ABSTRACT
Once risks have been identified it is important to be able to refer to them again, so some sort of recording mechanism needs to be established. The risk register is the generally accepted term for the place where risks are recorded, and the risk log is usually the one-line summary of each risk. It is basically the same structure whether it be for use at the project or the programme level. At the programme level, it would be useful to include an additional field to indicate the projects affected. It is helpful to maintain the three separate parts of the risk in individual compartments, namely risk identification, risk assessment and risk response layers. This ensures that the risk and effect are brought out in the overall risk statement, and is useful as a guide for team members not used to expressing risk in this way. The risk log is essentially a one-line summary of each risk in the risk register.
