The effectiveness of risk management can be a critical factor in whether a project will be successful. If risks aren’t captured, tracked, and planned for, they are more likely to sneak up on a project and impact project schedules and budgets.
As projects move out of planning stages, actively monitoring for and tracking risks continues to be important. Understanding risks early in a project is critical, but continuing to be aware of logged risks and capturing new ones can be the difference between being prepared and being caught off-guard.
When tracking risks, it’s important to evaluate their potential impact and how likely they are to occur. This allows the project team to focus on the most imminent and most impactful risks first. Understanding how the team will respond to risks (should they occur) is another component of risk management that can be pre-planned and leave the project team feeling less uncertain should the risk be realized.
When capturing risks in a risk log, important items to capture are:
Risk ID: A unique number identifier that is logged with each risk.
Project: the name of the project to which the risk is primarily related.
Description: Detailed description of the risk including any supporting context, history, or other information that provides an understanding of the risk.
Status: A designation of the current status including:
- Open: The risk has been defined and captured.
- Closed-Diverted: Risk mitigation plans have succeeded.
- Closed: The risk has been resolved and all stakeholders have been notified.
- Pending Close: The risk resolution has been attained and is being communicated.
- Realized: The risk event has occurred invoking contingency plans.
Probability: A numerical indication of the risk event probability:
- 5: very likely to occur
- 4: likely to occur
- 3: may occur
- 2: unlikely to occur
- 1: very low chance of occurrence
Project Impact: A numerical indication of impact to the project effort:
- 4: Critical Path Impact (showstopper, will impact end date)
- 3: High Impact (may impact end date, will impact key metrics)
- 2: Medium Impact (may impact metrics but not the end date)
- 1: No Impact
Business Impact: A numerical indication of impact to the effort from the business perspective:
- 4: Customer Impact (cannot receive service/product)
- 3: Operational Impact (no customer impact)
- 2: Operational Inconvenience (no operational or customer impact)
- 1: No Impact
Assessment: A Numerical value of the Probability x Project Impact x Business Impact to understand the importance of each risk for prioritization purposes.
Triggers: Specification of what will trigger the risk event to occur – it may be one or many things.
Phase: The specific project phase where the risk is anticipated to occur.
Mitigation Plan: The plan to be executed to prevent the risk from occurring.
Updates: Any updates that occur throughout the project that indicate progress or change to managing the risk.
Owner: The team member who owns the risk item. They are responsible for assuring mitigation plans as well as contingency plans.
For more information about maintaining a project log, see the Master Project Log that also includes logs for Action Items, Assumptions, Issues, and Change Requests.
Preview and Download the Risk Register Template.