Risk Register

A risk register is a project management document that records every identified risk — along with its probability of occurrence, potential impact, planned response, owner, and current status. It converts a reactive "wait and see" posture into a deliberate, managed response to uncertainty. A risk register doesn't prevent problems; it ensures the team has thought through what could go wrong and decided in advance what to do about it.

What Goes in a Risk Register

A complete risk register entry typically includes:

• Risk description — what might happen, under what circumstances, and what triggers it
• Probability — likelihood of occurrence, rated low / medium / high or as a numeric percentage
• Impact — consequence if the risk occurs, rated by effect on schedule, cost, scope, or quality
• Risk score — probability × impact, used to prioritize which risks deserve the most attention first
• Response strategy — the planned action (avoid, transfer, mitigate, or accept)
• Owner — the team member responsible for monitoring the risk and executing the response
• Status — open, closed, triggered, or watching

Risk Response Strategies

The four standard responses cover the full range of options:

• Avoid — change the project plan to eliminate the risk entirely (choose a different supplier, skip a risky approach, extend the deadline)
• Transfer — shift the financial impact to a third party through insurance, a fixed-price contract, or a warranty
• Mitigate — take action to reduce the probability or impact before the risk materializes (prototype early, add schedule buffer, run a pilot)
• Accept — acknowledge the risk and decide not to act unless it materializes; active acceptance includes a contingency plan; passive acceptance means monitoring only

Maintaining the Risk Register

A risk register created in week one and never updated afterward is worse than no register — it creates false confidence that risk is being managed when it isn't. Risk registers should be reviewed at each status meeting, updated when new risks emerge, closed when a risk period has passed, and updated when a risk has materialized and the response has been executed. Risks that were once low-probability can become high-probability as the project progresses.

Risk Registers and Project Scheduling

Schedule risk is one of the most common risk categories: tasks take longer than estimated, resources become unavailable, external dependencies slip, or approvals arrive late. A well-built project schedule — with accurate durations, dependency links, resource assignments, and a set baseline — is itself a risk management tool. It surfaces conflicts before they happen and creates a reference point for measuring schedule drift if a risk materializes.

Related Terms

Project Charter  ·  Project Scope  ·  Scope Creep  ·  Project Baseline  ·  Deliverable