Risk Register
As previously noted, all identified risks should be captured in the risk register along with details such as description, category, probability, impact, and risk owner. The maintenance of the risk register starts with risk identification.
A risk register is the inventory of all existing risks of an organization. The best method to understand any kind of risk is to review the risk register. It includes details of all risks along with relevant control activities. The most effective use of a risk register is to facilitate a thorough review of all risks on a periodic basis.
Practice Question Set 10
- A risk register is best used for:
- Identification of emerging risks
- Identification of risk owners
- Review of all IT-related risks on a periodic basis
- Recording annualized loss due to an incident