Primary navigation:

QFINANCE Quick Links
QFINANCE Reference

Home > Operations Management Checklists > Creating a Risk Register

Operations Management Checklists

Creating a Risk Register

Checklist Description

This checklist describes what a risk register is, why you should create one, and how it fits into risk management. It also describes its use and some guidance for its maintenance.

Back to top


A risk register, also sometimes called a “risk log,” is usually used when planning for the future. Future plans may include project plans, organizational plans, or financial plans. Risk registers are used in the area of risk management.

Risk management is a method of managing risks or uncertainty relating to a perceived threat. Risk management will usually involve having strategies in place to deal with risks, whether by avoiding the risk, transferring it elsewhere, reducing its effect, or dealing with the consequences. Financial risk management deals with risks that can be managed using traded financial instruments.

Risk management uses risk registers to identify, analyze, and manage risks in a clear, concise way. A risk register usually takes the form of a table—however long or wide that may end up being.

A risk is an event that, if it occurred, would have an adverse (or positive) impact on a project, investment, or similar. The risk register contains information on each risk that is identified. One of the main skills in risk management is to successfully identify all possible risks. The risk register should contain, in summarized form, the planned response in the event that a risk materializes, as well as a summary of what actions should be taken beforehand to reduce a particular risk. Much financial legislation, such as Basel II, also impels organizations to take steps to reduce risk. Risks are often ranked in order of likelihood, or of their impact. The risk register lists the analysis and evaluation of the risks that have been identified.

Back to top


  • A risk register can identify and make provision for dealing with risks, enabling an organization to save millions if things go wrong.

  • Should a risk materialize, there is already a set list of actions to run through immediately to start minimizing the consequences.

  • An organization can have the confidence to press on with a project or investment knowing that procedures to deal with any risks arising have been put in place.

Back to top


  • Much time, effort, and money can be spent on creating risk registers to deal with events that will never occur.

Back to top

Action Checklist

  • Establish a risk management team. The team should meet regularly to discuss the risks associated with each project, investment, etc., to review procedures, and to ensure that the risk register is kept up-to-date. Appoint a team member to keep abreast of any legislative requirements that may affect the risk register.

  • Identify and list all potential risks, and decide on the likelihood of their occurrence. Determine the expected impact if they do occur. Identify any interdependencies with other risks and what knock-on effects there may be.

  • Decide who will bear the risk.

  • Identify countermeasures to mitigate the risk before it occurs.

  • Keep track on the risk register of the current status of any risk that has occurred and what action is being taken.

Back to top

Dos and Don’ts


  • Create a risk register for each new project or investment.

  • List each risk as a separate entry in the register’s table.

  • Identify an “owner” for each risk, i.e. a person who will be in charge of resolving the risk.

  • Follow up on actions and status for each risk identified.

  • Revisit the risk register regularly to evaluate any changes to the likelihood of a risk and its potential impact. Changes to projects and investments should also be evaluated for their effect on previously assessed risks or new risks that may arise.


  • Don’t ignore the possibility of risks becoming a reality.

  • Don’t lose track of the risk register.

Back to top

Further reading


  • Ackermann, Fran. Systemic Risk Assessment: A Case Study. Management Science Theory Method and Practice Series. Glasgow, UK: Department of Management Science, University of Strathclyde, 2003.
  • Bateman, Mike. Tolley’s Practical Risk Assessment Handbook. 5th ed. Boston, MA: Elsevier, 2006.
  • Brinded, Malcolm. Perception vs Analysis: How to Handle Risk. Eighth Annual Royal Academy of Engineering Lloyd’s Register Lecture. London: Royal Academy of Engineering, 2000.



Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share