Ideas Portal

Risk Register

I love the Decision Register. Similar functionality for a Risk Register, a key governance function, would also be an excellent addition.

I manually do this currently with a table like below:

Risk

 

Impact
(Very Low, Low, Medium, High, Very High)

Probability
(Very Low, Low, Medium, High, Very High)

Strategy/action

Capital gains tax introduced and market slows High Low

1) 

2) 

3) 

       
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 6 2018
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    27 Feb 12:23am

    Hi BoardPro. I've just returned after some time away, and am wondering where this Risk Register idea from Jun 2018 is at?

     

    13 upvotes suggests strong  user demand.

     

    The best risk register approach I've come across in recent years is as follows:

    > Column 1 = "Risk"
    > Column 2 = "Impact" (or "Severity")

    > Column 3 = "Likelihood" (or "Probability")
    > Column 4 = "Risk score" (by multiplying the previous two fields. 25 is the max)
    > Column 5 = "Mitigation" (or "Strategy" or "Actions" or "Risk Response Action" as one user has suggested below)

    > Then you just rank them all from highest to lowest risk score, and review each meeting.

    > Some businesses also like to categorise risks if they have a lot, e.g. manufacturing risk, economic risk...

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Jun, 2018 08:29pm

    I like the trigger idea, Gavin. Would certainly help an organisation move at lightning speed when crisis strikes!

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    7 Jun, 2018 06:35pm

    I would probably adapt the final column above, the 'Strategy/Action' column to be an 'Risk Response Action' button where the response/mitigation would in an action on an owner - the difference this and a normal action being the addition of a non-mandatory 'Trigger' - so the Action may behave per a normal action if the Trigger is not specified, or the Action becomes 'live' only if the trigger event occurs.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    7 Jun, 2018 06:30pm

    Risk reporting is often a complex and diverse area - different organisations can have highly variable risk reporting requirements but I agree that a generic reporting mechanism, similar in execution to the way in which boardPro has address the need for managing Action items and Minutes reviewing, with a special Agenda item type, would be very useful and would definitely add improved governance.