Corporate Risk Register
A comprehensive guide to using the Corporate Risk Register module for identifying, assessing, tracking, and managing strategic enterprise-level risks.
Introduction
The Corporate Risk Register module provides a centralized platform for your organization to manage significant risks at a corporate or enterprise level. It allows for a consistent approach to identifying, assessing, tracking, and reporting on key risk exposures, the effectiveness of controls, and the progress of mitigation efforts. Effective use of this register supports strategic decision-making and governance.
Key Objectives
Using the Corporate Risk Register, you can:
- Establish a clear inventory of strategic risks.
- Assign ownership and accountability for each risk.
- Analyze risks by assessing their likelihood and potential consequences to determine a risk rating.
- Define target risk levels and track progress towards them.
- Document and evaluate the effectiveness of controls designed to mitigate risks.
- Link corporate risks to more detailed operational or project-specific Risk Assessments.
- Manage and track actions required to treat risks.
- Schedule and record periodic reviews to ensure risks are reassessed and information remains current.
Working with Corporate Risk Records
Each entry in the Corporate Risk Register represents a specific strategic risk.
Creating and Editing Risk Records
To create a new risk, select the 'New Record' option within the module. To edit an existing risk, open it from the register list.
When documenting a risk, you will typically provide:
- Core Risk Details: Such as a unique
Risk ID
, a clearTitle
, a comprehensiveDescription
of the risk, theRisk Owner
responsible, and theDate Raised
. ADue Date
orTarget Date
can be set for achieving mitigation goals. - Risk Analysis:
- Likelihood & Consequence: Evaluate how likely the risk is to occur and what its impact would be. These selections usually drive an automated
Current Risk Rating
based on your organization's risk matrix. - Target Risk Rating: Specify the desired risk level after controls and treatments are implemented.
- Risk Tolerance: Indicate the level of risk the organization is prepared to accept for this item.
- Likelihood & Consequence: Evaluate how likely the risk is to occur and what its impact would be. These selections usually drive an automated
- Controls:
- Control Description: Detail the measures in place (or planned) to manage the risk.
- Controls Effectiveness: Assess how well these controls are working.
- Monitoring Activities: Describe how the risk and its controls are being monitored.
Understanding the Workflow
Corporate Risk records typically progress through several stages, such as:
- Draft: The initial creation stage.
- Active / Open: The risk is formally acknowledged and is being actively managed.
- Under Review: The risk is undergoing a periodic or triggered review.
- Closed / Archived: The risk is no longer relevant, has been fully mitigated, or is accepted.
Use the available workflow buttons (e.g., 'Submit', 'Send for Review', 'Close Risk') at the bottom of the form to move a risk record through its lifecycle. The specific stages and actions will depend on your organization's configured process.
Linking to Other Modules
For a comprehensive view of risk management, the Corporate Risk Register often links to other information in the system.
Connecting to Detailed Risk Assessments
Strategic corporate risks can be linked to specific, more granular risk assessments conducted within the Risk Assessment module. Look for a section typically titled 'Associated Risk Assessments'. You can usually link existing assessments or, if configured, create new ones directly. This provides traceability and allows drill-down into detailed analysis.
Managing Associated Actions
To manage the tasks required to treat a risk, you can link to the Actions module. In the 'Associated Actions' section of a corporate risk record, you can link existing actions or create new ones. This ensures that mitigation tasks are assigned, tracked, and completed.
Managing Risk Reviews
Risks should be reviewed periodically to ensure the information is current and controls remain effective.
- The 'Review History' section allows you to log each review.
- When logging a review, capture the
Review Date
, whoReviewed By
,Review Comments
detailing findings and outcomes, and critically, set theNext Review Date
. - Setting a
Next Review Date
is essential for proactive risk management and often drives reminder notifications.
General Features
Like other modules, the Corporate Risk Register typically supports:
- Attachments: Upload supporting documents to risk records. See the general "Adding Attachments" guide.
- Searching and Filtering: Use standard search and filter tools to find specific risks. Refer to "Searching Records" and "Customising Column Headings" for more details.
- Exporting: Export data for reporting or offline analysis, as described in "Exporting Data."
For further assistance with general system features, please consult the relevant help documentation.
Version: 1
Electrical Equipment Register
A comprehensive guide to using the Electrical Equipment Register module for managing and tracking your organization's electrical assets, including test history and maintenance actions.
Classified Equipment Register
A comprehensive guide to using the Classified Equipment Register module for managing specialized equipment that requires formal registration, tracking, and periodic inspection.