What is the Risk Register?
The risk register is a list of entries known as risk score entries where each entry refers to a specific instance of a known risk that impacts one specific org unit. Risks fall into predefined categories. Before creating an entry in the risk register, a superuser would need to create risk categories and risk objects. (See also: Working With Risks ).
When a risk is identified, someone with a Risk Assessor role in the org unit, or a superuser, can create an entry in the table to record details about the risk. These include assigning values for the perceived severity and likelihood of the risk. The resulting risk score is generated by multiplying the impact by the likelihood. Target values and a target date are also assigned, allowing you to set a goal for mitigating the risk level by a certain date.
Risk Score Entry Fields
| Field Name | Options | Notes |
|---|---|---|
| Status | Open/In Progress/Closed | Can be changed by a Risk Assessor |
| Org Unit | The impacted org unit | |
| Risk | From a list of existing risks | The name of risk as entered by a superuser on the Settings page |
| Inherent Impact | Depends on the Risk Scale value (default 1-5) | How severe the risk is, based on external factors beyond your control |
| Inherent Likelihood | Depends on the Risk Scale value (default 1-5) | How likely the risk is to occur, based on external factors beyond your control |
| Current Impact | Depends on the Risk Scale value (default 1-5) | How severe the risk is, based on your current mitigation strategy |
| Current Likelihood | Depends on the Risk Scale value (default 1-5) | How likely the risk is to impact you, based on your current mitigation strategy |
| Target Impact | Depends on the Risk Scale value (default 1-5) | How severe you would like the impact to be were it to occur |
| Target Likelihood | Depends on the Risk Scale value (default 1-5) | How likely you would like the risk to impact you |
| Due | Future date | When do you expect to achieve your target impact and likelihood values? |
| Notes | Free text entry | Any additional information needed |
| Current Mitigation Control | Free text entry | Describe the current mitigation strategy employed. |
| Target Mitigation Control | Free text entry | Describe the intended mitigation strategy needed to achieve the target risk score. |
Superusers can view and edit all Risk Register entries. Risk Assessors can create, edit and view entries for their org unit(s). Risk auditors can view entries for their org unit(s).
It is possible to add custom fields to the bottom of the Risk Register entry dialog. To learn how superusers can do this, see How-To: Create New Risk Register Drop-Down Fields .