Project managers have a number of tools in their arsenal that can help them address potential challenges and obstacles. One such tool is the project risk register. But what is a risk register, how do you use one, and how can it keep your next project from being derailed?

In this guide, we’ll walk you through exactly what to include in your project risk register and provide details on when and how to build and maintain one for your next project. 

What is a risk register? 

A project risk register is a tool project managers use to track and monitor any risks that might impact their projects. Risk management is a vital component of project management because it’s how you proactively combat potential problems or setbacks. 

Using a project risk register, also called a risk log, is an essential part of this risk management process. 

What is the purpose of a risk register?

The purpose of a project management risk register is to identify, log, and track potential project risks. A risk in project management is anything unexpected that could happen that would positively or negatively affect your project. 

Any time someone identifies something that could impact your project, it should be assessed by the team and recorded in your risk register. 

Why do you need a risk register? 

You need a risk register because, as projects get larger, longer, and more complex, it becomes increasingly difficult to stay on top of everything. If risks aren’t tracked in a central location and reviewed regularly, something may be missed or forgotten. 

Some risks may seem small or unlikely at first but have the potential to impact your project, nonetheless. Examples of project risks can include:

  • Data/security risk (materials being hacked or stolen)
  • Legal risk (litigation or changes in the law that impact the project) 
  • Catastrophic events (fire, flooding, storm damage) 
  • Supply chain disruption 

Risk management is about identifying potential problems early so you can decide how to handle them. It also empowers you to track risks over time to see if and how they’re changing. 

When a risk is first identified, you might consider it so unlikely that you don’t bother doing anything about it. But what if, as the project progresses, the risk becomes a lot more likely to occur? By tracking your risks, you can notice changes like this early enough to take action. 

Who creates a project risk register?

If you’re working on a very large, complex, or critical project, you may have a risk coordinator or risk manager on your team. In this scenario, it would be their job to create and maintain the risk register. 

However, for most projects, responsibility for creating the risk register falls on the project manager. 

This doesn’t mean the risk manager or project manager is responsible for identifying or taking action against all the risks. Everyone on the project team and potentially impacted by the project’s success should help identify and assess risks. 

For instance, the client or sponsor may be aware of a potential problem that no one on the project team knew about.  

What is included in a risk register?

A risk register is essentially a table of project risks that allows you to track each identified risk and any vital information about it. 

Standard columns included in a project risk register are:

  • Identification number (to quickly refer to or identify each risk)
  • Name or brief description of the risk
  • Risk categories (whether it’s internal or external, material-related or labor-related, etc.) 
  • Probability (how likely the risk is to occur)
  • Impact (if the risk takes place, how seriously will it impact your project)
  • Rating (where does this risk fall on your priority list)
  • Approach (will you monitor the risk, try to mitigate it, avoid it, etc.)
  • Action (if you plan to mitigate or avoid the risk, what are the steps involved, and when will they occur)
  • Person responsible for overseeing or mitigating the risk

How to create a risk register

To create a risk register, all you need to do is build a table with the columns covered above and start populating it with project risks. 

Let’s go through a couple of the columns in more detail to help you determine how to fill them in:

Risk categories: The purpose of the categories is to help you sort risks to make it easier to monitor them and understand what they impact. You should customize these categories to your business and project. You may even choose to have columns for separate categories. For instance, you may want a column identifying what sprint might be impacted and another identifying what type of work (development, testing, etc.) will be impacted. 

Probability and impact: There are two ways to assess risk — qualitative and quantitative. Qualitative is the simplest and most common form. With this approach, you generally assess probability and impact on a 3–5 point scale such as very high, high, medium, low, and very low. Quantitative risk requires assigning numerical values. Instead of saying there could be a "high" impact, you need to define it in quantifiable terms, such as a two to four-week schedule delay or a 5% increase in cost. 

Rating: If you’re using a qualitative risk assessment method, your rating is typically probability multiplied by impact. If the probability is high (4) and impact is medium (3), then your rating would be 12 (4 x 3). This method gives you a simple way to sort and prioritize risks quickly. 

Quantitative risk analysis isn’t quite as simple. It’s difficult to compare and rank a 60% chance of a two-week schedule delay with a 40% chance of a 10% increase in costs. To make this work, you'll need to rate the schedule and budget impacts so they can be compared. For instance, you might consider a six-week delay and a 10% budget increase to both be a "very high impact" and assign them a "5." 

However you choose to track and assess risks, make sure it’s standard across your project. If team members assess risks differently or fill out columns inconsistently, it makes it harder to view, track, and prioritize your project risks. 

Risk register example

This simple risk register example will help you create a risk log for your next project.

Use Wrike to create an effective project risk register 

Did you know that you can build, update, maintain, and share your risk register right in your project management software? Thanks to Wrike’s custom fields, it’s easy to create and modify your register to reflect exactly what columns and categories you need to track. 

Plus, you can easily share it with your team and other stakeholders to get their input. You can also incorporate it into your reports and dashboards, so risks are always top of mind and nothing important gets overlooked.  

Try out a free trial of Wrike today to discover how easy it is to build your first risk register.