Experienced investors learn to read a risk register before they read a financial model. The reason is simple: the financial model tells you what the sponsor believes will happen. The risk register tells you whether the sponsor understands what could go wrong — and that is usually the better predictor of how the project will actually be managed.
A risk register that is short, vague, or suspiciously clean should raise more concern than one that lists several real, specific risks with credible mitigations attached. Every substantial real-asset project carries legal, regulatory, market and execution risk. The absence of those risks on paper almost never means the absence of those risks in reality — it usually means they have not been identified, or have been deliberately left out.
What should a useful risk register actually contain? Specificity matters most. 'Regulatory risk' as a line item tells an investor almost nothing. 'Environmental authorisation for Phase 2 is pending, expected within four months, with Phase 1 able to proceed independently in the interim' tells them something they can actually evaluate and price.
Mitigations matter just as much as the risks themselves. A risk with no mitigation attached signals either that the sponsor has not thought it through, or that the mitigation does not exist. Either way, that is information the investor needed before, not after, they committed capital.
Treat the risk register as the most honest part of any deal package. If it reads as an afterthought, the rest of the package deserves a second, more sceptical look.
Have a project that needs funding, a buyer, or a partner?
List your project with DeNovo for an honest, professional assessment, or contact us directly.