The risk register is a tool in risk management and project management. It is used to identify potential risks in the implementation of the values and principles of CYP-IAPT in your organisation and partnership and can be used alongside the self-assessment. The risk register includes all information about each identified risk, such as the nature of that risk, level of risk, who owns it and what are the mitigation measures in place to respond to it.

Having a list to track risk, whether by a simple spreadsheet or as part of a more robust PM software solution, is a good idea to tackle in any project plan/service development. There is risk inherent in everything, and that goes doubly for managing a project with lots of moving parts.

You’ll never be able to anticipate everything that could go astray in a project, but by doing the due diligence, you’re able to have a plan in place to respond quickly before risks become real problems and sidetrack the whole programme.


“There is risk inherent in everything, and that goes doubly for managing a project with lots of moving parts.”

If you know what risk management is, then you’ll know that the next step to managing risk is strategically working to control the potential issues that are most likely to occur when you’re managing a project. Therefore you should have a mechanism in place to collect potential risks and then map out a path to get the programme back on track, should those risks become realities.

The first thing you have to do is identify the risks. Additionally, you can anticipate some risks based on market forces (supply and demand risks, for example), or based on common staffing or personnel issues.

To collect the possible risks that can show up when managing a project/developing services requires a systematic approach to make sure you’re as thorough as possible. The risk register is a system, which can then track that risk if it in fact appears and then evaluate the actions you’ve set in place to resolve it.

When registering these risks, you have a place to put all this data and follow the specific risk throughout the project, thereby seeing if the actions you’ve put in place to remedy the risk are working. A risk tracking document therefore keeps the risk on a tight leash so it doesn’t run ruin over your project.

The documentation of risk is vital to the success of any project. It gives you a single place to identify the risk, note its history—from where it first occurred to where you finally resolve it—and even tag the risk to the person who identified it and owns its management. You can remark on how likely the risk will impact the project and so much more.

Also, you have a place to assign a team member to the risk. That person then is responsible for monitoring the risk and leading any actions required to mitigate that risk or address it once it becomes an issue. By documenting this process in a register you’re less likely to lose track of the risk over the course of a busy project, which means the risks aren’t turning into real issues that are running rampant out of sight and threatening the success of the project.

Finally, when the risk is resolved, you can close it. Also, if the risk has been remedied, then you don’t want to continue putting resources against a problem that no longer exists. It simply gives you more control and fosters better communications with your team and stakeholders.

Key elements to this are to:

  • Identify
  • Describe
  • Impact
  • Respond
  • Prioritize
  • Ownership
  • Notes
Risk register
See the table above for an example template…