PRINCE2 Agile 2016
Previous Section   Next Section

A.25 Risk register

A.25.1 Purpose

A risk register provides a record of identified risks relating to the project, including their status and history. It is used to capture and maintain information on all of the identified threats and opportunities relating to the project.

A.25.2 Composition

For each entry in the risk register, the following should be recorded:

  • Risk identifier Provides a unique reference for every risk entered into the risk register. It will typically be a numeric or alpha-numeric value
  • Risk author The person who raised the risk
  • Date registered The date the risk was identified
  • Risk category The type of risk in terms of the project’s chosen categories (e.g. schedule, quality, legal etc.)
  • Risk description In terms of the cause, event (threat or opportunity) and effect (description in words of the impact)
  • Probability, impact and expected value It is helpful to estimate the inherent values (pre-response action) and residual values (post-response action). These should be recorded in accordance with the project’s chosen scales
  • Proximity This would typically state how close to the present time the risk event is anticipated to happen (e.g. imminent, within stage, within project, beyond project). Proximity should be recorded in accordance with the project’s chosen scales
  • Risk response categories How the project will treat the risk in terms of the project’s chosen categories. For example:
    • For threats: avoid, reduce, fallback, transfer, accept, share
    • For opportunities: enhance, exploit, reject, share
  • Risk response Actions to resolve the risk, and these actions should be aligned to the chosen response categories. Note that more than one risk response may apply to a risk
  • Risk status Typically described in terms of whether the risk is active or closed
  • Risk owner The person responsible for managing the risk (there can be only one risk owner per risk)
  • Risk actionee The person(s) who will implement the action(s) described in the risk response. This may or may not be the same person as the risk owner.
Previous Section   Next Section