Risk data sheet

A risk data sheet contains information about a specific identified risk. The information is filled in from the risk register and updated with more detailed information. Typical information includes:

  • Risk identifier
  • Risk description
  • Status
  • Risk cause
  • Probability
  • Impact on each objective
  • Risk score
  • Response strategies
  • Revised probability
  • Revised impact
  • Revised score
  • Responsible party
  • Actions
  • Secondary risks
  • Residual risks
  • Contingency plans
  • Schedule or cost contingency
  • Fallback plans
  • Comments

The risk data sheet can receive information from:

  • Risk register

It can be started in process 11.2 Identify Risks from the PMBOK® Guide – Sixth Edition. It is continu- ously updated and elaborated throughout the project.


Tailoring tips

Consider the following tips to help tailor the risk data sheet to meet your needs:

  • Not all projects require risk data sheets. Where they are used, they are considered an extension of the risk register.
  • You can add or delete any fields you feel necessary



The risk data sheet should be aligned and consistent with the following documents:

  • Risk register
  • Probability and impact matrix
  • Risk report


Document element Description
Risk ID Enter a unique risk identifier.
Status Enter the status as open or closed.
Risk description Describe the circumstances or drivers that are the source of the risk.
Risk cause Describe the circumstances or drivers that are the source of the risk.
Probability Determine the likelihood of the event or condition occurring.
Impact Describe the impact on one or more of the project objectives.
Score If you are using numeric scoring, multiply the probability times the impact to determine the risk score. If you are using relative scoring then combine the two scores (e.g., high- low or medium-high).
Reponses Describe the planned response strategy to the risk or condition.
Revised probability Determine the likelihood of the event or condition occurring after the response has been implemented.
Revised impact Describe the impact once the response has been implemented.
Revised score Enter the revised risk score once the response has been implemented.
Responsible party Identify the person responsible for managing the risk.
Actions Describe any actions that need to be taken to respond to the risk.
Secondary risks Describe new risks that arise out of the response strategies taken to address the risk.
Residual risk Describe the remaining risk after response strategies.
Contingency plan Develop a plan that will be initiated if specific events occur, such as missing an intermediate milestone. Contingency plans are used when the risk or residual risk is accepted.
Contingency funds Determine the funds needed to protect the budget from overrun.
Contingency time Determine the time needed to protect the schedule from overrun.
Fallback plans Devise a plan to use if other response strategies fail.
Comments Provide any comments or additional helpful information about the risk event or condition.