Start free trial