The Risk Register I Wish I'd Built Sooner: Managing Uncertainty in Product Development
The Risk Register I Wish I'd Built Sooner: Managing Uncertainty in Product Development
By Sabrina Gallimore, PMP, LSSBB, ACC
Director, Operational Process Transformation | ICF-Certified Executive Coach
In corporate project management, we build risk registers as standard practice—comprehensive documents cataloging what could go wrong, how likely it is, and what we'll do about it. They're clinical, methodical, and often feel like box-checking exercises.
Then I started formulating natural products for my daughter's rare medical condition, and risk management became viscerally personal. Suddenly, "adverse event" wasn't an abstract probability on a spreadsheet—it was my child's skin reacting to something I created. "Regulatory non-compliance" wasn't a legal inconvenience—it was potential harm to other families who trusted me.
This is the story of the risk register I developed (and refined through hard-learned lessons) for natural product development. It's a transparent look at what kept me up at night, which risks materialized, which ones blindsided me, and how I learned that calculated risk-taking—not risk avoidance—is the key to entrepreneurial success.
Why Risk Management Feels Different in Personal Projects
In corporate PM, risks are business problems:
Budget overruns → Request additional funding
Schedule delays → Negotiate deadline extensions
Stakeholder dissatisfaction → Manage expectations, improve communication
Quality defects → Implement corrective actions, iterate
The stakes are real, but they're also contained. Projects fail, lessons are learned, and organizations move forward.
In personal entrepreneurial projects—especially those involving your child's health—risks carry different weight:
Product safety failure → Potential harm to my daughter or customers
Regulatory violation → Legal liability, reputational damage, business closure
Financial loss → Family savings depleted, opportunity cost of time invested
Time overrun → Burnout, family strain, missed milestones in daughter's care
The emotional load is heavier. You're not just the project manager—you're the sponsor, the team, the quality assurance lead, and often the first test subject. There's no steering committee to escalate to, no executive sponsor to absorb accountability. The risk is yours alone.
This reality forced me to be more rigorous, not less, about risk management. I couldn't afford blind spots.
Building the Risk Register: Categories & Framework
I structured my risk register around five categories, each representing a distinct threat vector to project success:
Risk Category 1: Product Safety Risks
These were my highest-priority risks—the ones that could cause direct harm.
Key Mitigation: The Multi-Stage Testing Protocol
I developed a staged rollout process that became my primary safety net:
Stage 1: Self-Testing (7 days)
Apply new formulation to my own skin (inner forearm, behind ear)
Monitor for redness, itching, irritation
Rationale: If it reacts on me, it never reaches my daughter
Stage 2: Adult Beta Testing (7-14 days)
Expand to other adults in household
Test on multiple skin types (dry, oily, sensitive)
Collect feedback on texture, scent, efficacy
Stage 3: Pediatric Testing (Under Medical Guidance)
Introduce to my daughter in controlled setting
Start with small patch test on unaffected area
Monitor for 48-72 hours before full use
Maintain documentation for medical team
Stage 4: Customer Pilot (Limited Release)
Offer samples to trusted friends (other parents)
Collect structured feedback via survey
Monitor for any adverse reports before scaling
Lesson Learned: This staged approach caught two potential issues before they reached customers: a soap formulation that caused mild dryness in Stage 1 (reformulated with higher superfat percentage), and a bath soak that clumped in humid conditions during Stage 2 (added anti-caking agent).
Risk Category 2: Regulatory & Compliance Risks
As someone launching products in Canada, I needed to navigate Health Canada's cosmetic regulations—an area where ignorance isn't bliss, it's liability.
Case Study: The Language Trap I Almost Fell Into
In my early marketing drafts, I wrote: "Our bath soak helps treat sensitive skin conditions."
The problem: "Treat" is a medical claim. Under Health Canada regulations, cosmetics cannot make therapeutic claims without drug classification (which requires clinical trials, regulatory approval, and pharmaceutical-level compliance).
The fix: I rewrote as: "Our bath soak is designed to support skin comfort during bathing, with gentle ingredients suitable for sensitive skin."
Key Difference:
❌ "Treats conditions" = Drug claim (illegal without approval)
✅ "Supports comfort" = Cosmetic claim (legal, descriptive)
PM Lesson: Regulatory risk mitigation requires proactive education. I spent $500 on a legal consultation that prevented tens of thousands in potential liability.
With limited budget and no bulk-buying leverage, supply chain disruptions could halt production entirely.
Mitigation Strategy: The Multi-Sourcing Approach
I identified 2-3 suppliers for every critical ingredient:
Example: Shea Butter Sourcing
Primary Supplier: Local artisan co-op (organic, fair-trade, fast turnaround, 15% premium)
Secondary Supplier: Online bulk supplier (certified organic, 7-14 day lead time, cost-competitive)
Tertiary Supplier: Backup vendor (refined non-organic, emergency use only if both others unavailable)
Cost of Multi-Sourcing: Slightly higher per-unit costs due to smaller order volumes per supplier
Benefit of Multi-Sourcing: When my primary supplier had a crop failure (shea harvest impacted by drought), I pivoted to secondary supplier with zero production downtime
PM Lesson: Single-source dependencies are high-risk in small-batch production. Relationship diversification is insurance.
Risk Category 4: Market Risks
These risks weren't about product safety—they were about product-market fit and business viability.
Case Study: The Market Risk That Materialized
At my first vendor market, I priced my bath soaks at $28 per 16 oz jar—a premium price reflecting organic ingredients and handmade production.
Customer feedback: "This is expensive compared to [big-box store brand]."
The problem: I was competing on price when I should have been competing on value differentiation.
The pivot:
Created comparison chart showing ingredient transparency (mine vs. commercial brands)
Offered small sample jars ($8) to reduce purchase barrier
Shared personal story (why I created these products, what conventional products did to my daughter)
Repositioned price as "investment in family wellness" not "expensive bath soak"
Result: Conversion rate increased from 15% (first market) to 35% (third market) with same pricing—proof that positioning matters more than absolute price.
PM Lesson: Market risk mitigation requires rapid feedback loops. Three markets taught me more than six months of planning ever could.
Risk Category 5: Operational Risks
These were the risks that threatened project sustainability—not catastrophic failures, but slow burns that could lead to burnout or abandonment.
Case Study: When Burnout Became a Critical Risk
Four months into production, I was making products every weekend, managing a full-time Director role during the week, and squeezing in vendor markets on Saturdays. I noticed warning signs:
Decreased product quality (rushing through batches)
Resentment toward the project (what started as mission-driven felt like obligation)
Family strain (missing weekend time with daughter)
Risk Escalation: Burnout moved from "Medium Probability / Medium Impact" to "High Probability / High Impact"
Mitigation Response:
Reduced production scope: Cut from 6 SKUs to 3 core products
Delegated packaging: Partner took over labeling and packaging tasks
Imposed production caps: Maximum 2 batches per month, no exceptions
Scheduled breaks: One month off after every 3 months of production
Result: Project became sustainable. Quality improved. Motivation returned.
PM Lesson: Operational risk management in solo ventures requires ruthless honesty about capacity. Scope reduction isn't failure—it's strategic preservation.
The Risks I Didn't Anticipate: Lessons Learned
Despite my best planning, three risks blindsided me:
Surprise Risk #1: Humidity Causing Batch Failures
What Happened: My bath soak formulation (Epsom salt + magnesium flakes + botanicals) clumped into solid bricks within days when stored in my basement workshop during summer.
Why I Missed It: I tested the product in winter (dry indoor air). I didn't anticipate how humidity would impact salt-based formulations.
Impact: Had to discard 3 batches (12 units, ~$150 in materials)
Response:
Reformulated with anti-caking agent (tapioca starch, 2% by weight)
Moved storage to climate-controlled space
Added "store in cool, dry place" instruction to labels
PM Lesson: Environmental factors are risks too. Test products in conditions customers will actually use them.
Surprise Risk #2: Packaging Compatibility Issues
What Happened: Essential oils in my lip balm formulation degraded the plastic tubes I initially sourced, causing them to crack and leak.
Why I Missed It: I tested formulation stability (texture, scent, separation) but not packaging compatibility over time.
Impact: Had to replace 50 tubes mid-production (~$80 loss + time delay)
Response:
Switched to glass tubes (higher cost but compatible with essential oils)
Added "packaging compatibility test" to quality checklist
Researched material safety data sheets (MSDS) for future packaging decisions
PM Lesson: Integration testing applies to physical products too. Components must be tested together, not just individually.
Surprise Risk #3: Customer Misuse Despite Clear Instructions
What Happened: A customer applied my bath soak directly to skin (like a paste) instead of dissolving in bath water, then reported "irritation."
Why I Missed It: I assumed instructions were obvious. I underestimated how people skim labels.
Impact: Negative feedback, potential reputational risk, stress over product safety
Response:
Added prominent "USAGE INSTRUCTIONS" section on label front (not just back)
Created instructional video posted on website and social media
Added "BATH USE ONLY - Do Not Apply Directly to Skin" warning
Implemented post-purchase email with usage tips
PM Lesson: User error is a legitimate risk. Design for how people actually behave, not how you hope they'll behave.
Probability vs. Impact: The Risk Prioritization Matrix
Not all risks deserve equal attention. I used a classic 2x2 matrix to prioritize:
Risk Prioritization Matrix
Risk Response Strategy by Quadrant:
Quadrant 1 (Critical Risks): Low Probability, High Impact
Strategy: Develop contingency plans even though unlikely
Example: Supplier bankruptcy (low probability) but would halt production (high impact)
Response: Maintain multi-sourcing, safety stock, alternative vendor contacts
Quadrant 2 (Priority Risks): High Probability, High Impact
Strategy: Mitigate aggressively with proactive controls
Example: Adverse skin reactions (medium probability) with potential harm (high impact)
Response: Multi-stage testing protocol, conservative ingredients, clear warnings
Quadrant 3 (Accept): Low Probability, Low Impact
Strategy: Accept and address if/when they occur
Example: Minor label typos (low probability after quality checks) with minimal impact
Response: Fix in next print run, don't recall existing inventory
Quadrant 4 (Monitor): High Probability, Low Impact
Strategy: Monitor and respond quickly when they occur
Example: Time overruns (high probability in side project) with manageable impact
Response: Build buffer time, adjust expectations, communicate delays early
Risk Mitigation Strategies That Worked
Looking back over 18 months of product development, five strategies proved most valuable:
1. The Staged Testing Protocol
Purpose: Catch safety issues before customer exposure
Result: Prevented 2 formulation failures from reaching market
ROI: High (prevented potential harm + reputational damage)
2. Multi-Sourcing Critical Ingredients
Purpose: De-risk supply chain dependencies
Result: Zero production delays due to ingredient unavailability
ROI: Medium (slightly higher costs, but business continuity protected)
3. Conservative Language Policy
Purpose: Avoid regulatory violations and medical claims
Result: Zero regulatory issues, complaints, or liability concerns
ROI: High (prevented legal risk + built customer trust through transparency)
4. Financial Guardrails (Investment Cap)
Purpose: Limit downside financial exposure
Result: Capped Phase 1 investment at $2,000; broke even after 6 markets
ROI: High (protected family finances while validating market demand)
5. Buffer Time in All Estimates
Purpose: Accommodate uncertainty in solo production
Result: Met 90% of self-imposed deadlines despite full-time job
ROI: High (reduced stress, maintained quality, avoided burnout)
When to Accept Risk vs. Mitigate
Not every risk requires mitigation. Entrepreneurship demands calculated risk-taking—understanding which risks to accept, which to mitigate, and which to avoid entirely.
My Risk Acceptance Framework:
Risk Reversibility Test
I developed a simple question to guide risk acceptance:
"If this risk materializes, can I undo the damage?"
Irreversible risks (health harm, regulatory violations) → Mitigate aggressively
Reversible risks (pricing mistakes, packaging choices) → Accept, test, iterate
Example:
Launching with imperfect packaging = Reversible (can change in next batch) → Accept
Launching with untested formulation = Irreversible (can't undo customer harm) → Mitigate
The Living Risk Register: Continuous Monitoring
My risk register wasn't a document I created once and filed away. It was a living tool I updated monthly:
Monthly Risk Review Process:
Review existing risks: Have probabilities or impacts changed?
Identify new risks: What emerged this month that wasn't on my radar?
Evaluate mitigation effectiveness: Are my strategies working?
Adjust response plans: What needs to change based on new data?
Example: Risk Status Changes Over Time
Reflection Questions for Project Managers
As you think about risk management in your own projects—corporate or personal—consider:
What's the risk you're most afraid of? (Often, naming it reduces its power and reveals mitigation strategies.)
Which risks are you avoiding through inaction? (Sometimes the biggest risk is not starting at all.)
How would your risk register change if you had unlimited resources? (This reveals which risks are truly high-impact vs. resource-constrained.)
What risks have you accepted without realizing it? (Implicit risk acceptance is often more dangerous than explicit decisions.)
If your project failed, what would be the most likely cause? (Pre-mortem analysis often reveals blind spots.)
How often do you review and update your risk register? (Stale risk registers are worse than no risk register—they create false confidence.)
Conclusion: Embracing Uncertainty with Strategy
Risk management isn't about eliminating uncertainty—it's about navigating uncertainty with strategy. In corporate PM, we build risk registers to protect projects. In personal entrepreneurship, we build them to protect what matters most: our families, our customers, and our capacity to sustain the work.
The risk register I wish I'd built sooner wasn't just a compliance document. It was a decision-making framework that helped me:
Prioritize ruthlessly (mitigate high-impact risks, accept low-impact ones)
Sleep better (knowing I'd thought through worst-case scenarios)
Move faster (because I understood which risks were worth taking)
Build trust (with customers who saw my commitment to safety and transparency)
For PMPs considering entrepreneurial ventures, here's my encouragement: You already have the frameworks. Risk registers, probability-impact matrices, contingency planning—these aren't just corporate tools. They're life tools. Use them.
And remember: the goal isn't zero risk. It's calculated risk-taking in service of something that matters.
Appendix: Risk Register Template
For readers who want to build their own risk register, here's the template I used:
Risk Register Template
Instructions:
Brainstorm risks across all categories (don't self-censor—write everything)
Assess probability & impact using High/Medium/Low scale
Calculate risk score (H/H = Critical 🔴, H/M or M/H = Monitor 🟡, M/M or lower = Low 🟢)
Define mitigation strategies for all Critical and Monitor risks
Assign ownership (even if it's you wearing multiple hats, be explicit)
Review monthly and update status
About the Author:
Sabrina Gallimore, PMP, LSSBB, ACC, is a Director of Operational Process Transformation with 15+ years leading enterprise change initiatives across transportation, logistics, and real estate sectors. She holds Project Management Professional (PMP), Lean Six Sigma Black Belt, and ICF Associate Certified Coach (ACC) credentials. When she's not managing corporate transformations, she applies the same PM rigor to entrepreneurial ventures and family wellness projects. This blog reflects her journey bridging corporate expertise with personal mission.
