According to ISACA, a risk register is a tool to record and track the identified risks, their ratings, responses, and status. The primary purpose of a risk register is to provide a centralized view of risk for the organization, as it enables the consolidation, communication, and reporting of risk information across different levels, units, and functions. A risk register can also support the risk management process, such as risk identification, assessment, treatment, monitoring, and review.
[References:, •ISACA, Risk IT Framework, 2nd Edition, 2019, p. 761, •ISACA, Capability Maturity Model and Risk Register Integration: The Right Approach to Enterprise Governance2, , , , , , , , , , ]
Submit