Tìm hiểu về Risk register trong đề thi PMP


Risk register là một ouput của quy trình Identify risks, thuộc mảng kiến thức Project risk management.


The primary output from Identify Risks is the initial entry into the risk register. The risk register is a document in which the results of risk analysis and risk response planning are recorded. It contains the outcomes of the other risk management processes as they are conducted, resulting in an increase in the level and type of information contained in the risk register over time. The preparation of the risk register begins in the Identify Risks process with the following information, and then becomes available to other project management and risk management processes:

  • List of identified risks: The identified risks are described in as much detail as is reasonable. A structure for describing risks using risk statements may be applied, for example, EVENT may occur causing IMPACT, or If CAUSE exists, EVENT may occur leading to EFFECT. In addition to the list of identified risks, the root causes of those risks may become more evident. These are the fundamental conditions or events that may give rise to one or more identified risks. They should be recorded and used to support future risk identification for this and other projects.
  • List of potential responses (Preliminary responses): Potential responses to a risk may sometimes be identified during the Identify Risks process. These responses, if identified in this process, should be used as inputs to the Plan Risk Responses process.
  • Risk owner
  • Cause and effect
  • Trigger conditions
  • Risk status

Chú ý:

  • Ở phiên bản khởi đầu của Risk Register có thể không có Risk owner, Potential responses, root causes.
  • Risk Register là ouput của 5 quy trình: Identify risks và 4 quy trình sau Identify Risks do sinh ra Risk Register update.
  • Risk Register là input của 4 quy trình sau Identify Risks do đây là một project doc rất quan trọng trong risk management process.
  • Risk có low probability có thể đưa vào watch list trong quy trình Perform Qualitative Risk Analysis

Risk Register updates on Perform Qualitative Risk Analysis

  1. Ranking or a priority list of risks
  2. Risks grouped by categories
  3. Causes of risks
  4. List of risks that require a near-term response
  5. List of risks that require additional analysis & response
  6. Watch list of low priority risks
  7. Trends in qualitative risk analysis results

As you must remember from the previous section on the Risk Management Plan, we will use the Probability & Impact matrix to classify risks and to create a prioritized list of risks. The purpose of categorizing risks is to group related risks and to address them together. Usually this is done because this categorization can help us identify the root cause and addressing one root cause can help us eliminate multiple risks.

In this process, we identify those risks that are urgent (ones with high probability & impact) and try to take care of them immediately. There are also cases where we may need to perform further analysis before we decide on the further course of action on the risk. In those cases, we note them down and analyze them in the next process which is the Perform Quantitative Risk Analysis. During our analysis we may also find out certain risks that are either very low risk or impact or both. In such cases we usually move them to a watch list for the moment and continue with the other risks. We must constantly monitor those watch list items to ensure that their probability or impact hasn’t changed to ensure that we don’t get any unwanted surprises.

The trends identification part may have taken you by surprise. Identifying trends is not easy and requires a lot of experience. Do you remember that I said that Risk Management is an iterative process? We usually do multiple iterations of these processes and during such cases, if we watch closely we may be able to identify trends on those risks that may be due to a totally different or even a bigger problem.

Risk Register updates on Perform Quantitative Risk Analysis

  1. Probabilistic Analysis of the Project
  2. Probability of Achieving cost & time objectives
  3. Prioritized list of quantified risks
  4. Trends in quantitative risk analysis results

Conducting a probabilistic analysis of the whole project helps us avoid cost and schedule overruns. Here we will be trying to figure out the probability that we will complete the project in time or under budget. This will also give us a fair idea of how much reserves are required.

At the end of this process, we would have further prioritized the risks. The trends part here is similar to the trends we covered under the Qualitative analysis process.

Risk Register updates on Plan Risk Responses

  1. Agreed upon response strategies
  2. Risk Owner & Assigned Responsibilities
  3. Specific actions to implement the chosen response strategy
  4. Symptoms & warning signs of risk occurrence
  5. Budget and schedule activities required to implement the chosen responses
  6. Contingency reserves of time & cost designed to provide for stakeholder risk tolerances
  7. Contingency plans and triggers that call for their execution
  8. Fallback plans
  9. Residual risks expected to remain
  10. Secondary risks
  11. Contingency reserves that are calculated based on quantitative analysis

After we have analyzed and prioritized all the risks, the next step is to figure out “What to do in case the risk occurs” and that is what we will be doing in this process. This is the process that makes the most number of updates to the risk register. Also, most of these updates are interrelated.

By this point all risks must have an assigned owner who is in-charge of those risks. If some of the items in the list above seem new to you, don’t get overwhelmed. This is just the introductory phase of our preparation for the RMP Certification. There is still a long way to go and we will be covering all of these in great detail…

Usually our response strategies are based on our organizational policies as well as risk tolerances. Also, the organizational and stakeholder risk tolerance has a direct bearing on the contingency reserves. Usually if the stakeholder risk tolerance is how, the reserves will be low and vice versa. It is our responsibility to gauge the risk tolerance level and arrive at the appropriate contingency reserves.

Fallback plans are those “Plan B” kind of plans that we will implement in case the original response is not fully effective. Residual risks are those risks that remain even after our original responses are implemented. Secondary risks on the other hand are those risks that are caused because of the risk response plan we implemented. These risks must not be ignored and have to be dealt with accordingly.

Risk Register updates on Control risks

  1. Outcomes of risk assessment, risk audits and periodic risk reviews
  2. Closing risks that are no longer applicable
  3. Actual outcomes of Project risks & risk responses

An important point to note here is that, risk reassessments and audits may unearth new risks as well. We need to ensure that those risks are handled appropriately as well. Also, documenting the actual outcomes can help us as well as other projects in future that may encounter similar scenarios as those that just failed for us. So, it is extremely vital that we document all those items accurately and truthfully.


  1. The risk register contains the list of all risks that have been identified as well as its details like description, owner, category, root cause, probability & impact etc
  2. The risk register is an input to 4 of the 6 risk management processes and an output of 5 of the 6 risk management processes, making it the document that is going to contain the most up-to-date information reg. all the project risks
  3. The risk register is created in the Identify Risks process and is updated in all the other processes
  4. The risk register contains the up-to-date status information of all the risks including who is responsible for it, the proposed response, the owner of the risk, the actual outcome etc
  5. Not all risks are analyzed in the quantitative risk analysis phase. Only those risks that are selected as “Requiring further analysis” in the qualitative analysis phase are analyzed in this phase
  6. A watch list has to be constantly monitored to ensure that those lower priority risks don’t become near-term threats
  7. Updating the actual outcomes (even if they are failures) can help us in the future. It can also help other project managers who may work on similar projects in our organization.


Nếu có bất cứ chia sẻ hay góp ý bạn vui lòng để lại ở dưới phần bình luận. Tôi rất vui lòng về điều đó. Cảm ơn.

Xem thêm:




  1. Tuấn Phạm Hoàng

    Sổ đăng ký nguy cơ/rủi ro là một sản phẩm của quy trình Xác định rủi ro, thuộc mảng kiến thức Quản lý rủi ro dự án.
    Sản phẩm đầu tiên từ Xác định rủi ro là dữ kiện nhập đầu vào Sổ đăng ký rủi ro. Sổ đăng ký rủi ro là một tài liệu trong đó ghi lại các kết quả phân tích và lập kế hoạch ứng phó rủi ro. Nó bao gồm các kết quả của các quy trình quản lý rủi ro khác khi chúng được tiến hành, làm tăng mức độ và chủng loại thông tin trong sổ đăng ký rủi ro theo thời gian. Việc chuẩn bị Sổ đăng ký rủi ro bắt đầu trong quá trình Xác định Rủi ro với các thông tin sau, và sau đó trở thành tài liệu sẵn có cho các quá trình quản lý dự án và quản lý rủi ro khác:
    • Danh sách các rủi ro đã được xác định: Các rủi ro đã được xác định được mô tả chi tiết hợp lý. Cấu trúc để mô tả các rủi ro sử dụng các báo cáo rủi ro được áp dụng , ví dụ như Sự Cố có thể xảy ra gây ra TÁC ĐỘNG, hoặc Nếu Nguyên Nhân tồn tại, sự cố có thể xảy ra dẫn đến HẬU QUẢ. Ngoài danh sách các rủi ro được xác định, nguyên nhân gốc rễ của những rủi ro này có thể trở nên rõ ràng hơn. Đây là những tình thế cơ bản hoặc các sự cố có thể gây ra một hoặc nhiều rủi ro đã được xác định. Chúng nên được ghi lại và sử dụng để hỗ trợ xác định rủi ro trong tương lai cho dự án này và các dự án khác.
    • Danh sách các biện pháp ứng phó có khả năng: Các biện pháp ứng phó có khả năng đối với rủi ro có thể đôi khi được xác định trong quá trình Xác định rủi ro. Những biện pháp ứng phó này, nếu được xác định trong quá trình này, nên được sử dụng làm dữ kiện đầu vào cho quá trình Ứng phó rủi ro theo kế hoạch.

    View Comment

Leave a Reply

Tôi rất vui khi bạn đã quyết định để lại comment, tôi sẽ phản hồi tất cả các comment nhanh nhất khi có thể. Chú ý tất cả comment đều được kiểm duyệt cẩn thận, xin đừng cố gắng spam hoặc quảng cáo. Xin cảm ơn.