What belongs in a construction risk register — and how do you keep one people trust?
Cause and consequence stated separately, a range-based assessment rather than a universal “medium”, a named owner who can act, a chosen response with dated actions, and opportunities as well as threats. And then the hard part: a cadence, with movement tracked.
What goes in it
Each risk needs its cause and its consequence stated separately — “late structural steel” is not a risk, it is half of one, and the half that is missing is what it will cost you. An assessment with ranges rather than a reflexive 3×3 “medium”, because the top risks need to be quantified well enough to connect to contingency.
A named owner — a person, not “the commercial team”, which cannot be chased and cannot explain why the mitigation is forty days late. A chosen response: avoid, mitigate, transfer or accept, with dated actions. And opportunities, not just threats: a register holding only downside is quietly asserting that this project has no upside, which has never been true of any project.
Why nobody trusts the one you have
Because it was built for the kickoff deck and never touched again. It was populated in a workshop, colour-coded, screenshotted into a slide, and then left — until closeout, when somebody opens it to write the lessons-learned and finds that most of the risks either happened or became irrelevant, and nobody recorded which.
That register is not a control. It is a talisman: an object whose function is to have been produced. And its existence is worse than its absence, because it lets everyone believe the risk was managed.
The fix is a cadence, and the signal is movement
Risk as a standing agenda item, with movement tracked at every review: what is new, what escalated, what was retired and on what evidence. A register where nothing has moved in three months is not describing a stable project. It is describing an unattended one.
And connect it to the contract machinery, because that is where a register either pays for itself or does not. When a risk materialises it becomes an event with a notice obligation attached — and the most expensive risk on any project is the one you correctly predicted, watched happen, and then failed to notify inside the time bar.
References
- module: /modules/risk-management/ — register content, review cadence, and the risk-to-notice linkage
Zepth is the construction project delivery platform — it runs construction, procurement and asset management on one record, and does the work: reading the drawings, reviewing the submittals, matching the invoices and flagging the risks, with a human sign-off on anything consequential.
Related questions
See Zepth on your project.
A short, tailored walkthrough on your real workflow — no generic demo.
Book a meeting