A risk register, a commonly used risk management tool, contains a log of all the tentative risks that can crop up within the scope of a project. In addition to details about the risks, a good risk register format provides space for noting down the control measures that have been identified to mitigate the risk. Before we discuss the components of a risk register, here’s a link to a risk register template that can be downloaded and used for free.
Components of a Risk Register Format
At the top of the risk register goes the name of the project for which it is made and some basic details like the date on which it was modified, by whom, when it was reviewed and by whom. The part of the risk register format that contains information about the risks has several columns, which are:
Reference Number: A unique reference number can be assigned to each identified risk.
Risks: In this column the user can define the risks. It’s important to limit the risk definition to one or two crisp statements that give a clear idea of what the risk is.
Consequence: This space is reserved for defining the possible consequence if the risk is not mitigated.
Probability: The likelihood of occurrence of the risk can be defined as –
- 5 – definite
- 4 – very likely
- 3 – likely
- 2 – occasional
- 1 – rare
Risk Rating: Each of the risks must be assigned a certain rating based on the extent of damage it can cause. The risks can be assigned a risk rating as –
- 5 – disastrous
- 4 – serious damage
- 3 – moderate damage
- 2 – minor damage
- 1 – insignificant
Risk Score: The risk score can be obtained by multiplying the risk rating with the risk probability. This score is representative of the importance or the urgency of mitigating the risk.
Control Measures: This column on the risk register format is reserved for enlisting the control measures that have been identified for handling the risk.
Control Score: A single look at this column should make it clear whether the proposed control measures are enough to mitigate the risk completely. The control measures must be rated on the following basis –
3 – Sufficient – the control measures will annul the risk
2 – Reasonable – can reduce the risk significantly but not completely
1 – Insufficient – the control measures are not enough at all.
Towards the right hand side of the risk register format are four columns which can be used for recording the after improvement risk details:
- Consequence: The consequences that would still remain after adopting all the control measures can be listed in this column.
- Probability: The probability of the unaddressed parts of the risk cropping up.
- Risk Rating: The risk rating for the part of the risks that are not addressed by the control measures.
- Risk Score: The final risk score after carrying out the control measures can be entered in this column and it can be calculated in the same manner as described earlier.
These columns on the right hand side need to be filled up only for those risks which have a control score of two or less.
The risk register format explained here is just one of the many formats that can be used for maintaining a log of the project risks. Additional fields like due dates for risk mitigation, names of person who have to carry out the risk mitigation task or the current status etc can also be added as per the specific requirements of a project. Nonetheless, the risk register template that can be downloaded from the above link is quite fitting for most projects.
Screenshot Taken by: Sidharth Thakur
This post is part of the series: Risk Management - Tools and Techniques
Here’s a series of articles that discuss some of the best tools and techniques used for risk management in the field of project management.