A risk register is a core component of risk management. It's not just a static list but a working document.
> It's used to identify potential risks.
> It includes analysis of those risks, usually involving assessing the probability (likelihood of occurrence) and impact (potential consequences).
> It tracks risks throughout the project lifecycle, monitoring their status and the effectiveness of responses.
> Crucially, it includes planned responses, such as mitigation strategies (actions to reduce the probability or impact) or contingency plans (actions to take if the risk occurs).
*****
A) A complete list of all possible risks that could occur during the project lifecycle: While the risk register aims to be comprehensive, it's practically impossible to identify every single possible risk. Risk management is about identifying the most significant and likely risks.
C) A historical record of risks that have occurred in previous similar projects: This describes a risk database or lessons learned repository, which can be a valuable input to risk identification but is not the risk register itself.
D) A collection of risk mitigation strategies and contingency plans without probability assessments: Mitigation and contingency plans are part of the risk register, but without probability and impact assessments, you can't prioritize or effectively manage risks. You need to know which risks are most likely and/or have the highest potential impact to focus your efforts.