How to build your risk register

A crucial part of your risk management strategy is your risk register. But what exactly is a risk register? How do you build a good one? And what are the benefits of making your risk register embedded, holistic, and integrated into your business?

In this article, we've asked our services team to answer some of your risk register frequently asked questions. 

1) What is a risk register? 

A risk register, also referred to as a risk log, helps you to track issues and address problems as they arise.

A typical risk register contains:

• A risk category to group similar risks
• The risk breakdown structure identification number
• A brief description or name of the risk to make the risk easy to discuss
• The impact or consequences if the event actually occurs 
• The probability or likelihood of its occurrence
• The risk score or risk rating is the multiplication of Probability and Impact and is often used to rank the risks.
• Common mitigation steps are identify, analyse, plan response, monitor and control.
• Response methodology:
  • Contingent response - the actions to be taken should the risk event actually occur.
  • Contingency - the budget allocated to the contingent response
  • Trigger - an event that itself results in the risk event occurring (for example the risk event might be "flooding" and "heavy rainfall" the trigger)

2) Why create a risk register?

The six top advantages to creating a risk register are: 

1. Communicate and understand the nature of the risks the organisation faces
2. The first step in taking a risk based approach to act upon the high impact / high probability risks 
3. Engage leadership with the risk management process
4. Take a collaborative approach to risk assessment and treatment processes 
5. Effective management of resources and assets 
6. Have in place early warning factors to increase the thresholds. 

3) Do you need software to manage a risk register? 

Risk management software is a core tool for many organisations to manage their risk register because it: 

1. Eliminates administrative burden 
2. Promotes a collaborative approach - workflows and notifications sent to your team ensures the right person is notified at the right time about a risk
3. Provides an audit trail and formal approach for regulatory / customer audits 
4. Enables a joined-up, integrated approach to risk management 
5. Instant risk reporting 

4) How do you create a risk register? 

A best practice approach to creating a risk register involves:

1. Establish your categories. These may be:
   • • • Financial 
       • Compliance 
       • Health and safety 
       • Strategic 
       • Operational
2. Plan your risk assessment process 
3. Log new risks 

5) What are some example risk registers?

Request a live demonstration of our risk management software to see some example risk registers. 

Request a demonstration here

We are able to show examples for:

• ISO 9001 
• ISO 14001
• ISO 13485 
• ISO 45001 
• ISO 27001, GDPR and a data processing register

6) Where can I get more information about risk management? 

1. Watch our risk management webinar here: quality.eqms.co.uk/risk-management-webinar 
2. Risk management toolkit:
   quality.eqms.co.uk/risk-management-process
3. Risk management datasheet: 
   quality.eqms.co.uk/datasheet-download-eqms-risk-manager
4. Risk management training materials: 
   quality.eqms.co.uk/risk-management-post-workshop-resources