A risk register template is the central repository where all outputs of the risk management processes are recorded throughout a project. According to the Project Management Institute (PMI), the risk register is a key artifact of the Risk Performance Domain in PMBOK 8, updated continuously across five processes: Identify Risks, Perform Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks. A well-maintained risk register transforms abstract uncertainty into a structured, manageable list giving project managers and stakeholders a single source of truth for every threat and opportunity identified on the project.

What is a Risk Register?

A risk register template is a structured document, typically a spreadsheet or table, that captures details of each individual project risk, including its description, probability, impact, assigned owner, and planned response. In PMBOK 8, the risk register is one of the primary outputs of the Identify Risks process and is progressively elaborated as the project advances through Perform Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks. The level of detail in the risk register scales with project complexity: a small project may record just a dozen risks with basic fields, while a large program may track hundreds of risks with quantitative probability distributions, cost impacts, and layered response strategies.

What's Included in This Risk Register Template?

• Risk Identification Fields - Unique risk ID, short risk title, and detailed risk description written as a structured statement that distinguishes the risk event from its cause and its potential effect on project objectives.
• Risk Category - Classification of each risk by type (technical, external, organizational, project management) to enable pattern analysis and category-level response planning.
• Probability and Impact Assessment - Qualitative ratings for probability of occurrence and impact on cost, schedule, scope, and quality, used to prioritize risks for detailed analysis and response planning.
• Risk Owner - The team member or stakeholder assigned responsibility for monitoring the risk and executing the planned response when the risk trigger occurs.
• Risk Triggers - Early warning signs or conditions that indicate a risk event is about to occur, enabling proactive rather than reactive response.
• Planned Risk Response - The chosen strategy (avoid, transfer, mitigate, accept for threats; exploit, share, enhance, accept for opportunities) and the specific actions the risk owner will take to implement the response.
• Residual and Secondary Risks - Risks that remain after the planned response is implemented, and new risks that may be introduced by the response action itself.
• Current Status and Timing - The current status of each risk (open, closed, occurred, obsolete), when it was identified, when it may occur, and the deadline for taking action.

How to Use This Risk Register Template (PMBOK 8)

1. Populate the register during the Identify Risks process - Use brainstorming, checklists, interviews, SWOT analysis, and document analysis to identify both threats and opportunities. Record each as a structured risk statement.
2. Rate probability and impact for each risk - Apply the probability and impact scales defined in your risk management plan. Unrated risks cannot be prioritized and tend to be ignored until they become issues.
3. Assign a risk owner to every open risk - Risk ownership without accountability is ineffective. Each risk must have a named person responsible for monitoring its triggers and executing the response.
4. Define specific, actionable responses, not just strategies - The response column should contain specific actions, not just category labels like "mitigate" or "transfer".
5. Review and update the register at every status meeting - In PMBOK 8, risk register updates are outputs of all five risk management processes. Any team member can identify a new risk at any time.
6. Close risks formally when resolved or no longer applicable - Mark risks as closed with the date and reason. This data feeds the lessons learned register at project close.

When to Create This Document (PMBOK 8)

The risk register is created during the Identify Risks process, which should begin early in the project, ideally before the project management plan is finalized, so that risk information can inform planning decisions on scope, schedule, and budget. In PMBOK 8, risk identification is not a one-time event: the register is updated continuously throughout the project life cycle as new risks emerge, existing risks change in probability or impact, and planned responses are implemented or adjusted.

Related Templates

• Risk Management Plan Template
• Risk Report Template
• Issue Log Template
• Assumption Log Template
• Lessons Learned Template

Complete Guide & Filled-In Example

Get the most out of this template with the two companion resources below:

• Risk Register in PMBOK 8 - Complete Guide - Understand the purpose, key elements, and best practices before filling in the template.
• Download the Filled-In Example - Project Phoenix - See exactly how this document was completed for a real $72K website launch project.