Risk Registers

A risk register is a literal recording of risks that your organization has assessed, the risk rating for each, the system that the risk is associated with, and the organization’s chosen risk treatment. They are not intended to be any more complex than a simple spreadsheet that keeps track of your organization’s risk activities.

Risk registers are one of the areas that software can provide lots of value. I did say earlier that we wouldn't spend a lot of time on GRC software but one of the major benefits of GRC software is that it can help keep a list(risk register) of all outstanding risks rather than keeping a list in a spreadsheet application. It can be somewhat daunting to maintain a list of risks if the organization is highly proactive in its assessments and software can help track the risks from year-to-year and assist in creating new risk assessments.