Risk register is a tool developed at the risk owner level that links specific activities, processes, projects, or plans to a list of identified risks and results of risk analysis and evaluation and that is ultimately consolidated at the enterprise level. A risk register is a living document that is continually updated and used to track and monitor risk. It allows the risk professional to view events in a larger context while focusing on the more essential individual risks to an organization. Therefore, it is an essential tool for managing portfolios and implementing rational decisions, leads to sound governance, and contributes to compliance with international risk regulation.
The risk register can be customized to the needs of a particular organization. It can also be used to report risk to stakeholders and to provide assurance and compliance with risk management and associated governance and compliance controls. The risk register starts with the risk owner and risk center and then it lists the resource risk scenario and other columns to be added can be: a) potential impact ( opportunity/threat ) b) risk level c) risk treatment d) proposed improvement action e) next review