Using the Enterprise Risk Register

The Risk Register

The 31000 enterprise risk register

Creating a new Risk

To create a new risk you will need to follow these steps. Risk Assessment > Risk Register > Create new Risk

Option 1: Identify Risk

Used to identify a Risk with a description to then be assessed by Org Admin.

Option 2: Identify and Analyse Risk

Used to identify and asses a risk to the business filling in the following information. You must select the Category first, this will then generate a Risk Reference.

Depending on what category is selected there may be a prompt to select which controls help to mitigate this risk.
The final step in adding the risk is to evaluate the Inherent(level with no controls in place), residual(current level), target risk(expected level).

Read Only Risks

This new functionality, available from October 2022, allows identified and analysed risks to be shared with other divisions.

Risk owners and organisation admins can share a risk to all divisions allowing them to be aware of other risks and instead of producing a new similar risk, this can be copied and altered to suit another divisions analysis (likelihood + impact).

To copy a risk, click 'Copy to My Division' in the blue box at the top of the page when viewing the risk. This will open a modal window asking you to select the division to copy to and set the risk owner. Upon submission you will be taken to that new (copied) risk where you can then make edits to the analysis and evaluation, treatment and actions.

All copies of a risk will automatically be linked so that the original and and subsequent scoring can be viewed.

A new notification will be added to highlight how many shared risks there are.

How to activate Read Only Risks

Organisation admins can turn on this feature from: Risk Assessment > RA Management > Configuration > Risk Register Config. Turn the radio toggle to green for 'Read Only Control'.