Skip to content

Risk Register

Template Library

Risk Register Template

Track planning risks, technical risks, AI risks, data risks, security risks, governance risks, operational risks, triggers, owners, and mitigations.

ES-103 Risk Risk Ownership

Template purpose

Use this template to record risks that may affect project success, evidence quality, engineering readiness, schedule, scope, architecture, implementation, verification, release, operation, governance, or trust.

Risks should be actionable. A risk without an owner, trigger, or mitigation is only a worry.

Project

<Project name>

Document control

Field Value
Artifact owner <owner>
Primary reviewers <reviewers>
Status <draft / in review / accepted / revised>
Last updated <YYYY-MM-DD>
Related Engineering Stage ES-103 — Planning and Work Breakdown
Project workspace target docs/project-workspace/planning/risk_register.md

Risk register

ID Risk Category Likelihood Impact Mitigation Owner Trigger Status
R-001 <risk> <scope / schedule / technical / data / AI / security / governance / operations / evidence / staffing> <low / medium / high> <low / medium / high> <mitigation> <owner> <trigger> <open / monitoring / mitigated / closed>

Highest priority risks

Risk ID Why High Priority Required Action
<R-ID> <reason> <action>

Risks requiring architecture attention

Risk ID Architecture Concern Needed in ES-104
<R-ID> <concern> <action>

Risks requiring governance attention

Risk ID Governance Concern Review / Approval Needed
<R-ID> <concern> <review or approval>

AI-specific risks

Risk ID AI Risk Human Accountability / Mitigation Evidence Needed
<R-ID> <hallucination, automation bias, unsafe output, prompt drift, data leakage, poor evaluation, unreviewed generation> <mitigation> <AI use log, evaluation, review, monitoring>

Data, security, and privacy risks

Risk ID Risk Mitigation Evidence Needed
<R-ID> <risk> <mitigation> <review, test, policy, audit, access record>

Operational risks

Risk ID Risk Mitigation Later Evidence
<R-ID> <support, monitoring, deployment, recovery, incident, training, ownership risk> <mitigation> <operations plan, monitoring plan, incident response plan>

Risk escalation rules

Condition Escalate To Expected Action
<trigger condition> <role or group> <action>

Review checklist

  • [ ] Risks have categories, likelihood, impact, owner, trigger, and status.
  • [ ] High-priority risks are visible.
  • [ ] Architecture risks are identified for ES-104.
  • [ ] Governance risks are identified.
  • [ ] AI, data, security, privacy, and operational risks are considered.
  • [ ] Escalation rules are defined where needed.
  • [ ] Risks are actionable rather than vague concerns.

Continue to Planning Review

Review the ES-103 planning package for completeness, accountability, risk, dependencies, and readiness.

Open Planning Review →