What Is a Risk Register in the Building Maintenance Industry?

Man-using-digital-tablet-in-front-of-glass-building

In every building, potential risks can lurk around every corner. With equipment, jobs and even lives on the line, these risks cannot be overlooked.  

By using a risk register, you can effectively identify and manage potential hazards to safeguard your building and its occupants. It can also provide opportunities to make informed decisions that can create greater value for the organisation. 

SFG20, the industry standard for building maintenance specification since 1990, are committed to upholding building safety and compliance. We want to arm you with the best possible tools and resources you need to succeed – tools such as guides like the one you’re reading right now.  

Below, you’ll find a clear explanation of the definition of a risk in the building maintenance industry, what a risk register is, as well as different risk resolution strategies. 

 

What Defines a “Risk” in Building Maintenance?

 

The term “risk” has a negative connotation due to its heavy use in Health & Safety activities. However, in facilities management, risk management is the likelihood that a negative consequence will occur from a particular hazard, with “risk” having its own distinct definitions:

 

The New Rules of Measurement (NRM)

Risk is defined as “a probability or threat of liability, loss or any other negative occurrence that is caused by external vulnerabilities, errors, or oversights and that may be avoided by pre-emptive action”

 

The International Standard on Risk Management (ISO 31000)

Refers to risk as “the effect of uncertainty on objectives”, with risk usually expressed in terms of risk sources, potential events, their impact/consequence(s) and their likelihood

 

What is a risk Register? 

A risk register, also commonly referred to as a risk log, is usually kept as a digital document or within a database to identify, assess and manage risks. 

A risk register is a risk management tool used to understand the impact/consequence(s) of each potential risk and the probability of it happening.

From this, a risk rank/risk score is determined and used to produce risk resolution action plans for each risk to prevent/reduce/promote its occurrence or impact.

Each risk will need to be assigned to an appropriate team member (commonly known as a Risk Owner) who will be responsible for its associated monitoring and risk mitigation action plan.

It’s important to be aware that risk registers are not static documents, but rather ongoing, meaning they need to be constantly reviewed and updated.

Risk level used within a risk register is determined through two variables: risk appetite and risk tolerance. These terms are often used interchangeably, but it's important to understand the difference.

Risk appetite encompasses an organisation's overall willingness to take risks, while risk tolerance sets precise boundaries and limits for acceptable risk levels.

 

Risk Appetite

Risk appetite is the amount and type of risk an organisation is willing to take to meet its strategic objectives. In layman's terms, this is the general level of risk you accept before any action is determined to be necessary to reduce the risk. Risk appetite also provides a framework for making informed management decisions. Adopting a risk appetite has multiple benefits:

The Benefits of Adopting a Risk Appetite

  • Supports informed decision-making
  • Reduces uncertainty
  • Improves consistency across governance mechanisms and decision-making
  • Supports performance improvement
  • Focuses on priority areas within an organisation
  • Informs spending review and the resource prioritisation processes

 

 

Risk Appetite Scale Example 1:

 

Risk Appetite

Description

Opposed 

Avoidance of risk and uncertainty is key objective. 

Minimalist 

Preference for safe options that have a low degree of inherent risk. 

Cautious 

Preference for safe options that have a low degree of residual risk. 

Mindful 

Willing to consider all options and choose one that is most likely to result in successful delivery. 

Enterprise 

Eager to be innovative and to choose options that suspend previous held assumptions and accept greater uncertainty. 

Risk Appetite Scale Example 2:

 

Risk Appetite

Description

Averse 

Avoidance of risk and uncertainty in achievement of key deliverables or initiatives is key objective. Activities undertaken will only be those considered to carry virtually no inherent risk. 

minimalist 

Preference for very safe business delivery options that have a low degree of inherent risk with the potential for benefit/return not a key driver. Activities will only be undertaken where they have a low degree of inherent risk. 

Cautious 

Preference for safe options that have a low degree of inherent risk and only limited potential for benefit. Willing to tolerate a degree of risk in selecting which activities to undertake to achieve key deliverables or initiatives, where we have identified scope to achieve significant benefit and/or realise an opportunity. Activities undertaken may carry a high degree of inherent risk that is deemed controllable to a large extent. 

Open

Willing to consider all options and choose one most likely to result in successful delivery while providing an acceptable level of benefit. Seek to achieve a balance between a high likelihood of successful delivery and a high degree of benefit and value for money. Activities themselves may potentially carry, or contribute to a high degree of residual risk. 

Eager 

Eager to be innovative and to choose options based on maximising opportunities and potential higher benefit even if those activities carry a very high residual risk. 

 

Risk Tolerance

Risk tolerance is the level of uncertainty, potential failure, and safety exposure an organisation is willing to accept when planning, prioritising, and executing maintenance activities. It guides decisions on inspection frequency, repair urgency, budgeting, and asset replacement, while carefully balancing cost, performance, and compliance obligations. Risk tolerance has its own unique benefits:

  • Improves resource allocation (focusing effort on the highest risk assets)
  • Reduces downtime and safety incidents
  • Supports compliance
  • Enhances stakeholder confidence

 

 

Types of Risk Resolution 

Risk resolution/responses take the form of one or more of the following four options, regularly known as the 4Ts. These are: 

 

Terminate (Risk Avoidance)  

Used when risks have such serious consequences to the organisation that they are totally unacceptable.

Risk avoidance measures can include reviewing the whole system/redesigning it to ensure the risk cannot occur

 

Treat (Risk Reduction) 

Utilised when the level of risk is unacceptable, with actions taken to reduce the chance of the risk occurring or the impact of the risk should it occur

 

Transfer (Risk Re-allocation)  

Employed when the organisation managing the activity that creates the risk has no levers to mitigate, avoid or accept it. The risk is passed to the party that controls the appropriate levers. This may be a maintenance provider passing the risk back to the client organisation to “own” and identify resources to mitigate it.

 

Tolerate (Risk Retention)  

Effected when the original/residual risk is within the risk appetite of the organisation, i.e. they are comfortable with it. The risk just needs to be monitored to ensure that it doesn’t worsen.

 

How to effectively implement a risk register

For an effectively implemented risk register, organisations need to identify the likelihood that a negative consequence will occur from a particular hazard. From there, they must assess the severity of its impact. However, creating a balanced maintenance strategy to navigate these risks can be complex. Failure to maintain a built asset is a threat, but undertaking Planned Preventative Maintenance (PPM) can lead to over-maintenance.

 

Identifying risks as opportunities

Risks can present opportunities for positive outcomes, such as increased efficiency, cost savings, or achieving goals faster.

Undertaking PPM will cost you money, but it mitigates the uncontrolled failure of an asset and the potential negative consequences, managing the risk level to deliver optimum value.

If undertaking PPM extends the asset’s life beyond the expected life or Reference Service Life (RLS), you can save the cost of capital replacement for the extra years of life, potentially making the asset more efficient to run.

 

Address risks and identify opportunities with SFG20

Proactive risk management goes hand in hand with building safety compliance 

With an effective risk register and maintenance strategy in place, your business can identify opportunities to improve safety, review costs, and minimise downtime.

You can turn the complexities of facilities management into your strategic advantage with SFG20’s Ultimate Guide to Compliance in Facilities Management, filled with over 35 years of industry-leading expertise. Or, request a demo to find out how our maintenance schedules could work for you.