Risk Register: how to compile it

risk register

The Risk Register is a valuable working tool, often underestimated.

Projects sometimes involve huge work demands and significant amounts of money to be completed successfully.

Ensuring that they are completed is an extremely delicate yet complex task.  How can you achieve this? Simple: with a risk assessment and, thus, the compilation of a risk register, one of the most important documents of a project.

Why is a risk register so important?

A risk register contains a list of potential risks that the team has identified in relation to a specific project.

It also includes measures that can be adopted to ensure that these risks do not escalate into a tsunami that could eventually disrupt the work.

A risk register is mainly a communication tool for sharing concerns and risks related to a project with all stakeholders.

Since everything is written in an official document produced before the project even begins, this document is of greater significance than when doubts are expressed during a “routinary” meeting.

The first approach to a risk register

The first thing to do is to determine risks.

No one expects the project manager to be a fortune-teller, but their experience should guide them through this task.

The projects are all different, of course, but for organizations that manage similar projects year after year, there may be historical data to review to identify common risks.

Also, it is possible to forecast some risks based on market forces or staffing issues.

To collect the possible risks that may arise during the management of a project, you will need a systematic approach to ensure you get the most thorough overview possible.

The project risk register is a system that can then keep track of that risk if it actually appears and then assess the actions set up to resolve it.

Recording a risk in the official register gives you a unique place to enter all the data related to the situation in question. It is thus possible to track the specific risk throughout the project, verifying whether the actions taken to fix or mitigate the risk work.

By recording the entire process in a log, you are less likely to lose track of the risk during a demanding project.

This makes the risks less likely to turn into real problems that can significantly threaten the success of a project.

Finally, when the risk has been resolved, it can be officially labeled as closed or terminated.

How to use and fill in a risk register

Here is how to use and fill in a risk register and which items must absolutely be included in this official document.

Risk list

Together with the help of experts and project stakeholders, it is crucial to list all the potential risks that the project may face.

In this case a brief description of the potential risk is included, for example, conflict of resources that lack enough time due to multiple concurrent requests.

Furthermore, it is important to give a unique identification number to specifically track each individual risk in the register.

Assign a risk category

Risks are not all equal; some risks are caused by technical factors, other risks are at the level of personnel or even, environmental risks, brand risks, health risks, etc.

Each risk must be assigned to a specific category.

Assess the impact of each risk

The impact shows the magnitude of the consequences of a risk.

A low impact means that if the risk were to occur, the potential damage to the project would not be so severe.

A high impact means that serious adverse effects can be expected and, clearly, these are the risks that should be given more attention.

the risk register

Estimate risk probability

The next step is to estimate the probability that a risk may occur. Naturally, the higher the probability that the risk will occur, the more you will need to be careful.

Calculate overall risk value

After estimating the impact and probability of the risk and filling in the appropriate values in the risk register, the overall risk value is calculated.

This is simply the product of the impact and the probability factor:

overall risk value = impact * probability

Assign a manager to each risk

To each risk a manager must be assigned. This risk manager will be the individual in charge of monitoring risk and taking appropriate measures to limit its impact.

Often it is directly the project manager, but sometimes there may be risks where a specific team member may be better suited and closer to the role.

Define mitigation actions for each risk

Lastly, you should list all the measures that can be adopted to mitigate, circumvent or eliminate the risk. All measures must be reported in the document.


Risks lie in all situations, both in daily life and in business, and this is doubly true in project management, where everything is in motion.

Risk documentation is fundamental for the success of any project, it offers a single place to identify the risk, note down its history.

Developing a risk log allows you to follow the process, from where it first occurred to where it is resolved, and even mark the person who will be in charge of managing each risk.

A project manager will never be able to anticipate everything that might go wrong in a project, but following a structured plan and having a clear risk log will be proactive and capable of taking prompt action before the risks become real problems.

Manage your risk register on Twproject
All your documents in one place!

Related Posts