Stale-risk detection.
Risks with no update through their own review window, surfaced automatically. The register cannot tell you what is being ignored — but the silence around an entry can, and silence is measurable.
A register built for the kickoff deck and reviewed at closeout is a talisman, not a tool.
Last updated
Zepth Core module
P50/P80
the confidence levels contingency should be set against — not a percentage somebody felt comfortable with
AACE International — cost-contingency framing
P50 is the number you have a coin-flip chance of staying inside. P80 is the number you would defend to a board. Most projects carry a contingency at neither, because nobody asked which one it was.
New / Escalated / Retired
the three movements that make a risk review a review — rather than a reading of last month’s list
Risk-management practice
A heatmap is communication, not analysis. What an executive actually needs is the movement between reviews: what is new, what got worse, what is genuinely gone.
Project risk management is the register plus the behaviour around it: identify what could hurt the project, size it honestly, give it an owner who can actually act, and review it on a cadence that beats the risk’s own clock.
The register is the easy half. Almost every project has one. Very few projects have the second half, which is why almost every project is surprised.
It is built for the kickoff deck. It is populated in a workshop, colour-coded, and screenshotted into a slide. And then it is never touched again — until closeout, when somebody opens it to write the lessons-learned and discovers that most of the risks either happened or became irrelevant, and nobody recorded which.
That register is not a control. It is a talisman: an object whose function is to have been produced. And its existence is worse than its absence, because it allows everyone to believe the risk was managed.
The fix is not a better template. It is a cadence — risk as a standing agenda item, with movement tracked at every review. What is new. What escalated. What was retired, and on what evidence. A register where nothing has moved in three months is not a stable project. It is an unattended one.
And the base rate is not encouraging. Flyvbjerg’s research across more than sixteen thousand capital projects found that only a small minority — around 8.5% — come in on both cost and schedule. That figure is discussed on our capital-planning page, and it is worth reading as a statement about risk management rather than about execution: most of the damage was done before anyone started building.
Size it honestly — with ranges, not a universal “3×3, medium”. Probability times impact is fine as a sorting device and useless as a number. The top risks need quantifying with ranges, because that is what connects the register to money: contingency should be set against a confidence level, P50 or P80, rather than against a percentage that felt about right. And the drawdown should be tied to risk REALISATION — a materialised, documented risk — which is the control-account doctrine the budget process already runs on.
Ownership means the person who can act. “The commercial team” owns nothing. A department cannot be chased, cannot be escalated to, and cannot explain why the mitigation is forty days late. A named person with a dated response action can. Risk responses are tasks, and they should be tracked exactly like tasks — which most registers conspicuously do not do, because a task has an awkward habit of being visibly incomplete.
Choose a response, and say which one it is. Avoid, mitigate, transfer, accept. Four options, and “accept” is a legitimate one that almost never gets written down — because writing it down means somebody has to agree, in advance, to the thing going wrong. That is precisely why it is worth writing down. An accepted risk that materialises is a plan. An unacknowledged one that materialises is a crisis.
A realised risk becomes a record — with a clock attached. This is the linkage most registers do not have, and it is the expensive one. When a risk lands it becomes an event: a variation, a claim, a notice obligation. Under FIDIC 2017 the notice window is short and it is a genuine time bar, not a formality — and a register sitting in a spreadsheet beside the contract machinery, rather than connected to it, is a register that will watch a risk materialise and serve nothing. The most expensive risk on any project is the one you correctly predicted and then failed to notify.
The register that only holds threats systematically underprices the upside. Opportunities are risks with a positive sign, and they have owners, actions and dates in exactly the same way — an early-procurement window, a value-engineering candidate, a sequence that could be compressed. A register with no opportunities in it is not being conservative. It is being half-used, and it is quietly telling you that this project has no upside, which is never true.
Built once, never revisited — so the review is a reading, and the risks that mattered were the ones nobody thought of in the workshop.
Everything scored “medium”, so nothing is prioritised and contingency is a round number defended by confidence. Ownership assigned to functions rather than people, so no one is late because no one is responsible.
And the realised risk that nobody notified. The register said it might happen. It happened. And the entitlement that would have followed died in a drawer, because the register was a document rather than a mechanism.
A living register with owners, responses, review cadences and a full audit trail — where a risk that has not been touched through its own review window flags itself, rather than waiting for someone to notice the silence.
Heatmaps for the conversation, and movement dashboards for the signal: what is new, what escalated, what was retired. Realised risks route into the event, notice and claim machinery rather than sitting beside it. And contingency reconciles against the risks it was actually held for.
The register moves — new, escalated, retired — so the review produces decisions rather than a reading.
Contingency is set against a confidence level and drawn against realised risk, rather than being a round number defended by conviction.
Risks have owners who can be asked why the mitigation is late, because they are people rather than departments.
A realised risk reaches the notice machinery inside its time bar — which is where the register either pays for itself or was pointless.
Owners, responses, review cadences and a full audit trail — with risks that have gone quiet through their own review window flagging themselves.
Ranges rather than a universal 3×3, with the top risks quantified well enough to connect to contingency at P50 or P80.
Avoid, mitigate, transfer or accept — each with a named owner and a date, chased like any other task.
New, escalated, retired. The heatmap is for the conversation; the movement is the signal.
A realised risk becomes an event, a notice, a claim — inside the machinery rather than beside it.
Because a register holding only threats is half-used, and is quietly asserting that the project has no upside.
The kickoff workshop is the start of the register, not the whole of it. Most of the risks that hurt a project were not in the room that day.
Quantify the top risks properly enough to connect them to contingency. And give each one a person — not a department, which cannot be asked anything.
Avoid, mitigate, transfer or accept — and write down which. Responses are tasks. Track them like tasks.
New, escalated, retired. A register where nothing has moved is not a calm project; it is an unattended one.
It becomes an event, a notice, a claim. The notice clock starts whether or not anyone is watching the register — and it is a time bar, not a formality.
Drawn against risks that actually materialised, and documented. Which is the only way to know afterwards whether the contingency was right or merely sufficient.
Risks with no update through their own review window, surfaced automatically. The register cannot tell you what is being ignored — but the silence around an entry can, and silence is measurable.
RFI clusters in one zone. Procurement slipping on a long-lead package. An NCR trend against one trade. These are risks the project is already running and nobody has written down — and they are visible in the record before they are visible to anyone.
A realised risk with no notice against it, flagged while the clock is still running. This is the single highest-value thing an agent can do on this page, because the entitlement dies quietly and on schedule.
The movement since last time — new, escalated, retired — written up from the register itself, so the meeting starts from the changes rather than from the list.
The engineer’s judgment stays in charge; the AI removes the latency and the blind spots.
The register by owner, response and review status, with the movement since the last review — new, escalated, retired — which is the part an executive actually needs. Heatmaps for the conversation. Stale risks, untouched through their own window. Contingency drawn against realised risk, reconciled to what was actually held for. And realised risks with their notice status, which is the report that tells you whether the register is a mechanism or a document.
Each risk with a cause and a consequence stated separately, a range-based assessment rather than a universal “medium”, a named owner who can actually act, a chosen response — avoid, mitigate, transfer or accept — with dated actions, and its current review status. And opportunities, because a register holding only threats systematically underprices the upside.
Read the full answerOn a cadence that beats the risk’s own clock, and as a standing agenda item rather than a periodic special event. What matters is not the frequency but the movement: report what is new, what escalated and what was retired. A register where nothing has changed in three months is not describing a stable project — it is describing an unattended one.
They are confidence levels. A P50 contingency is the number you have roughly a coin-flip chance of staying within; P80 is the number you would defend to a board. Most projects carry a contingency at neither, because nobody asked which one it was. Size the top risks with ranges, set the contingency against a stated confidence level, and draw it down only against risks that have actually materialised.
Read the full answerA named person who can act on it. “The commercial team” owns nothing — a department cannot be chased, cannot be escalated to, and cannot explain why the mitigation is late. Risk responses are tasks, and they should be tracked like tasks, which most registers avoid doing precisely because a task has an awkward habit of being visibly incomplete.
It stops being a risk and becomes an event: a variation, a delay, a claim. And it starts a clock. Under FIDIC 2017 the notice window is short and it is a genuine time bar, not a formality. The trap is that the register sits in a spreadsheet beside the contract machinery rather than connected to it — so the project correctly predicted the risk, watched it happen, and served nothing. That is the most expensive kind of risk there is.
Read the full answerYes, and most do not. An opportunity is a risk with a positive sign: an early-procurement window, a value-engineering candidate, a sequence that could be compressed. It gets an owner, an action and a date exactly like a threat. A register with no opportunities in it is not being prudent — it is quietly asserting that this project has no upside, which has never been true of any project.
Related answers
In the guides
Terms defined here
Zepth is the construction project delivery platform — it runs construction, procurement and asset management on one record, and does the work: reading the drawings, reviewing the submittals, matching the invoices and flagging the risks, with a human sign-off on anything consequential.
A short, tailored walkthrough on your real workflow — no generic demo.