MOD Crest
AOF Risk Management

Policy, information and guidance on the Risk Management aspects of UK MOD Defence Acquisition

version 4.0.5 - July 2010

Content

Risk Register

Who is Responsible for Risk Register ?

The Risk (Process) Manager role is responsible for designing and maintaining the Risk Register.

What is a Risk Register ?

The Risk Register is central repository for risk data. There are many software packages able to simplify the actual recording, updating and reporting of risk information and many programmes/projects consider placing the risk register on their Shared Working Environment (SWE) to give all parties real-time access to the data.

The risk register is usually in tabular format and will contain the following:

Field Description
Risk Identity usually a unique alpha numeric reference
Risk Title short form title usually to address the subject matter
Risk Category used as a method of grouping similar type risks (e.g. ‘Resource’ or ‘Finance’)
Risk Description details including the context, cause and impact of a risk. (Often Cause and Impact are separately tabled)
Risk Owner the person having the authority and resources to enable effective analysis and management of a risk.
Probability percentage figure to indicate likelihood of risk occurring
Impact Time, Impact cost and Impact Performance for qualitative analysis the banding (High, Medium, Low, etc.) is listed. (The values for each band will be defined in the Risk Management Plan.) Note:- the above Probability and Impact values are the pre-mitigation or current values whichever is the latest.
Mitigation Action description of the mitigation action(s) including the Action Owner, the person responsible for ensuring the mitigation is implemented, and the planned start and finish dates for the action.
Post-mitigation Probability/Impact Time/Impact Cost/Impact Performance Values the forecast post mitigation values (i.e. where mitigation action plans to take the risk)
Fallback Plans what action is planned should the risk occur, and at what point is the decision to be taken to follow that fallback plan (may be earlier than the risk occurring.)

The above list is neither exhaustive nor prescriptive but is an indication of the information required to effectively record risk information.

In arriving at the above information certain assumptions will be taken. It is good practice to record these assumptions and decisions taken either as part of the Risk Register or as separate data sheets.

Change History

Change History