top of page


Knowledge To Help Elevate Your Compliance

Getting More from your Risk Registers

Risk registers are part of an effective risk program and used by companies to help communicate and manage risk. Spreadsheets are often the primary database for risk registers to store and track risks that need to be: assessed, treated, and monitored. While the use of spreadsheets can help initially support a risk program they can, without additional support, result in:

  • Inconsistent practices using the risk spreadsheet templates

  • Confusion resulting from using different definitions for risk (i.e. hazard, effect, uncertainty, etc.)

  • Application of incorrect risk assessments and treatments due to confusion caused by using different risk frameworks

  • Increased exposure as unmitigated residual risks may not be evaluated and treated

  • An incomplete picture of risk which can lead to an understated or overstated risk profile leading to increased vulnerability or over investment in risk mitigation.

  • Not learning from prior risks analyses and treatments

To counter these effects, companies can benefit by advancing their risk programs beyond using simple risk register spreadsheets.

Here are 6 steps to an effective risk management program:

  1. Use a common risk framework across the organization

  2. Capture all risks in a central database

  3. Manage entire risk life-cycle with actionable and accountable tasks

  4. Monitor and control risks within the management accountability structure

  5. Provide visibility to the entire risk profile with periodic review

  6. Preserve and learn from prior risk analyses and treatments

Moving Beyond Risk Registers
Moving Beyond Risk Registers

It is important to start with asking the question, "have we captured all the risk? " This requires having a consistent definition of risk that a risk framework provides such as ISO 31000 and others. Without a common framework each department, discipline, or person will likely have their own idea of what they mean by risk. This can lead to confusion and incomplete risk identification. For many organizations, a significant advancement will come by managing risks that are already contained within the risk registers. Turning risk register spreadsheets into accountable actions is an important step to better risk management. There is little value to having risks assessed and treatments defined if they are not being looked at regularly. Having appropriate controls and monitors in place to elevate risks that require attention is crucial to support management accountability and oversight. Managing all risks in one place makes it easier to learn from prior risk analyses and treatments. Establishing a learning culture will help improve risk management competency and help reduce future risk.

Moving beyond the use of risk registers and establishing a consistent risk management system will help to counter the previous effects and produce better risk outcomes.

Plan-Do-Check-Act Questions:

  1. Which improvement step would help produce better risk outcomes for your organization?

  2. What obstacles are hindering the improvement of your risk program?

  3. What steps can be taken to remove or reduce these obstacles?

  4. What would it look like if risk was managed more effectively?

182 views0 comments

Related Posts

See All


Elevate Compliance Huddle

Mondays @ Noon on Zoom (weekly)

Elevate Compliance Huddle / Free Online Session

The Book

Learn more about our upcoming book coming soon.

bottom of page