A Risk Register or Risk Log is term describing a master document or database used as a central repository for information regarding risks, qualitative analysis and mitigation of Risks.
A Risk Register provides an organization's risk management stakeholders the current status of each Risk, at any point in time.
Typical data elements of a Risk Register include:
- Dates: This includes dates for milestones like: Discovery date, Mitigation Target date, Mitigation Completion date.
- Risk ID: A unique identifier for the risk.
- Risk Description: A brief description of the risk, its causes and its impact.
- Probability: The likelihood the risk event may occur. This may be done based on scaling (e.g. 1-5, with 5 most severe) or based on statistics (e.g. 1 out of every 10,000 transactions)
- Impact: The consequence of the risk event occurring. This may be done based on scaling (e.g. 1-5, with 5 being most severe) or based on quantification (e.g. revenue drop by 75%).
- Key Risk Indicator (KRI): Overall quantification of the risk; determined by multiplying Probability by Impact.
- Risk ranking: A priority list which is determined by the relative ranking of the risks by their overall risk score.
- Risk Avoidance Strategy: A description of the actions (to be) taken to reduce the probability of an occurrence of the risk event.
- Risk Mitigation Strategy: A description of the actions (to be) taken to reduce the impact of an occurrence of the risk event.
- Risk Alerts: A description of the indicators or signals which alert that a risk is about to occur (or has already occurred).
- Risk Owner: The role or individual responsible for establishing and observing alerts, managing risk response, and periodically assess the risk and its mitigation.
Community Importance Rating
|KRI||Key Risk Indicator||KRI|
|SCRM||Supply Chain Risk Management||SCRM|