A record set up and used throughout the vendor lifecycle in which an organization identifies all the risks involved in outsourcing a specific service/activity. Each risk is graded in terms of likelihood of occurrence, seriousness of impact, initial plans for mitigating each known high level risk, potential costs and assignment of responsibilities of the prescribed mitigation strategies and subsequent results. The register usually includes: a unique identifier for each risk; a description of each risk and how it will affect the project; an assessment of the likelihood it will occur and the possible seriousness/impact if it does occur (low, medium, high); a grading of each risk according to a risk assessment table; who is responsible for managing the risk; an outline of proposed mitigation actions (preventative and contingency); and in larger projects, costings for each mitigation strategy. This Register should be maintained throughout the vendor lifecycle and will change regularly as existing risks are re-graded in the light of the effectiveness of the mitigation strategy, and new risks are identified.
Retrieved and adapted from Developing a Risk Management Plan Fact Sheet. V1.4. State of Tasmania. (2018). http://www.egovernment.tas.gov.au/__data/assets/pdf_file/0020/78122/Developing_a_Risk_Management_Plan_Fact_Sheet.pdf