Risk Management Essentials: Risk Register Template
This job-aid is part of the Risk Management Essentials Series, practical guidance on risk management that can be applied in the workplace.
A risk register is a repository of information on identified risks. Before completing the risk register, determine its scope and objective.
Different organizations may use different templates and formats but categories used in this example tend to be used consistently. Please note this is a comprehensive template. For less complex initiatives or operations you may only require a simplified version. To maintain the value of this tool, ensure it is regularly updated, communicated and used to inform risk-based decision-making.
- Context and environmental scan
- Risk identification
- Risk measurement and assessment (current step)
- Response to risk
- Risk monitoring and control
Identify and analyse the risk
Risk ID |
A unique identifier assigned to each risk. |
Risk Name |
A short-form description of the risk statement. |
Key risk drivers |
Risk drivers refer to the causes, sources or trigger points for a risk. They are facts or trends that form a solid basis for identifying risks. |
Risk or opportunity statement |
A statement that expresses an uncertain future event/outcome that could generate opportunity or impede the attainment of work objectives. |
Key potential risk or opportunity events |
Individual moments or sets of circumstances that have an impact on work objectives when the risk comes to pass. |
Main impacts |
The risk event causes the impact. A list of the potential impacts the risk could have on objectives. |
Key controls |
A list of the key controlsFootnote 2 that are currently in place to mitigate the likelihood and the impact of the risk. |
Control effectiveness ratingFootnote 1 |
Rating key controls based on their effectiveness.
1 = Totally ineffective
2 = Largely ineffective
3 = Partially effective
4 = Substantially effective
5 = Fully effective |
Assess and address the risk
Residual risk likelihood ratingFootnote 3 |
The likelihood of the risk to occur, given the effectiveness of existing controls.
1 = Rare
2 = Unlikely
3 = Possible
4 = Likely
5 = Almost certain |
Residual risk impact ratingFootnote 4 |
The impact of the risk, given the effectiveness of existing controls.
1 = Low
2 = Minor
3 = Moderate
4 = Major
5 = Severe |
Residual risk exposure
(Likelihood x Impact)Footnote 5 |
The degree to which a particular objective is at risk, given the effectiveness of existing controls. |
Risk response (mitigate, accept and monitor, withdraw, transfer, share) - Action plan |
The action taken to deal with a risk.
If applicable include key components of the risk action plan. It provides details on how a risk will be managed. |
Risk Owner and office(s) of collaborative interest (OCI) |
Risk owner: the individual or entity responsible for the management of the risk
OCI: the individual or entity supporting the risk owner to implement the action plan |