Risk log

A template for continuously capturing and acting on project risks using a severity matrix, mitigation procedures, and historical tracking.

Procedure

Outline risks and color code each risk based on the decision matrix shown below. Risks are itemized in the risk backlog (below).

SEVERITY
LIKELIHOODACCEPTABLE
Little to no impact		TOLERABLE
Nothing that impacts product function		UNDESIRABLE
Requires change in the way the product is used		INTOLERABLE
Cannot meet goal. Do not proceed; disastrous
IMPROBABLE
Unlikely to occur		AcceptableTolerableTolerableUndesirable
POSSIBLE
Risk may occur		AcceptableTolerableUndesirableIntolerable
PROBABLE
Risk likely will occur		TolerableUndesirableUndesirableIntolerable
CERTAIN
Risk will occur		TolerableUndesirableIntolerableIntolerable

Additionally, the status of Resolved can be used when a risk has been fully mitigated.

Handling open risks

  1. Any unresolved risk or any risk categorized higher than Acceptable results in moving the project into “at risk” status.
  2. “At risk” status is considered either Undesirable (yellow) or Intolerable (red).
  3. These risk levels change the overall project status to either yellow or red, accordingly.

The following procedure is followed for all identified risks, based on severity:

SeverityAction
Resolved
Acceptable		Move the risk to the Risk History table and mark its associated actions as resolved. Update the mitigation history with links to resolved outcomes.
TolerableAssign a primary responsible team member and develop mitigation strategies. Review status daily / weekly based on context. Shift project status to yellow.
UndesirableAssign a primary responsible team member and develop mitigation strategies. Conduct daily stand-down to review status daily. Shift project status to yellow.
IntolerableAssign a primary responsible team member and develop mitigation strategies. Conduct daily stand-down to review status daily. Shift project status to red. Project will not continue further until red status is resolved.

Risk log

SeverityRisk
Intolerable
2023-06-21

No documented risk management process.

  • Risks to the project are often known in advance, but capture is inconsistent.
  • Even when captured, some risks are not acted upon.
  • Project-level failures (defects, missed deadlines, poor customer feedback) occur and could be prevented in many cases.

Mitigation: Document and adopt more suitable risk management policies.

  • @TeamLead has investigated options and documented an initial plan to adopt improved risk management.
  • Tooling to support new risk management procedures is set up.
  • @TeamLead will enable team on new risk management policies and tools.
Undesirable
2023-06-28

There is extensive manual process.

  • Many operations in the day-to-day use of products require manual operations that are potentially open to errors.
  • Manual process wastes human effort and reduces product function.

Mitigation: Unknown. Pending review.

Risk history

No further action is necessary for the following risk items, but they are being retained for historical record.

SeverityRisk
Resolved
2023-06-28

There is a lack of awareness regarding risk management.

  • The team has experienced significant setbacks and struggled to keep the project on track.
  • Despite this, many of the setbacks have been foreseen and even, in some cases, the team was generally aware of the problem in advance.
  • Some potential problems are captured, but capture is inconsistent.

Mitigation: Investigate potential solutions to improve risk management.

  • Team lead has investigated and documented a solution plan to make sure risks are more captured and managed.

All material copyright © 2011–2026 Boss Logic, Inc., all rights reserved. Unauthorized reproduction prohibited. Paying customers of Boss Logic, Inc., subscribers to the Customer Obsessed Engineering newsletter, Waste Walk or the Delivery Playbook have a limited license to reuse materials for their personal use.

Want to adopt the Delivery Playbook at your organization? Learn more here.