Risk report

The risk report presents information on overall project risk and summarizes information on individual proj- ect risks. It provides information for each of the processes from identification of risks, through analysis, response planning and implementation, and monitoring risks. Typical information includes:

  • Executive summary
  • Description of overall project risk
  • Description of individual project risks
  • Quantitative analysis
  • Reserve status
  • Risk audit results (if applicable)

The risk report can receive information from anywhere in the project environment. Some documents that should be specifically reviewed for input include:

  • Assumption log
  • Issue log
  • Lessons learned register
  • Risk management plan
  • Project performance reports
  • Variance analysis
  • Earned value status
  • Risk audit
  • Contractor status reports

The risk report provides information to:

  • Lessons learned register
  • Project closeout report

The risk report is an output from process 11.2 Identify Risks in the PMBOK® Guide – Sixth Edition. It is developed at the start of the project and is updated throughout the project.


Tailoring tips

Consider the following tips to help tailor the risk report to meet your needs:

  • For a small, simple, or short-term project you can summarize this information in the regular project status report rather than create a separate risk report.
  • Many projects do not include a quantitative risk analysis; if yours does not, omit this information from the report.
  • For larger, longer, and more complex projects you can tailor the quantitative risk analysis techniques used to those most appropriate to your project.
  • For more robust risk reports include appendices that may include the full risk register and quantitative risk model input (probabilistic distributions, branch correlation groups).



The risk report should be aligned and consistent with the following documents:

  • Assumption log
  • Issue register
  • Project performance report
  • Risk management plan
  • Risk register


Document element Description
Executive summary A statement describing the overall project risk exposure and major individual risks affecting the project, along with the proposed responses for trends.
Overall project risk

Provide a description of the overall risk of the project, including:

  • High-level statement of trends
  • Significant drivers of overall risk
  • Recommended responses to overall risk
Individual project risks

 Analyze and summarize information associated with individual project risks, including:

  • Number of risks in each box of the probability impact matrix
  • Key metrics
    • Active risks
    • Newly closed risks
    • Risks distribution by category, objective, and score
  • Most-critical risks and changes since last report
  • Recommended responses to top risks
 Quantitative analysis  Summarize the results of quantitative risk analysis, including:
  • Results from quantitative assessments (S-curve, tornado, )
  • Probability of meeting key project objectives
  • Drivers of cost and schedule outcomes
  • Proposed responses
 Reserve status  Describe the reserve status, such as reserve used, reserve remaining, and an assessment of the adequacy of the reserve.
 Risk audit results (if applicable)  Summarize the results of a risk audit of the risk management processes.