individual assignment risk management

Introduction to Risk Assessment in Project Management

Project Management Institute’s (PMI) inclusion of risk management skills in multiple PMI certifications indicates the importance of risk across industries and in all projects. The risk management process includes risk identification and risk assessment. During an assessment, the project manager uses standard risk tools and quality data to help the team better avert later problems, manage the project cost, and keep project work on schedule. Risk assessment is the process by which the identified risks are systematically analyzed to determine their probability of occurrence and the potential impact of that occurrence.

On this page:

What is a risk assessment?

What are risk assessment pmp and risk reassessment pmp, when is a risk assessment needed, why is a risk assessment important, example use of risk assessment: hurricane impacting town, what inputs are needed for a risk assessment, what is a risk data quality assessment pmp, what outputs does a risk assessment generate, how to create a risk assessment, risk assessment matrix, risk assessment best practices, risk assessment pmp and risk reassessment pmp.

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.

Project teams use risk assessment, a qualitative measure using risk data and the parameters of probability and impact, to identify, categorize, prioritize, and manage risks before they happen.

A “risk reassessment” is the work done to update the original risk assessment due to changes in the project or overall risk management efforts.

For the original and subsequent assessments, the quality of data used to determine the impact directly correlates to the accuracy of the risk assessment and resulting decisions.

Project Management Professional (PMP)® credential holders have shown their knowledge of a risk assessment and their understanding of the high cost of a failure to do a risk assessment. For the PMP certification exam, students need to know the importance of a risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk.

Within the PMP exam context, “risk assessment PMP” and “risk reassessment PMP” are informal terms referring to taking identified risks and assessing them using qualitative data, such as the probability of occurrence, to determine the potential impact. From that, project managers determine the risk score, which is an input to subsequent risk response activities.

Risk identification should happen early in the project , closely followed by the risk assessment. Project teams should conduct risk reassessment throughout the life of a project. Updating the risk register is a good reminder to update the corresponding risk assessment. The project’s scope and risk management plan will inform how frequently the reassessment should be conducted (projects of bigger scope should have more reassessments; similarly, smaller scope requires fewer reassessments).

Performing a risk assessment is critical to ensuring the success of a project because it puts the project team in a state of preparedness. When done with verified tools and quality inputs, risk assessment may take time but can prevent problems from negative risks and enable opportunities from positive risks. As shared in the PMI conference paper Risk Assessments—developing the right assessment for your organization , “The best project organizations are those who realize that a risk assessment template is a valuable asset in managing the organization’s bottom line.” Risk assessment connects to managing cost, timelines, and quality.

For an example of how a risk assessment can be used, we use the example of a small municipality located on the east coast of North Carolina. The coastal town has been impacted by natural disasters in the form of hurricanes several times in the past fifty years. A hurricane is a storm that starts in the ocean and moves inland, causing all levels of flooding, electrical storms, and damaging winds. The National Weather Service provides annual forecasts of which geographic regions are predicted to have hurricanes, as well as the number of occurrences and strength of hurricanes.

The town manager (“project manager”) and the town administration (“project team”) know a hurricane will happen but not when or how strong it may be. In the risk category of weather events, the project manager and project team identify the risk type of hurricane storm. Then the project team identifies specific potential risks, such as flooding that may cause building damage. The team assesses each risk in terms of probability (or how likely it is to occur), the impact if it occurs, and the probability-impact score (weighing the significance of the risk on the project). The information is captured in a risk assessment matrix as part of the project management and risk management documentation.

For example, they do a risk assessment after the project manager and team identify the risk of water damage to downtown buildings due to hurricane-induced flooding. The team uses standard tools to determine the probability of that specific risk (flooding) and the impact if it occurs (water damage to buildings). The project team uses verified data, like National Weather Service hurricane projections, for probability estimates. For the potential impact, the project team uses cost and quality data like town records to determine what could happen to town property. The data and risk scoring are organized in the project risk assessment matrix and communicated to stakeholders.

Continuing our example of the identified risk of water damage to ground floors, if the assessment indicates the risk is highly likely to occur with a high impact of damage, it will have a higher risk score. That can mean more time invested in risk response planning (such as securing funding to buy and store sandbag materials during flooding to reduce the impact of water damage on buildings). The risk response plan would likely include purchasing sandbag materials before a hurricane, storing them in an accessible space, and training the town staff to set up the sandbags to protect critical buildings when a hurricane is imminent. The cost of buying and storing sandbag materials to protect the buildings is much lower than the cost of fully repairing water-damaged buildings.

In this risk example, the project team:

• determined the appropriate risk categories (natural disasters)
• determined the types within the category (hurricane storms)
• identified a risk event (hurricane bringing flooding to downtown buildings),
• assessed the impact of that risk (flooding damages ground floors),
• assessed the probability of the impact (flooding may be higher or lower but always occurs with hurricanes),
• documented the risk information, including risk scores in the risk assessment matrix,
• communicated the risk assessment results to the team and stakeholders, and then
• used the risk assessment matrix as an input for risk response planning (making sandbag materials available when needed and training people to set them up).

With this example, you should see the risk assessment allows the project team to identify, categorize, prioritize, and mitigate/avoid/exploit risks prior to their occurrence. A risk assessment is a proactive approach in which the risk is identified and assessed to manage cost, reduce negative impact, and protect the project (in this example, town buildings).

A risk assessment should be customized to fit the project context. Standard risk assessment inputs include:

• Project management plan
• Risk management plan
• Risk assessment methodology
• Risk parameter definitions
• Risk tolerance levels
• Risk probability and impact matrix template
• Risk assessment scale (what criteria are used to determine if the risk score is high, mid, or low)
• Risk assessment matrix template

Project managers and project management students use what is informally referred to as the “assessment of other risk parameters PMP” to tailor their risk assessment to a specific project. While probability and impact values are used in all risk assessments, additional parameters, like cost or schedule, can be standalone matrices.

Risk assessment is a qualitative assessment. Therefore, risk data quality (sometimes referred to as “risk data quality assessment PMP”) always impacts the risk assessment quality. A risk data audit helps ensure the quality of data used in the risk assessment. Project managers may use experts or previous project documentation as part of the risk data quality assessment to ensure the accuracy of the overall risk assessment.

The risk assessment outputs are part of the overall project and risk management documentation. A risk assessment can generate the following:

• Project Management Plan updates
• Project document updates
• Risk Management Plan updates
• Risk Register updates
• Risk Response Plan updates

Risk assessment should occur throughout the project. With each iteration, known as a risk reassessment, the risk documentation should be updated accordingly.

For the PMP exam, students need to know the importance of a risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk. Project Managers and PMP credential holders should know the seven steps to risk assessment.

1.      Identify applicable risk types and organize them

You cannot assess risk if you have not identified it. Begin your risk assessment with risk identification. With your project team, identify potential scenarios that could harm your project. Risks can be of any size and with internal or external triggers. Your team may identify risks that include computer viruses, manufacturing defects, natural disasters, or shipping delays. Each risk is identified and documented in the risk register. The risk may be organized by different factors (internal or external triggers, for example) or by categories (environmental, regulatory, technology, or staffing, for example).

2.      Determine how these risks will be qualified and quantified

With risks identified and organized, the project manager should conduct a risk assessment. Each risk must be qualified and quantified. The project manager will use a probability and impact matrix to document the probability of each risk and the impact if it does happen. Remember, the quality of the data used in the assessment impacts its accuracy.

3.      Determine your organization’s risk tolerance

Every organization has a risk tolerance level, with variances due to the type of risk, the specific stakeholders of a project, and the scope of the project. Additionally, there are industries with negligible risk tolerance (such as health care) and others with an acceptance of some level of risk (like software development). While every organization has a risk tolerance level, so the project manager should get stakeholder input to determine risk tolerance for each project.

4.      Determine the final output format of the risk assessment

Within the risk management activities, determine during the risk planning process how the risk assessment output should be documented and communicated. Spreadsheet programs are often used for the ease of organizing large data sets. However, a company may have risk assessment output requirements, such as storing it on a secure server or capturing it in a shareable file, determining the output format. How the risk assessment output is documented is important because it determines how the information is made available to the project team and stakeholders.

5.      Create a plan to maximize the risk assessments applicability to every project

Within a risk assessment and the resulting risk response plan, project managers have a wealth of knowledge that can protect the active project and future projects.

Project managers should have a plan to document the risk assessment, the result of risk responses applied to risks that occur, and the risk assessment matrices with the appropriate risk parameters. Maintaining a consistent and detailed project documentation archive helps ensure a project’s lessons learned are available to other project managers with similar projects, which can reduce the impact of negative risks. The plan should include documentation format requirements, how assessment documentation will be accessed, and how the assessment (and reassessments) will be communicated to the project team and stakeholders.

6.      Create a final risk assessment that is flexible and scalable

Knowing the project manager and team will be doing reassessments throughout the project as part of risk reassessment, the process must be flexible and scalable. You may have to add risks throughout the project or incorporate other criteria to ensure the accuracy of the probability and impact scores. Additionally, the risk assessment should work for projects of different scopes. The risk assessment should be flexible enough to remain aligned with project changes and scalable enough to be used in multiple projects.

7.      Determine the process to update the risk assessment

PMP credential holders know the importance of risk assessment and reassessment in managing the project cost. Without a process to update risk assessments, the project is vulnerable when risks occur. Changes are inevitable, and a risk assessment that is not current is not effective. Project managers should have a consistent risk assessment update process within their overall risk management activities.

Risk management documentation, such as the risk assessment matrix, is part of the overall project management documentation. The risk matrix documents at least four core areas for each identified risk: (1) risk name, (2) probability, (3) impact, and (4) risk level/ranking. The risk assessment also includes the calculated overall Project Risk score (the project’s probability-impact, or PI, score). The risk assessment matrix is an output of the Risk Assessment process and an input to the Risk Response process.

In a risk assessment matrix, each identified risk is listed along with its corresponding information.:

RISK CATEGORY

• Risk category : from a standardized list of risk categories (e.g., technology, natural disaster, regulations, transportation, etc.), the ones that most closely align with the project are used; not all projects have risks in all categories; therefore, each project will have a different combination of risk categories in its matrix

PROBABILITY

• Probability criteria : used to assign the probability values for a risk category; criteria should come from a standardized list but customized for each project
• Probability (“P”) score : a value given to each risk driven by the probability criteria; the matrix’s score scale will state the parameters for the minimum and maximum value of a P score; the project manager and project team use data and criteria to assign the P score to each risk
• Impact criteria : used to assign the impact values for a risk category; criteria should come from a standardized list but customized for each project
• Impact (“I”) score : a value given to each risk driven by the impact criteria; the matrix’s score scale will state the parameters for the minimum and maximum value of an I score; the project manager and project team use data and criteria to assign the I score to each risk

PROBABILITY AND IMPACT VALUES

• Probability-to-Impact (“PI”) score : the Probability score multiplied by the Impact score results in the PI score; the PI score is the overall risk assessment score; the PI score is used to rank all project risks by lowest probability and impact to highest, so resources are assigned accordingly
• Total Project Risk : all PI scores are added, and then that sum is divided by the quantity (total number of risks) of risks to determine the average; the project’s PI average value of PI scores is the Total Project Risk value.

Probability and impact are integral data points for risk assessment. Project risk tailoring occurs within the specifics of the risk categories, probability criteria, and impact criteria.

Risk Assessment Matrix Example

Project Manager Kestel’s PMI conference paper “ Risk assessments—developing the risk assessment for your organization ” includes an example risk assessment matrix:

From the completed risk assessment matrix, the project manager communicates the total Project Risk score to the team and stakeholders. Communication is part of risk assessment and helps ensure commonly understood terms are used for standardized risk assessment processes.

The risk matrix template ensures key data is consistently defined and included in the project documentation. For a risk matrix , project managers work with the project team and stakeholders to determine the specific risk criteria and refine the criteria for probability and impact. The format of the risk matrix should be determined early in the project and use company standards for project tools when available. The risk matrix should be stored with other project documentation, along with all risk reassessments for a project.

Project managers should complete the risk assessment as part of their risk management activities for all projects. Best practices for risk assessment include:

• Risk assessments should use quality data.
• Risk assessments incorporate expertise and knowledge from the project team and stakeholders.
• Risk data should undergo an audit to determine quality.
• Risk reassessment is conducted frequently throughout the life of a project.
• Risk assessments should use tailored and scalable tools.
• Risk assessment results, including the overall project risk score, are communicated to the team and stakeholders.

Project Managers should:

• lead the risk assessment efforts using standard tools
• customize the risk assessment matrix to the specific needs of the project,
• document the probability and impact of each risk,
• use standard data and terms for risk audit efforts, and
• communicate risk assessment progress and results to the project team and stakeholders.

Project managers should customize the risk assessment criteria to the project type. For example, you would not assess the risk of a particular weather event occurring using the criteria for the probability of manufacturing defects.

Additionally, project managers should use organizational templates and project management office (PMO) standards when available in their company. Customization of a project’s risk assessment should be balanced against the need for standards to contribute to knowledge sharing. No single tool will ensure quality assessment for all projects, but there are standards shared by all projects.

To prepare for the PMP exam, students need to know the importance of risk assessment and how to use a probability and impact scoring matrix to help inform the priority of the risk. Students should understand that a risk assessment is a tool to help manage the project’s cost by closely monitoring highly probable and high (negative or positive) impact risks.

American billionaire fund manager and philanthropist Bruce Kovner is credited with saying, “Risk management is the most important thing to be well understood.” A project manager with the PMP credential has demonstrated knowledge of risk assessment and the role it serves within risk management. Remember these components of creating a risk assessment:

• identify applicable risk types and organize them
• determine how risks will be qualified and quantified
• determine your organization’s risk tolerance
• determine the final output format of the risk assessment
• create a plan to maximize the risk assessment’s applicability to every project
• create a final risk assessment that is flexible and scalable
• determine a process to update the risk assessment

Project Managers managing risk using a scalable risk assessment template and standard processes consistently have successful projects. In addition to earning PMI’s Project Management Professional (PMP) certification, you may continue your certification journey by pursuing the PMI Risk Management Professional (PMP-RMP)® certification to advance your risk project management skills further.

• Megan Bell #molongui-disabled-link What is a Project Schedule Network Diagram?
• Megan Bell #molongui-disabled-link Scheduling Methodology: Build & Control Your Project Schedule
• Megan Bell #molongui-disabled-link Schedule Baseline: How to Create, Use, and Optimize
• Megan Bell #molongui-disabled-link How to Use Agile in Project Management as a PMP® Credential Holder

Popular Courses

PMP Exam Preparation

PMI-ACP Exam Preparation

Lean Six Sigma Green Belt Training

CBAP Exam Preparation

Corporate Training

Project Management Training

Agile Training

Read Our Blog

Press Release

Connect With Us

PMI, PMBOK, PMP, CAPM, PMI-ACP, PMI-RMP, PMI-SP, PMI-PBA, The PMI TALENT TRIANGLE and the PMI Talent Triangle logo, and the PMI Authorized Training Partner logo are registered marks of the Project Management Institute, Inc. | PMI ATP Provider ID #3348 | ITIL ® is a registered trademark of AXELOS Limited. The Swirl logo™ is a trademark of AXELOS Limited | IIBA ® , BABOK ® Guide and Business Analysis Body of Knowledge ® are registered trademarks owned by International Institute of Business Analysis. CBAP ® , CCBA ® , IIBA ® -AAC, IIBA ® -CBDA, and ECBA™ are registered certification marks owned by International Institute of Business Analysis. | BRMP ® is a registered trademark of Business Relationship Management Institute.

• Contact sales

Start free trial

How to Make a Risk Management Plan (Template Included)

You identify them, record them, monitor them and plan for them: risks are an inherent part of every project. Some project risks are bound to become problem areas—like executing a project over the holidays and having to plan the project timeline around them. But there are many risks within any given project that, without risk assessment and risk mitigation strategies, can come as unwelcome surprises to you and your project management team.

That’s where a risk management plan comes in—to help mitigate risks before they become problems. But first, what is project risk management ?

What Is Risk Management?

Risk management is an arm of project management that deals with managing potential project risks. Managing your risks is arguably one of the most important aspects of project management.

The risk management process has these main steps:

• Risk Identification: The first step to manage project risks is to identify them. You’ll need to use data sources such as information from past projects or subject matter experts’ opinions to estimate all the potential risks that can impact your project.
• Risk Assessment: Once you have identified your project risks, you’ll need to prioritize them by looking at their likelihood and level of impact.
• Risk Mitigation: Now it’s time to create a contingency plan with risk mitigation actions to manage your project risks. You also need to define which team members will be risk owners, responsible for monitoring and controlling risks.
• Risk Monitoring: Risks must be monitored throughout the project life cycle so that they can be controlled.

If one risk that’s passed your threshold has its conditions met, it can put your entire project plan in jeopardy. There isn’t usually just one risk per project, either; there are many risk categories that require assessment and discussion with your stakeholders.

That’s why risk management needs to be both a proactive and reactive process that is constant throughout the project life cycle. Now let’s define what a risk management plan is.

What Is a Risk Management Plan?

A risk management plan defines how your project’s risk management process will be executed. That includes the budget , tools and approaches that will be used to perform risk identification, assessment, mitigation and monitoring activities.

Get your free

Risk Management Plan Template

Use this free Risk Management Plan Template for Word to manage your projects better.

A risk management plan usually includes:

• Methodology: Define the tools and approaches that will be used to perform risk management activities such as risk assessment, risk analysis and risk mitigation strategies.
• Risk Register: A risk register is a chart where you can document all the risk identification information of your project.
• Risk Breakdown Structure: It’s a chart that allows you to identify risk categories and the hierarchical structure of project risks.
• Risk Assessment Matrix: A risk assessment matrix allows you to analyze the likelihood and the impact of project risks so you can prioritize them.
• Risk Response Plan: A risk response plan is a project management document that explains the risk mitigation strategies that will be employed to manage your project risks.
• Roles and responsibilities: The risk management team members have responsibilities as risk owners. They need to monitor project risks and supervise their risk response actions.
• Budget: Have a section where you identify the funds required to perform your risk management activities.
• Timing: Include a section to define the schedule for the risk management activities.

How to Make a Risk Management Plan

For every web design and development project, construction project or product design, there will be risks. That’s truly just the nature of project management. But that’s also why it’s always best to get ahead of them as much as possible by developing a risk management plan. The steps to make a risk management plan are outlined below.

1. Risk Identification

Risk identification occurs at the beginning of the project planning phase, as well as throughout the project life cycle. While many risks are considered “known risks,” others might require additional research to discover.

You can create a risk breakdown structure to identify all your project risks and classify them into risk categories. You can do this by interviewing all project stakeholders and industry experts. Many project risks can be divided up into risk categories, like technical or organizational, and listed out by specific sub-categories like technology, interfaces, performance, logistics, budget, etc. Additionally, create a risk register that you can share with everyone you interviewed for a centralized location of all known risks revealed during the identification phase.

You can conveniently create a risk register for your project using online project management software. For example, use the list view on ProjectManager to capture all project risks, add what level of priority they are and assign a team member to own identify and resolve them. Better than to-do list apps, you can attach files, tags and monitor progress. Track the percentage complete and even view your risks from the project menu. Keep risks from derailing your project by signing up for a free trial of ProjectManager.

2. Risk Assessment

In this next phase, you’ll review the qualitative and quantitative impact of the risk—like the likelihood of the risk occurring versus the impact it would have on your project—and map that out into a risk assessment matrix

First, you’ll do this by assigning the risk likelihood a score from low probability to high probability. Then, you’ll map out your risk impact from low to medium to high and assign each a score. This will give you an idea of how likely the risk is to impact the success of the project, as well as how urgent the response will need to be.

To make it efficient for all risk management team members and project stakeholders to understand the risk assessment matrix, assign an overall risk score by multiplying your impact level score with your risk probability score.

3. Create a Risk Response Plan

A risk response is the action plan that is taken to mitigate project risks when they occur. The risk response plan includes the risk mitigation strategies that you’ll execute to mitigate the impact of risks in your project. Doing this usually comes with a price—at the expense of your time, or your budget. So you’ll want to allocate resources, time and money for your risk management needs prior to creating your risk management plan.

4. Assign Risk Owners

Additionally, you’ll also want to assign a risk owner to each project risk. Those risk owners become accountable for monitoring the risks that are assigned to them and supervising the execution of the risk response if needed.

Related: Risk Tracking Template

When you create your risk register and risk assessment matrix, list out the risk owners, that way no one is confused as to who will need to implement the risk response strategies once the project risks occur, and each risk owner can take immediate action.

Be sure to record what the exact risk response is for each project risk with a risk register and have your risk response plan it approved by all stakeholders before implementation. That way you can have a record of the issue and the resolution to review once the entire project is finalized.

5. Understand Your Triggers

This can happen with or without a risk already having impacted your project—especially during project milestones as a means of reviewing project progress. If they have, consider reclassifying those existing risks.

Even if those triggers haven’t been met, it’s best to come up with a backup plan as the project progresses—maybe the conditions for a certain risk won’t exist after a certain point has been reached in the project.

6. Make a Backup Plan

Consider your risk register and risk assessment matrix a living document. Your project risks can change in classification at any point during your project, and because of that, it’s important you come up with a contingency plan as part of your process.

Contingency planning includes discovering new risks during project milestones and reevaluating existing risks to see if any conditions for those risks have been met. Any reclassification of a risk means adjusting your contingency plan just a little bit.

7. Measure Your Risk Threshold

Measuring your risk threshold is all about discovering which risk is too high and consulting with your project stakeholders to consider whether or not it’s worth it to continue the project—worth it whether in time, money or scope .

Here’s how the risk threshold is typically determined: consider your risks that have a score of “very high”, or more than a few “high” scores, and consult with your leadership team and project stakeholders to determine if the project itself may be at risk of failure. Project risks that require additional consultation are risks that have passed the risk threshold.

To keep a close eye on risk as they raise issues in your project, use project management software. ProjectManager has real-time dashboards that are embedded in our tool, unlike other software where you have to build them yourself. We automatically calculate the health of your project, checking if you’re on time or running behind. Get a high-level view of how much you’re spending, progress and more. The quicker you identify risk, the faster you can resolve it.

Free Risk Management Plan Template

This free risk management plan template will help you prepare your team for any risks inherent in your project. This Word document includes sections for your risk management methodology, risk register, risk breakdown structure and more. It’s so thorough, you’re sure to be ready for whatever comes your way. Download your template today.

Best Practices for Maintaining Your Risk Management Plan

Risk management plans only fail in a few ways: incrementally because of insufficient budget, via modeling errors or by ignoring your risks outright.

Your risk management plan is one that is constantly evolving throughout the course of the project life cycle, from beginning to end. So the best practices are to focus on the monitoring phase of the risk management plan. Continue to evaluate and reevaluate your risks and their scores, and address risks at every project milestone.

Project dashboards and other risk tracking features can be a lifesaver when it comes to maintaining your risk management plan. Watch the video below to see just how important project management dashboards, live data and project reports can be when it comes to keeping your projects on track and on budget.

In addition to your routine risk monitoring, at each milestone, conduct another round of interviews with the same checklist you used at the beginning of the project, and re-interview project stakeholders, risk management team members, customers (if applicable) and industry experts.

Record their answers, adjust your risk register and risk assessment matrix if necessary, and report all relevant updates of your risk management plan to key project stakeholders. This process and level of transparency will help you to identify any new risks to be assessed and will let you know if any previous risks have expired.

How ProjectManager Can Help With Your Risk Management Plan

A risk management plan is only as good as the risk management features you have to implement and track them. ProjectManager is online project management software that lets you view risks directly in the project menu. You can tag risks as open or closed and even make a risk matrix directly in the software. You get visibility into risks and can track them in real time, sharing and viewing the risk history.

Tracking & Monitor Risks in Real Time

Managing risk is only the start. You must also monitor risk and track it from the point that you first identified it. Real-time dashboards give you a high-level view of slippage, workload, cost and more. Customizable reports can be shared with stakeholders and filtered to show only what they need to see. Risk tracking has never been easier.

Risks are bound to happen no matter the project. But if you have the right tools to better navigate the risk management planning process, you can better mitigate errors. ProjectManager is online project management software that updates in real time, giving you all the latest information on your risks, issues and changes. Start a free 30-day trial and start managing your risks better.

Deliver your projects on time and under budget

Start planning your projects.

How to Create a Project Risk Management Plan

By Kate Eby | February 27, 2023

• Share on Facebook
• Share on LinkedIn

Link copied

Teams can use a project risk management plan to identify and assess the potential risks to a project. We’ve gathered expert tips on creating an effective risk management plan, as well as step-by-step instructions for creating an example plan.

On this page, you’ll find information on what to include in a project risk management plan and how to create a plan , as well as step-by-step instructions for completing an example project risk management plan .

What Is a Project Risk Management Plan?

Project teams create a project risk management plan , a document that helps identify and assess potential risks to a project. The plan outlines how your team will analyze and mitigate the potential risks to ensure project success.

The project risk management plan is one of the most important documents in project risk management . You can learn more about project risks in general — as well as specific types of project risks — in our comprehensive guides

What Does a Risk Management Plan Cover?

A risk management plan should cover a number of areas detailing potential project risks and how your team will deal with them. It will include a description of the project, along with how your team will identify and assess risk.

At a minimum, your project risk management plan should include the following details:

• Project description, including its purpose
• The team plan for identifying, logging, and assessing potential risks
• How the team will identify broad categories of risk
• How the team will evaluate the severity of each potential risk
• How your team will continue to monitor risks throughout the project
• How team members will be assigned as owners of various risks
• Your organization’s tolerance for certain risks, along with criteria for a risk being too large to accept

“A risk management plan defines how the risks for a project will be handled to ensure that the project can be completed within the set timeframe,” says Veniamin Simonov, Director of Product Management at NAKIVO , a backup and ransomware recovery software vendor. “The plan should cover methodology, risk categorization and prioritization, a response plan, staff roles, and responsibility areas and budgets.”

“The risk management plan will address ‘What are we going to do? How are we going to do it? What are the processes we're going to follow?’” says Alan Zucker, Founding Principal of Project Management Essentials . “It may include things such as what are the major categories you're going to use to define your risks. It might also include some guidelines for assessing risks.”

Components in a Project Risk Management Plan 

A project risk management plan will include certain components and describe how your project team will use certain tools to understand and manage potential risks. Some components include a risk register, a risk breakdown structure, and a risk response plan.

Here are components or tools that a project risk management plan often includes or describes:

• Risk Register: A risk register is the document your project team will use to identify, log, and monitor potential project risks.
• Risk Breakdown Structure: A risk breakdown structure is a chart that allows your team to identify broad risk categories and specific risks that fit within each category. Your team can decide on the broad categories, depending on your project.
• Risk Assessment Matrix: A risk assessment matrix is a chart matrix that allows teams to score the severity of potential risks based on both the likelihood of each risk happening and the impact to the project if a risk happens.
• Risk Response Plan: A risk response plan is a document that details how your team plans to respond to each potential risk to try to either prevent it from happening or lessen the impact if it does happen. You can learn more about project risk mitigation . 
• Roles and Responsibilities: The risk management plan can provide details on the project risk management team, including the lead member for risk management. It also likely details the roles and responsibilities each team member will have in addressing and dealing with specific risks.
• Risk Reporting Formats: The risk management plan describes how the project team will document and report its work on monitoring and dealing with risks. It describes the risk register format that the team will use. It might also describe how risks will be added to or deleted from the register and how the project team will provide periodic summarized risk reports to top project and organization leaders.
• Project Funding and Timing: The plan will likely have a section describing the overall funding and timing for the project. That section also likely details funding for all project risk management work.

To determine what you need to include in your risk management plan, see the following requirements based on project size:

An Organization’s Risk Management Plan Often Doesn’t Change with Projects  

Many risk management experts emphasize that an organization’s project risk management plans might not change much from project to project. That’s because the plan sets out particulars that will be followed for all projects.

“Remember, it's just an approach document that answers the question: How?” says Kris Reynolds, Founder and CEO of Arrowhead Consulting in Tulsa, Oklahoma. “The company or the department as a whole should have a single risk management plan that gets built as you're building your project management methodology. And it’s your Bible. It’s your guidebook. 

“But it isn't going to change across projects,” Reynolds continues. “What changes are the artifacts, including the risk register. But your approach of how you're going to address risk or analyze risk or plan for risk is in the project risk management plan document. As a company or organization, you create that document, and it exists for a year or two years without changing.”

To create a project risk management plan, your team should gather important documents and decide on an approach for assessing and responding to risks. This process involves gathering support documents, listing potential risk management tools, and more. 

Consider some of these basic steps and factors as you begin creating the project risk management plan:

• Gather Supporting Documents: Gather and read through supporting documents related to the overall project, including the project and project management plan. It’s important for your project risk team to have a full view of project goals and objectives.
• Frame the Context: Make sure your team understands both the business value of the project and the impact on the organization if the project fails.
• Decide on Risk Assessment Criteria: Decide how your team will identify and assess important risks. That will require your team to have an understanding of which types of risks your organization can tolerate and which risks could be ruinous to the project.
• Inventory Possible Risk Management Tools: Make a list of risk management tools and documents that your team might use to help identify and manage project risk.
• Known Risks: At the start of a project, team members will be able to identify a number of known risks , such as budget issues, shortages of material, and human and other resource constraints, which are measurable and based on specific events. 
• Unknown Risks: At the start of a project, team members will not be able to identify a range of unknown risks that could impact your project. Those risks are not as easily or objectively measurable as known risks and can crop up at any point during a project. A main goal of project risk management is to help your team discover and address unknown risks before they happen.
• Unknowable Risks: Your team will not be able to anticipate unknowable risks that could affect the project, such as catastrophic weather events, accidents, and major system failures.
• Understand Human Bias: Studies have shown that people overestimate their ability to predict and influence the future. We often think we have more control than we do. Those biases can affect how we assess and manage risks in a project. We tend to give too much credence to what happened with past processes, fall into agreement with others in our group, and be more optimistic than we should be about how long a project will take or how much it will cost.  It’s important to account for all of those biases as your team identifies and assesses project risk.

Steps in Developing a Project Risk Management Plan

After your project team has gathered documents and done other preparation work, you will want to follow nine basic steps in creating a project risk management plan. Those start with identifying and assessing risks.

Here are details on the nine steps of project risk management to keep in mind while drafting your project risk management plan:

• Identify Risks: Your team should gather information and request input from team and organization members to determine potential risks to the project. Some specific risks can threaten many projects. Other risks will vary, based on the type of project and the industry. “If you're talking about a software project, you could have risks associated with the technology, resources, and interdependencies with other systems,” says Zucker. “If you have vendors you're working with, there may be risks associated with the vendors. There may be risks that are software- or hardware-specific. If you're working on a construction project, those risks obviously would be very different. ”You can learn more about project risk analysis and how to identify potential risks to a project .
• Assess Potential Impact of Each Risk: After your team identifies potential risks, it can assess the likelihood of each risk, along with the expected impact on the project if the risk happens. Your team can use a risk matrix to identify both the likelihood and impact of each risk. You can learn more about how to create a risk matrix and assess risks .
• Determine Your Organization's Risk Threshold and Tolerance: Your team will want to understand your organization’s risk threshold , or tolerance for risk. Organization leaders might decide that some risks should be avoided at all costs, while others are acceptable. Take the time to understand those views as you prioritize project risks.
• Prioritize Risks Based on Impact and Risk Tolerance: Once your team assesses the potential impact of a risk and your organization's risk tolerance for risks, it will prioritize risks accordingly. “Prioritize risks based on their disruptive potential for an organization,” says Simonov.
• Create a Risk Response Plan: Your team should then create a response plan for each risk that the team considers a priority. That response plan will include measures that could prevent the risk from happening or lessen the risk’s impact if it does happen.
• Select Project Risk Management Tools: Your team will need to decide on the best risk management tools to use for your project. That will likely include a risk register and a risk assessment matrix. It might include other tools, such as Monte Carlo simulations. Learn more about various tools and documents to use in risk management . 
• Select an Owner for Each Risk: Each identified risk should have an assigned owner. In some cases, a department might be an owner of a risk, but most often, the team will assign individuals to monitor risks. In some cases, the owner will be responsible for dealing with the risk if it happens. Teams can list the owners of each risk on their project risk register. 
• Determine Possible Triggers for Each Risk: As your team conducts a closer assessment of all risks, it should identify risk triggers where possible. Triggers are events that can cause a risk to happen. Your team won’t be able to identify triggers for all risks, but it will for some. For example, if you have a plant without sufficient backup power, a trigger could be warnings of a violent storm that could cause a power outage.
• Determine How Your Team Will Monitor Risks: An important part of your plan includes recording concrete details about how your team will ensure that it can continually monitor risks throughout the life of a project.

Risk Management Plan Examples, Templates, and Components

Examples of project risk management plans can help your team understand what information to include in a plan. The risk management plan can also detail various components that will be part of your team’s risk management.

Project Risk Management Plan Template

Download the Sample Project Risk Management Plan Template for Microsoft Word  

Download this sample project risk management plan, which includes primary components that might be described in a project risk management plan, such as details on risk identification, risk mitigation, and risk tracking and reporting.

Download the Blank Project Risk Management Plan for Microsoft Word

Use this blank template to create your own project risk management plan. The template includes sections to ensure that your team covers all areas of risk management, such as risk identification, risk assessment, and risk mitigation. Customize the template based on your needs.

Project Risk Register Template

Download the Sample Project Risk Register for Excel

This sample project risk register gives your team a better understanding of the information that a risk register should include to help the team understand and deal with risks. This sample includes potential risks that a project manager might track for a construction project.

Download the Blank Project Risk Register Template for Excel  

Use this project risk register template to help your team identify, track, and plan for project risks. The template includes columns for categorizing risks, providing risk descriptions, determining a risk severity score, and more.  

Quantitative Risk Register Template

Download the Sample Quantitative Project Risk Impact Matrix for Excel

This sample quantitative project risk impact matrix template can help your team assess a project risk based on quantitative measures, such as potential monetary cost to the project. The template includes columns where your team can assess and track the probability and potential cost of each project risk. The template calculates a total monetary risk impact based on your estimates of probability and cost.

Risk Breakdown Structure Template

Download the Risk Breakdown Structure Template for Excel

Your team can use this template to create a risk breakdown structure diagram that shows different types of risks that could affect a project. The template helps your team organize risks into broad categories.

Step-By-Step Guide to Creating a Project Risk Management Plan

Below are step-by-step instructions on how to fill out a project risk management plan template. Follow these steps to help you and your team understand the information needed in an effective risk management plan.

This template is based on a project risk management plan template created by Arrowhead Consulting of Tulsa, Oklahoma, and was shared with us by Kris Reynolds.

• Cover Section: Provide information for the cover section , also known as the summary section . This will include the name of the project, the project overview, the project goals, the expected length of the project, and the project manager.
• Risk Management Approach: Write a short summary of your organization's overall approach to project risk management for all projects, not only the project at hand. The summary might describe overall goals, along with your organization’s view of the benefits of good project risk management.
• Plan Purpose: Write a short summary explaining how the plan will help your team perform proper risk management for the project.
• Risk Identification: Provide details on how your team plans to identify and define risks to the project. Those details should include who is assigned to specific responsibilities for risk identification and tracking, as well as what information and categories will be included in your team’s project risk register.
• Risk Assessment: Provide details on how your team will assess the probability and potential impact of each risk it has identified. Your team should also include details on any risk matrices it plans to use and how the team will prioritize risks based on those matrices.
• Risk Response: Provide details on the ways your team can choose to respond to various risks. In the case of high-priority risks, that will include prevention or mitigation plans for each risk. In the case of low-priority risks, or risks that might be prohibitively expensive to mitigate, it might include accepting the risk with limited mitigation measures.
• Risk Mitigation: Provide more details on how your team plans to lessen the likelihood  or impact of each risk. Your team should also provide details on how it will monitor the effectiveness of prevention and mitigation strategies, and change them if needed.
• Risk Tracking and Reporting: Provide details on how your team plans to track and report on risks and risk mitigation activities. These details will likely include information on the project risk register your team plans to use and information on how your team plans to periodically report risk and risk responses to organizational leadership.

Do Complex Projects Require More Complex Project Risk Management Plans? 

Experts say that complex projects shouldn’t require more complex project risk management plans. A project might have more complex tools, such as a more detailed risk register, but the risk management plan should cover the same basics for all projects.

“The problem is, most people get these management plans confused. They then start lumping in the artifacts [such as risk registers] — which can be more complex and have more detail — to the risk management plan itself,” says Reynolds. “You want it to be easily understood and easily followed.

“I don't think the complexity of the project changes the risk management plan,” Reynolds says. “You may have to circulate the plan to more people. You may have to meet more frequently. You may have to use quantitative risk analysis. That would be more complex with more complex projects. But the management plan itself —  no.”

Effectively Manage Project Risks with Real-Time Work Management in Smartsheet

From simple task management and project planning to complex resource and portfolio management, Smartsheet helps you improve collaboration and increase work velocity -- empowering you to get more done. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.

Discover a better way to streamline workflows and eliminate silos for good.

• Study Guides
• Homework Questions

PM 7030 Individual Assignment 2 (Risk Definition)

• Information Systems

.css-s5s6ko{margin-right:42px;color:#F5F4F3;}@media (max-width: 1120px){.css-s5s6ko{margin-right:12px;}} AI that works. Coming June 5th, Asana redefines work management—again. .css-1ixh9fn{display:inline-block;}@media (max-width: 480px){.css-1ixh9fn{display:block;margin-top:12px;}} .css-1uaoevr-heading-6{font-size:14px;line-height:24px;font-weight:500;-webkit-text-decoration:underline;text-decoration:underline;color:#F5F4F3;}.css-1uaoevr-heading-6:hover{color:#F5F4F3;} .css-ora5nu-heading-6{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;color:#0D0E10;-webkit-transition:all 0.3s;transition:all 0.3s;position:relative;font-size:16px;line-height:28px;padding:0;font-size:14px;line-height:24px;font-weight:500;-webkit-text-decoration:underline;text-decoration:underline;color:#F5F4F3;}.css-ora5nu-heading-6:hover{border-bottom:0;color:#CD4848;}.css-ora5nu-heading-6:hover path{fill:#CD4848;}.css-ora5nu-heading-6:hover div{border-color:#CD4848;}.css-ora5nu-heading-6:hover div:before{border-left-color:#CD4848;}.css-ora5nu-heading-6:active{border-bottom:0;background-color:#EBE8E8;color:#0D0E10;}.css-ora5nu-heading-6:active path{fill:#0D0E10;}.css-ora5nu-heading-6:active div{border-color:#0D0E10;}.css-ora5nu-heading-6:active div:before{border-left-color:#0D0E10;}.css-ora5nu-heading-6:hover{color:#F5F4F3;} Get early access .css-1k6cidy{width:11px;height:11px;margin-left:8px;}.css-1k6cidy path{fill:currentColor;}

• Project management |
• What is a risk register: a project mana ...

What is a risk register: a project manager’s guide (and example)

Looking for tools to set your team up for success? A risk register can do just that.

A risk register is shared with project stakeholders to ensure information is stored in one accessible place. Since it’s usually up to project managers (we’re talking about you!), it’s a good idea to learn how and when to use a risk register so you’re prepared for your next project. 

What is a risk register?

A risk register is a document that is used as a risk management tool to identify potential setbacks within a project. This process aims to collectively identify, analyze, and solve risks before they become problems. While usually centered around projects, other circumstances where risk management is helpful include product launches and manufacturing. 

A risk register document, otherwise known as a risk register log, tracks potential risks specifically within a project. It also includes information about the priority of the risk and the likelihood of it happening. 

A project risk register should not only identify and analyze risks, but also provide tangible mitigation measures. This way, if the risk becomes a larger threat, your team is prepared with solutions and empowered to solve the issues. 

When should you use a risk register?

There are many instances when a risk register comes in handy. Ideally, it should be used—or available for use when needed—for every project. It can be used for both small and large projects, though your risk log may look different depending on the scope and complexity of your initiative. 

While a small project may only include basic information about the risk such as likelihood, priority, and solutions, a more complicated project may require around 10 different document fields. 

While some companies employ risk management professionals to manage a risk log, it often falls on the project manager or team lead to oversee it. If your team doesn’t already use a risk management or incident management process, it may be helpful to know common risk scenarios to decide whether a risk register is right for you and your team. 

Some risk scenarios ranked by priority could include:

Low priority: Risks such as lack of communication and scheduling errors can leave projects open to scope creep and missed deliverables. 

Medium priority: Risks such as unplanned or additional work can cause teams to struggle with productivity and create unclear objectives. 

High priority: Risks such as data security and theft can leave your company open to revenue loss and should be prioritized. 

Once you know when to use a risk register, you can properly define high priority risks when you come across them. 

Common risk scenarios

Multiple risks could arise during a new project. Anything from data security to unplanned work can risk projects going over budget and scope. Nobody wants to imagine the consequences of missed due dates, which is why it’s important to identify potential risks before they happen.

It’s a good idea to include common risk categories in your risk register log so you’re prepared when they occur. Learn a little more about these risks and determine which ones could apply to your team. 

Data security 

If you’re working on projects that could affect data security, it’s extremely important to track and mitigate potential risks. Unmanaged risks could result in:

Information being stolen: Without proper mitigation, your business could become vulnerable to private information being stolen. This is especially harmful if it’s customer information being stolen.

Credit card fraud: This is dangerous for a number of reasons, but could result in a loss of revenue and potentially require legal action. 

Data security is a top risk and should be prioritized accordingly in order to prevent long-term security issues.  

Communication issues

Communication issues can arise no matter the size of your project and team. While a risk register can help identify where communication areas live, it can be helpful to also implement work management software to streamline communication at work .

Here are some risks that could arise from lack of communication:

Project inconsistencies: Without proper communication, inconsistencies in deliverables can cause confusion. 

Missed deadlines: No one wants to miss a deadline but without clear communication, your team may not be aware of due dates for deliverables. 

Creating a proper communication plan can also help prevent risks from surfacing in the first place. 

Scheduling delays

If scheduling errors and delays go unnoticed, they can become a big problem when deadlines are missed. Tools such as timelines and team calendar software can help prevent scheduling errors in the first place. 

Project scheduling delays could result in:

Rushed deliverables: There’s nothing worse than a project that hasn’t been properly executed, which can cause goals to be missed and work to appear sloppy.

Confusion: Teams can become overwhelmed and confused without a proper schedule in place. 

Implementing a schedule can help keep deliverables on track for both daily tasks and one-off projects. 

Unplanned work

We’ve all been in a situation where a project goes over scope. It’s a common risk that can be fairly easy to mitigate if tracked properly. Catching unplanned work early on allows you to properly delegate it to the project lead. 

Without a proper risk register, you could experience:

Missed deliverables: If work slips through the cracks, you may be at risk of missing a deadline altogether. 

Employee burnout: Overscheduling your team members with unplanned work can create tension and even cause overwork and burnout. That’s why it’s important to scope projects correctly. 

If you do run into issues with unplanned work, implementing a change control process can help communicate additional work to your team members.  

Theft of materials

While hopefully uncommon, businesses that have a large inventory of products could run the risk of theft or reporting errors. By tracking inventory consistently and frequently, you can catch risks early on to determine the cause.  

Theft can leave your business open to:

Loss of revenue: Whether products are being stolen or there are errors in reporting, theft will have a negative impact on revenue. 

Uncertainty: When theft happens, employee and business uncertainty can cause internal stress. 

Misuse of time: Along with theft of tangible goods, there’s a risk of time theft. In a remote working environment, it can be more difficult to track where your team is spending their time. 

Similar to data security, theft is a high-priority risk that should be handled as quickly as possible. 

What’s included in a risk register?

A risk register is made of a list of risks and tracking fields. Your team’s risk log will most likely look different than others as you’ll have unique risks associated with your projects. 

No matter the differences, most risk registers are made up of a few essential parts, including risk identification, risk likelihood, and risk mitigation. These parts work to create a fluid log of information on potential risks. These logs are also helpful to look back on when working on new projects that could face similar risks. 

Additional fields that are good to include are details like risk identification, description, and priority. The more specific you get, the more likely you’ll be prepared to mitigate whatever risks come your way. 

A great rule of thumb to keep in mind is the more complicated the project is, the more intricate your risk register is likely to be. That means it’s a good idea to be as specific as possible within your log for large projects that span multiple months and have a number of different stakeholders. 

Here are some of the most important fields to include in your project risk management plan. 

1. Risk identification  

One of the first entries included in a risk register is the identification of the risk. This is usually in the form of a risk name or identification number. A risk identification field should include:

The risk name

The identification date

A subtitle if needed

You don’t need to get super creative when naming your risks, a simple summary will do. On the other hand, if you want to get creative, you can craft personas for each type of risk. For example, using the persona “Daniela” as your data security risk name to help team members understand how to quickly identify risks. 

Along with a name, you may also choose to include a short subtitle and the date of the risk identification. This will help track how long mitigation methods are taking and allow you to identify which risks are taking the longest to resolve. 

2. Risk description

After the identification is complete, a short description should be added to your log. A risk description should include:

A short, high-level overview of the risk

Why the risk is a potential issue

How long you choose to make your descriptions is up to how detailed you want your log to be, but the average length is typically 80 to 100 characters.

More importantly than the length, a description should include the key points of the risk and why it’s a potential issue. The main takeaway is that a description should accurately describe the risk without getting in the weeds so it can be easily identified. 

3. Risk category

There are a number of risk categories that help quickly identify the potential risk. Quickly identifying the risk makes it easier to assign to the correct team—especially when working on a complicated project with multiple risks. A risk category could be any of the following:

Operations 

Information 

Project plan

To determine the category type, you’ll first need to evaluate where the risk is coming from and who can help solve it. You may need to work with department heads if the solution isn’t obvious. 

4. Risk likelihood

If risks are caught early enough, it’s possible the team will be able to sort them out before any real action is needed. So it’s possible that risks that are flagged on your risk register won’t actually become problems. 

The likelihood of a risk can be documented with a simple selection of: 

Not likely 

Very likely 

Categorizing your risks by likelihood can help identify which risks to tackle first and which you should wait on. 

5. Risk analysis

A risk analysis gauges the potential impact the risk could have on your project. This helps to quickly identify the most important risks to tackle. This is not to be confused with priority, which takes into account both likelihood and analysis. 

While teams document risk levels differently, you can start with this simple five-point scale:

If you’re struggling to identify the risk level, you may want to get a second opinion by working with a department head. This way you can accurately gauge how high the impact might be. 

6. Risk mitigation

A mitigation plan, also called a risk response plan, is one of the most important parts of a risk register. After all, the point of a risk management plan is to identify and mitigate possible risks. Basically, it’s an action plan. A risk mitigation plan should include:

A step-by-step solution on how to lessen the risk

A brief description of the intended outcome

How the plan will affect the impact 

While small risk assessments may be easy to mitigate, some risks are much more complex and don’t have obvious solutions. In this case, the mitigation plan will need a bit of teamwork to solve. This usually happens beyond the actual risk register document, such as during a meeting or team huddle. 

However you choose to conduct your mitigation plan, you should document a high-level description within the log for reference and clear communication. This will not only ensure everyone on the project team understands the response plans, but it will also help you visualize the solution. 

7. Risk priority 

While the impact of a risk will help determine priority, it’s good to also include this entry on your log. Priority should take into account both the likelihood of the risk and the risk analysis. Both of these aspects will make it clear which risks are likely to have harmful consequences on the project. 

Priority can be documented by a simple number scale:

If you’re looking to make your risk register more visually appealing, you may want to document priority by using a color-coded scale instead. This can be used in place of or alongside the three options. Love organizing by color? Then color-coding your log is the perfect option for you! 

8. Risk ownership

Once the risk has been identified, reviewed, and prioritized, it’s time to assign the mitigation deliverables to be implemented. Risk ownership should include:

The person assigned to oversee the implementation of deliverables

Any additional team members, if applicable

The risk ownership field can help quickly determine which department the risk should be handled by. It can also help visualize which team members have ownership of specific risks. 

9. Risk status

The last field to include in your risk register is the status of the risk. This helps communicate whether a risk has been successfully mitigated or not. A risk status field should be filled out with one of the following:

In progress

If you want to get more granular with your status options, you may choose a more specific list such as active, not started, hold, ongoing, and complete. 

Additional risk register fields

While there are a handful of main entries that every risk register should include, there are additional optional items you can include as well. It’s always better to over-prepare than be caught off guard when the time comes, so take a look at these additional fields to decide if you need them. 

Risk trigger: Adding a risk trigger entry can help you evaluate why the risk happened in order to prevent future risks. 

Response type: While many risks will be on the negative end of the spectrum, there is a possibility for a positive outcome. In this case, you can add a field for a positive or negative response. 

Timeline: You can also include the schedule or timeline of the mitigation plan within the log in order to keep information in one place. Timeline software is a great tool to help with this. 

How to create a risk register (with example)

A risk register contains a lot of information and can be challenging to create for the first time. While you may know what information you need to include, getting started can be difficult. That’s why we put together an example to help you get started on your own risk management plan. 

Here’s what your risk register log might look like:

The key objective of a risk register is to log the information of potential risks, so don’t get too caught up in the details. You should choose the fields necessary to communicate potential risks to your team members. 

Some teams may only need a simple risk register with few fields, while others may need something more complex. It may be helpful to start simple and work your way up to a more complex log if needed.

Here’s an example of a risk register entry to get you started on your own risk log. 

Risk name: Design delay

Risk description: Design team is overbooked with work, which could result in a timeline delay. 

Risk category: Schedule

Risk likelihood: Likely

Risk analysis: Medium

Risk mitigation: Hire a freelancer to create project graphics. Move meetings from Kabir’s calendar during the week of 7/12 to free up time to edit graphics and send to Kat for final approval. 

Risk priority: 2

Risk ownership: Kat Mooney

Risk status: In progress

Once you get the hang of filling out your risk register, you can work to continuously improve and perfect your data log for future projects.   

Don’t risk your risk management plan

Identifying risks is a large part of any successful risk management strategy. While identifying and mitigating new risks isn’t always easy, it’s essential in order to keep your business on track for success. Once you nail down your risk register, project risks won’t seem as hard to manage. Plus, your team will have more time to spend on important things, like delivering impact. 

If you’re looking for additional resources on risk management, check out how to create a contingency plan to prevent business risks. 

Related resources

Everything you need to know about waterfall project management

Smooth product launches are simpler than you think

What is stakeholder analysis and why is it important?

How Asana uses work management to optimize resource planning