Stay ahead of Problems: Threats and Issues List Instructions for Project Clarity

By: Hajime Estanislao, PMP; Editor: Geram Lompon; Reviewed by: Alvin Villanueva, PMP

Projects do not fall behind because people are not trying. Warning signs like risks, delays, and missing pieces are not tracked early or clearly, making it hard to identify and validate risks.

Notes are all over the place.

Ownership is unclear.

Identifying potential risks early in the project promotes risk mitigation. And what starts small quietly grows into problems.

A RAID log helps projects through the structure. It is a simple framework that allows teams to track what might go wrong, what’s already gone sideways, what assumptions guide the work, and what dependencies could shift the plan.

No guesswork. No gaps. Just clarity.

A picture shows someone attending a meeting with a list of what needs attention, who owns it, and what to do next. Identified risks are documented before they turn into issues. Owners are clear. Decisions are recorded. Everyone knows where things stand and what to do about it.

This article will help you build and maintain a working threats and issues list. When you are ready to put it into practice, grab the free RAID log spreadsheet template from ROSEMET—a practical starting point you can adapt to any project.

What is a RAID Log?

A RAID log is used in project management to track four relevant categories: Risks, Assumptions (or Actions), Issues, and Dependencies (or Decisions), among other common risk categories.

Some versions also include the risk register as a part of risk management. The log is usually kept as a shared document or spreadsheet and helps teams track known challenges and decisions in one place.

It is a working reference that supports steady planning, better decision-making, and better communication across the project team. A well-defined risk management strategy aids in identifying and mitigating risks, ultimately enhancing the chances of project success by allowing teams to respond effectively to potential problems.

A Brief History of the RAID Log

The RAID log emerged in the early 2000s as project management shifted from rigid, document-heavy methods toward flexible, team-focused planning. As projects became more complex, particularly in IT, construction, and finance, teams needed a simple tool to capture essential concerns that traditional schedules and documents missed.

RAID stands for Risks, Assumptions, Issues, and Dependencies. It was created as an easy-to-remember framework to spotlight overlooked factors affecting project delivery. Not tied to specific methods like Waterfall or Agile, RAID was intentionally flexible, fitting seamlessly into any workflow. This adaptability made it particularly popular among managers juggling multiple projects because it provided clarity without extra bureaucracy.

Over time, RAID logs evolved to match teams’ changing needs. Some replaced “Assumptions” with “Actions,” or “Dependencies” with “Decisions.” Others introduced more detailed fields from risk registers, such as impact ratings or ownership assignments. These variations highlighted the project manager’s role shift—from pure planning to facilitating clear communication, effective coordination, and timely follow-up.

Today, RAID logs remain a trusted tool across industries and project types. Whether created as spreadsheets or built into digital tools, they help teams manage uncertainty, anticipate problems, and keep projects aligned with their goals.

Definition and Purpose of a RAID Log

A RAID log is a cornerstone of project management, designed to track and manage four elements: Risks, Assumptions, Issues, and Dependencies. RAID logs serve as a centralized repository where project managers can identify, assess, and mitigate potential risks, assumptions, issues, and dependencies that could impact the project’s objectives. RAID logs provide an organized view of the project, making it easier to navigate challenges while keeping the project on track.

Benefits of Using a RAID Log in Project Management

Incorporating a RAID log into your project management toolkit offers several significant benefits:

• Improved Risk Management: A RAID log helps project managers identify and mitigate potential risks, reducing the likelihood of project delays and cost overruns. By proactively managing risks, you can keep your project steady.
• Enhanced Issue Management: With a RAID log, project managers can track and resolve issues, minimizing their impact on the project. It helps address problems before they escalate.
• Better Assumption Management: A RAID log helps project managers identify and validate assumptions, reducing the risk of incorrect assumptions impacting the project.
• Effective dependency management through tracking and managing dependencies: a RAID log ensures the project stays on track and that necessary dependencies are met. This coordination maintains project momentum and meeting deadlines.

Understanding Project Risks and Issues

In project management, a risk is an uncertain event or condition that, if it occurs, could impact the objectives. Risks can be positive or negative and arise from various sources, including the project environment, team members, clients, or external factors. Identifying risks allows project managers to develop strategies to mitigate or capitalize on them, ensuring smoother project execution.

An issue is a problem that has already arisen and is inhibiting successful project completion. Issues can occur at any stage of the project and can range from minor inconveniences to significant setbacks. Addressing issues promptly to prevent them from derailing the project.

Key Differences Between Risks and Issues

Understanding the distinction between risks and issues is vital for effective project management:

• Risks are potential problems that might occur, while issues are actual problems that have already happened.
• Risks can be either positive or negative, whereas issues are always negative.
• Risks are identified and mitigated before they become issues, allowing for proactive management.
• Issues need immediate attention and resolution to prevent further impact on the project.

Reasons to Use RAID Logs in Project Risk Management

RAID logs help bring order to uncertainty. They serve as a shared view of the moving parts – what’s going well, what’s at risk, and where things might need a closer look. Rather than holding information in meetings or inboxes, the log turns it into something the team can act on.

• Tracks project risks through risk analysis before they escalate.
• Keeps issues visible and actionable.
• Captures assumptions that may need follow-up.
• Flag dependencies that could affect timelines.
• Reinforces team accountability; the project manager manages these aspects by identifying potential uncertain events and creating mitigation strategies.
• Provide a reference for decisions and project history.
• Relevant during retrospectives, audits, or handovers.

Step-by-Step Instructions to Develop Your Threats and Issues List

Creating a threats and issues list is not just about reacting; it is a way to stay ahead of the project’s pressure points and streamline the risk management process. This step-by-step guide helps you build a working list that is easy to maintain and useful across the project life cycle by incorporating risk identification.

Start wide to build a strong foundation. During the project planning phase, it is a must to prepare risk management tools such as a risk register and risk logs.

Start with Risk Identification

Gather your team and get everything on the table—no filtering. Capture anything that could become a problem: technical gaps, unclear dependencies, assumptions, shifting deadlines, or budget questions. Start wide to build a strong foundation.

Sort the Chaos

Once the list is down, sort entries into two groups:

• Threats are potential risks that haven’t occurred yet.
• Issues are problems already affecting progress.

It makes it easier to focus on your next steps— planning or responding to what’s already in motion.

Add Context

For each item, write a short description and assess the impact. Estimate likelihood (for risks) or severity (for issues). Add labels like “high,” “medium,” or “low,” and consider assigning a score to rank by priority. It shapes how you spend your time and energy.

Assign a Name and a Plan

Each item needs risk ownership and a next step. Whether monitoring a potential risk or solving a current issue, be clear about who’s responsible and the expected actions. Deadlines, check-ins, or escalation points can all go here. It helps teams mitigate risks before they escalate into issues.

Revisit and Refresh

Check your list regularly. It could be part of a weekly meeting or milestone review. Add new risks, mark items as resolved, or update details based on what changed. Keeping the list current means it remains useful, not just a snapshot from weeks ago.

Considerations for Successfully Managing Your RAID Log with Risk Management Strategies

Do not treat your RAID log as a box to check during kickoff; use it to implement an effective risk management plan throughout the project. It works best as a living document that stays relevant throughout the project, helping to resolve risks before they escalate. If it’s kept up to date and actively reviewed, it becomes a tool for problem-solving and not just documentation.

Simplicity helps. Make the format easy to read and quick to update. Clarity in language, consistent structure, and shared access will encourage your team to use it.

Look back as often as you look forward to ensure proactive risk management in your project. Use the log to see patterns in what’s causing delays, who’s best at resolving issues, or which risks tend to repeat. It is integrated and becomes part of how your team builds more innovative projects.

Taking it to the Next Level: Use a Spreadsheet Template

A spreadsheet is one of the most practical ways to set up and maintain your RAID log as a risk management tool for effective project risk management. It’s easy to share, flexible to update, and doesn’t require new software. Within the project planning phase, project managers can use the RAID log to monitor and address potential risks.

Set Up Your Columns

Create a new Excel file and include the following columns:

• ID
• Category (Risk, Assumption, Issue, Dependency)
• Title
• Description
• Date Identified
• Owner
• Impact Level
• Likelihood (for risks)
• Priority
• Status
• Next Steps
• Resolution Date

Format for Clarity

Use bold headers and freeze the top row. Adjust column widths for readability and use alternating row colors for quick scanning.

Add Drop-Down Lists

Use Data Validation to add drop-downs for Category, Priority, and Status.

Examples:

• Priority: High, Medium, Low
• Status: Open, In Progress, Closed

Apply Conditional Formatting

Highlight anything that needs attention, such as high-priority issues that are still open. This will help surface items that require follow-up.

Create Filters

Turn on filters in your header row to sort or view by category, priority, or owner.

Save as a Template

Once your spreadsheet is ready, save it as an Excel template so you can reuse the structure on future projects.

Alternatives: Check Newer Project Management Software

Spreadsheets are flexible, but some teams may benefit from using project management software that integrates risk and issue tracking directly, which allows the project manager to oversee and mitigate potential risks effectively. Tools like Jira, Asana, ClickUp, or Smartsheet let you create RAID-style fields and track progress without switching systems.

Many platforms offer task assignments, automated reminders, change history, and timeline views. These features make it easier to stay organized without building your structure from scratch. Each team member can contribute expertise to identify and manage risks, ensuring a collaborative approach to project challenges.

For more advanced needs, tools like Microsoft Project provide built-in risk registers and deeper integration with scheduling and budgeting. These can support larger teams or more regulated environments with extra tracking and reporting options.

Wrapping Up: Threats and Issues List & Instructions from ROSEMET

A RAID log is not extra work; it is about making the project easier to manage through an effective risk management strategy. By tracking risks and issues in a centralized repository, you reduce blind spots and make it easier to respond when things change.

Whether leading a quick-turnaround project or managing a complex rollout, this tool helps your team members stay focused, accountable, and informed. It creates space to solve problems before they grow.

To get started, download your free RAID log spreadsheet, sample risk response plan, and contingency plan from ROSEMET. The templates are designed for clarity and flexibility so you can jump in, adjust what is needed, and confidently keep your project moving.

References

Atlassian. (2025, April). Using Jira for risk management: 8 best practices for 2024. https://community.atlassian.com/forums/App-Central-articles/Using-Jira-for-Risk-Management-8-Best-Practices-For-2024/ba-p/2725730https://www.smartsheet.com/free-risk-management-plan-template

Lucidchart. (2025, April). RAID log template. https://www.lucidchart.com/pages/templates/raid-log

Project Management Institute. (2017). A guide to the project management body of knowledge (PMBOK® Guide) (6th ed.). Project Management Institute.

Project Management Docs. (2025, April). Risk management plan template . ProjectManagementDocs.com. https://www.projectmanagementdocs.com/template/project-planning/risk-management-plan/

Smartsheet. (2025, April). Risk management plan templates . https://www.smartsheet.com/free-risk-management-plan-templates