As organisations begin gathering information related to risk management, everything needs to be documented effectively in a ‘Risk Register’.

A Risk Register (also known as a Risk Log) is a table formed database listing information from the various steps in the risk management process. There is no structure ’set in stone’ to our risk register, in fact risk registers seem to differ from organisation to organisation, but all tend to include the following information as standard:

• A description of the risk
• The likelihood of its occurrence
• The impact should this event occur
• The overall risk priority.
• The selected treatment method.

Below is a sample risk register of undesirable events related to Information Technology security in a typical organisation.

*Mitigation methods are actions to be taken in advance to reduce the impact of the risk.

*Prevention methods are actions to be taken to reduce the likelihood of the event occurring.

Do take into account that this is only a sample and that details in Risk Registers will differ slightly between organisations.