What is a risk register?

A risk register is a central document that records all identified project risks with probability, impact, and planned countermeasures, and is maintained continuously.

Project Management Advanced
Ask Fynn beta
Online

DEFINITION

A risk register is the central instrument of risk management in projects. It records all risks that threaten the project: people, technical, financial, or external. Each risk documents: what could happen? How likely is it? What impact would it have on schedule, budget, or quality? Who is responsible? And what countermeasures exist? Typically the register rates probability and impact on a scale, often 1 to 5, and prioritises risks by their product (risk score). High risk scores require active risk management: reduce probability, mitigate impact, or transfer the risk, for example through insurance. The risk register is not a static document. Regular maintenance closes resolved risks and adds new ones. A well-maintained register significantly reduces the number of unexpected crises during the project.

CONNECTIONS

Leadership

Risks only reach reporting when there is psychological safety in the team. Anyone afraid of bad news holds risks back until they escalate. A safety culture is the prerequisite for an honest risk register.

Artificial Intelligence

AI hallucinations and uncontrolled agents are measurable project risks. The risk register must explicitly address AI-specific risks: false statements, data protection breaches, and lack of traceability.

Agility

In agile projects, risks are regularly identified and addressed in retrospectives. That can make the formal risk register obsolete in some agile contexts, but it remains useful for external reporting requirements.

KEY POINTS

  • The risk register records all risks with probability and impact.
  • Risks are prioritised: probability × impact = risk score.
  • Each risk has an owner and planned countermeasures.
  • It is not a one-off document — it is maintained continuously.
  • Four strategies: avoid, reduce, transfer, accept.

EXAMPLE

An IT migration project records ten risks in the risk register. The highest: data loss during migration, probability 3/5, impact 5/5, risk score 15. Countermeasure: full backup before migration starts and a rollback plan. The IT lead is responsible. The register is updated weekly in the status meeting. Two risks do not materialise; one is successfully mitigated through the backup plan.

MISCONCEPTIONS

Is it enough to create the risk register once at project start?

No. Risks change during the project. New ones emerge; known ones occur or lose probability. The register needs regular maintenance.

Must all risks be avoided?

No. Some risks are consciously accepted when the countermeasure costs more than the possible damage. That is a strategic decision.

Artificial Intelligence

Project Management with AI Seminar

How projects work when AI supports them.

2 days Seminar
Artificial Intelligence

AI Leadership Seminar

Leadership when uncertainty becomes opportunity.

1 day Seminar
Artificial Intelligence

Working with AI Seminar

Make decisions that intelligent technology has changed.

1 day Seminar

Contact

We love AI. Being there for our customers even more.

For in-house programmes, open seminars, or personal advice. Our team replies within one business day.

Required
Required
Required