Friday, February 10, 2012

Who is a risk owner?

It is an essential part of risk management to assign an owner for each risk. Why is it so? Why do we need a risk owner? Are we passing on the risk to a particular team member? No, not really. Identifying and assigning a risk owner is to make it clear who is responsible for what risk.

Risk Owner

A risk owner is any individual, generally a project team member, who is responsible for the management, monitoring and control of an identified risk, including the implementation of the selected responses.

The risk owner should be capable of managing the risk and have the knowledge, resources, and authority to deal with the risk. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done. Risk owners should be added to the risk register.

You may also be interested in:

Risk owners would be required to assess their risk and report to the project manager on a regular basis the status of the risk. Depending on the project, there can be a separate risk register meeting (at defined intervals like fortnightly or monthly) or risks could be discussed as part of the weekly progress/ status meeting. The identified risk owners will provide the updates on the respective risks during these meetings. 


  1. Could you specify the difference between risk owner and control owner?

  2. Can there be multiple risk owners. Ex- One from Client and one from Contractor

    1. Yes, possible. But, you should clearly define what they are responsible for in such cases.

      I have done this in my previous projects. The risk owner from Contractor is responsible for implementing the actions; the risk owner from client is responsible for monitor that it is done by the Contractor.