Skip to Content

Risk Management Template

A straightforward way to manage risks in your project.

Risk management isn’t just for engineering or finance, it’s critical in research and evaluation projects too. Whether you’re running a social research study, conducting market analysis, or evaluating a policy or program, risks can derail timelines, compromise data quality, or affect stakeholder trust. A Risk Register aligned with ISO 31000 helps you stay ahead of these challenges. We've created a template that you can download and use here.

Why Use a Risk Register?

In research and evaluation, risks often relate to participant recruitment, data integrity, ethical compliance, and stakeholder engagement. A Risk Register acts as a living catalogue of these risks, showing not only what could go wrong but also how you plan to prevent or respond to these risks. It brings structure to uncertainty and supports evidence-based decision-making. It can also act as a way of cataloguing risk occurrences and responses, facilitating learning from projects.

How Risk Management Works

Risk management should be something integrated into projects from the very beginning. In fact, it's a requirement for projects under the 2025 National Statement on Ethical Conduct in Human Research. The introduction to Section 2 outlines this:

The risks of a research project must be identified and assessed in order to minimise, mitigate or manage them. Researchers, institutions and ethics review bodies all engage in risk assessment as part of their role in the development of research or the ethics review process.

While the National Statement focuses primarily on risks to stakeholders, adopting a holistic approach to risk management for a project (i.e. including non-stakeholder risks to the project such as operational and technical risks) ensures that risks to stakeholders are included and thought about across the project lifetime.

Risk management is also something that our committee looks for when assessing projects as part of ethical reviews. Having a clear table of risks and mitigation strategies helps ensure that you understand the risks associated with a project and identify ways to manage them appropriately.

Here’s a simple workflow for research projects:

  • Identify risks early: Common examples of risks in projects include recruitment delays, low response rates, or policy changes.
  • Log each risk in the register with details: category, description, and the potential impact on your project.
  • Assess severity using Likelihood and Consequence ratings. Use a risk matrix for consistency.
  • Define mitigation strategies—e.g., backup recruitment channels, data validation checks, or stakeholder briefings.
  • Assign responsibility and track status (Not commenced, In progress, Implemented).
  • Reassess after mitigation to see if residual risk is acceptable.
  • Use a dashboard to monitor trends, log risk occurrences, and keep your team informed.

We've made a template

To help you to implement sound risk management, we've created a template that you can adapt for your projects. It contains a dashboard, guide, and register of risks that you can fill out. 

Practical Tips for Using the Template

  • Review risks at key milestones—design, data collection, analysis, reporting.
  • Document occurrences and lessons learned to improve future projects.
  • Communicate updates with stakeholders to maintain transparency and trust.

Risk management doesn’t have to be complex. With a well-structured Risk Register and ISO 31000 principles, you can navigate uncertainty confidently and deliver robust, credible research outcomes.

Where can I get this template?

You can download it here


AI Disclosure:  Initial drafts of the content for this article were prepared using Large Language Models with input from Iris Ethics staff who guided the scope and design. Subsequent revisions and final versions were developed and approved by Iris Ethics staff.