Risk Register Template

ID Raiser Date Registered Category

Provides a unique reference for every risk entered into the Risk Register. It will typically be a numeric or alpha-numeric value. The person who raised the risk. The date the risk was identified. The type of risk in terms of the project’s chosen categories (e.g. schedule,

quality, legal, etc.). The default categories are OMB's list of 19 risk categories. Description In terms of the cause, event (threat or opportunity) and effect (description in words of the impact). Use If-Then format. Probability It is helpful to estimate the inherent values (pre-response action) and residual values (post-response action). These should be recorded in accordance with the project’s chosen scales. It is helpful to estimate the inherent values (pre-response Impact action) and residual values (post-response action). These should be recorded in accordance with the project’s chosen scales. Score Probability x Impact. Also called magnitude. Change Change in score since last review. Last Date of last review. Reviewed Guidance Recommended actions (e.g., escalation) to take based on the magnitude of  the risk. Proximity This would typically state how close to the present time the risk event is anticipated to happen (e.g., imminent, within stage, within project, beyond project). Proximity should be recorded in accordance with the project’s chosen scales. Response How the project will treat the risk in terms of the project’s chosen Category categories. For threats: avoid, transfer, transfer, mitigate. For opportunities: exploit, share, enhance. For both: accept. Response Actions to resolve the risk, and these actions should be aligned to the Plan chosen response categories. Note that more than one risk response may apply to a risk. Trigger(s) An event that itself results in i n the risk event occurring (for example the risk event might be "flooding" and "heavy rainfall" the trigger). Owner Person responsible for implementing the response plan. Total Cost Cost to implement the set of actions to respond to the risk. Status Typically described in terms of whether the risk is active or closed.

     y       t        i        l        i        b      a        b      o      r        P

0.9 0.7 0.5 0.3 0.1

0.09 0.07 0.05 0.03 0.01 0.1

0.27 0.21 0.15 0.09 0.03 0.3

0.45 0.35 0.25 0.15 0.05 0.5 Impact

0.63 0.49 0.35 0.21 0.07 0.7

0.81 0.63 0.45 0.27 0.09 0.9

Risk Register for [Project Name]

Risk Identification

ID

Rais Raise er

1

Chris Cairns

2

Steve Ressler

Date Registered

Category

12/1/2 12/1/201 012 2

Sc Sche hedul dule e

Description

Prob.

If we don't don't hire hire a PM, PM, the then n the the M project will never be completed. 12/14/ 12/14/20 2012 12 Data Data / If we have to use third-party L informati services to get key data, then on we will need to hire contractors.

Risk Analysis

Risk Planning

Pre-Response

Post-Response

Last I mp mpact Score Change Reviewed Reviewed

Response Guidance Guidance Proximity Proximity Category

Monitor and Control

Total Cost Cost

Prob Prob..

Impa Impact ct Scor Score e

Stat Status us

$200

L

L

0.09

Open

Steve $15,000 L Ressler

H

0.21

Open

Response Plan

Trigger(s)

Owner

Outstanding offer made to Billy is rejected. Data analysis reveals gaps.

Chris Cairns

VH

0.45

UP

######### A

Imminent Mitigate

Post a job on govloop.com.

VH

0.27

NEW

######### B

Short te term Mitigate

Engage Ac Acquisition team to help identify vehicles to use. Draft initial requirements.

Page 3 of 10

NAMES

RISK CATEGORIES

RISK GROUPS

RISK RESPONSE CATEGORIES

RISK STATUS

Chris Cairns

Schedule

Resource Availability

Avoid

Open

Steve Ressler

Initial cost

Resource Availability

Transfer

Closed

N/A

Lifecycle cost

Resource Availability

Mitigate

NAMES

RISK CATEGORIES

RISK GROUPS

RISK RESPONSE CATEGORIES

RISK STATUS

Chris Cairns

Schedule

Resource Availability

Avoid

Open

Steve Ressler

Initial cost

Resource Availability

Transfer

Closed

N/A

Lifecycle cost

Resource Availability

Mitigate

TBD

Technical obsolescence Feasibility

Technical Issues Business Impact Technical Issues Management and Oversight Security

Exploit

Reliability of  systems Dependency and interoperability Surety (asset protections) Risk of creating a monopoly Capacity of agency to manage investment Overall risk of  investment failure Organizational and change management Business Data Data / info inform rmat atio ion n

Business Impact Management and Oversight Summary of  Failure Management and Oversight Business Impact Tech Techni nica call Issues

Share Enhance Accept

Technology Strategic Security Privacy Project res resources

Technical Issues Business Impact Security Security Resource Availability

PROBABILITY

IMPACT

PRO

Very High

VH

0.9

Very High

VH

0.9

Imminent

High

H

0.7

High

H

0.7

Short term

Moderate

M

0.5

Moderate

M

0.5

Mid term

Low

L

0.3

Low

L

0.3

Long term

Very Low

VL

0.1

Very Low

VL

0.1

RISK IMPACT SCALE

xx days/hrs

CHANGE

Less than or equal to 0.15

Green

New risk

NE W

0.01-0.15

Less than or equal to 0.15

within a Greater than workpackage 0.15 and less than or equal to 0.35 within within a stag stage e Greate Greaterr than than 0.35

Yellow

Change change in score

--

0.21-0.35

Between 0.21 and 0.35

Red

Score increased

UP

0.45-0.81

Greater than 0.45

Score decreased

DOWN

Post project

C

B

A

High likelihood of risk severely affecting one or more factors (cost, schedule, scope, quality). May have high potential of causing program/project stoppage. Medium likelihood of the risk moderately impacting one or more factors. Low likelihood of the risk moderately impacting one or more factors.

Notify senior management of project risk. Should be reported to as soon as possible to senior management officials (e.g., CIO, project sponsor, etc.) Asign a risk owner. Develop risk management activities. Those risks risks with lower magnitude may have less intensive activities. These risks might be tracked by the PM but not have an assigned risk owner or risk management activities.