What should be included in a risk register?

Risk registers should draw together the key information for the highest priority risks:

  • Clear identification of the risk
  • Consequences of that risk becoming a reality
  • Action required to manage the risk – the controls appropriate for the risks identified
  • Describe the controls already in place
  • Further action required, identifying the timescale and responsibility for the action. This will then need to be monitored

This risk register should be shared with the full trustee board. Although a committee may take the lead on the risk management process, the whole board should be aware of the highest ranked risks. The management team should be able to explain the actions being taken to manage those risks.

Want to discuss further?

More from this service area?

Related resources

-

-