S-064 - Project Risk Identification and Risk Management Plan


Every project carries risk. To be able to demonstrate to management that the risks are understood and being managed, a Risk Register is essential. The Risk Register must identify the key risks, classify them by type and severity, and state the risk mitigation required.
Risks should be classified by TECOP (Technical, Economic, Commercial, Operational, or Political), and assessed for probability and consequence, leading to an overall risk level assessment.
The company risk tolerance criteria must be established in a Risk Assessment Matrix to deter-mine necessary risk mitigation actions.
The Register must be supported by a risk management system to keep the risk assessment up to date as the project evolves.


An initial list of ‘Threats and Opportunities’ is usually created during the initial framing of a project. This can form the basis of the Risk Register, which should be created at the very start of the project. The Risk Register should be reviewed and updated regularly, and certainly before each project decision milestone. The company risk tolerance criteria to be used should be fixed from the start.


To ensure that all risks are evaluated consistently, the following methodology is used:

  • Define the company Risk Assessment Matrix.
  • Identify project risks in all disciplines.
  • Assess each risk for current likelihood and impact using the Risk Assessment Matrix, and identify a risk owner.
  • Plan actions to reduce risks, either reducing probability or consequence, as called for by the RAM assessment.
  • Determine whether resultant risk level for the project is tolerable.
  • Appoint a risk register owner, and ensure they are authorised to maintain and update the register.
  • A Risk Register, with project risks sorted by TECOP and assessed by severity
  • A risk management system, to ensure the register will be updated
  • A Risk Register Owner, who will take responsibility for driving updates.

A 2 day workshop with the client development team to perform an initial risk assessment, and set up the Risk Register and risk management system. Subsequent visits to the client can support a revision or update to the register if required.



    Contact Vincent Busch

    Vincent Busch

    Sr Consultant Upstream & Value Assurance Reviews


    +316 15 65 29 83

    Do you have questions about how we can help your company?
    Send me an email and we’ll get in touch shortly.