Risk register - An important component of overall risk management framework
Risk register is an important component of the overall risk management framework. An in-depth understanding of this topic will enable us to understand the risk management processes better.
Risk register is also an important topic of study for the PMP®certification exam.
What is a Risk Register?
The risk register database can be viewed by project managers as a management tool for monitoring the risk management processes within the project. Risk register is used to identify, assess, and manage risks down to acceptable levels through a review and updating process.The purpose of a risk register is to record the details of all risks that have been identified along with their analysis and plans for how those risks will be treated.
It is the responsibility of the project manager to ensure that the risk register is updated whenever necessary. The task of updating the risk register is usually delegated to the project control function.
Risks that have been managed, avoided or are no longer relevant can be removed from the risk register. The associated risk action plans can also be deleted from the risk register.
The list of risks that are identified and recorded in the risk register drives the following risk management processes specified in the PMBOK® Guide:
- Perform Qualitative Risk Analysis
- Perform Quantitative Risk Analysis
- Plan Risk Response
- Monitor and Control Risk
In the Perform Qualitative Analysis process, details are added to the existing list of risks in the risk register including the priority of risks, the urgency of the risks, the categorization of risks and any trends that were noticed while performing this process.
In the Perform Quantitative Risk Analysis process the risk register is updated with the probabilities associated with each identified risk and the probability of meeting the cost and time projections. Additionally risk priorities are updated and trends that have been observed are also noted.
In the Plan Risk Response process, a specific response plan is created to manage each risk. These risk response plans are updated in the risk register as an output of this process.
While managing risks, we need to remember not all risks are negative. Positive risks are opportunities. Accordingly, a project manager should devise strategies for managing negative risks or threats and positive risks or opportunities.
In the Monitor and Control risks process, plans are re-assessed and re-evaluated.
The risk register is updated with information on new risks as an output of this process. This information should be regularly updated in the risk register, whether it is changes to the risk estimates or actual numbers such as costs related to weather damage.
When is a Risk Register created?
As per the PMBOK® Guide, the risk register is the output of the Identify Risk process in the Risk Management knowledge area. The identify risk process is a planning process used to identify the risks, which could impact the project and understand the nature of those risks.
Although the identify risks process is performed early on in the project, risks change overtime and new risks arise. Therefore it may be necessary to perform the identify risks process multiple times throughout the project.
What are the components of a Risk Register?
There is no standard list of components that should be included in the risk register. PMBOK® Guide and PRINCE2, among other organizations make recommendations for risk register contents; however these are not the only recommendations that may be used.
The following table displays key components of a risk register that is used in managing risks in large and complex projects.
|Date||As the Risk Register is a living document, it is important to record the date that risks are identified or modified. Optional dates to include are the target and completion dates.|
|Reference Number||Reference Number of the key element.|
|Key Element||A brief description of the key element. Except for very small projects, risk identification becomes unproductive if we consider the project as a whole. It is much easier and productive to break up the whole project into sections or key elements for risk identification.|
|Risk Group||This column is used for grouping similar risks as an aid to developing treatment options and action plans.|
|Unique Identifying Number||A unique identifying number for the risk. It often has the form E.xx where E is reference number of the key element and xx is a 2 digit identifying number.|
|Risk||A brief description of the risk, its causes and its impact.|
|Existing Controls||A brief description of the controls that are currently in place for the risk. At an early stage in the life of a project, the controls may be those that are expected to be in place if normal project management processes are followed.|
|Consequence||The consequence rating for the risk, using scales|
|Likelihood||The likelihood rating for the risk, using scales|
|Agreed Priority||Agreed priority for the risk, based on an initial priority determined from a matrix, adjusted to reflect the views of the project team in the risk assessment workshop.|
|Inherent Rating||The inherent rating for the risk, if there were a credible failure of controls or they failed to work as intended, using scales.|
|Action Summary||A cross reference to the action summary for the risk|
|Responsibility||The name of the individual responsible for managing the risk|
A risk register is an important component of the overall risk management framework. The risk register database records all identified risks in the project. It is created in the Identify Risks process as per the PMBOK® Guide. It also drives the other risk processes like Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, and Monitor and Control Risks.
Preparing for PMP® Certification? Take this test to know where you stand!
PMP and PMBOK are registered trademarks of the Project Management Institute, Inc.
About the On-Demand Webinar
About the Webinar