What is Risk Categories?
Risk categories group risks by source — technical, external, organizational, project-management (the classic RBS top level), or domain-specific sets a company evolves. Categorization pays three ways: completeness during identification (walk the categories), pattern detection during analysis (why is one category swelling?), and routing during response (organizational risks need different owners than technical ones).
The analysis move examiners love: when one category dominates the register, the response is usually systemic — fix the source, not thirty symptoms.
Worked example
Categorizing 70 risks on a rail project reveals 40% cluster under "interfaces with the operating railway" — possessions, approvals, live-track protection. No single risk is huge; the category is. The systemic response: a dedicated interface manager and a standing agreement with the operator's planning office. Twenty-eight register entries shrink in one move — the category saw what no individual risk could.