Risk Register – Short & Sweet or Extensive & Complete?

Another highlight (IMHO) of the Risk Symposium was Eldon F. Jones’ presentation on “Risk Register – What is it and How is it used?”

prisonersdilemmaWhat is a Risk Register?

A Risk Register is a document that lists “all identified risks, including description, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status” per Mr. Jones.  It is an output of the Risk Management Plan.

I have used a variety of Risk Registers and it can be as simple or detailed as you need it to be, depending on your project.  If you want to start doing some Risk Management, I suggest that these are minimum features of the register:

  1. Description of Risk
  2. Level of Impact on the objectives (rated Low, Medium, High)
  3. Probability of Occurring (rated Low, Medium, High)
  4. Mitigation (What we’re doing now to prevent / what we will do if occurs)

It’s just enough to identify what to look out for and not so much to overwhelm anyone you show the register to, especially upper management!

Elden Jones’ approach would be good for a very large project / program, since he recommends Risk categories such as:

  • Technical, Quality, Performance (Hardware, software, integration) risks
  • Project management risks
  • Organization risks
  • External risks

He also includes scales for qualitative risk analysis, where the values are “placeholders – the scale levels are only rank ordered”.  Probability scales are only “indicators… or guesses, not true probability values.”

Risk Impact, he suggests, should also be scaled, with the ranges of probability linked to quantitative ranges of cost, scope, time and quality.  For example, if the impact on cost is 5 – 10% change, then the probability may be greater 15 up to 45% (equivalent to Medium Risk Impact).

Mr. Jones’ Risk Register includes WBS IDs, Risk Category (such as Client, Human Resource, Mother Nature, Technology), Risk Status, Impact (Scope, Cost, Time, Quality) and Response.

One interesting approach to Response is to distinguish the risk as a Threat or an Opportunity, since different responses would be used.  For a Threat, the strategies would be to either Accept, Avoid, Transfer or Mitigate.  For an Opportunity, the choice would be to Accept. Exploit, Share, or Enhance.  As the Register is regularly reviewed, the risks events are evaluated for probability estimates and the Responses.

Risks should be retired once the threat has passed – would that be great to cross it off the list?

Next: More on Project Opportunities and Risk from Tom Kendrick

Share

15 thoughts on “Risk Register – Short & Sweet or Extensive & Complete?”

  1. mobile chess games

    Your style is really unique in comparison to other people I’ve read
    stuff from. Thank you for posting when you’ve got the opportunity, Guess I will just bookmark this site.

  2. htc mobile games

    It’s very effortless to find out any topic on web as compared to books, as I
    found this paragraph at this web page.

  3. I wanted to thank you for this very good read!! I definitely enjoyed every little bit of it. I have you saved as a favorite to check out new stuff you post…

  4. I’m impressed, I must say. Rarely do I come across a blog that’s equally educative and amusing, and let me tell you, you’ve hit the nail on the head. The issue is something that not enough folks are speaking intelligently about. Now i’m very happy I came across this in my search for something concerning this.

    1. Thanks Douglas for the compliment. Please feel free to contact me as a resource regarding Risk or Program management!

  5. Hi are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started and create my own. Do you need any html coding expertise to make your own blog? Any help would be really appreciated!

    1. Lucinda, Thanks for your question. I recommend watching this tutorial video – http://wordpress.tv/2009/01/15/writing-and-publishing-a-post/

      One suggestion that will make readers more likely to read your post is to insert a small image that relates to the content of your post. When you insert an image, you should wrap the text around the image. To learn how to do that, please read this bit of help. http://codex.wordpress.org/Wrapping_Text_Around_Images

  6. Spot on with this write-up, I actually believe that this website needs much more attention. I’ll probably be returning to read more, thanks for the information!

  7. I for all time emailed this web site post page to all my associates, for the reason that if like to read it after that my contacts will too.

    1. Great suggestion, Laura. There are so many tools specifically for risk management available now to help organize and manage risks.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top