Risk register - An important component of overall risk management framework

Risk register - An important component of overall risk management framework


Published on February 24, 2013


Risk register is an important component of the overall risk management framework. An in-depth understanding of this topic will enable us to understand the risk management processes better.

Risk register is also an important topic of study for the PMP®certification exam.

What is a Risk Register?

The risk register database can be viewed by project managers as a management tool for monitoring the risk management processes within the project. Risk register is used to identify, assess, and manage risks down to acceptable levels through a review and updating process.The purpose of a risk register is to record the details of all risks that have been identified along with their analysis and plans for how those risks will be treated.

Prince2 Certification

It is the responsibility of the project manager to ensure that the risk register is updated whenever necessary. The task of updating the risk register is usually delegated to the project control function.

Risks that have been managed, avoided or are no longer relevant can be removed from the risk register. The associated risk action plans can also be deleted from the risk register.

The list of risks that are identified and recorded in the risk register drives the following risk management processes specified in the PMBOK® Guide:

-          Perform Qualitative Risk Analysis

-          Perform Quantitative Risk Analysis

-          Plan Risk Response

-          Monitor and Control Risk

In the Perform Qualitative Analysis process, details are added to the existing list of risks in the risk register including the priority of risks, the urgency of the risks, the categorization of risks and any trends that were noticed while performing this process.

In the Perform Quantitative Risk Analysis process the risk register is updated with the probabilities associated with each identified risk and the probability of meeting the cost and time projections. Additionally risk priorities are updated and trends that have been observed are also noted.

In the Plan Risk Response process, a specific response plan is created to manage each risk. These risk response plans are updated in the risk register as an output of this process.

While managing risks, we need to remember not all risks are negative. Positive risks are opportunities. Accordingly, a project manager should devise strategies for managing negative risks or threats and positive risks or opportunities.

In the Monitor and Control risks process, plans are re-assessed and re-evaluated.

The risk register is updated with information on new risks as an output of this process. This information should be regularly updated in the risk register, whether it is changes to the risk estimates or actual numbers such as costs related to weather damage.

When is a Risk Register created?

As per the PMBOK® Guide, the risk register is the output of the Identify Risk process in the Risk Management knowledge area. The identify risk process is a planning process used to identify the risks, which could impact the project and understand the nature of those risks.

Although the identify risks process is performed early on in the project, risks change overtime and new risks arise. Therefore it may be necessary to perform the identify risks process multiple times throughout the project.

What are the components of a Risk Register?

There is no standard list of components that should be included in the risk register. PMBOK® Guide and PRINCE2, among other organizations make recommendations for risk register contents; however these are not the only recommendations that may be used.

The following table displays key components of a risk register that is used in managing risks in large and complex projects.

Date As the Risk Register is a living document, it is important to record the date that risks are identified or modified. Optional dates to include are the target and completion dates.
Reference Number Reference Number of the key element.
Key Element A brief description of the key element. Except for very small projects, risk identification becomes unproductive if we consider the project as a whole. It is much easier and productive to break up the whole project into sections or key elements for risk identification.
Risk Group This column is used for grouping similar risks as an aid to developing treatment options and action plans.
Unique Identifying Number A unique identifying number for the risk. It often has the form E.xx where E is reference number of the key element and xx is a 2 digit identifying number.
Risk A brief description of the risk, its causes and its impact.
Existing Controls A brief description of the controls that are currently in place for the risk. At an early stage in the life of a project, the controls may be those that are expected to be in place if normal project management processes are followed.
Consequence The consequence rating for the risk, using scales
Likelihood The likelihood rating for the risk, using scales
Agreed Priority Agreed priority for the risk, based on an initial priority determined from a matrix, adjusted to reflect the views of the project team in the risk assessment workshop.
Inherent Rating The inherent rating for the risk, if there were a credible failure of controls or they failed to work as intended, using scales.
Action Summary A cross reference to the action summary for the risk
Responsibility The name of the individual responsible for managing the risk


A risk register is an important component of the overall risk management framework. The risk register database records all identified risks in the project. It is created in the Identify Risks process as per the PMBOK® Guide. It also drives the other risk processes like Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, and Monitor and Control Risks.

Preparing for PMP® Certification? Take this test to know where you stand!


PMP and PMBOK are registered trademarks of the Project Management Institute, Inc. 

About the Author

Chandana is working as a Senior Content Writer in Simplilearn.com and handles variety of creative writing jobs. She has done M.A. in English Literature from Gauhati University. A PRINCE2 Foundation certified, she has a unique and refreshing style of writing which can engross the readers to devour each sentence of her write-ups.


... ...



Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}



About the On-Demand Webinar

About the Webinar

Hosted By





About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author


About the Author