Everything Project Managers Should Know About the Risk Register

Everything Project Managers Should Know About the Risk Register


Last updated September 12, 2018


A risk register, sometimes known as a risk log, is an important component of the overall risk management framework. What exactly is a risk register? Created during the early stages of a project, the risk register is a tool that helps you track issues and address them as they arise.

Risk register is also an important topic of study for the PMP® certification exam as well as the Prince2 Certification.
A risk register is used to identify, assess, and manage risks down to acceptable levels through a review and updating process. 

What is the Purpose of a Risk Register?

The purpose of a risk register is to record the details of all risks that have been identified along with their analysis and plans for how those risks will be treated.

Basically, it’s a log that identifies risks along with their severity and the actions and steps to be taken to mitigate the risk.
The risk register database can be viewed by project managers as a management tool for monitoring the risk management processes within the project. It is the responsibility of the project manager to ensure that the risk register is updated whenever necessary. The task of updating the risk register is usually delegated to the project control function.

The list of risks that are identified and recorded in the risk register drives the following risk management processes specified in the PMBOK® Guide

Perform Qualitative Risk Analysis

In the Perform Qualitative Analysis process, details are added to the existing list of risks in the risk register including the priority of risks, the urgency of the risks, the categorization of risks, and any trends that were noticed while performing this process. Risks that have been managed, avoided, or are no longer relevant can be removed from the risk register. The associated risk action plans can also be deleted from the risk register.

Perform Quantitative Risk Analysis

In the Perform Quantitative Risk Analysis process, the risk register is updated with the probabilities associated with each identified risk and the probability of meeting the cost and time projections. Additionally, risk priorities are updated and trends that have been observed are also noted.

Plan Risk Response

In the Plan Risk Response process, a specific response plan is created to manage each risk. These risk response plans are updated in the risk register as an output of this process.

While managing risks, remember that not all risks are negative—positive risks are opportunities. Accordingly, a project manager should devise strategies for managing negative risks or threats as well as positive risks or opportunities.

Monitor and Control Risk

In the Monitor and Control risks process, plans are re-assessed and re-evaluated. The risk register is updated with information on new risks as an output of this process. This information should be regularly updated in the risk register, whether it is changes to the risk estimates or actual numbers such as costs related to weather damage.

When is a Risk Register Created?

As per the PMBOK Guide, the risk register is the output of the Identify Risk process in the Risk Management knowledge area. The Identify Risk process is a planning process used to identify the risks, which could impact the project and understand the nature of those risks.

Although the Identify Risks process is performed early on in the project, risks change over time and new risks can arise. Therefore, it may be necessary to perform the identify risks process multiple times throughout the project.

What are the Components of a Risk Register?

There is no standard list of components that should be included in the risk register. The PMBOK Guide, and PRINCE2, and other organizations make recommendations for risk register contents; however, these are not the only recommendations that may be used.

The following table displays example components of a risk register used in managing risks in large and complex projects.



A risk register is an important component of the overall risk management framework, since it records all identified risks in the project. Created in the Identify Risks process as per the PMBOK Guide, the risk register also drives the other risk processes like Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, and Monitor and Control Risks.

Are you Preparing for PMP® Certification? Take this test to know where you stand!

Check out our course on PMI-RMP® Training Videos

PMP and PMBOK are registered trademarks of the Project Management Institute, Inc. 

Find our PMP® Certification Online Classroom training classes in top cities:

Name Date Place
PMP® Certification 2 Dec -17 Dec 2018, Weekdays batch Your City View Details
PMP® Certification 8 Dec -12 Jan 2019, Weekend batch New York City View Details
PMP® Certification 10 Dec -25 Dec 2018, Weekdays batch Austin View Details

About the Author

Chandana is working as a Senior Content Writer in Simplilearn.com and handles variety of creative writing jobs. She has done M.A. in English Literature from Gauhati University. A PRINCE2 Foundation certified, she has a unique and refreshing style of writing which can engross the readers to devour each sentence of her write-ups.

Recommended articles for you

PMI’s RMP® Certification – A brief sketch


PMP Risk Management Part VII – Process of Risk Identificat...


PMP® Risk Management Part VI – The Need for Risk Manageme...