Risk Log / Risk Register
By The Office of Government Commerce – OGC, UK
Purpose of the Risk Log / Risk Register
The Risk log, in relation to a specific activity or plan (e.g. project), lists all the identified risks and the results of their analysis and evaluation. Information on the status of the risk is also included. Risk log is the PRINCE2™ term but this may also be known as a risk register.
These details can then be used to track and monitor their successful management as part of the activity to deliver the required, anticipated benefits.
Fitness for Purpose Checklist
- Is the Risk log part of a framework for managing risk?
- Does the status indicate whether action has been taken or is in a contingency plan?
- Are the risks uniquely identified (including to which project they refer if the risk relates to a programme)?
- Has each risk been allocated an owner?
- Is access to the Risk log controlled?
- Are activities to review the Risk log in the stage plans?
- Have costs been identified for each risk as a ‘risk allowance’?
Suggested Content in the Risk Log / Risk Register
- Risk identification number (unique within the log)
- Risk type (where indication helps in planning responses)
- Risk Owner Raised by (person)
- Date identified
- Date last updated
- Cost if it materialises
- Possible response actions
- Chosen action
- Target date
- Action owner/custodian (if differs from risk owner)
- Closure date
- Cross references to plans and associated risks and may also include
- Risk status and Risk Action Status
Source Information of the Risk Log / Risk Register
- Issues and risks can be raised by anyone involved in the project or its stakeholders throughout its lifecycle.
Where suppliers and/or partners are involved, it is essential to have a shared understanding of risks and agreed plans for managing them.
The risk log is set up during the start up of the project, ready to record project risks, including any noted in the Project Brief. It is an important component of the organisation’s risk management framework.
This is a management tool whereby a review and updating process identifies, assesses and manages down the risk to acceptable levels. It provides a framework in which problems that may arise and adversely affect the delivery of the anticipated benefits are captured and actions instigated to reduce the probability and the impact of that particular risk.
Successful delivery toolkit, the Office of Government Commerce – © Crown Copyright 2009