A risk profile is a documented and prioritized overall assessment of the risks faced by an organization. A risk register is a concise, structured document listing all the identified risks for a business, project or contract together with the results of the risk analysis, initial mitigation plan and current status of each risk. This register should be updated regularly to maintain up to date risk profile.
Purpose and benefit of using the risk register
- To capture analysis and the decisions about the identified risks in a coordinated, centralized and accessible data store.
- Provide a template for recording and documenting risk information in a standardized manner.
- Develop risk visibility throughout the organization including current risk status and exposure.
- To identify accountabilities for monitoring and managing risk.
- Provide a framework for risk monitoring, management and review activities.
- Provide a basis for allocating resources to risk monitoring, management and review.
- To encourage and act as a tool for communication about risk issues with internal and external stakeholders.
Contents for risk register
It will typically contain columns for data entry as follows.
1. A unique reference code.
2. Description of the type and nature of risk.
3. It should indicate the date on which the risk was first identified.
4. It shows the risk owner with the responsibility for monitoring and management of the risk.
5. The probability of the risk event occurring.
6. Impact, cost or consequences of the risk event occurs.
7. Identified possible responses or mitigation actions to reduce the probability or both.
8. Risk mitigation action chosen and its effects.
9. The current status of each risk.
