From Wikipedia, the free encyclopedia - View original article
|This article needs attention from an expert in Business. (June 2008)|
A Risk Register is a Risk Management tool commonly used in Project Management and organisational risk assessments. It acts as a central repository for all risks identified by the project or organisation and, for each risk, includes information such as risk probability, impact, counter-measures, risk owner and so on. It can sometimes be referred to as a Risk Log (for example in PRINCE2).
A wide range of suggested contents for a risk register exist and recommendations are made by the Project Management Institute Body of Knowledge (PMBOK) and PRINCE2 among others. In addition many companies provide software tools that act as risk registers. Typically a risk register contains:
The risks are often ranked by Risk Score so as to highlight the highest priority risks to all involved.
Risk Register for project "birthday party"
|Risk Category||Risk Name||Risk Number||Probability (1-3)||Impact (1-3)||Risk Score||Mitigation||Contingency||Risk Score after Mitigation||Action By||Action When|
|Guests||The guests find the party boring||1.1.||2||2||4||Invite crazy friends, provide sufficient liquor||Bring out the karaoke||2||within 2hrs|
|Guests||Drunken brawl||1.2.||1||3||3||Don’t invite crazy friends, don't provide too much liquor||Call 911||1||Now|
|Nature||Rain||2.1.||2||2||4||Have the party indoors||Move the party indoors||0||10mins|
|Nature||Fire||2.2.||1||3||3||Start the party with instructions on what to do in the event of fire||Implement the appropriate response plan||1||Everyone||As per plan|
|Food||Not enough food||3.1.||1||2||2||Have a buffet||Order pizza||1||30mins|
|Food||Food is spoiled||3.2.||1||3||3||Store the food in deep freezer||Order pizza||1||30mins|
In a "qualitative" risk register descriptive terms are used: for example a risk might have a "High" impact and a "Medium" probability.
In a "quantitative" risk register the descriptions are enumerated: for example a risk might have a "$1m" impact and a "50%" probability.
Contingent response - the actions to be taken should the risk event actually occur.
Contingency - the budget allocated to the contingent response
Trigger - an event that itself results in the risk event occurring (for example the risk event might be "flooding" and "heavy rainfall" the trigger)
Although risk registers are commonly used tools not only in projects and programs but also in companies, research has found that they can lead to dysfunctions, for instance Toyota's risk register listed reputation risks caused by Prius' malfunctions but the company failed to take action. Risk registers often lead to ritualistic decision-making, illusion of control, and the fallacy of misplaced concreteness: mistaking the map for the territory. However, if used with common sense risk registers are a useful tool to stimulate cross-functional debate and cooperation.