Project risks should be documented in a Project Risk Log, which is normally maintained by the Project Manager. In its simplest form a simple spreadsheet can be used to keep track of the risks. Many of the online Project Management tools have more sophisticated tools for presenting and filtering the risks but they are essentially providing the same information and the principles are the same whatever tool is used.
Download a sample Risk Log Template here.
Risk Log essential information
The Risk Log should have the following information for each risk identified:
- Title of the Risk
- Risk Statement – summary of the risk. See the How to write a good Risk Statement article for tips on how to do this.
- Summary of the risk impact – can be part of the Risk Statement or separate section
- Likelihood of risk – scale 1-5 (1=very low, 5= very high)
- Impact of risk – scale 1-5
- Overall risk rating – Likelihood x Impact
- Mitigation plan – summary of actions being taken to mitigate the risk
Useful tracking information
It is also useful to log the following information:
- Risk identifier – eg. R001, R002 etc. so easier to use reference number rather than explaining the risk each time
- Person who raised the risk – so you can refer back to them for clarity etc.
- Risk owner – ie the person owning the mitigation actions
- Proximity of risk – the date when the risk is likely to impact the project
- Date raised
- Forecast date for closing risk
Focus on higher likelihood and higher impacting risks
The Risk Log should be reviewed and updated regularly otherwise it will become out of date and of limited use. The aim is to keep track of the higher priority risks in the Risk Log. If lots of low likelihood and low impact risks are logged and tracked, they can clutter up the log and distract from the focus on the more important risks.
Download a sample Risk Log Template here