Risk register 11 / 21

Risk register

Organisations should have formal methods of collecting information on risk and response.

A risk register:

  • lists and prioritises the main risks an organisation faces

  • is used as the basis for decision-making on how to deal with risks

  • details who is responsible for dealing with risks

  • Monetary value should be allocated if possible

The risk register is a key document in risk reporting

in terms of:

  1. identifying risks

  2. allocating responsibility for:

    - managing
    - monitoring
    - reporting

Reports should show the risk levels before controls are implemented and the residual risk after controls are taken into account.

If the residual risk is considered excessive, the business will have to consider implementing more effective measures to reduce or avoid risk.

Reporting also needs to include comparisons of actual risks against predicted risks and feedback on the action taken to manage and reduce risks that the system has identified.

  • Have the actions taken fulfilled their objectives?

  • What further action is needed?

  • Have the costs of taking action justified the benefits?

If risks have not been managed effectively at lower levels of the organisation, senior management may need to take a more active role.

As it will not be worthwhile to eliminate all risks, the reporting system needs to highlight residual risks, the remaining exposure to risk after appropriate management action has been taken.

We use cookies to help make our website better. We'll assume you're OK with this if you continue. You can change your Cookie Settings any time.

Cookie SettingsAccept