Ideas Portal

Risk Register

I love the Decision Register. Similar functionality for a Risk Register, a key governance function, would also be an excellent addition.

I manually do this currently with a table like below:

Risk

 

Impact
(Very Low, Low, Medium, High, Very High)

Probability
(Very Low, Low, Medium, High, Very High)

Strategy/action

Capital gains tax introduced and market slows High Low

1) 

2) 

3) 

       
  • Guest
  • Jun 6 2018
  • Attach files
  • Guest commented
    19 Mar 11:46pm

    This sounds like a great idea to improve governance for Directors.

  • Guest commented
    6 Mar 01:24am

    Hi BoardPro. I've again got clients asking for this and see it has 31 votes now, so is near the top of the user wishlist. Where is it at please?

  • Guest commented
    27 Feb, 2020 12:23am

    Hi BoardPro. I've just returned after some time away, and am wondering where this Risk Register idea from Jun 2018 is at?

     

    13 upvotes suggests strong  user demand.

     

    The best risk register approach I've come across in recent years is as follows:

    > Column 1 = "Risk"
    > Column 2 = "Impact" (or "Severity")

    > Column 3 = "Likelihood" (or "Probability")
    > Column 4 = "Risk score" (by multiplying the previous two fields. 25 is the max)
    > Column 5 = "Mitigation" (or "Strategy" or "Actions" or "Risk Response Action" as one user has suggested below)

    > Then you just rank them all from highest to lowest risk score, and review each meeting.

    > Some businesses also like to categorise risks if they have a lot, e.g. manufacturing risk, economic risk...

  • Guest commented
    8 Jun, 2018 08:29pm

    I like the trigger idea, Gavin. Would certainly help an organisation move at lightning speed when crisis strikes!

  • Guest commented
    7 Jun, 2018 06:35pm

    I would probably adapt the final column above, the 'Strategy/Action' column to be an 'Risk Response Action' button where the response/mitigation would in an action on an owner - the difference this and a normal action being the addition of a non-mandatory 'Trigger' - so the Action may behave per a normal action if the Trigger is not specified, or the Action becomes 'live' only if the trigger event occurs.

  • Guest commented
    7 Jun, 2018 06:30pm

    Risk reporting is often a complex and diverse area - different organisations can have highly variable risk reporting requirements but I agree that a generic reporting mechanism, similar in execution to the way in which boardPro has address the need for managing Action items and Minutes reviewing, with a special Agenda item type, would be very useful and would definitely add improved governance.