Risk Management > Common > Risk Register - All

Risk Register Definition: Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives. Risk management is the activity of managing all the registered risks which are raised in the organisation or environments. The progression of risk cases should be managed continuously.

Risk Register Function: The manage and analysing of all registered risks.

The risk register detail can be viewed in different views:

  • Risk register - All : List of all risks that were raised and created
  • Risk register - Open : List of the risks that are NOT in one of the following statuses = Tolerate; Terminate; Transferred or Resolved
  • Risk register - Due for review : List of all the risks that are in the Tolerate Status
  • Risk register - New : Register a new risk case with the wizard

Tasks that use this form

Create new risk

Analyse a risk

Setup risk characteristics

Setup risk actions

Navigating the form

The following tables provide descriptions for the controls in this form:

Risk Action Pane

Control name

Description

Risk New

Create a new Risk

Edit

Edit a risk record

Delete

Delete a risk record

Setup

The function is used to add setup information

  • Risk Characteristics
  • Risk Actions

Additional information

The function is used to add additional information

Status

The function is used to change the status of the risk as the responsible person progresses through the mitigation of the risk.

Delay

The function is used to create a delay codes for the selected risk.

Attachments

This button is a document handling function

Manage Action Pane

Control name

Description

Change specification

This function will allow you to change the risk priority specifications. (Type, Impact and Likelihood)

Update characteristics

This allow for the update of risk characteristics and risk actions created for this risk type.

Refer a risk

This function is used to refer the risk and give a reason for the referral.

Analyse Action Pane

Control name

Description

Incident

Create a new incident from this risk.

Maintenance

Create a new maintenance execution work order from this risk.

Cause

Add cause/s related information findings to the risk after analysing and assessment.

Effect

Add the risk consequences/effects related information findings after analysing and assessment.

Risk assumptions and uncertainties

Add assumptions and uncertainties related to risk after analysing of this risk.

Risk related

Maintain the risk related information for the selected risk.

History

View the history entries/events for this risk.

Note : Find Record

The find function can be used to find specific records selected from the pre-defined criteria.

Line View

This tab is displayed only in the line view of the form.

Field name

Field description

Risk ID

This field is system generated a code or number uniquely identifying the risk that was raised.

Risk Description

This is a short detailed description to define the risk.

Date/time reported

This field defines the date/time that the risk was raised in the system.

Date/time observed

This defines the date/time that the risk was observed or discovered.

Plan duration

This field defines the period planned to resolve/review this risk. The duration period unit of measurement is setup as a risk action.

Plan UOM

This field defines the unit of measure that will be used to define the duration period.

Earliest resolution

The field defines the earliest date that the risk will be resolved if all the risk actions are run in parallel with each other.

Latest resolution

The field defines the latest date that the risk will be resolved if the risk actions runs one after the other.

Risk type

This field defines specific classification of the different types of risk. This is definable with a base data table. There are many different types of risk that risk management plans can mitigate. Common risks include things like accidents in the workplace or fires, tornadoes, earthquakes, and other natural disasters. It can also include legal risks like fraud, theft, and sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records.

Risk appetite

Risk Appetite is a method to help guide an organisation’s approach to risk and risk management. The level of risk that an organisation is prepared to accept, before action is deemed necessary to reduce it. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings. Organisations have to take risk to make a profit, or deliver value to their stakeholders. The level of risk they pursue is their appetite for risk. But they may be able to tolerate, or absorb, a different level of risk without significant impact on achieving their strategic objectives. This is their tolerance.

The appropriate level will depend on the nature of the work undertaken and the objectives pursued. For example, where public safety is critical (e.g. operating a nuclear power station) appetite will tend to be low, while for an innovative project (e.g. early development on an innovative computer program) it may be very high, with the acceptance of short term failure that could pave the way to longer term success.

Risk importance

Define the risk importance that is used as a measurement instrument when assessing risk. This indicates the seriousness of the risk materialising, and can for example scored on a scale of 1 – 5. The higher the value of importance (1=Negligible and 5=Catastrophic), the higher is the risk.

Risk Sub-Type level 1

This field defines the next level of classification of the selected risk type. (For example: Risk type = Financial, Sub types level 1 = Accountability, Strategy and External). There can be multiple sub types for a risk type.

Risk appetite

See definition under the Risk type = Risk appetite.

Risk importance

See definition under the Risk type = Risk importance.

Sub-type level 2

Define a unique identifying code for a risk sub-type. This field defines the next level of classification of the selected risk type and sub type level 1. (For example: Risk type = Financial, Sub types level 1 = Accountability, Sub types level 2 = Fraud, Misrepresentation, Incompetent). There can be multiple sub types for a risk type.

Risk appetite

See definition under the Risk type = Risk appetite.

Risk importance

See definition under the Risk type = Risk importance.

Impact

This field defines the impact and is the effect a risk has if it does occur. It can also be defined on a relative scale or mathematically. The definition for impact is developed during risk management planning. The team documents in the project management plan detail how probabilities and impacts are measured. For example, a red/yellow/green scale might be used, where high-probability, high-impact risks are red; low-probability, low-impact risks are green; and so forth. A probability and impact matrix can also be used.

Risk impact defines the assessment of the process for assessing the probabilities and consequences of risk events if they are realised. The results of this assessment are then used to prioritise risks to establish a most-to-least-critical importance ranking. Ranking risks in terms of their criticality or importance provides insights to the project's management on where resources may be needed to manage or mitigate the realisation of high probability/high consequence risk events.

Likelihood

Likelihood is the chance that something might happen again or re-occur. Likelihood can be defined, determined, or measured objectively or subjectively and can be expressed either qualitatively or quantitatively (using scale calculations). This represents the likelihood of the risk materialising, and can for example scored on a scale of 1 – 5. The higher the value of likelihood (1=Rare and 5=Almost certain).

Priority

Risk priority is per definition the rating resulted by combining the assessed likelihood of a risk to occur (i.e. risk probability) and its projected impact.

Stakeholder

A stakeholder is a person or an organisation that can affect or be affected by a decision or an activity. Stakeholders also include those who have the perception that a decision or an activity can affect them.

Risk status

This field defines the status action of the risk, and indicates in what state the risk is.

Stage risk

This field can be used if the different status actions have various stages assigned on which you want to work/report.

BCM Indicator

Business Continuity Management can be defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats—if realised—might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities. This field defines that a business continuity plan is in place if this indicator is ticked.

Event code

Select the pre-defined event template for the business actions and tasks to indicate how this risk will be managed.

Risk weighted average

Add the risk weighted average value. Risk weighting adjusts the value of a asset for risk, simply by multiplying it be a factor that reflects its risk. Low risk assets are multiplied by a low number, high risk assets by 100% (i.e. 1).

Impacted service lines

This grid is displayed only in the line view of the form.

Button

Description

Add line

Use this to add another service line that can be impacted by risk that was raised.

Remove

Use this to remove a service line that can be impacted by risk that was raised.

Field

Description

Service type

Select from the drop down the area that will be affected/impacted by the risk that was raised. Multiple service areas can be affected, and the service type differentiate between service catalogue areas, objects or resources.

Service code

This field defines the type = service catalogue and select from the pre-defined service catalogue records the code.

Type of resource

This field defines the resource type that will be impacted by risk. (For example resource type = Trade)

Resource code

This field defines the resource code that will be impacted by risk. (For example resource code of trades = mechanic)

Object code

This field defines the object that will be impacted by risk. (For example object type = Vehicle)

Structure code

This field defines the structure position that will be impacted by risk.

Specific ID

This field is selected to define the specific asset that will be impacted by this risk.

Risk description

This field defines the description of the risk on the service line.

Date/time reported

This field is the date/time when it was discovered that the impacted service line will be affected by the risk.

Line details

This tab is displayed only in the line view of the form and is the line details for the impacted service line.

Tab

Field

Description

General

Risk Description

The description that defines the detail about the risk.

Setup

Organisation

This field defines the organisation that will be impacted by this risk.

Organisation structure

This field is the structure position of the organisation impacted by the risk.

Location code

This field defines the location that will be impacted by this risk.

Location structure

This field is the structure position of the location impacted by the risk.

Planned duration (hours)

This field defines the planned duration for this risk actions to be completed.

Planned UOM

This defines the unit of measure that will be used to calculate the planned duration for the risk actions to be completed.

Actual duration

This field defines the actual duration for this risk actions to be completed.

Actual UOM

This defines the unit of measure that will be used to calculate the actual duration for the risk actions to be completed.

Header View

This detail is displayed only in the header view of the form.

Fast Tabs

Field

Description

General

Risk Description

This is a short detailed description to define the risk.

Risk status

This field defines the status action of the risk, and indicates in what state the risk is.

Stage risk

This field can be used if the different status actions have various stages assigned on which you want to work/report.

Specification

Impact

This field defines the impact and is the effect a risk has if it does occur. It can also be defined on a relative scale or mathematically. The definition for impact is developed during risk management planning. The team documents in the project management plan detail how probabilities and impacts are measured. For example, a red/yellow/green scale might be used, where high-probability, high-impact risks are red; low-probability, low-impact risks are green; and so forth. A probability and impact matrix can also be used.

Risk impact defines the assessment of the process for assessing the probabilities and consequences of risk events if they are realised. The results of this assessment are then used to prioritise risks to establish a most-to-least-critical importance ranking. Ranking risks in terms of their criticality or importance provides insights to the project's management on where resources may be needed to manage or mitigate the realisation of high probability/high consequence risk events.

Likelihood

Likelihood is the chance that something might happen or re-occur. Likelihood can be defined, determined, or measured objectively or subjectively and can be expressed either qualitatively or quantitatively (using scale calculations). This represents the likelihood of the risk materialising, and can for example scored on a scale of 1 – 5. The higher the value of likelihood (1=Rare and 5=Almost certain).

Priority

Risk priority is per definition the rating resulted by combining the assessed likelihood of a risk to occur (i.e. risk probability) and its projected impact.

Stakeholder

A stakeholder is a person or an organisation that can affect or be affected by a decision or an activity. Stakeholders also include those who have the perception that a decision or an activity can affect them.

Origin

Reported by

This field defines the detail of the person who reported the risk.

Date/time reported

This field defines the date/time that the risk was reported on the system.

Observed by

This field defines the detail of the person who observed the risk.

Date observed

This field defines the date/time that the risk was observed.

Analysis

Monetary loss

This field defines the monetary loss scoring that indicates the level of loss.

Business loss

This field defines the business loss scoring that indicates the level of loss.

Risk cause

This field defines the cause of the risk. Select from pre-defined causes.

Effect

This field defines the effect of the risk on the business.

Duration response

This field defines the duration for the risk to be investigated/resolved.

UOM code response

This field defines the unit of measure that was used to define the duration time.

Date/time respond

This field defines the date/time by which the responsible person should respond on the risk.

Referred risk

This field defines if the risk was referred for further investigation.

Plan duration

This field defines the time that was planned to complete the investigation/resolve the risk.

Plan UOM code

This field defines the unit of measure that was used to define the planned duration time.

Review date

This field defines the date when the risk should be reviewed for further action.

Resolution

Cost

This field defines the actual cost value to resolve the risk that was raised.

Currency code

Select the currency code to define the cost value of the risk.

Actual duration

This field defines the actual time for the risk to be resolved.

Actual UOM code

This field defines the unit of measure that was used to define the actual duration time.

Completed date

This field defines the date/time when the risk was completed.

See also

Risk Actions

Risk Analysis