The Risk Management Flow No One Talks About

Risk management is more than identifying what might go wrong—it's about planning how to respond effectively and continuously monitoring the impact of uncertainty on your project. But risk processes don’t work in isolation. They rely on a set of documents that guide decisions, capture insights, and keep your team aligned every step of the way.

In this edition, I break down the full lifecycle of risk management documents as outlined in the PMBOK® Guide – Sixth Edition. You’ll learn when each key document is created, updated, and why—so you can strengthen your project controls, reporting, and confidence in decision-making.

Let’s dive in.

Table of Contents

1. Risk Management Plan

2. Risk Register

3. Risk Report

4. Assumption Log

5. Issue Log

6. Lessons Learned Register

7. Stakeholder Register

8. Change Requests

9. Project Management Plan

10. Cost Baseline

11. Schedule Baseline

12. Final Thoughts

1. Risk Management Plan

• 🟢 Created in: Plan Risk Management

• ✏️ Updated in: (Typically not updated within risk processes)

• 🛠️ Why:

  • Defines how risk management will be planned, executed, and monitored.

  • Establishes risk categories, tools, roles, and thresholds.

2. Risk Register

• 🟢 Created in: Identify Risks

• ✏️ Updated in:

  • Perform Qualitative Risk Analysis

  • Perform Quantitative Risk Analysis

  • Plan Risk Responses

  • Implement Risk Responses

  • Monitor Risks

• 🛠️ Why:

  • Records all identified risks.

  • Updated to reflect analysis results, response strategies, implementation status, and closure.

3. Risk Report

• 🟢 Created in: Identify Risks

• ✏️ Updated in:

  • Perform Quantitative Risk Analysis

  • Plan Risk Responses

  • Monitor Risks

• 🛠️ Why:

  • Provides a high-level summary of overall risk exposure and key risk themes.

  • Updated with simulations, aggregated risk data, and control results.

4. Assumption Log

• 🟢 Created in: Develop Project Charter

• ✏️ Updated in:

  • Plan Risk Management

  • Identify Risks

  • Perform Qualitative Risk Analysis

  • Implement Risk Responses

• 🛠️ Why:

  • Logs all assumptions and constraints.

  • Updated as assumptions change or new ones are introduced during risk discussions.

5. Issue Log

• 🟢 Created in: Direct and Manage Project Work

• ✏️ Updated in:

  • Identify Risks

  • Perform Qualitative Risk Analysis

  • Implement Risk Responses

  • Monitor Risks

• 🛠️ Why:

  • Tracks active issues that require resolution.

  • Updated when risks materialise or impact project delivery.

6. Lessons Learned Register

• 🟢 Created in: Manage Project Knowledge

• ✏️ Updated in:

  • Identify Risks

  • Perform Qualitative Risk Analysis

  • Implement Risk Responses

  • Monitor Risks

• 🛠️ Why:

  • Captures knowledge from prior or ongoing work.

  • Updated with what worked (or didn’t) in risk handling.

7. Stakeholder Register

• 🟢 Created in: Identify Stakeholders

• ✏️ Updated in:

  • Plan Risk Management

  • Identify Risks

• 🛠️ Why:

  • Identifies stakeholders and their roles.

  • Updated to reflect new risk-related stakeholders (e.g., risk owners or advisors).

8. Change Requests

• 🟢 Created in:

  • Plan Risk Responses

  • Implement Risk Responses

  • Monitor Risks

• 🛠️ Why:

  • Raised when risk response strategies impact scope, schedule, or budget.

  • Also triggered by newly identified risks that require formal changes.

9. Project Management Plan

• 🟢 Created in: Develop Project Management Plan

• ✏️ Updated in:

  • Plan Risk Responses

  • Monitor Risks

• 🛠️ Why:

  • Serves as the integrated plan for the project.

  • Updated if risk responses modify baselines, governance, or subsidiary plans.

10. Cost Baseline

• 🟢 Created in: Determine Budget

• ✏️ Updated in: Plan Risk Responses (if needed)

• 🛠️ Why:

  • Represents approved budget.

  • Updated to include contingency reserves or new risk-related costs.

11. Schedule Baseline

• 🟢 Created in: Develop Schedule

• ✏️ Updated in: Plan Risk Responses (if needed)

• 🛠️ Why:

  • Captures project timeline.

  • Updated to reflect response actions like buffer time, re-sequencing, or fast-tracking.

💡 Final Thoughts

Risk management isn’t just a phase—it’s a mindset. Your documents aren’t just paperwork; they’re tools for making risk visible, measurable, and manageable.

By understanding when each document is created and why it evolves, you gain more than just control—you gain clarity. You’ll not only comply with best practices, but lead projects that stay resilient in the face of uncertainty.

As you plan your next project, refer back to this document lifecycle. It’ll keep your risk processes sharp, aligned, and ready for whatever comes next.

Thanks for reading - See you next Saturday!