What Is a Risk Register?

A Risk Register is a project document that records identified risks, their probability and impact assessments, response strategies, and ownership. In PMBOK 8, the Risk Register is the central output of the Identify Risks process and is continuously updated throughout the project as new risks emerge, existing risks change, and responses are executed. It is the primary tool for Project Risk Management — turning risk management from a one-time planning exercise into a continuous discipline. The register does not eliminate risk; it makes risk visible, owned, and managed rather than ignored until it becomes an issue.

What's Inside This Risk Register Example

This Risk Register example covers Project Phoenix — MCG's $72,250 website launch, March 17 to June 13, 2025. The spreadsheet captures 18 identified risks across the project lifecycle:

• Risk ID — RIS-001 through RIS-018
• Category — Technical, Vendor, Resource, Stakeholder, Schedule, Scope
• Description — specific risk statement in "cause -> event -> effect" format
• Probability — 1–5 scale (Low to Very High)
• Impact — 1–5 scale per dimension (scope, schedule, cost, quality)
• Risk Score — Probability × Impact (heat map color-coded)
• Response Strategy — Avoid, Transfer, Mitigate, Accept, Escalate
• Response Actions — specific planned actions
• Owner — assigned team member
• Residual Risk Score — post-response probability × impact
• Status — Active / Triggered / Closed

How Alex Morgan Used This Risk Register

Alex Morgan built the initial Risk Register in a 2-hour risk identification workshop with the full six-person team during Week 2. Eighteen risks were identified; eight scored High or Critical on the heat map and received active response plans.

Four risks from the register proved especially consequential:

• RIS-004 (Content Migration Scope): Probability 3, Impact 4. Response: Mitigate by conducting a content audit in Week 3 before estimation finalized. The audit was conducted; the risk triggered anyway (180 pages vs. 90 assumed). But because the risk was on the register with a response plan, Alex already had the framework for CR-002. The risk register turned a potential crisis into a managed change request.
• RIS-007 (Vendor Design Delay): Probability 3, Impact 4. Response: Mitigate with BrightFrame contract SLA for 48-hour response to revision requests and 5-business-day milestone deliveries. ISS-001 (BrightFrame missed a meeting) was a near-trigger of this risk; the contract SLA gave Alex the standing to escalate immediately.
• RIS-012 (Sponsor Availability): Probability 2, Impact 3. Response: Accept, with contingency of async approval process pre-agreed with Riley Park. Triggered in Week 12 (ISS-007). The pre-agreed async process was executed exactly as planned — zero additional delay.
• RIS-015 (Third-Party API Deprecation): Probability 2, Impact 4. Response: Mitigate by identifying alternative APIs during development. Triggered in Week 8 (ISS-005). The Lead Developer had already identified the backup API during the risk response planning phase; switching took two days instead of two weeks.

Download and Customize

This Risk Register example is available as a free download. Use it as a reference to build your own risk register, or start with the blank template and apply it to your project's risk identification workshop.

• Download the Risk Register Template — PMBOK 8 (blank, ready to use)
• Read the article: Risk Register in PMBOK 8 — Guide and Best Practices

Risk Register Example: Key Takeaways

The four risks that triggered in Project Phoenix — RIS-004, RIS-007, RIS-012, and RIS-015 — all had documented response plans before they occurred. In every case, the team executed the response plan rather than improvising. That is the entire value proposition of a Risk Register: not prediction, but preparation. No project management document better illustrates PMBOK 8's principle that "working effectively under uncertainty" is a learnable, documentable discipline. Build your Risk Register in a workshop. Review it weekly. Update it when things change. The three-hour investment will pay for itself the first time a risk triggers and your team already knows exactly what to do.

Want to go deeper? The PMBOK Guide 8th Edition is the definitive reference for modern project management. Get your copy and use it alongside these examples to build a solid, practical understanding of every performance domain.