How to build a Risk Register for your organisation

E RADAR has launched a new project management platform to help organisations comply with the latest cyber laws and regulations. MyCyberRisk™ provides collaborative tools to identify regulators, build teams and set out objectives and tasks measured against key deliverables.

One of the tables contained in the MyCyberRisk™ system is the Risk Register. A Risk Register, also referred to as a Risk Log, is a master document which is created during the early stages of your project. It is a tool that plays an important part in your Risk Management Plan, helping you to track issues and address problems as they arise.

This article describes the different elements used in our online risk register tool. Please refer to the example Risk Register table below.

CONTACT US if you are interested in a free trial of MyCyberRisk™

Risk Register

Project ID

The Project ID is the automatically-generated identifier which you can find in the address bar when you navigate to your individual project

Project Name

You will need to give your compliance project a name.

Risk Category

It is down to you to define your main risk categories. But, as a guide you could use the following:

  • Project Risks
  • External Risks
  • Technical Risks
  • Legal Risks
  • Other Risks

Risk Sub Category

The risk sub category helps you to break down further the risks in your project. Some sub categories you can use include:

  • Data Protection
  • Building Work
  • Flood, Fire & Theft
  • Currency Fluctuation

Risk Description

Describe in a few short sentences the exact nature of the risk.

Risk ID

You should run a sequential series of unique risk identifiers. The numbering system you adopt is entirely your choice. As an example, you could take the first letter of the name of your specified Risk Category and run your sequential numbers.

  • P0001, P0002, P0003, etc for Project Risks
  • E0001, E0002, E0003, etc for External Risks
  • T0001, T0002, T0003, etc for Technical Risks
  • L0001, L0002, L0003, etc for Legal Risks
  • O0001, O0002, O0003, etc for Other Risks

Project Impact

Describe the anticipated effect the risk would have upon your compliance project.

Likelihood

The chances that the risk will occur. You have 3 options:

  • High (red)
  • Medium (amber)
  • Low (green)

Consequence

The potential impact the risk will have upon the project. You have 3 options:

  • High (red)
  • Medium (amber)
  • Low (green)

Risk Rank

The importance of the risk in the project. You have 3 options:

  • High (red)
  • Medium (amber)
  • Low (green)

Risk Trigger

Describe what event might trigger the risk. Some example might be:

  • Customer complaint
  • Security breach
  • Break-in
  • Weather conditions
  • Change in the law

Prevention Plan

Explain what you can do to mitigate and/or remove the risk.

Contingency Plan

All organisations should have a contingency plan to deal with events that trigger a risk. Information entered here can help you to develop and implement your contingency plan.

Risk Owner

Identify those in your team who own the specific risk and will manage it. You will already have set up a table with details of your team members.

Risidual Risk

Identify whether there are any dangers to risk left over after treatment of the risk. This is know as risidual risk. You have 3 options:

  • High (red)
  • Medium (amber)
  • Low (green)

[wpdatatable id=15]

CONTACT US if you are interested in a free trial of MyCyberRisk™