Risk Register Basics and High Level Tips For Any Type of Project
A risk register is a project management tool that allows companies to assess, plan for and mitigate risks. As part of a larger contingency plan, a project risk register is a reference document that allows stakeholders, project managers and team members to be aware of potential risks involved in any given project.
Communication is a core project management aspect. In fact, that’s one of the reasons why product managers manage projects – they are good communicators. As a whole, every aspect of a project must be communicated effectively to stakeholders, project managers and team members.
What is a Risk Register? It is a a Risk Management Tool
Essentially, a risk register is a risk management tool. It is a tool that ensures business continuity, but it is more than that. It takes various risks that could put your project in jeopardy and it measures them. A project risk register is a master reference document that allows complete transparency among the three facets of a project: project managers, team members and stakeholders. Once complete, the risk register lets everybody know what the project is and the foreseeable risks involved.
Risk Register Advantages: The 7 Cs
There are several advantages and benefits that management members can gain from having a project risk register tool. To make them easier to remember, they’re called the seven C’s: consistency, compactness, concision, commitment, completeness, control and communication.
To achieve consistency, your project risk register must conform to a standard. This puts everybody on the same page. The flow will be logical. Conforming to a standard mitigates misunderstandings, questions and possible errors that may arise due to miscommunication. This is essential because risk is relative. By achieving a consistent risk scale and communication method, everybody involved comes under the same understanding about what is being communicated.
Because the risk register is a master document, it enables a degree of compactness. In other words, it enables the project manager to communicate much more effectively. The risk register can paint a picture that can be referenced in a minimal amount of time using visuals in a tabular layout rather than searching through text during a possible crisis. You can fit much more information on a table then you can a lengthy written document.
By using a table rather than a lengthy written document, the risk register forces you to be concise. In other words, you include only the information that is needed without any commentary. By being a clean and concise, communication is enhanced. The last thing you want to do is write a paragraph inside a little table – no one is going to read it.
By completing the project risk register with the input of your project managers, the team members and the stakeholders, you receive a level of commitment and engagement that you would not otherwise receive if you completed this alone. Falling under the principle of empowerment, by gathering the input from everybody involved, you get everybody to fall behind the risk register and support it.
The risk register is a complete document. In other words, complete plans are in place for prevention and contingency. When it comes to mitigating risks, a measure of completeness is essential. Using a tabular layout rather than a lengthy written document, you include all the information that you need and none of the information that you don’t. This measure of completeness is essential comes to having a plan should a potential risk event actually occur. No one is left wondering what they should do or how this affects the business.
This one should be obvious. A risk register tool allows a measure of control that is otherwise not possible. Project budgets are often in the millions of dollars range. It becomes imperative to take some time and devote some of the budget to risk mitigation before something happens that can be extremely costly. Project managers are all too familiar with the need to control as much of the project as they can. This level of control reduces risk.
Of course, the most essential role that the risk register takes is that of a communication tool. Once it’s all put together, you can send the risk register to stakeholders, project managers and team members alike and very briefly explain what it is and how it works. The effort you go through when you create the risk register will enable everyone involved to understand what a risk is, the level of risk that certain activities can have, and prepare your team to mitigate risks before they happen.
What Makes a Complete Risk Register?
Every risk register must follow a template. At this point, we already know that a risk register is a master reference document to be used by project managers, team members and stakeholders alike. While you can find many different risk register templates online, every risk register follows the same general format. As a project manager, your job is to customize and cater the document to your specific project and organization. It doesn’t matter if you use Microsoft Word, Microsoft Excel or some other program to draft the document – they all function the same way. So instead of providing a risk register template in a document format, instead let’s find out what every risk register contains no matter the format.
Risk Identification Phase
There are four phases to completing a risk register. This first phase is called the Risk Identification phase. This is where you identify the risk and categorize them.
Every project has various categories. Some categories are specific to the project or organization while others are standard on every project. Examples of standard project categories include time, scope and cost. As the risk register acts as a reference document, make sure you include every possibility you can think of. This includes categories such as environmental or other key categories.
This is where you describe each risk briefly. Is resource allocation a possible risk? Jot it down. This is quite possibly the most time intensive task when it comes to making your risk register. It also helps to have the input from other team members, project managers and possibly even stakeholders. Identify as many risks as you can and put them in the proper category.
This part is easy. On a tabular layout, the risk ID is the very first column. Used for communication purposes, the risk ID is an identification number you assign to each and every risk. Make sure you follow a standardized format. A common format that you can use identifies a risk with a category; the first risk that falls under the third category would be labeled 3.1 as an identification number.
Risk Analysis Phase
After you have identified and labeled all the possible and foreseeable risks, it’s time to get a meeting together with the project heads so that you can analyze each risk and the impact they may have on your project or business as a whole.
This is where you take each risk and play with the idea as if the risk had actually occurred. What can happen to the project? What can happen to the organization? Risks of going over budget, over time, or risk of not focusing on the project at all can be addressed in the Project Impact phase.
Once you have mapped out the project impacts of various risks, put together a scale that will show you the probability of the given risk actually occurring. Having a scale from 1 to 5 or 1 to 10 will put everybody on the same page so that everybody knows the likelihood of various risks happening. This helps everybody work together to mitigate and reduce the likelihood of risks occurring.
This can be a simple statement defining what will happen if the risk is triggered. If staying within a budget is of high importance, then any risk that can put you over budget would be considered a high risk. Likewise, if staying within a specific timeframe is of high importance, then any risk that can delay the project would be of high importance.
Risk Evaluation Phase
This is the phase where you evaluate all of your risks and decide how important each risk is and what can trigger each risk event to occur.
Risk Rank or Score
Take your risks and combine the likelihood and consequence of each of them. If you’re using a scale of 1 to 5 for each one, multiply the numbers together and you get your risk rank. If you’re using a low medium high scale, then take some time to think about the likelihood and consequence of each risk and rank each one accordingly. If the likelihood of a risk is low and the consequence is high, then the risk rank would be medium.
Think about what may trigger the risks. This is where you write down what the next steps are if various risks are not addressed promptly. For example, if you have a resource conflict risk, then consider putting a contingency plan in place if the resource conflicts have not been resolved by a specified date. In other words, look for things that can trigger the risk and then have a contingency plan in place so that you can mitigate the risk before it occurs.
Risk Treatment Phase
No plan would be complete without a risk treatment phase. Despite your best efforts, risk events still occur. This is where you lay out your plans in the case of a risk occurrence.
Risk Prevention Plan
For each risk, this is your plan that you have in place to prevent each risk. Of course, we all know that not all risks can be avoided. Therefore, this section is designed to reduce as much risk as possible so you have complete control of your project.
This is where you put a contingency plan in place should the risk occur. For each risk, consider a detailed plan so that everybody knows what their place is in the contingency plan for business continuity.
This is the person or group of people that is in charge of managing the risks. For most risk, no one single person is usually at fault. Therefore, a risk owner is not the person who can completely prevent a risk. A risk owner is someone who handles overseeing the prevention and contingency plans.
The word “residual” means left over or recurring. This is the residual risk that is left over after a risk event occurs in the contingency plan has been carried out. In most cases, the residual risk is rated as “Low.”
Take Your Time and Do It Right
So, what is a risk register? As you can see, it will take some time to properly put together an accurate and complete project risk register. Risk registers identify and rank risks. If you don’t have a risk register, you may be putting your entire project in jeopardy. Take your time and do it right; your project may just depend on it.