The risk register template has two tabs:
- Risk register - To capture and track all risks
- Risk assessment - To aide in quantifying the risk
An example row has been added to the risk register to show how each field can be populated and we have included guidance for how to carry out the risk assessment.
The best way to use a register is to document any risks whenever you identify them, then on a monthly basis risk assess the new items with stakeholder from across the business. The more you go through the process, the easier it will become.
If you don’t think the risk assessment rating is quite right for your specific risk, I always err on the side of gut instinct which is generally up or down one rating. In addition to the monthly review of new risks, check the progress of any open risks and make sure milestones are met for agreed mitigations.
Download our free risk register template here.
To reiterate the summary from our Control Environment - Part 9 - Risk Management blog post:
Any time worry and uncertainty can be reduced is always a positive. Risk management allows your business to not ignore risks, but actively identify them and gain agreement about their impact and mitigation.
To keep up to date on all our posts in the series and others go to www.rminfosec.co.uk/subscribe today.