Risk register on:
[Wikipedia]
[Google]
[Amazon]
A risk register is a document used as a risk management tool and to fulfill regulatory compliance acting as a repository for all risks identified and includes additional information about each risk, e.g., nature of the risk, reference and owner, mitigation measures. It can be displayed as a scatterplot or as a table.
Risk Register vs Risk Report (PMP/CAPM) by Mudassir Iqbal, February 8, 2019.
{{DEFAULTSORT:Risk Register PRINCE2 Risk management
A risk register is a document used as a risk management tool and to fulfill regulatory compliance acting as a repository for all risks identified and includes additional information about each risk, e.g., nature of the risk, reference and owner, mitigation measures. It can be displayed as a scatterplot or as a table.
ISO
The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries.
Me ...
73:2009 Risk management—Vocabulary defines a risk register to be a "record of information about identified risks".
Example
Risk register of the project "barbecue party" with somebody inexperienced handling the grill, both in table format (below) and as plot (right).Terminology
A risk register can contain many different items. There are recommendations for risk register content made by the Project Management Institute Body of Knowledge ( PMBOK) and PRINCE2. ISO 31000:2009 does not use the term risk register, however it does state that risks need to be documented. There are many different tools that can act as risk registers from comprehensive software suites to simple spreadsheets. The effectiveness of these tools depends on their implementation and the organisation's culture. A typical risk register contains: * A risk category to group similar risks * The risk breakdown structure identification number * A brief description or name of the risk to make the risk easy to discuss * The ''impact'' (or ''consequence'') if event actually occurs rated on aninteger
An integer is the number zero (0), a positive natural number (1, 2, 3, ...), or the negation of a positive natural number (−1, −2, −3, ...). The negations or additive inverses of the positive natural numbers are referred to as negative in ...
scale
* The ''probability
Probability is a branch of mathematics and statistics concerning events and numerical descriptions of how likely they are to occur. The probability of an event is a number between 0 and 1; the larger the probability, the more likely an e ...
'' or likelihood of its occurrence rated on an integer
An integer is the number zero (0), a positive natural number (1, 2, 3, ...), or the negation of a positive natural number (−1, −2, −3, ...). The negations or additive inverses of the positive natural numbers are referred to as negative in ...
scale
* The ''Risk Score'' (or ''Risk Rating'') is the multiplication of Probability and Impact and is often used to rank the risks.
* Common ''mitigation steps'' (e.g. within IT projects) are Identify, Analyze, Plan Response, Monitor and Control.
The risk register is called "qualitative if the probabilities are estimated by ranking them, as "high" to "low" impact. It is called
"quantitative" both the impact and the probability is put into numbers, e.g. a risk might have a "$1m" impact and a "50%" probability.
Contingent response - the actions to be taken should the risk event actually occur.
Contingency - the budget allocated to the contingent response
Trigger - an event that itself results in the risk event occurring (for example the risk event might be "flooding" and "heavy rainfall" the trigger)
Criticism
Although risk registers are commonly used tools not only in projects and programs but also in companies, research has found that they can lead to dysfunctions, for instance Toyota's risk register listed reputation risks caused by Prius' malfunctions but the company failed to take action.Drummond, Helga. "MIS and illusions of control: an analysis of the risks of risk management''. Journal of Information Technology (2011) 26, 259–267. Risk registers often lead to ritualistic decision-making, illusion of control,Lyytinen, Kalle. "MIS: the urge to control and the control of illusions – towards a dialectic". Journal of Information Technology (2011) 26, 268-270 (December 2011). and the fallacy of misplaced concreteness: mistaking the map for the territory.Budzier, Alexander. "The risk of risk registers – managing risk is managing discourse not tools". Journal of Information Technology (2011) 26, 274-276 (December 2011), However, if used with common sense, risk registers are a useful tool to stimulate cross-functional debate and cooperation.See also
* Risk *Event chain methodology
Event chain methodology is a network theory, network analysis technique that is focused on identifying and managing events and relationships between them (event chains) that affect project schedules. It is an uncertainty modeling schedule techniqu ...
* Risk Breakdown Structure
* Risk management tools
* Issue log
*Failure mode and effects analysis
Failure is the social concept of not meeting a desirable or intended Goal, objective, and is usually viewed as the opposite of success. The criteria for failure depends on context, and may be relative to a particular observer or belief system ...
* Failure mode, effects, and criticality analysis
* PRINCE2, utilizes a risk register
References
Further reading
* * * * * * *Risk Register vs Risk Report (PMP/CAPM) by Mudassir Iqbal, February 8, 2019.
{{DEFAULTSORT:Risk Register PRINCE2 Risk management