A risk register is a tool in risk management and project management. It is used to identify potential risks in a project or an organization, sometimes to fulfill regulatory compliance but mostly to stay on top of potential issues that can derail intended outcomes. The risk register includes all information about each identified risk, such as the nature of that risk, level of risk, who owns it and what are the mitigation measures in place to respond to it.
Having a list to track risk, whether by a simple spreadsheet or as part of a more robust project management software solution, is a good idea to tackle in any project plan. There is risk inherent in everything, and that goes doubly for managing a project with lots of moving parts.
You’ll never be able to anticipate everything that could go astray in a project, but by doing the due diligence, you’re able to have a plan in place to respond quickly before risks become real problems and sidetrack the whole project.
Why Do You Need a Risk Register?
If you know what risk management is, then you’ll know that the next step to managing risk is strategically working to control the potential issues that are most likely to occur when you’re managing a project. Therefore you should have a mechanism in place to collect potential risks and then map out a path to get the project back on track, should those risks become realities.
The first thing you have to do is identify the risks. No one is asking you to consult a soothsayer, but experience should guide you. Projects are all different, of course, but for organizations that run similar projects year over year, there might be historical data to review to help identify common risks to those types of projects. Additionally, you can anticipate some risks based on market forces (supply and demand risks, for example), or based on common staffing or personnel issues, or even based on the weather.
To collect the possible risks that can show up when managing a project requires a systematic approach to make sure you’re as thorough as possible. The project risk register is a system, which can then track that risk if it in fact appears and then evaluate the actions you’ve set in place to resolve it.
When registering these risks on a spreadsheet or within your project management software, you have a place to put all this data and follow the specific risk throughout the project, thereby seeing if the actions you’ve put in place to remedy the risk are working. A risk tracking document therefore keeps the risk on a tight leash so it doesn’t run ruin over your project.
The documentation of risk is vital to the success of any project. It gives you a single place to identify the risk, note its history—from where it first occurred to where you finally resolve it—and even tag the risk to the person who identified it and owns its management. You can remark on how likely the risk will impact the project and so much more.
Also, you have a place to assign a team member to the risk. That person then is responsible for monitoring the risk and leading any actions required to mitigate that risk or address it once it becomes an issue. By documenting this process in a register you’re less likely to lose track of the risk over the course of a busy project, which means the risks aren’t turning into real issues that are running rampant out of sight and threatening the success of the project.
Finally, when the risk is resolved, you can close it. Nothing is better than checking off that risk in your paperwork as no longer a problem in the project. Also, if the risk has been remedied, then you don’t want to continue putting resources against a problem that no longer exists. It simply gives you more control and fosters better communications with your team and stakeholders.
What Makes Up a Register to Track Risk?
It’s clear that risk exists and that when managing a project it requires a system to identify and track. So, now let’s dissect the parts of risk log tracking so when we can get the most out of one when we use it. Let’s go step by step through the document.
Get the team together to brainstorm potential risks. Every team member is responsible for different areas of the project, so use their expertise to help identify potential project derailing risks. You’ll also want to speak with stakeholders to make sure you’ve brought their concerns to mind, and are tracking their risks, too. The size of your risk register will likely depend on the complexity of your project. Be sure to exhaust all areas of potential impact, from market forces to resources to the weather.
The next thing you want to do is describe the risk. Try to be as thorough as you can while keeping the description to the essentials. Having too vague a risk, will be a challenge to truly understanding whether a risk has become a real issue or not. For example, don’t write, “The Weather,” for a risk contingent on the weather. Rather, go for something specifically related to your project, such as, “Monsoon season in India could cause shipping delays for copper.” That enables the risk owner to track relevant weather patterns in a productive manner.
The same goes when you use the next column in your register to outline the expected impact of the risk if and when it arises. But don’t skimp on details. Include everything that the risk can influence, so you can develop a strong strategy to deal with it. For example, if layoffs have been rumored in your business sector regionally, identify the actual impact that might have on your project if it came to pass. For example, “Projected layoffs in Southeast manufacturing could risk production schedules in June. This could delay the entire project by 3 months, unless alternative production options are considered.” This tells the risk owner to investigate potential options for manufacturing facilities outside of that region, so a real backup plan is in place.”
This is the heavy lifting in the register, so give it the time and effort necessary to complete it properly. You want to be thorough, but not excessive. Keep the response short and to the point. Do your research, so if the risk shows up in the project you can go right into action. Document all response plans and implementation strategies. If this requires a long document, add a link or add an attachment to the risk document to point directly towards the planned response.
Not all risks are created equally. You have to decide here which are going to move to the front of the line and which are okay to ignore if you don’t have the time and resources. Here you’ll determine the level of risk: high, medium or low. This way you can filter your register and then prioritize.
Finally, assign an owner to each risk. If you don’t have a team member responsible for each and every potential risk, then you might not know about it until that risk is irreversible.
There is one last column in your register, and that’s a place to collect any notes that don’t fit under the categories already discussed. It’s important to have a place to put these ideas so they don’t get lost in the endless churn of a project.
Create One for Your Project
You can download a risk tracker, which is a good start, but it’s only the beginning of taking control of risk in your project. When you create or import one into your project management software, you’ve opened up the project risk from being a standalone document to a living one shared among the team.
You can do what you would have down with a simple spreadsheet, such as list all the risks inherent in a particular project, with status and level of priority. But more than just that you can now share the information quickly and easily with your team.
Like everything else in your project, risk can change, but a static spreadsheet means editing, saving and then importing the revised document into your PM software. That’s a lot of work, and you already have a lot of work.
When the risk tracker is part of a larger PM tool then you can collaborate with ease. Once you’ve selected a certain risk, there’s a simple and fast way to edit every aspect of the risk, be that changing its name and description or which team member noted it and is assigned to track the risk. Even better, you have the ability to add notes, files, images and other attachments to that specific risk.
ProjectManager.com is cloud-based project management software that offers a collaborative risk tracking tool that gives you all the features you need to identify, track and resolve risks as they become issues in your project. Try it yourself and see how it can make managing risk and the whole project that much easier. Take our free 30-day trial today!