RiskRegister

Abstract

Identifying risk in a project is always important in order to understand potential consequences related to given tasks and/or decision made within a project. Uncertainty and opportunities will always be present, and hence it is important to accommodate and grasp important factors, that might influence the outcome of a project and hence its success.

The risk register used in both Project Management Institute Body of Knowledge (PMBOK) and PRINCE2 standard is a document that contains relevant information on located risks and or possibilities. It enables the project manager to record and register risks and opportunities within a given project. As it is included in both of these standards, it is a widely recognised tool. It is a way of documenting and registering risk and builds on other methods in order to locate more cryptic risks as well as how to deal with them. Hence the risk register is used as a risk management tool. However, more straight forward and easily identified risk are potentially discovered once using the risk register and hence also added to the risk register. This is done by the project manager, once updating or maintaining the document. In this document the risks are summarized, creating an overview of potential threats, risks and also opportunities. The project manager can find assistance for this within the project support group, but the document should be kept in a secure place and only be accessed by certain people in order to secure its quality.

Once risks are identified, the project manager can use the risk register tool to establish an overview of risk and potential threats or opportunities to the projects in a structured way. By filling in important information on the impact of the risk, the probability of the risk, how to handle the risk, amongst others, the project manager can locate and assign scores, indicating the importance of that risk being handled. Here manages should keep in mind, that assigned scores are based on the perception of the risk when added to the document and hence the quality of the risk register relies on an iterative and ongoing evaluation of registered risks. Noting down whether a risk has been handled or not is also an ongoing process that likewise is important in order to assure the quality of the risk register. Because of its simple structure the risk register can be reevaluated and adjusted on a day-to-day basis, by filling in the relevant information in the risk register document. This therefore makes it a simple yet effective tool in order to handle risks in a project.

Big Idea

^[1]

Application

• Risk identifier: Provides a unique reference for every risk entered into the risk register. It will typically be a numeric or alphanumeric value-Risk author
• Risk author: The person who raised the risk-Risk category
• Date registered: The date the risk was identified
• Risk category: The type of risk in terms of the project’s chosen categories (e.g. schedule, quality, legal)
• Risk description: Describes the risk in terms of the cause, event (threat or opportunity) and effect (in words of the impact)
• Probability, impact and expected value: I t is helpful to estimate the inherent values (pre-response action) and residual values (post-response action). These should be recorded in accordance with the project’s chosen scales
• Proximity: This would typically state how close to the present time the risk event is anticipated to happen (e.g. imminent, within the management stage, within the project, beyond the project). Proximity should be recorded in accordance with the project’s chosen scales
• Risk response categories: How the project will treat the risk in terms of the project’s chosen categories. For example:

1. for threats: avoid, reduce, transfer, share, accept, prepare contingent plans
2. for opportunities: exploit, enhance, transfer, share, accept, prepare contingent plans

• Risk response: Actions to be taken to resolve the risk. These actions should be aligned with the chosen response categories. Note that more than one risk response may apply to a risk
• Risk status: Typically described in terms of whether the risk is active or closed
• Risk owner: The person responsible for managing the risk (there should be only one risk owner per risk)
• Risk actionee: The person(s) who will implement the action(s) described in the risk response. This may or may not be the same person as the risk owner.

Limitations

References

1. ↑ Project Management: A guide to the Project Management Body of Knowledge (PMBOK guide), 6th Edition (2017)