What is a risk register?
Risk registers are tools used by project managers and other leaders to identify potential risks that may interfere with business goals. Risk registers include key information about the risks involved with a project or goal.
Best practices
Risk registers keep risks visible, hold employees accountable and guide resolutions when problems arise. Here are some best practices to keep your risk register running smoothly:
1. Collaborate often
Meet regularly with other managers to make sure you understand all risks regarding projects and company objectives. Ask your team members to identify any additional project risks you may not be aware of.
2. Update your risk register often
Keep data current and consistent by regularly reviewing the details within the risk register. How often you choose to review and update the register depends on the company, number of risks and rate of fluctuation.
3. Download a risk tracker
Consider implementing a cloud-based project management software for a collaborative way to follow and track changes to the risk register. Many programs include mobile apps and helpful features, like messaging and a dashboard view of overall progress.
Related: How to Manage Employees
How to create a risk register
Before you begin creating a risk register for your company, you’ll want to consider all aspects of your project and how to best convey the most important details. Here are the steps you might take to create a risk register:
- Choose a simple design
- Include key fields
- Consider additional elements
- Use color coding
- Set user access rights
- Include summary
1. Choose a simple design
When you’re tasked with creating a risk register, it’s important to consider the design. Simple layouts make reading easier for everyone, which eliminates a lot of confusion when navigating the format. A good design provides an easy-to-read overview of all risks and allows users to access detailed information regarding each risk.
2. Include key fields
The descriptions within your risk register should accurately portray the risks. Each column should include a risk identifier or index (a unique number that identifies a risk), risk category, risk description, risk level, risk owner, risk response and current status. Keep descriptions short to encourage follow-through and accountability. When writing descriptions, be specific and concise.
3. Consider additional elements
Depending on the size of the project, you may choose to add additional variables to the risk register. For instance, your team might need to measure things like impact, probability and other values related to risk. Impact statements should explain how the risk can influence the company’s goals. Set up preset options to streamline the process of data entry. Consider a balanced approach when adding fields.
4. Use color coding
One of the most common ways to show prioritization of risks is by color-coding in ‘traffic light’ colors that show various levels of importance. Like many warning signs found in society, the color red indicates a high risk when present within a risk register. Other key colors include amber or yellow, which signifies medium risk, and green for low-risk items.
5. Set user access rights
While your goal should be to allow easy access to the risk register, there may be instances where you’ll need to limit access. For instance, company stakeholders and managers may have special permissions that allow them to view additional information or make changes to the document. Set user access rights accordingly and make sure there is a way to track who changed certain areas of the register.
6. Include summary
When people are limited on time, summary risk profiles present critical information in a quick snippet. Consider including a condensed version of your risk descriptions so people can quickly scan information and make fast decisions.
Related: 5 Steps to Creating an Effective Training and Development Program
Risk register examples
When planning out your company risk register, it helps to have a reference. Here are some examples of great project risk registers:
Example 1:
| Risk identifier | Risk category | Risk description | Inherent risk | Risk response | Risk owner | Risk status |
| R3 | Resources | Because of project team member absence, scheduled activities are not completed on time, leading to missed deadlines. | High | Set clear expectations, connect at regular intervals, provide coaching. Evaluate team efficiency and consider hiring more people. | Project manager | Active |
| R5 | Communication | Lack of communication, causing confusion and negativity. | Medium | Create communication plan that includes these sections: frequency, goal andaudience. Ensure entire team understands expectations by signing form upon review. | Project manager | Active |
| R8 | Site | Inadequate website testing leads to customer complaints and profit loss. | High | Ensure related departments perform quality checks and test site functions before updating the site. | Project manager | Active |
| R2 | Scope | Incomplete project design | Low | Work with creative team to promote understanding of project scope. Consider design workshop or mentorship with senior-levelmembers. | Project sponsor | Closed |
Example 2:
| ID | Risk description | Likelihood of risk | Impact if risk occurs | Severity rating | Risk owner | Mitigating action | Contingent action | Progress on actions | Status |
| 6 | Increased workload creates conflict with team goals | Low | High | Medium | Team manager | Schedule a meeting to discuss new requirements and audit past processes to ensure efficiency. | Alert project manager of timing conflicts and make an action plan. | Team managers attending efficiency workshops. | Open |
| 3 | Legal actions slow progress on projects | Low | Medium | Medium | Project sponsor | Review all contracts, plans and requirements before project launches. | Notify project board members who will consult legal team. Follow recommended course of action. | Contracts and communication forms sent out. | Open |
Risk register FAQs
Project risk registers involve many aspects that sometimes need further clarification. Here are some of the most frequently asked questions:
What is the difference between risks and issues?
Risks refer to future issues that may or may not occur. Issues refer to current problems or future problems that will definitely occur and that need a resolution.
How often should you review risk registers?
That depends on the company and its goals. It’s a good idea to review risk registers weekly and when regulations change. When you’re reviewing items, you should identify risks that became incidents and add any new risks to the register.
