The Risk Register PMP®, or Risk Log, is one of the main outputs of Project Risk Management in the PMBOK® guide. The purpose of the Risk Register PMP® is to provide the project team with a tool to organize and track risks throughout the project so that the team has a plan in place if a risk were to occur.
In this post, we will look at how you can create a risk register for your own project. Make sure you download the template to get started.
A risk is an uncertain event that may or may not happen in the future. If risks are not documented and properly managed, threats to the project can cause massive cost over runs and schedule delays. In the worst case scenario, they can even cause the project to be cancelled.
The Project Management Institute (PMI) recommends creating a risk register during the Planning phases of the project and progressively elaborated upon throughout the project.
At the start of the project, some Project Management Offices (PMOs) will supply the project manager with a Risk Register template to use. Sometimes, the project manager has to make their own. After the template has been approved, you will use the same template throughout your project.
Along with a consistent template to use throughout your project, you and your team also need to come up with common definitions for risk severities. For example, what constitutes as a high impact risk? Medium impact? Low impact?
Once you have your Risk Register template and common definitions, you will brainstorm with your team during meetings and list all the possible risks on your project. This list will change during the course of your project, and you will need to update it as often as required. Whenever you or your project team discover a new risk on the project, you need to document the risk on in the risk register.
Every risk in the register will be assigned an owner. That person will be responsible for ensuring that the risk does not become occur and minimizing the negative impact of the risk if it does occur.
What can a project manager do about risk?
There are 4 ways that a project manager can approach a negative risk, or a threat to the project.
Accept – If the risk will not have a Low Risk Score, you may choose to accept the risk if it does occur because you may simply not have the resources to deal with every risk on your project.
Avoid – You are going to do nothing about the risk. This strategy is not recommended by the PMI. By avoiding a risk, it may cause more problems for your project in the future, and might even jeopardize your project completion.
Mitigate – You will minimize the negative impact the risk has on your project to an acceptable level. Residual risk is the risk that still remains after you’ve implemented your plan to mitigate the risk.
Transfer – You can transfer the risk to someone else by purchasing an insurance premium or outsourcing the work to a third party.
The method that the project manager chooses to deal with the risk will depend on the outcome of the qualitative and quantitative analysis. Let’s now take a look at how to compute these processes.
Qualitative analysis
Like the word “qualitative” suggests, this process is “subjective”. You will take each risk that you are responsible for and apply the common definitions to them.
More specifically, you are assigning an impact level and probability level to each risk. You will be stating whether the risk is high, medium, or low impact and whether the risk is high, medium, or low probability.
Although common definitions are established, you are still bringing your bias to the evaluation. One team member may look at the common definitions and rate a risk as medium impact, while you may rate it as low impact. Hence, this process is “qualitative” or “subjective”.
You calculate the Risk Score of a risk using a Risk Matrix. Learn how to create one here.
The key formula to remember for qualitative analysis is Probability times Impact, which gives you your Risk Score.
Risk Score = Probability * Impact
Quantitative analysis
To complete Quantitative analysis, you will sort the risk scores from the qualitative analysis from high to low. You will only perform quantitative analysis on the risks with High as its risk score because it will take too much effort and resources to do quantitative analysis on all the risks.
Quantitative analysis involves assigning a numeric value to the risk. In other words, if the risk was to occur, how much would it cost the project?
Quantitative analysis also involves an assessment of the remaining contingency reserves. You will need to answer the questions: how much contingency serves is remaining? How much contingency reserve can you use on this risk? What will you use the contingency reserve to do to mitigate or stop the risk? (Side note: contingency reserves is a part of the budget that the project manager sets aside to deal with emergencies.)
The qualitative and quantitative risk analysis are also listed in the risk register. They both have to be updated throughout the project as the risk profile of the project changes.
To learn more about risk creating Risk Registers and qualitative and quantitative risks, download the Risk Register template below.