Project Smart ~ Exploring trends and developments in project management today

Calendar iconNot recorded
Adobe PDF icon


~ By Duncan Haughey

A RAID log is one of the easiest and most effective tools you can create for your project.

It is a good idea to create a RAID log at the start of each project so you can track anything impacting you now or in the future. Keep your log up-to-date through weekly reviews and team meetings.

The acronym RAID stands for Risks, Assumptions, Issues and Dependencies.

RisksEvents that will have an adverse impact on your project if they occur. Risk refers to the combined likelihood the event will occur and the impact on the project if it does occur. If the likelihood of the event happening and impact to the project are both high, you identify the event as a risk. The log includes descriptions of each risk, full analysis and a plan to mitigate them.
AssumptionsAny factors that you are assuming to be in place that will contribute to the successful result of your project. The log includes details of the assumption, the reason it is assumed, and the action needed to confirm whether the assumption is valid.
IssuesSomething that is going wrong on your project and needs managing. Failure to manage issues may result in a poor delivery or even complete failure. The log includes descriptions of each issue, its impact, its seriousness and actions needed to contain and remove it.
DependenciesAny event or work that are either dependent on the result of your project, or on which your project will be dependent. The log captures whom you are dependent on, what they should deliver and when. It may also include who is dependent on you.

Act swiftly and decisively to deal with any risks or issues identified. Check your assumptions are valid and understand your dependencies.

You can create a simple RAID Log using a spreadsheet with one tab for each area. Use it as a primary source for your status reporting.

Using a RAID log is easier than trying to keep all this information in your head.

Download our free RAID Log Template

Comments (13)

Topic: RAID Log
4/5 (13)
Full StarFull StarFull StarFull StarFull Star
16th December 2019 3:19pm
Alex (Kiev) says...
I don't understand what difference between RAID log and Risk Register? When we have to use each of them?
Full StarFull StarFull StarFull StarEmpty Star
8th February 2019 1:48pm
John Summerfield (Cardiff) says...
I've had a look at your RAID log template and the four sections are independent of each other. In my experience a programme board would expect to see some kind of executive summary of what it would see 'non-technically' as 'the project risks' and just want the headlines. Boards usually have never been interested in forensically reviewing big long lists. What is your process for summarising the RAID log where dependencies and assumptions can be more important and reportable than some of the '747' level risks.

I know how to write an executive summary, I'm just wondering whether you have some new whizzy idea that presents RAID issues in a prioritised format.

Sometimes, risks are in reality issues i.e. as with financial risks where project costs in some public sector situations inevitably go up and possibly past any contingency (or optimism bias) reserve. Any thoughts on contemporary ways in which reporting RAID in a situation in this kind of area?
Full StarFull StarFull StarFull StarEmpty Star
19th September 2020 3:18pm
David (Sydney) says...
For a board summary the matters of concern for the coming reporting period should be listed in order of 'expected cost' or value impact; the whole impact quantified in dollar or NPV terms. Boards understand money. That's it.
Full StarFull StarFull StarFull StarEmpty Star
1st February 2018 11:24pm
Keil Wilson (Lincoln NE) says...
On the difference between mitigation and contingency: I've always viewed the mitigation as the steps you want to take to prevent the risk from being triggered (realized) or to reduce the impact if triggered. Contingency is the plan you intend to follow if the risk is triggered.

For example, if you have a legal drop-dead date for part of the project, you may mitigate the possibility of missing that date by talking to your Legal department about impact and penalties for exceeding the constraint. Then you can develop a contingency plan based on Legal's response (e.g., secure funding for penalty payments, etc.).

Additionally, I like to specifically define the trigger for the risk. In my example, it may not be obvious that the trigger is the realization that the team will miss the drop-dead date, not the passing of actual date itself.
Full StarFull StarFull StarFull StarFull Star
7th December 2017 7:49am
Chipoyera - Risk Manager (Harare) says...
Contingency planning is a form of risk mitigation. Risk mitigation is strategising and implementing measures, which manage a risk to acceptable levels. There are various approaches for mitigation, which include addressing the likelihood OR addressing the impact OR addressing both likelihood and impact.

Contingency planning is a mitigation measure, which mainly addresses the impact of an uncertain event. The plan is formulated in advance and fully implemented once the uncertain event has materialised.
Full StarFull StarFull StarEmpty StarEmpty Star
8th June 2016 3:14pm
Safdar (Oakville) says...
I guess from business perspective there are i) good risks, i.e. that you anticipate taking as it is either part of the specific industry you are in or you need to take that risk to make money and ii) bad risk, i.e. that exist in the environment and which are uncontrollable in nature. You can mitigate them but cannot eliminate them.
Full StarFull StarFull StarFull StarFull Star
4th May 2016 8:13pm
Mark Stanley (Loveland CO) says...
Excellent comments and question. Thanks for the tip on David Hillson.

I have been taught to look at Assumptions as Risks not yet proven to be true. To clarify, when making an assumption, you have an understanding of an existing condition, but you lack detail as to its makeup. If it's condition is exactly what you need then there is minimal risk. However, by the same token, it may exist but may not provide the project team with required functionality or capabilities. In this case, it may be a major risk that needs to be addressed.

Assumptions are risks not verified.
Full StarFull StarEmpty StarEmpty StarEmpty Star
10th December 2015 2:44am
Tim (Wellington) says...
As an experienced PM, I still get a little frustrated by the general lack of understanding about risk. Risk is not just about negative impacts, risk comprises the negative as threats, but it also considers the opportunities.

Considering risk in this way creates a balanced and realistic view and can open the door to enhanced project benefits or simply greater certainty of successful project delivery.

This is not a new concept, David Hillson (otherwise known as the Risk Doctor), wrote about this approach in 2002 for the International Journal of PM.

Something to think about anyway.
Full StarFull StarFull StarFull StarEmpty Star
11th December 2015 8:06am
Duncan (London) says...
Tim, I agree, risk does tend to be viewed mostly in negative terms. The focus is on what might go wrong, but perhaps that's partly human nature to focus in on the negatives.

It's only in recent years that risk management has expanded to include opportunities. Rather than risk mitigation, we need to intensify opportunities to increase our likelihood of realising them.

Your post inspired me to seek out some writing by David Hillson. I found two useful quotes by him on risk:

"Risk can be defined as uncertainty that matters."

"Uncertainties, when they happen, can damage a project, but some uncertainties can help."

I think these both sum up the positive and negative of risk management well.
Full StarFull StarFull StarFull StarEmpty Star
25th November 2015 6:06am
Joseph (Chennai) says...
Thanks for sharing this information. I have gone through the RAID log template. Do we have contingency planning for the risk? Or, is it the same as mitigation plan for issues?

Full StarFull StarFull StarFull StarEmpty Star
26th November 2015 10:39am
Duncan (London) says...
You could choose to use either mitigation or contingency planning for your risks, or a combination of both. You may want to mitigate your highest risks and produces a contingency plan for lower impact risks.

Mitigation: doing something proactive to bring down your risk exposure. I'm driving down the probability or impact of the risk by carrying out some activities now.

Contingency: doing nothing in advance, but if I see warning signs, I will carry out some identified activities. I don't do anything now, but I keep some contingency reserves in case I need them.

The RAID log is a very useful tool for managing risks.
Full StarFull StarFull StarFull StarEmpty Star
5th May 2016 11:42am
John (Carlisle) says...
I agree with the differences between mitigation and contingency apart from the "doing nothing in advance" portion of the statement. Contingency and mitigation are essentially the same until the you implement something. Once actioned, a contingency becomes a mitigation, in my opinion.
Full StarFull StarFull StarFull StarEmpty Star
28th March 2017 9:13pm
PLM (Nepean) says...
My understanding is that mitigations are steps you take in advance to decrease the likelihood of an adverse incident. Contingency are resources, reserves or procedures that are built in to the plan (allocated in advance) to allow for adjustments if/when the project goes slightly awry.

Add a comment

(never displayed)

Type the word for the number 5.
Notify me of new comments via email.
Remember my form inputs on this computer.

10 Golden Rules of Project Risk Management

Three red dice reading: Manage your risk

The benefits of risk management in projects are huge. You can gain a lot of money if you deal with uncertain project events in a proactive manner.

SWOT Analysis

Colourful SWOT Analysis word circle

SWOT is a strategic planning tool used to evaluate the strengths, weaknesses, opportunities, and threats to a project.

RACI Matrix

Team of people in silhouette

Delegation is an essential part of a project manager's role, so identifying roles and responsibilities is important. Applying the RACI model can help.

Project Planning a Step by Step Guide

Businessman finding the solution to a maze

The key to a successful project is in the planning. Creating a project plan is the first thing you should do when undertaking any kind of project.

PROJECT SMART is the project management resource that helps managers at all levels improve their performance. We provide an important knowledge base for those involved in managing projects of all kinds. With weekly exclusive updates, we keep you in touch with the latest project management thinking.

WE ARE CONNECTED ~ Follow us on social media to get regular updates and opinion on what's happening in the world of project management.

Latest Comments

Lindy commented on…
SMART Goals Reduce Ambiguity and Increase Commitment
- Thu 12 November 8:48am

WIlliam Smithers commented on…
The Phased Approach to Project Management Implementation
- Mon 9 November 2:42pm

Isaac Kuugaayeng commented on…
10 Tips for Managing Time Effectively
- Sat 31 October 4:19am

Latest tweets

General Project Management • Re: Project Management and Covid-19 about 1 day ago

General Project Management • Re: 4 Common Risks In Software Development Projects about 1 day ago

General Project Management • LOOKING INTO THE FUTURE: IS DIGITAL INDIA THE “NEXT BIG THING”? about 1 day ago