Skip to content
ISO 31000 & COSO ERM Informed

Project Risk Management Software

AI-powered risk register software that auto-generates risk cards, calculates inherent and residual risk scores, and helps you build risk mitigation strategies — informed by ISO 31000 and COSO ERM frameworks, with a conservative residual risk model.

Get Started Free Try Demo

Free tier available — no credit card required.

Share this page:
Project Risk Management — risk register and mitigation dashboard

Not sure which tool is right for you?

Take Our 2-Minute Quiz

Everything You Need in a Risk Register

From risk identification to mitigation tracking — a complete set of project risk management tools.

AI Risk Card Generation

Describe your project and AI generates a complete risk register — financial, operational, compliance, environmental, and strategic risk cards — in seconds.

Inherent & Residual Risk Scoring

Every risk factor is scored using the formula Likelihood × Impact, with mitigation controls reducing inherent risk to a residual risk score. Track how controls lower your exposure.

Risk Velocity Tracking

Go beyond traditional risk matrices. Track risk velocity — how fast a risk event could materialise — alongside likelihood and impact for a more complete picture.

Project Roadmap & Milestones

Create roadmap cards with milestones, sub-tasks, and progress tracking. Risk is auto-calculated from schedule delays, completion gaps, and blocked items.

Risk Aggregation Matrix

All risk factors feed into a single aggregated risk assessment card — a live risk matrix that shows your project's overall risk posture with category-level breakdowns.

Risk Score History

Track how your project's risk score evolves over time. Every recalculation is logged, so you can demonstrate risk trends to stakeholders and auditors.

How It Works

From project creation to risk mitigation — three steps to a complete risk management plan.

1

Describe Your Project

Enter the project name, type, and description. The AI uses this context to generate risk factors specific to your domain.

2

Review & Score Risks

AI generates risk cards across categories. Rate each risk factor's likelihood, impact, velocity, and mitigation level on a 1–5 scale.

3

Track & Mitigate

Monitor the aggregated risk score, build mitigation roadmaps, and add custom cards as your project evolves. Recalculate anytime.

Informed by ISO 31000 & COSO ERM

Our risk management process is informed by the two most widely adopted standards in the industry, combined with a proprietary conservative scoring model:

  • ISO 31000:2018 Process — our workflow follows the risk identification → analysis → evaluation → treatment cycle defined by ISO 31000. The inherent risk formula uses the standard Likelihood × Impact matrix.
  • COSO ERM Categories — risk cards are organised by categories (financial, strategic, operational, compliance, environmental, governance) that map to COSO ERM components.
  • Inherent RiskLikelihood (1–5) × Impact (1–5) × (10/25), normalised to a 0–10 scale. This follows the standard risk matrix approach.
  • Conservative Residual ModelResidual = Inherent × (1 − Mitigation × 0.5). Unlike the standard formula where 100% mitigation can reduce risk to zero, our model caps the maximum reduction at 50%. This is a deliberate design choice: in practice, no control fully eliminates risk, and the conservative model prevents overconfidence in mitigation effectiveness.

Risk Scoring Example

FactorLikelihoodImpactInherentMitigationResidual
Budget Overrun458.040%6.4
Schedule Delay344.820%4.3
Vendor Failure254.060%2.8

Inherent risk is the raw exposure before controls. Residual risk is what remains after mitigation. The gap between the two shows the value of your risk response strategies.

Risk Management for Any Project

Whether you're managing a construction build, a SaaS launch, or an enterprise transformation, the risk register adapts to your context.

Construction

Permit compliance, environmental impact, contractor selection, budget overrun, and schedule risk.

Software & IT

Technical debt, security vulnerabilities, deployment risk, vendor lock-in, and data migration.

Finance & Compliance

Regulatory risk, operational risk, model risk, credit risk, and market exposure.

Startup & Product

Market validation, funding risk, competitive pressure, IP risk, and go-to-market execution.

Pricing

Start for free. Upgrade when you need more projects and AI generations.

Free

$0
  • Limited projects
  • AI risk card generation
  • ISO 31000 / COSO ERM informed methodology
  • Risk history tracking
Start Free
Recommended

Enterprise Risk Management

$79.00/mo
  • Unlimited projects
  • Unlimited AI generations
  • Custom card definitions
  • Everything in Free

For organizations and individuals needing unlimited projects and full risk management capabilities.

Get Started

What Is Project Risk Management?

Project risk management is the systematic process of identifying, analysing, and responding to risks that could affect a project's objectives. Project risk management software automates this process, replacing spreadsheets and manual tracking with dynamic, AI-driven risk registers. Whether you are managing a construction build, an IT deployment, or a product launch, risk management ensures that threats are anticipated and addressed before they derail progress, budgets, or stakeholder confidence.

Modern risk management frameworks — including ISO 31000 and the COSO Enterprise Risk Management (ERM) framework — provide structured approaches for integrating risk awareness into project planning and execution. Both standards emphasise that risk management should be embedded into every stage of the project lifecycle, from initiation to closure.

Understanding Inherent Risk vs Residual Risk

A fundamental concept in risk analysis is the distinction between inherent risk and residual risk. Inherent risk is the level of exposure before any controls or mitigation measures are applied — the raw, unmanaged risk. Residual risk is what remains after you have implemented your risk response strategies: avoidance, transfer, mitigation, or acceptance.

For example, a software project may have an inherent risk of data breach scored at 8 out of 10. After implementing encryption, access controls, and penetration testing (mitigation of 50%), the residual risk drops to 6.0 out of 10. The formula — Residual = Inherent × (1 − Mitigation × 0.5) — ensures that even strong controls never eliminate risk entirely, reflecting real-world conditions. Tracking this gap helps project managers and executives understand the value of their risk controls and justify investments in mitigation.

Building a Risk Register for Your Project

A risk register is the central document — or in our case, a dynamic workspace — that captures all identified risks along with their scores, categories, owners, and mitigation plans. A well-maintained risk register in project management serves multiple purposes: it provides transparency for stakeholders, creates an audit trail for compliance, and drives informed decision-making about resource allocation.

Traditional risk register templates (Excel spreadsheets, static documents) are difficult to keep current and lack automated scoring. Our risk register software replaces manual templates with AI-generated risk cards that are automatically scored and aggregated, eliminating the overhead of maintaining spreadsheets and reducing the chance of overlooked risks.

Risk Mitigation Strategies

Once risks are identified and scored, the next step is to develop risk mitigation strategies. The four classical risk response strategies are:

  • Avoidance — eliminating the risk by changing project scope, schedule, or approach.
  • Transfer — shifting the risk to a third party through insurance, contracts, or outsourcing.
  • Mitigation — reducing the likelihood or impact of the risk through proactive controls.
  • Acceptance — acknowledging the risk and preparing contingency reserves.

Our risk mitigation planning tools let you create roadmap cards with milestones and sub-tasks tied to each mitigation strategy, forming a structured risk mitigation plan for your project. AI can expand milestones into detailed to-do lists, helping you turn abstract risk plans into concrete, trackable actions.

ISO 31000 Risk Management Process

The ISO 31000:2018 standard defines risk management as an iterative process: establish context, identify risks, analyse risks (likelihood × impact), evaluate risks against criteria, and treat risks with appropriate responses. Our tool follows this cycle — AI automates the analysis and evaluation steps, while the risk card workspace provides the structure for context-setting and treatment planning. The risk score history feature supports the monitoring and review component, showing how risk evolves over time. Note that while our process is informed by ISO 31000, the residual risk scoring uses a proprietary conservative model (see formula above) rather than the standard direct-discount approach.

COSO ERM: Integrating Risk with Strategy

The COSO Enterprise Risk Management framework goes beyond project-level risk to connect risk management with organisational strategy and performance. COSO ERM emphasises that risk should be considered in the context of business objectives — not just as a compliance exercise. Our category-based risk cards (financial, strategic, operational, compliance, environmental, governance) are informed by COSO's component structure, enabling project-level risk data to feed into enterprise-wide risk reporting.

Start Managing Project Risk Today

Create your first project, generate a risk register in seconds, and start tracking risk across every dimension.

Get Started Free

Need Help?

Our support team is here to assist you with any questions

In-App Messages

Registered users can contact support directly through the messaging system.

Login to Message Register