Not logged in - Login
< back

Risk Register

Risk Register – outputs each of the risk statements, the risk treatment decision and the owner. Each risk that is identified should be reviewed and undergo treatment by applying one of the following:

  • Reduce – Apply the recommendation and improve the appropriate control
  • Accept – Knowingly and objectively accept the risk
  • Avoid – Change the business or environment to stop completing the related activity
  • Transfer – Outsource/transfer the risks to other parties.

Overview of Risk Register

The 'Risk Register' page within Abriska can be reached by selecting ‘Risk Assessment’ and then 'Risk Register' from the sidebar on the organisation home.

Abriska enables all sources of risk, events that might affect the achievement of objectives (whether creating, enhancing, preventing, degrading accelerating or delaying their achievement), areas of impact and their causes to be identified and listed and their ownership documented. These can be identified through referencing and reviewing Abriska’s threat libraries and/or through custom input collected by the organisation through a variety of information gathering techniques.

Risk Register

When clicking into a risk it is broken down into several areas to help you navigate the risk and manage it.

Risk Detail

  • Risk Identification - You can assign a 'Title' to make it easier to identify, assign a 'Risk Owner' to manage the detail around treatment and actions.
  • Risk Components - Clearly states what assets, threats and vulnerabilities and part of this assessment, also for reporting purposes it identifies which assessment this risk is part of.
  • Linked Controls - Identifies the controls linked to this risk and shows you the current and proposed maturity score.
  • Related Risks - You can identify if this risk is associated to another.
  • Risk Analysis and Evaluation - Shows calculation of 'Inherent', 'Controlled' and 'Treated' risk score, you may also see the history.
  • Risk Treatment - Identifying the 'Risk Strategy', 'Treatment Owner' and a review date.
  • Risk Actions - You can view current or resolved actions and create new to align with the treatment strategy. An action owner is identified and implementation date proposed, if the date is moved, this is recorded for auditing purposes and comments or status updates can be added.
    The 'Risk Owner', Risk Treatment Owner' and Risk Action Owner' will all receive weekly notifications (ensuring this is switched on - see 'Notifications '), to highlight when a there is a change or the proposed date is due or overdue.
    The Risk Register can be used as a formal record of risks, to document risk analysis, facilitate ownership and management of risks, input into and document the outcomes of the risk evaluation and risk treatment processes.



    Back to Enterprise Risk Management