Free Risk Register Template — Download, Customize, and Use Today
Key Takeaways:
- ISO 31000 Aligned: Follows the international standard for risk management principles.
- HSE Compliant: Meets UK HSE guidance for recording significant findings.
- Two Formats: Download as PDF (print-ready) or Word (.docx, fully editable).
- No Email Required: Free download without creating an account.
Every project and workplace faces risks — from slips on a construction site to data breaches in an office. The difference between companies that handle those risks well and those that don't often comes down to one thing: having a proper risk register. It doesn't need to be fancy or expensive. A simple spreadsheet or a well-structured template does the job.
What Is a Risk Register?
A risk register (sometimes called a risk log) is a document that tracks every identified risk affecting a project, operation, or organization. It answers five questions: what could go wrong, how bad would it be, how likely is it, what are we doing about it, and who's responsible.
What to Include in a Risk Register Template
| Field | Purpose |
|---|---|
| Risk ID | Unique identifier (e.g., R-001, R-002) for tracking |
| Risk Description | What the risk is, in plain language |
| Risk Category | Type — safety, financial, operational, reputational, compliance |
| Likelihood | Probability rating (e.g., 1-5 or Rare-Likely-Almost Certain) |
| Impact | Severity rating (e.g., 1-5 or Minor-Moderate-Catastrophic) |
| Risk Score | Likelihood × Impact (the calculated risk level) |
| Existing Controls | What you're already doing to manage this risk |
| Further Actions | Additional steps needed |
| Owner | Person responsible for managing this risk |
| Status | Open, in progress, monitored, closed |
Common Risk Register Mistakes
- Creating it once and never updating it — A risk register is a living document. Set regular review intervals.
- Writing vague risk descriptions — "Safety issue" tells nobody anything useful. Be specific about the hazard, who's exposed, and under what circumstances.
- Confusing likelihood with impact — Rate them separately before calculating a combined score.
- Listing risks but assigning no owners — Every entry needs a named person, not a team or department.
- Over-complicating the template — Start simple. Add complexity as you need it.
InspectionReport.app for Risk Register Management
If you're managing a risk register in a spreadsheet that nobody updates, InspectionReport.app gives you a faster way. Upload inspection photos from your phone, add project details and field notes, and the AI drafts a report with findings. You review, edit, and approve each finding before exporting as PDF or Word.
Build and preview unlimited reports for free. Exporting to PDF or Word is €9.95 per export, or €19/month for unlimited exports with no branding.
Frequently asked questions
What's the difference between a risk register and a risk assessment?
A risk assessment is the process of identifying hazards and evaluating risks. A risk register is the document that records the results. You do the assessment, then record the outcomes in the register. The register also tracks ongoing actions, which a one-off assessment doesn't.
Does OSHA require a risk register?
OSHA requires employers to conduct hazard assessments under standards like 29 CFR 1910 (General Industry) and 29 CFR 1926 (Construction). While OSHA doesn't mandate a specific risk register format, maintaining a documented record of identified hazards, controls, and corrective actions is considered best practice.
Is ISO 31000 certification possible?
No. ISO 31000 is a guideline standard, not a certifiable one. You can be certified against ISO 9001 (quality management) or ISO 45001 (occupational health and safety), but ISO 31000 provides principles and a framework — it's meant to be adapted, not audited against.
Can I use a spreadsheet as a risk register?
Yes. Many organizations use Excel or Google Sheets for their risk register, especially when they're starting out. A well-structured spreadsheet with the right fields works fine. The main risk is version control — make sure only one person can edit at a time and save backups regularly.