According to the CRISC Review Manual1, the risk register is a tool that records the results of risk identification, analysis, evaluation, and treatment. The risk register should be populated as soon as possible in the risk management process, to capture and document the risks and their attributes. The best time for the risk practitioner to start populating the risk register is when identifying risk scenarios, as this is the first step in the risk identification process. Risk scenarios are hypothetical situations that describe the potential causes, impacts, and responses of a risk event. Identifying risk scenarios helps to generate a comprehensive and relevant list of risks that can be recorded in the risk register. References = CRISC Review Manual1, page 191, 206.