Risk Registers: A brief guide


Practical Project Risk Management


By Martin Hopkinson

United Kingdom


Store data on risks and risk responses and use it for risk review and reporting purposes.

Issues Involved

Maintaining a risk register is one of the most common activities in project risk management. The following issues often influence how useful the register is:

  1. Which data fields should be maintained and for what purposes?
  2. How can you ensure that the data is of good quality and is updated routinely?
  3. How many risks is it sensible to include and to what level of decomposition?
  4. What outputs are required for the purposes reporting and reviews?

Tailor Your Approach

Whilst even very simple risk registers can be useful, most commercial tools provide users with a large number of fields. Try counting the number of fields in your risk register tool that would be used if you populated every field for one risk with five mitigation actions. Then consider a) whether it is practical to support routine data updates at this level of detail and b) which data fields are strictly necessary for decision making purposes. Attempts to maintain too much data have an adverse effect on management efficiency, data quality and the clarity of reports.

Before setting up the risk register, you should think about how the data will be used.

Important Risk Register Fields

The following risk register fields are usually the most important:

  1. Description: Risk Title, Risk status and risk description
  2. Ownership: Risk Owner and Risk-bearing organisation
  3. Actions: Action description, Action Owner, Planned completion date, Action Status
  4. Risk estimates:g. Probability of occurrence & Schedule, cost and product impacts
  5. Fields required for sorting or filtering purposes:g. project phase, escalation status


To read entire article, click here

Editor’s note: This series of articles is by Martin Hopkinson, author of the books “The Project Risk Maturity Model” and “Net Present Value and Risk Modelling for Projects” and contributing author for Association for Project Management (APM) guides such as Directing Change and Sponsoring Change. These articles are based on a set of short risk management guides previously available on his company website, now retired. For an Introduction and context for this series, click here. Learn more about Martin Hopkinson in his author profile below.

How to cite this paper: Hopkinson, M. (2023). Risk Registers: A brief guide, Practical Project Risk Management series, PM World Journal, Vol. XII, Issue IV, April. Available online at https://pmworldjournal.com/wp-content/uploads/2023/04/pmwj128-Apr2023-Hopkinson-risk-registers-a-brief-guide.pdf

About the Author

Martin Hopkinson

United Kingdom


Martin Hopkinson, recently retired as the Director of Risk Management Capability Limited in the UK, and has 30 years’ experience as a project manager and project risk management consultant. His experience has been gained across a wide variety of industries and engineering disciplines and includes multibillion-pound projects and programmes. He was the lead author on Tools and Techniques for the Association for Project Management’s (APM) guide to risk management (The PRAM Guide) and led the group that produced the APM guide Prioritising Project Risks.

Martin’s first book, The Project Risk Maturity Model, concerns the risk management process. His contributions to Association for Project Management (APM) guides such as Directing Change and Sponsoring Change reflect his belief in the importance of project governance and business case development.

In his second book Net Present Value and Risk Modelling for Projects he brought these subjects together by showing how NPV and risk modelling techniques can be used to optimise projects and support project approval decisions. (To learn more about the book, click here.)

To view other works by Martin Hopkinson, visit his author showcase in the PM World Library at https://pmworldlibrary.net/authors/martin-hopkinson/