Risk Register

Definition

The Risk Register is a project document that records identified risks, their probability and impact ratings, assigned risk owners, planned response strategies, and current status. It is a living document — created during Identify Risks and updated throughout the project. It also documents residual risks (risks remaining after responses are applied) and secondary risks (new risks created by implementing risk responses).

Related concepts

• Risk Domain
• Monitoring and Controlling
• Stakeholders Domain
• Planning

Exam angle

• Created in Identify Risks, not Plan Risk Management: Plan Risk Management produces the risk management plan (methodology, thresholds); the register is populated when risks are identified
• Residual and secondary risks must be documented: wrong = ignore risks that couldn’t be fully eliminated; right = document and monitor residual risks; also document secondary risks that your responses create
• Risk owner vs. PM: risk owners are responsible for monitoring and triggering their risk responses — the PM does not own all risks; delegation is intentional

My notes