How do you develop a PRINCE2 Risk Register?

Examine risk with a PRINCE2 risk register

Create a Risk Register in three steps

Whatever the size of your project, you must consider the possible risks associated with it, and how you will respond to those risks. In PRINCE2 projects, you achieve this by creating a Risk Register. In this article, I’ll introduce you to the process of creating a Risk Register.

What is a Risk Register?

One of the themes of PRINCE2 is that of risk. The Risk Register is the key document that helps you to assess, monitor, minimise, and control project risks. It lists the risks that could disrupt (and even derail) the project, and details the plans you have to deal with these risks. It is part of the Project Management Plan.

3 steps to develop your PRINCE2 project Risk Register

There are three steps needed to develop an effective Risk Register:

  1. Identification of risk
  2. Analysis of risk
  3. Plans to respond to risk

Step #1: Identifying project risks

It is essential that you employ effective risk identification processes. You should consider:

  • Brainstorming, and making notes of all potential risks that you can think of. Use input from other people if possible – this will give you a wider and deeper pool of potential risks.
  • Use a checklist, developed from lessons learned from previous projects. Use documentation from previous projects to remind yourself of problems encountered and errors made to inform how to Improve processes and procedures this time.
  • Review the project documentation to fully understand the ins and outs of the project, its projected outcomes, and the people involved.
  • Conduct a SWOT analysis, an essential stepping stone to identifying every possible risk in any project.
  • Analyse project assumptions, to question their reliability.
  • Obtain a consensus of opinion, by sharing findings with a group of subject experts.

Step #2: Analysing identified risks

There are two types of analysis that you will need to conduct when developing the Risk Register.

The first is qualitative analysis, giving each risk a probability and impact score. Simply put, you are seeking to answer the questions:

  • How likely is this risk to happen?
  • If it does happen, what damage could it do to the project?

When scoring the qualitative risk, you may decide to give the risk a number, or perhaps use a financial value.

The second type of analysis is quantitative analysis. This will help to determine the effect of the risk on the project.

There are several tools that you could use to conduct risk analysis. Whichever you choose, you should use the same tool on each risk to maintain a standard approach and measurement. By doing this, you should be able to prioritise project risks.

Step #3: Developing your response to risk

There are four responses that you could make to each risk:

·         Avoid

You may eliminate the risk by:

  • Changing project scope
  • Extending project timings
  • Changing the project’s objectives
  • Eliminating ambiguity by clarification
  • Importing expertise to remove risks


·         Transfer

Transfer the risk to a third party; for example, by using insurance or paying for large quantities of supplies needed.

·         Mitigation

Employ strategies to reduce the risk to acceptable levels.

·         Acceptance

Accept that the risk exists, and either deal with the consequences of risk when they occur, or at the conclusion of the project.

Your Risk Register is an evolving document

The Risk Register is not a static document, but a living creation that is constantly evolving. New risks must be considered, and risks that have been eliminated may be marked as such. Risk priorities may also change. Finally, if a risk is realised, it will need to be handled as a project issue.

Now you know how to develop the Risk Register, read our article “Using the Risk Register for Maximum Advantage” for tips to take your project risk management to the highest level. Contact Your Project Manager for extra advice:

contact your project manager