The Risk Register is a central place in the platform where your organisation records, scores, and tracks risks linked to a project. Each risk entry includes a clear description, a category (for example operational, financial, social, environmental), a probability and consequence rating, a risk score, a mitigation plan, an owner, and a review date. It gives leaders a single, up-to-date view of what could go wrong and what is being done about it.

The platform includes a Risk Register because effective projects are also about understanding and managing risk. In complex social and environmental contexts, there are always trade-offs and potential harms as well as benefits. The Risk Register helps you move beyond one-off compliance exercises and build an ongoing, intentional practice of risk management across your work.

Risks can be added in several ways: • During Project Set Up, when you answer questions about issues such as conflict or political context. • During Site Set Up, when you describe local realities such as tensions or access constraints. • During Stakeholder Mapping, when you identify specific risks for each stakeholder group (for example women, youth, smallholders, local authorities). • During Theory of Change, when stakeholders themselves highlight risks that could arise as they pursue desired changes. • Directly in the Risk Register, whenever staff become aware of a new issue. This means the register is fed from real project design, stakeholder insight, and ongoing learning, rather than sitting apart from day-to-day work.

The Risk Register is designed to make potential harm visible. As you map stakeholders and outcomes, the platform prompts you to consider how different groups could be negatively affected, and to record those risks explicitly. This is especially important where projects work with children, young people, or marginalised communities. By naming the risk, assigning an owner, and agreeing mitigation, organisations can move beyond good intentions and demonstrate a concrete safeguarding and “do no harm” approach.

Access to the Risk Register depends on user roles and permissions: • Leadership and governance roles (for example executive teams, board members, senior managers) see the Risk Register and risk reports as part of their core view of the project. • Project and MEL teams can add, edit, and update risks as they emerge from project set up, stakeholder work, field insight, and monitoring data. • Field teams and community-facing staff may contribute to risk identification through consultation processes or surveys, with account managers supporting how that insight is captured. This ensures that risk management is owned at leadership level, informed by practice, and not left to a single individual.

The platform allows you to set a review date for each risk, and you can choose a schedule that matches the level of exposure. Many organisations: • Review high and critical risks quarterly or more often. • Review medium and lower risks annually, or at key project milestones. At each review, teams can update probability and consequence ratings, revise mitigation strategies, and change status (for example from open to monitoring or closed). This keeps the register alive and aligned with reality, rather than as a static document.

The current design focuses on structured identification, scoring, and tracking of risks. Because risks are linked to stakeholders, projects, sites, and outcomes, they can also be connected to: • Targeted surveys that explore whether anticipated risks are being experienced on the ground. • Reporting and data visualisation, so leaders can see trends in risk exposure and mitigation over time. • Future learning and AI-supported insights, where patterns in risks and responses across projects can inform better decision-making. In other words, the register is the backbone of a broader risk-learning loop, rather than a stand-alone spreadsheet.

Yes. Many standards, investors, and boards expect evidence that organisations are actively identifying and managing risk, particularly in areas such as: • Community and stakeholder impact • Safeguarding and inclusion • Governance and compliance • Political, environmental, and financial exposure The Risk Register and its reports provide a clear, auditable record of risks, owners, and mitigation. This supports conversations with certifiers, funders, and governance bodies, and shows that risk is being treated as part of strategy and accountability, not just as an afterthought.

Traditional risk logs are often static documents that are created for a proposal and rarely revisited. The platform is designed differently. It: • Embeds risk prompts into everyday modules such as project set up, sites, stakeholders, and theory of change. • Encourages both top-down and bottom-up risk insight, including from communities and field teams. • Makes risk information visible in a form that leadership can use for real decisions, not just for reporting. This shifts risk management from a one-off exercise to an integral part of how you design, deliver, and improve your work.