Most QMS implementations have one register. It's called the risk register, and it only knows how to think in one direction. Here's how to evolve it into a portfolio that captures both sides — without throwing away what works.
Start with the columns you already have
A typical risk register has six columns: ID, description, likelihood, impact, owner, treatment. The good news is that five of those translate cleanly. Only one — treatment — needs to be rethought as a paired field.
The four scoring axes that actually work
- 01Impact — magnitude if realized.
- 02Feasibility — likelihood × organizational capacity to act.
- 03Strategic fit — alignment with stated objectives.
- 04Time to value — months to first measurable outcome.
Score each on a 1–5 scale. Sum or weight as appropriate. The combined score becomes the portfolio rank — and the rank, not the volume, is what management review should see.
Three common failure modes
1. The opportunity register that's secretly a wishlist
Without owners and pursuit decisions, opportunities accumulate as aspirations. Treat every entry the way you treat a risk: name an owner, set a review date, decide pursue or close.
2. The 'we'll capture it in projects' fallacy
Project portfolios capture initiatives that already have funding. The opportunity register is upstream of that — it's where ideas are scored before anyone commits resources.
3. Different rubrics for risk and opportunity
If the two halves use incompatible scales, leadership cannot trade them off. Use one rubric, applied symmetrically.
“A portfolio is not a longer register. It's a register that forces a choice.”
What 'good' looks like in audit
- Every entry has a direction, owner and review date.
- Closed entries cite a pursuit or closure decision.
- Management review minutes reference specific entries by ID.
- Realized outcomes are recorded against original scores.