The standing risk meeting
A 15-min weekly slot to walk the register top-to-bottom. New risks added. Probabilities re-scored against the latest data. Triggered risks (whose trigger event has occurred) move into execution mode — the planned response runs.
When a trigger fires
- Acknowledge — name out loud that the trigger has fired. Don't debate it.
- Execute the planned response — that's why you wrote it down.
- Communicate — sponsors + affected stakeholders. The earlier they know, the more options exist.
- Update the register — risk status moves to "occurred"; new risks (consequences of this one) get added.
↳ the silent-deterioration trap
The most expensive risk failure isn't a surprise event — it's a known risk whose probability climbed week over week while no one re-scored it. Treat the register as a living document; the score that mattered six weeks ago is rarely the score that matters now.
Closing risks
A risk closes when its trigger is no longer plausible (the date passed, the dependency resolved, the market changed). Note the reason for closure — future PMs reviewing the register will want to know why a particular risk was retired.