How To Tailor Key Risk Indicators (KRIs) To Your Organization’s Specific Threats
Every organization faces risk each day, but no two organization’s risk landscapes look exactly the same. It’s the…
Every project—from remodeling a bathroom to landing on the Moon—carries the risk that it won’t succeed.
Typically, the more sophisticated the project, the higher the chances that something doesn’t go according to plan. This is why project managers who successfully execute large, complex undertakings all have one trait in common: a relentless focus on managing risk.
What if regulatory approval doesn’t come through for clinical trials of a pharmaceutical drug? What if protesters disrupt a political convention? What if foreign currency fluctuations erode the profitability of an overseas investment? The adverse possibilities are endless.
Especially for large projects, it’s vital that a portion of the overall budget gets set aside for identifying and addressing potential risks such as these. The best risk management plans are created during the planning stages, and are subject to the same approval process as the rest of the project.
The document resulting from the planning stages is called a risk register, and it forms the backbone of a sound risk management plan. Creating, maintaining, and utilizing a risk register are critical activities that contribute to a project’s success.
In this post, we’ll take a look at the parts of a project risk register and how to get started making one of your own.
The Project Management Body of Knowledge defines a risk register (sometimes called a risk log) as a document in which the results of risk analysis and risk response planning are recorded. In its simplest form, it’s an itemized list of the risks that could derail a project.
Typically created in spreadsheet form, the register allows project stakeholders to keep tabs on the identification, assessment, and treatment of risks. It also contains information about the individual project risks, including potential impact, severity, and actions required to keep them in check.
Risk registers are unique to their projects; thus, there is no “standard” risk register. Still, risk registers typically contain some common features. The categories below are a good starting point, but you should modify your risk register to match your unique project and situation.
Some of the most widely used components are listed below. You’ll notice that the risk register addresses risk management in four key steps: (1) identifying and classifying risks, (2) analysis, (3) evaluation, and (4) solutions and monitoring.
Elements 1–3 listed below involve the identification of risks.
Elements 4 and 5 record the results of analysis of the identified risks.
Elements 6 and 7 record the evaluation of the risks.
These last four elements explain and record the treatment of the risks.
It’s best to start with the risk register sections listed above and move from top to bottom. First, you’ll want to make a list of all the potential risks to your project or organization. This can be accomplished in several ways.
There are a number of other approaches too, including SWOT Analyses, the Delphi technique, FAIR Methodology, and more. Do some research and see if any of these are relevant to your project or industry.
Of course, it’s not possible to list out every possible risk that could happen, nor is that an advisable goal. You wouldn’t, for example, include the potential for an asteroid hitting the earth among the risks to your product marketing plan. You should focus on the risks that matter.
While a project is in progress, the risk register should be kept close-at-hand and updated consistently. You’ll want to schedule thorough reviews with your team on a regular basis, so it’s always current and reflective of the best possible information. Be rigorous about identifying risks, checking that risk responses are in place, and that people are held accountable. Risk management does not end at the planning stages, it just begins.
Your risk register will change over the life of the project—and that’s a good thing. You’ll be presented with new risks, old risks will be mitigated or prevented altogether, and some risks will simply go away. The risk register helps you stay on top of these developments and keep your team in the know. Flexible technology such as LogicGate's Enterprise Risk Management platform can help your risk register stay agile and responsive to risks as they crop up.
At its core, a risk register helps to maximize the chances that a project will be a success. It helps project managers keep a clear view of the status of a project, as well as any factors that could decrease those chances. It is, in many ways, a project manager’s best friend.
For more on Enterprise Risk Management, check out LogicGate's eBook below on How to Build Organizational Support for ERM.
Every organization faces risk each day, but no two organization’s risk landscapes look exactly the same. It’s the…
Maybe your organization has been the victim of a supply chain attack, or saw one of your major…
Many cybersecurity professionals, if not all, have experienced that “after the breach” feeling — the moment you realize…
Join us as we celebrate Women’s History Month with five women working at the pinnacle of the risk…
Anticipate risk events, make better risk decisions faster, and provide context for your decisions to key stakeholders with…