Risk Register

A structured document for recording identified project risks, their analysis, response plans, and tracking status.

28 March 2026 2 min read Updated Mar 2026

#risk-register #project-management #risk-management #planning #governance

A risk register (also called a risk log) is a structured document that records all identified project risks along with their analysis, response plans, owners, and current status. It serves as the central repository for risk information throughout a project’s lifecycle and is a primary input to project decision-making.

Origins and History

Risk registers evolved from risk management practices in defense, aerospace, and engineering industries during the 1970s and 1980s, where formal risk identification and tracking were required for complex systems development. The practice was formalized in project management frameworks including PRINCE2 (which calls it a risk log, from its first edition in 1996), the PMBOK Guide (which includes risk register creation as an output of the Identify Risks process), and ISO 31000 (Risk Management, first published in 2009). The UK Association for Project Management (APM) and the Institute of Risk Management (IRM) have also published guidance on risk register design and maintenance. As organizations matured their risk management practices, the risk register evolved from a simple spreadsheet to an integrated component of project management information systems.

Structure and Content

A typical risk register entry includes: a unique risk identifier, a description of the risk event, the probability of occurrence (often on a 1-5 or percentage scale), the impact if it occurs (on cost, schedule, quality, or scope), a risk score (probability x impact), the risk category (technical, external, organizational, project management), a response strategy (avoid, mitigate, transfer, accept for threats; exploit, enhance, share, accept for opportunities), specific response actions, the risk owner responsible for monitoring and response, a status indicator, and trigger conditions that signal the risk is materializing.

Practical Applications

Risk registers are maintained throughout project execution and reviewed at regular intervals (typically at each project meeting or stage gate). They support prioritization of management attention on high-scoring risks, audit and compliance documentation, lessons learned for future projects, and escalation decisions when risks exceed project-level tolerances.

Sources

Project Management Institute (2021). A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th ed. PMI.
ISO (2018). ISO 31000:2018 - Risk management - Guidelines.
Hillson, D. (2009). Managing Risk in Projects. Gower Publishing.

Need help implementing this?

Turn this knowledge into a working prototype. Our structured workshop methodology takes you from idea to deployed AI solution in three sessions.

Explore AI Workshops