Risk Register

(OBJ 5.2)

Risk Management

• Crucial for projects and business, it involves the identification and assessment of uncertainties that may impact objectives
• The risk register is a key tool in risk management, featuring key risk indicators, risk owners, and risk thresholds

Risk Register (Risk Log)

• Records/documents identified risks, descriptions, impacts, likelihoods, and mitigation actions
• Key tool in risk management
• May resemble a heat map risk matrix
• Facilitates communication and risk tracking
• Key component of project and business operations

Components of Risk Register

• Risk Description
  • Identifies and describes the risk
  • Clear and concise description
  • Goal: Understand the risk without requiring additional info.
• Risk Impact
  • Potential consequences of risk occurrence
  • Rated on a scale (e.g., low, medium, high)
• Risk Likelihood
  • Probability of risk occurrence
  • Rated on a scale (e.g., numerical or descriptive)
    • Example: "rare", "unlikely", 1-5
• Risk Outcome
  • Result of the risk if it occurs
  • Related to impact and likelihood
  • Helps understand the overall effect of the risk on the project
• Risk Level or Threshold
  • Determined by combining the impact and likelihood
  • Prioritizes risks (e.g., high, medium, low)
• Cost
  • Financial impact on the project
    • Cost incur
    • Cost of mitigating the risk
  • includes potential expenses if it occurs or the cost of risk mitigation

Risk Tolerance and Risk Appetite

• Risk Tolerance/Risk Acceptance
  • An organization or individual’s willingness to deal with uncertainty in pursuit of their goals
  • Maximum amount of risk they are willing to accept
  • Acceptance without countermeasures
• Risk Appetite
  • Willingness to pursue or retain risk in order to achieve their strategic objectives
  • Reflects the organizations approach towards risk taking
  • Types
    • Expansionary
      • Organization is open to taking more risk in the hopes of achieving greater returns
    • Conservative
      • Implies that an organization favors less risk, even if it leads to lower returns
    • Neutral
      • Signifies a balance between risk and return

Key Risk Indicators (KRIs)

• Predictive metrics signaling increasing risk exposure
  • Serve as a barometer of risks or safety levels providing a forward-looking view of potential risk and are often associated with the organization's risk appetite
• KRIs help organizations evaluate the impact and likelihood of risks, allowing proactive management to prevent their escalation
• Provide early warning of potential risks
• Tied to the organization's objectives
• Used to monitor risk changes and take proactive steps
• Example:
  • In a banking institution, a KRI could be the number of loan defaults in a given period.
  • A sudden increase in this KRI might indicate a higher risk of credit default

Risk Owner

• Responsible for managing the risk
• Monitors, implements mitigation actions, and updates Risk Register
• Accountable for risk management
• Example:
  • Project manager in a construction