Friday, February 10, 2012

Who is a risk owner?

It is an essential part of risk management to assign an owner for each risk. Why is it so? Why do we need a risk owner? Are we passing on the risk to a particular team member? No, not really. Identifying and assigning a risk owner is to make it clear who is responsible for what risk.

A risk owner is any individual, generally a project team member, who is responsible for the management, monitoring and control of an identified risk, including the implementation of the selected responses.

The risk owner should be capable of managing the risk and have the knowledge, resources, and authority to deal with the risk. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done. Risk owners should be added to the risk register.

You may also be interested in:

Risk owners would be required to assess their risk and report to the project manager on a regular basis the status of the risk. Depending on the project, there can be a separate risk register meeting (at defined intervals like fortnightly or monthly) or risks could be discussed as part of the weekly progress/ status meeting. The identified risk owners will provide the updates on the respective risks during these meetings. 


  1. Could you specify the difference between risk owner and control owner?

  2. Can there be multiple risk owners. Ex- One from Client and one from Contractor

    1. Yes, possible. But, you should clearly define what they are responsible for in such cases.

      I have done this in my previous projects. The risk owner from Contractor is responsible for implementing the actions; the risk owner from client is responsible for monitor that it is done by the Contractor.

  3. hEY, On the banking industry, we have heads of functional units like HR, Operations department, IT, Finance, Banking operations, Marketing, Risk Management & Compliance e.t.c so on regard to risk, who is the risk owner of any associating risk of the business?

    1. The risk owner is normally decided during the risk review meeting. If you believe a Marketing person is the best one to handle a risk associated with marketing, then you can assign him/ her as the risk owner. Similarly, a finance person could be at a better position to monitor & control a finance risk. So, a designated person from finance department could be assigned as a risk owner.

      The overall risk management & compliance department could help in coordinating with all the departments, maintaining an organization wide risk register, carrying out risk audits, training staff in risk management, preparing templates for risk management, etc.