Manage Project Risks Proactively with a Risk Register

Manage Project Risks Proactively with a Risk Register

Risk refers to future conditions or circumstances that will have an adverse impact on the project if they occur. Whereas an issue is a current problem that must be dealt with today, a risk is a potential future problem that has not yet occurred. A reactive project manager addresses issues when they occur. A proactive project manager addresses potential problems before they occur. This is the art of risk management. (Risks can also have a positive impact on your project. These are called opportunity risks. This column focuses on the negative risks.)

There are many risk management templates. Three major documents are a Risk Management Plan, Risk Form and Risk Register. The Risk Register is used to track the state of all risks throughout the project. The Risk Register has the following information.

Date identified. The date the risk was identified and added to the Register.

Risk category. This is used to categorize risks into pre-defined buckets. This can be useful when you are analyzing the nature of risks to see the aspects of the project that are riskiest.

Risk. Describe the nature of the risk.

Probability. This shows the likelihood the risk will actually occur. All risks have probability greater than zero but less than 100%. This can be represented by a percentage or perhaps a scale that provides a subjective estimate – for instance a 1-3 scale that signifies low, medium and high risk.

Impact. This column shows the affect on the project if the risk occurs. This could be in terms of cost and schedule, or a subjective rating. For example, a subjective scale of 1 – 3 can be used. A “1” would signify a small impact. A “2” would signify a medium impact. A “3” would signify a large impact.

Risk Plan. This is where you would state what you are doing to manage the risk.

Assigned to. This column would show the person with ownership of resolving the risk.

Status. State whether the risk is open or closed. Risks are closed if the risk event actually occurs or if the timeframe has past and the risk did not occur.

The Risk Register should be reviewed on a weekly or bi-weekly basis. The current risks should be monitored to endure that the current risk plan for each risk is working. If the plan is not working, the plan should be revised. At each review, new risk should also be identified, analyzed and managed if they are significant.