THE RISK REGISTER
A risk register is an output from the processes of a risk and control self-assessment. It is variously called a risk (and control) listing, risk (and control) statement or simply a risk and control self-assessment. The objective is to identify, measure, monitor and manage the risks and controls to which a firm is subject. An extract from a basic risk register will look similar to Figure 6.1.
A more comprehensive risk register including assessment of the residual (i.e. when the controls are working) likelihood and impact of the risk as well as actions to be taken to enhance (or reduce) controls in order to achieve a level of risk closer to the firm’s appetite for that risk will look similar to Figure 6.2.
Get Mastering Risk Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
