Skip to content
Browse all templates
Business Document

Free Risk Assessment Template

A risk assessment template helps project managers, operations teams, and compliance officers systematically identify risks, evaluate their likelihood and impact, and document the controls in place to address them. Use this free template for project risk registers, workplace safety audits, IT security reviews, or FMEA analysis. Available in Google Docs with no signup required.

Open a blank Google Sheet
Works with
  • Google Docs
  • Microsoft Word
  • Google Sheets
  • Microsoft Excel
  • Canva

What Is a Risk Assessment Template?

A risk assessment template is a structured document used to identify potential threats to a project, operation, or organization, evaluate how likely each risk is to occur and how serious the consequences would be, and record the controls or actions in place to manage them.

Organizations use risk assessments in contexts ranging from workplace safety compliance and IT security audits to project management and strategic planning. The underlying process is the same across all of these: identify the risk, score it, document the existing controls, decide whether the residual risk is acceptable, and assign clear ownership for any required action.

The risk register format at the core of this template is the most widely used approach because it creates a living document that can be updated as circumstances change, assigned owners for each risk, and reviewed by management or auditors as evidence that risks are being actively managed.

  • Identifies all relevant risks before they become incidents
  • Scores each risk by likelihood and impact to prioritize attention and resources
  • Documents existing controls so you can evaluate whether they are sufficient
  • Assigns clear ownership and due dates for risk mitigation actions
  • Creates an auditable record for compliance, insurance, and governance purposes
  • Supports ongoing monitoring through regular review cycles

What to Include in a Risk Assessment

A thorough risk assessment covers every element needed to evaluate, prioritize, and manage each identified risk. Here are the fields every risk assessment template should include for each risk entry:

  • Risk ID: a unique identifier (R001, R002) so you can reference specific risks in action plans and meeting notes
  • Risk description: a clear statement of what could go wrong and how, written in cause-and-effect terms
  • Risk category: the type of risk (operational, financial, legal, technical, reputational, strategic, or safety)
  • Likelihood score: how probable the risk event is on a 1 to 5 scale, from rare to almost certain
  • Impact score: how severe the consequences would be if the risk occurs, from negligible to critical
  • Risk score: likelihood multiplied by impact, used to rank risks and apply a color-coded risk matrix
  • Current controls: what is already in place to reduce the probability or impact of this risk
  • Residual risk: the remaining risk level after accounting for current controls
  • Response action: whether to accept, mitigate, transfer (via insurance or contract), or avoid the risk entirely
  • Action owner: the specific person responsible for implementing the response
  • Due date and status: when the action must be completed and whether it is open, in progress, or closed

How to Complete a Risk Assessment

Follow these steps to conduct a systematic risk assessment using this template. For a risk matrix or FMEA variation, see the tips section below.

  1. Open the template in Google Docs and make a copy to your Drive
  2. Define the scope: write the name of the project, department, or process being assessed and the date of the review
  3. Assemble your input sources: interview team members, review past incidents, consult technical documentation, and check any relevant regulatory requirements
  4. List every risk you can identify, one per row; include operational, financial, technical, legal, and people-related risks
  5. Score each risk for likelihood (1-5) and impact (1-5), then multiply to get the risk score
  6. Categorize each score as Low (1-6), Medium (8-12), or High (15-25) using the risk matrix in the template
  7. Document the controls already in place for each risk and recalculate the residual risk score after those controls
  8. For each risk above Low, decide on a response: accept, mitigate, transfer, or avoid, and describe the specific action
  9. Assign an owner and due date to every open action item
  10. Schedule a review date and update the register when new risks emerge or when action items are completed

Risk Assessment Variations and Related Templates

Different industries and contexts call for specific risk assessment formats. Here are the most common variations and when to use each one:

  • Risk register template: the most common format; a running table of all identified risks with scores, controls, owners, and status updates kept current over time
  • Risk matrix template: a 5x5 or 3x3 grid that plots likelihood against impact to visually categorize risks as low, medium, high, or critical; often used alongside a full risk register
  • FMEA template (Failure Mode and Effects Analysis): a specialized format used in manufacturing and engineering to analyze potential failure modes in a process or product design, their causes, and the severity of effects
  • Needs assessment template: used before a project or program begins to identify gaps between current state and desired state; often includes risk identification as part of the gap analysis
  • Audit template: a structured checklist used during internal or external audits to verify that controls are in place and operating effectively
  • Succession planning template: assesses the organizational risk of key-person dependency by documenting backup plans for critical roles

Risk Assessment Tips and Common Mistakes

A risk assessment is only useful if it is honest, current, and acted upon. These are the most frequent mistakes teams make when conducting risk assessments.

  • Treating the risk assessment as a one-time compliance exercise: risks change as projects progress and business conditions shift; schedule reviews at least quarterly for active projects
  • Listing risks too vaguely: write risks as specific cause-and-effect statements, not generic categories; use concrete language about what could happen and under what conditions
  • Scoring all risks as medium to avoid hard conversations: honest scoring requires acknowledging high risks and having a plan for them
  • Identifying risks without assigning owners: every risk above the Low threshold should have a named person responsible for the mitigation action
  • Forgetting residual risk: the risk score before controls is not the risk you are actually carrying; always reassess after accounting for existing safeguards
  • Missing low-likelihood, high-impact risks: a risk with a score of 5 impact and 1 likelihood has a low score but deserves a documented contingency plan
  • Not sharing the register with the people doing the work: risk assessments are most effective when the team members closest to the risk have input and visibility

Copy-and-paste template

Download .docx

RISK ASSESSMENT

Project / Area assessed: [PROJECT NAME or DEPARTMENT or PROCESS]
Assessed by: [NAME, TITLE]
Review date: [DATE]
Next review: [DATE]

HOW TO USE THIS TEMPLATE
Score each risk: Likelihood (1=Rare, 2=Unlikely, 3=Possible, 4=Likely, 5=Almost certain) x Impact (1=Negligible, 2=Minor, 3=Moderate, 4=Major, 5=Critical) = Risk Score. Scores 1-6: Low. 8-12: Medium. 15-25: High.

RISK REGISTER

Risk ID: [R001]
Risk description: [Describe the specific risk event and how it could occur]
Risk category: [Operational / Financial / Legal / Technical / Reputational / Strategic]
Likelihood (1-5): [SCORE]
Impact (1-5): [SCORE]
Risk score: [LIKELIHOOD x IMPACT]
Risk level: [Low / Medium / High]
Current controls in place: [Describe existing measures that already reduce this risk]
Residual risk after controls: [Low / Medium / High]
Recommended action: [Accept / Mitigate / Transfer / Avoid]
Action owner: [NAME]
Due date: [DATE]
Status: [Open / In progress / Closed]

[Copy the Risk ID block above for each additional risk. Aim to capture all risks with a likelihood score of 3 or higher, or any impact score of 4 or 5 regardless of likelihood.]

RISK SUMMARY
Total risks identified: [N]
High risks: [N]
Medium risks: [N]
Low risks: [N]
Risks requiring immediate action: [List Risk IDs]

Frequently asked questions

Is this risk assessment template free?
Yes. This risk assessment template is completely free. Open it in Google Docs and go to File, then Make a Copy to save it to your own Drive. No signup is needed. You can also download it as a Word or PDF file.
What is a risk register template?
A risk register template is a table-based document that lists all identified risks for a project or organization, along with their likelihood, impact, score, current controls, response actions, owners, and status. It is a living document that gets updated throughout the life of a project or on a regular review cycle.
How does a risk matrix work?
A risk matrix is a 5x5 or 3x3 grid with likelihood on one axis and impact on the other. Each cell represents a risk level: low (green), medium (yellow), high (red). You score each risk by multiplying its likelihood score by its impact score, then plot it on the matrix. Risks in the high or critical zones require immediate mitigation plans.
What is an FMEA template used for?
An FMEA (Failure Mode and Effects Analysis) template is used primarily in manufacturing and engineering to systematically identify every way a process or product could fail, the effect of each failure, and its severity. It uses a Risk Priority Number (RPN) calculated as Severity x Occurrence x Detection. This template follows the same likelihood-times-impact logic and can be adapted for FMEA purposes.
What are the four types of risk responses?
The four standard risk response strategies are: Accept (acknowledge the risk and monitor it without taking specific action, typically for low-level risks), Mitigate (take steps to reduce the likelihood or impact), Transfer (shift the financial consequence to a third party via insurance or contract), and Avoid (change the plan to eliminate the risk entirely).
How often should a risk assessment be reviewed?
For active projects, review the risk register at every major milestone and at a minimum every four to six weeks. For operational or compliance risk assessments, review annually at minimum and after any significant incident, regulatory change, or major organizational change.
Can this template be used for a workplace safety risk assessment?
Yes. The same structure applies to workplace health and safety assessments. Add a Hazard category field to distinguish physical, chemical, ergonomic, and psychosocial risks. Many safety regulations (OSHA, ISO 45001) require that risk assessments be documented and that evidence of controls be retained, which this template supports.

Related templates

Business & Finance

Invoice Template

Open template Invoice Template Business & Finance

Budget Template

Open template Budget Template Business & Finance

Business Plan Template

Open template Business Plan Template Business & Finance

Proposal Template

Open template Proposal Template Business & Finance

Project Plan Template

Open template Project Plan Template Business & Finance

Report Template

Open template Report Template

Get the free Risk assessment template

Open it in Google, choose File then Make a copy, and start editing. It is yours in seconds.

Browse all templates Browse related templates

Free. No sign-up. Works in any browser.

Works with
  • Google Docs
  • Google Sheets
  • Microsoft Word
  • Microsoft Excel
  • Canva