Most, if not all projects will have a certain degree of risk attached to them. Whether it is building a new website or app or developing a new piece of hardware; risks will occur. As a project manager or PMO, it is up to you to help discover, control and plan to mitigate.
Risks should be added to a file called a risk register or a RAID log (Risks, assumptions, issues, decisions). The difference between the two files is that a RAID log has more depth than a risk register.
A risk register is a management tool that defines risks and contains notes on how to mitigate a risk as well as including a risk rating and an impact rating.
A RAID log is a tool to log risks, but also project assumptions, issues and decisions with a note section on how to mitigate each.
You don’t need to include both files or tools in your project, however, if you do decide to use a risk register, then the project assumptions, issues and decisions will need to be logged somewhere such as a project initiation document or even in meeting notes.
Creating the risk register or RAID usually takes place in the definition and planning stage, however, managing and mitigating risks should occur throughout the project lifecycle and new ones should be logged whenever a new risk is discovered.
