Key Components of a Corporate Risk Register

Most large enterprises have a procedure for managing corporate risks. The procedure is intended to identify, record, and communicate risks in terms of their comparative importance to the company. The corporate risk register also forms the basis for reporting risk issues in the annual report. The information is usually stored in a central register, catalog, or inventory of risks. This should contain information suitably sorted, standardized, and merged for relevance to the appropriate level of management. Its key function is to provide management, the board, and key stakeholders with significant information on the main risks faced by the business. Every risk in the register should have the following features: opening date, title, short description, probability, and importance. A risk might also have a dedicated manager responsible for its resolution.

A risk register should help management to:

  • Understand the nature of the risks the business faces;
  • Be aware of the extent of those risks;
  • Identify the level of risk that they are willing to accept;
  • Recognize its ability to control and reduce risk.

However, a risk register is often out of date, incomplete, or inconsistent when selecting the appropriate controls and countermeasures for each risk. Many companies, therefore, use outside risk consultants. These consultants, working in conjunction with company staff, are better able to take an objective view of risks, assess their relative importance, and assign priorities.


  • A corporate risk register provides management and the board with important information on the main risks faced by the business.
  • The register allows management to identify and prioritize risks, ensuring that risks with the greatest probability or the greatest potential loss are handled first.

Action Checklist

  • Thoroughly check the risk register against any potential business risk you might foresee and compare similar companies’ risk registers.
  • Research your market and make sure that you have analyzed the consequences of any risks upon your own business.
  • Encourage an atmosphere of openness about the kinds of risks facing the organization. Some risks are obvious, but managers of individual business units may sometimes know more about hidden risks. Only by fully understanding risks can you attempt to counteract them.

  • Dos and Don’ts


    • Seek the advice of specialist strategic risk advisers. Risk management is very complex. Experts from specialist risk management companies can help devise custom risk registers to protect against potential problems.
    • Keep in mind the distinction between risk and uncertainty. Risk can be measured by using the formula: Impact multiplied by Probability.
    • Quantify and differentiate between risks that are merely the cost of doing business and those that might have an impact on objectives.


    • Don’t make the error of failing to check the risk register thoroughly for inconsistencies.
    • Don’t believe that you can totally cover every risk your business could face.
    • Don’t rely on single controls and countermeasures for each risk.