Ace the 2026 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

The appropriate location for recording the mitigation response for identified risk events is in the risk register. The risk register serves as a comprehensive document that captures all relevant information about identified risks, including their nature, potential impact, likelihood, and, crucially, the planned responses or mitigations for each risk.

By documenting mitigation responses in the risk register, the project manager ensures that there is a centralized and accessible reference that tracks the status of risks and the effectiveness of mitigation strategies over time. This helps facilitate communication among stakeholders and aids in monitoring risk throughout the project lifecycle.

In contrast, while the project management plan, risk management plan, and risk log may contain some information related to risk management, they do not specifically serve the purpose of detailing individual risk events and their associated responses as effectively as the risk register does. The project management plan provides an overarching framework for the project, while the risk management plan outlines the overall strategy for managing risks without necessarily recording individual responses. The risk log might track risks but may not capture the detailed mitigation plans as fully as the risk register.