Risk registers fail when treated as a launch workshop output never updated. For owner-led development, registers must live - linked to decisions, conditions, and programme - with escalations when thresholds breach.
What belongs in a register
Risks are uncertainties that matter - approval delay, geotechnical variability, contractor solvency, supply chain, neighbour action, environmental legacy - not generic project management lists. Each item has owner, likelihood band, impact band, mitigation, and trigger for escalation.
Integration with other tools
Planning conditions are risks with known mitigations and evidence requirements. Decisions close risks or accept them explicitly. Programme slippage is a symptom; registers should show root causes, not only dates.
Reporting
We summarise top risks monthly for governance audiences - no more than ten active items without tiering. Closed risks remain visible for lesson learning. Sudden deletion of risks without closure notes is discouraged.
Registers support honesty. If owners punish reporting of bad news, registers become fiction. We set cultural expectations in proposals about escalation being responsible behaviour.
Risk appetite statements
Owners should state appetite for approval delay, cost overrun bands, and reputation risk. Registers then filter noise from material issues.
Heat maps and tiering
We tier risks so governance sees fewer than twenty active items at executive level, with detail maintained in annexes. Heat maps without owners and dates are decorative; we avoid them.
Linking to contingencies
Risk mitigation should connect to budget contingencies and programme float where material—notherwise registers become theoretical.
Board reporting
Executive summaries should state the top three risks, required decisions, and whether programme or budget thresholds are breached.
Owner appetite documentation
Risk appetite should be written: acceptable approval delay, cost overrun band, and reputation exposure. Without appetite, mitigations are debated endlessly without decision criteria.
Review cadence
Registers are reviewed at least monthly during active delivery and at gateway meetings. Closed risks remain visible for one quarter with closure notes.
Escalation triggers
Pre-agreed triggers force escalation to owners when likelihood or impact crosses thresholds, avoiding debate about whether to inform governance.
Worked example
On a recent owner-led mixed-use mandate, we maintained twelve active risks tiered to three governance levels. Approval delay sat at the top with mitigations tied to pre-lodgement meetings and RFIs mapped to authors. Supply chain sat second with alternate specifications identified. Neighbour relations sat third with a communication plan and construction hours. Monthly packs showed movement, not static lists.
Integration with conditions
Each material planning condition mapped to a risk or mitigation line so delivery teams could not claim surprise when compliance work arose. Clearance evidence requirements were the same IDs used in the conditions register.
Registers work when tied to decisions, conditions, and contingencies. Decorative risk lists without owners and dates waste consultant fees and board attention.