What Level of Risk Detail?

The number of risks in a project or organization can range from a mere handful to a staggering multitude, each with its own unique level of detail. While a high-level description of risks may seem convenient, it often leads to response and ownership assignment difficulties. On the flip side, excessive detail can create a deluge of work and be overwhelming. So, how do you determine the right level of detail? Management, ownership, and reporting - these are the three crucial components to consider.

1. You must describe risks at a level that enables you to manage them. A broad risk description such as "something could go wrong" is unhelpful and a waste of time. On the other hand, an overly specific description such as "Jo Jones, the UX lead, might break his arm rock climbing and not be able to complete the interface design," is impractical. A more appropriate description would be: "Key design personnel might be unavailable." At this level, you can proactively manage the risk through effective resource planning, personnel backups, and task distribution. Some risks may require a more detailed approach, while you can handle others at a higher level.

2. You must describe each risk in a manner that allows for clear ownership. Ideally each risk has a single owner, and that person is responsible and accountable for addressing the risk. A risk that is too broad for a single owner probably needs to be broken down further. This is not to say all risks should be cast at the same level. The scope and detail will naturally vary as owners can range from junior team members to senior management.

3. The level of risk description must match the organizational reporting needs. For example, some corporate policies require detailed descriptions of all risks under management, while others require only a high-level summary. Some organizations want every risk captured, even if there are hundreds, while others have determined it is only cost effective to manage the top 10 risks. The reporting environment must be considered when determining risk detail.

Determining the appropriate level of risk detail is a crucial part of the risk planning process. Striking a balance between too little and too much is key, and you should consider the needs of those managing, owning, and receiving reports on your organization's risk exposure.

Risk Register by ProjectBalm is a proven tool that helps you capture risk information at any level.