This guide covers everything you need to know about the risk report in PMBOK 8. The risk report is the stakeholder-facing communication document that summarizes the project’s overall risk exposure, highlights the top risks requiring attention, and reports on the effectiveness of risk responses — it translates the detail of the risk register into an executive-readable status summary.
What Is the Risk Report?
The risk report is a document that provides an aggregated summary of the project’s risk management activities and current risk status. It goes beyond the risk register — which is a detailed tracking tool — to present a high-level view of the risk landscape that sponsors, steering committees, and senior stakeholders can understand and act on without wading through the full register.
A typical risk report includes the overall risk exposure level (high/medium/low), a summary of the top risks by risk score, the status of response plans for the top risks, any new risks identified since the last report, any risks that have materialized and become issues, changes in the contingency reserve balance, and a trend assessment of whether the project’s overall risk exposure is increasing or decreasing.
The risk report complements the risk register: the register is the operational detail; the report is the management summary. Together, they ensure both the project team and its stakeholders have the information they need about project risk.
Risk Report in PMBOK 8 — Domain and Process
In the PMBOK Guide 8th Edition, the risk report belongs to the Risk Performance Domain and is produced during the Perform Risk Analysis process. PMBOK 8 introduces the risk report as a distinct output (separate from the risk register) to recognize the need for risk communication artifacts tailored to different audiences.
The risk report feeds into work performance reports (incorporating risk status in the overall project status picture) and can trigger escalation actions when top risks exceed sponsor-defined thresholds. It also informs the lessons learned register with observations about how risk management performed on the project.
Key Elements of the Risk Report
A well-structured risk report typically includes:
- Overall Risk Exposure — aggregate assessment of the project’s current risk level (Low/Medium/High)
- Top Risks Summary — the five highest-scored risks with current probability, impact, and response status
- New Risks — risks identified since the previous report
- Risks Closed — risks that have been resolved or expired since the last report
- Materialized Risks — risks that have become issues, with reference to the issue log entry
- Contingency Reserve Status — original reserve, amount consumed, and remaining balance
- Risk Trend — whether overall risk exposure is increasing, stable, or decreasing
Risk Report Example — Project Phoenix
Alex Morgan included a one-page risk report in every biweekly project status report for Riley Park and Sarah Chen. As of the month 3 report (week 12), the overall risk exposure was Medium — down from High at the start of the development sprint. The top five risks were listed with current scores: Risk #3 (developer availability) had been downgraded from High to Medium following John Tran’s successful return to the project; Risk #9 (Stripe API compatibility) remained at Medium pending the final integration test.
The month 3 report noted that two risks had closed (vendor delivery timing and CDN performance), one risk had materialized and been converted to ISS-004 (John Tran’s leave), and the contingency reserve stood at $2,983 remaining (from the original $4,283 — $1,300 consumed by the ISS-004 resolution). The risk trend was assessed as decreasing, supported by the closure of five risks in the previous four weeks. Riley Park responded to the report with a single message: “Excellent risk management on this project, Alex.”
You can download the complete filled-in example below — it shows exactly how the risk report was structured for a real project.
Download Free Risk Report Template and Example
We have prepared two free resources to help you produce risk reports on your own projects:
- Download the Risk Report Template — PMBOK 8 (blank, ready to fill in)
- Download the Risk Report Example — Project Phoenix (filled in for a real $72K website launch)
Both are free downloads — no registration required.
Risk Report — Best Practices and Common Mistakes
Keep the risk report concise — one to two pages for most projects. Sponsors read risk reports to understand whether the project is in control, not to review every identified risk in detail. Include the risk trend explicitly: “overall exposure is decreasing” is more reassuring to a sponsor than a list of risks with no trend context. Always link materialized risks to their issue log entries so stakeholders can see the complete picture.
The risk report is most effective when it is produced on a consistent schedule and reflects honest, current assessments rather than optimistic summaries designed to minimize sponsor concern. Teams that skip or rush risk reporting often find that sponsors are surprised by risk events that were documented in the risk register but never communicated clearly.
Want to master project management with PMBOK 8? The PMBOK Guide 8th Edition is the definitive reference. Get your copy and use it alongside these free resources.
Free Template & Filled-In Example
Apply what you’ve learned with these two free resources:
- Download the Free Risk Report Template (PMBOK 8) — Ready-to-use blank template for your next project.
- Download the Filled-In Example — Project Phoenix — See exactly how this document was completed for a real $72K website launch project.
Project Management