Policy, programme and project level risk management
A5.35 Risk management strategies should be adopted in a way that is appropriate to their scale. A risk register is required to identify, quantify and value risk. It should identify who owns each risk, provide an assessment of the likelihood and an estimate of the impact on project outcomes. The purpose of the risk register is to provide oversight of risks and their management. Information on the status of each risk is also included and the register should be updated, maintained and reviewed. A basic risk register template is provided in Box 27. A risk allocation table is also recommended, an example is set out in Box 28.
Box 27. Risk Register
| Risk number (unique within register) |
|
| Risk type |
|
| Author (who raised it) |
|
| Date identified |
|
| Date last updated |
|
| Description |
|
| Likelihood |
|
| Interdependencies with other sources of risk |
|
| Expected impact |
|
| Bearer of risk |
|
| Countermeasures |
|
| Risk status and risk action status |
|
Box 28. Example of Risk Allocation Table
| Scale | Bearer | Key Issues | ||
|
|
| Purchaser | Provider |
|
| Obsolescence | Low |
|
| Assets require low levels of technology |
| Demand Risk | Med |
|
| ... |
| Design Risk | High |
|
| ... |
| Residual Value | Low |
|
| ... |
| 3rd Party Revenues | Low |
|
| ... |
| Regulatory Change | High |
|
| ... |
| Etc. |
|
|
| ... |
