The Risk Register is an important project management document. It originally appears as the only output to the Identify Risks process of the fourth edition PMBOK®. As more analysis, planning, and monitoring occurs throughout the four risk processes that follow it (Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, and Monitor and Control Risks), the risk register is updated as part of performing each of these processes. As each of these risk processes are performed, more information is added to the expanding document. Eventually it may contain a list of all identified risks, along with information describing them including their causes, categorization, probability of occurrence, impact if they occur, planned responses, person responsible, qualitative and quantitative risk analyses, and current status. The risk register is also used as an input to three other processes outside of the risk knowledge area—Estimate Costs, Plan Quality, and Plan Procurements.
Negative Risk Strategies
For a project manager, a risk is an uncertain event. This potential event could be either desired (positive) or undesired (negative). A positive risk may be referred to as an opportunity, and a negative risk may be referred to as a threat. There are three unique strategies used for handling negative risk (avoid, transfer, and mitigate), and one strategy that can be used for either positive or negative risk (accept). These are described as a tool and technique of the fourth edition PMBOK®’s Plan Risk Responses process. Below are some examples of the negative risk strategies as related to Katy baking a wedding bake for her daughter’s wedding.
Avoid means that plans are modified to completely eliminate the threat. Katy originally planned to bake a five-tier wedding cake, but she is so afraid that it will collapse, that she has decided to avoid the risk of collapsing altogether by baking the five cakes and setting them each on their own platter beside each other on the cake table.
Transfer means that the ownership and consequences of the risk are transferred to another party. Katy decides to buy cake insurance from a local baker—so that if the risk of her cake being ruined occurs, the baker will be able to bring a replacement cake in time.
Mitigate means that the probability or impact of the risk is lessened. Katy found a sturdy silver stand with five platforms for the five layers of cake. Although it appears that the cakes are balanced on top of each other, they actually aren’t. Because of this, it is very unlikely that the risk of the cake collapsing will occur.
Accept means that plans are not changed due to the risk, and the consequences of the risk event happening are simply accepted. Katy decides to make the five-tier cake. In the unlikely case that it becomes ruined, there simply won’t be wedding cake for the guests to eat.