A RAID (Risks, Assumptions, Issues, and Dependencies) log is a risk management activity used to generate a list of concerns that could impact the organization’s success. A RAID log is a simple and effective tool that analyses an organization’s initiatives, strategies, or objectives as a part of a risk management process. It gives appropriate attention to the areas of risk management that are commonly overlooked, such as assumptions and dependencies, and helps organizations create mitigation plans before the initiative can be affected.

  1. Risk Identification & Assessment
  2. Assumptions Identification & Validation
  3. Issues Identification & Prioritization
  4. Dependencies Identification & Monitoring


This model can be used by project managers, risk managers, department directors, and managers.


In today's world, risks are becoming inevitable, and those faced by an initiative or strategy can impact the entire organization. “Almost 90 percent of the companies suffering the greatest losses in value were exposed to more than one type of risk.” (Deloitte, 2012) Effectively addressing these obstacles at an early stage can save your organization from a major crisis.

“It is a key practice to ensure that the least number of surprises occur while your project is underway. While we can never predict the future with certainty, we can apply a simple and streamlined process to predict the uncertainties and minimize the occurrence or impact of these uncertainties.” (Lavanya & Malarvizhi, 2008)


Identifying Obstacles: This process includes identification of obstacles that could impact your initiative and categorizing them based on their type:

  1. Risk
  2. Assumptions
  3. Issues
  4. Dependencies

The tiles can then be sorted into each of the four categories to create a mitigation plan specific to each obstacle.

Risk Identification & Assessment: This process includes classification of risks, rating based on impact and likelihood, prioritizing for management attention, and creating an action plan.

Assumptions Identification & Validation: This process includes classification of assumptions, validating and ranking them based on confidence and impact, and creating an action plan.

Issues Identification & Prioritization: This process includes classification of issues, ranking based on impact and urgency, and assigning ownership.

Dependencies Identification & Monitoring: This process includes classification of dependencies, validating and ranking them based on impact, and creating a monitoring action plan.


  • Prioritized list of risks to receive management attention.
  • Action plan to validate each assumption made about the initiative.
  • List of issues that need to be resolved.
  • Stakeholder clarity about responsibilities and dependencies on others.


This exercise will enable:

Quality  Gain critical insight into your initiative’s risks and risk factors, so they can be resolved to maximize outcomes and goals.

Efficiency – Develop a shared understanding of your stakeholders’ key concerns.

Engagement – Engage a wide range of stakeholders by providing a platform for candid and thoughtful discussion.

Agility  Addresses concerns so your team can act and react faster.


Deloitte. (2012). The value killers revisited – A risk management study.

Lavanya, N. & Malarvizhi, T. (2008). Risk analysis and management—a vital key to effective project management.


RiskFaizan ShoaibRisk, pn7, BA