Skip to main content

1.10 IT Risk Register

1.10 IT Risk Register



·         Risk register serves as a central repository for all risk related documentation. It documents the entire risk universe of the organization. It maintains inventory of identified potential risk.


·         Risk register includes following information for each risk:


§  Description of the risk

§  Probability/likelihood of occurrence

§  Impact

§  Risk score

§  Risk owner

§  Controls implemented

§  Residual risk

§  Risk response action plan


·         Process of maintaining a risk register begins from risk identification stage itself.  Results of risk identification are the initial entries into the risk register.


·         Risk register should be reviewed at periodic interval to ensure that same is updated with new risk. Risk register helps to track each risk. Best way to ensure that risk register is updated and accurate is to publish the same centrally with workflow feature to automate risk assessing and risk polling process.


·         Risk register provides value to the organization by:


§  Driving the risk response plan

§  Improving the decision making for risk


·         Risk register improves the decision making process for risk response as all the relevant information related to specific risk is captured and available to evaluate and determine the prioritization of risk responses.



Key aspects from CRISC exam perspective


CRISC Question

Possible Answer

Best way to ensure that an accurate risk register is maintained over time

A centralized risk register with automated risk assessing and polling features.

Main advantage/purpose of creating and maintaining a risk register is to

Documentation & inventory of all identified risks

Preparation of a risk register begins in which risk management process

Risk identification phase

Document that improves decision making by providing all the relevant information about risks

Risk Register

Value of risk register is best described as

·         It drives the risk response plan

·         Improves decision making for risk



Video Tutorial - 1.10 IT Risk Register


Practice Questions - The IT Risk Register

Popular posts from this blog

1.1 Risk Capacity, Risk Appetite and Risk Tolerance

1.1   Risk Capacity, Appetite and Tolerance First step of any risk management learning is to understand following three important terms: Risk Capacity Risk Tolerance  Risk Appetite  Let us understand the difference between Risk Capacity, Risk Appetite and Risk Tolerance:   Parameter Descriptions Risk Capacity Maximum risk an organization can afford to take. Risk Tolerance Risk tolerance levels are acceptable deviations from risk appetite. They are always lower than risk capacity. Risk Appetite Amount of risk an organization is willing to take.   Let us understand this with an practical example: Mr. A’s total saving is $1000. He wants to invest in equities to earn some income. Being risk conscious, he decides to invest only up to $700.  If the markets are good he is willing to further invest  $50.  Risk Capacity: Total amount available i.e. $1000 RIsk Appetite: His willingness to take risk i.e. $700 Risk Tolerance: Acceptance deviation from risk appetite

Welcome to first ever Web Book on CRISC (Certified Risk & Information System Control)

We welcome you to access this web book on CRISC (Certified Risk & Information System Control) by ISACA.   Features of this web book are as follow:  This web book is designed on the basis of official resources of ISACA.  Web book is designed specifically for candidates from non-technical background. Topics are arranged segment wise and aligned with latest CRISC Review Manual.  500 + Exam oriented practice questions.  Start your preparation here: Chapter 1   Chapter 2   Chapter 3   Chapter 4   CRISC - Recorded Lectures  We are happy to announce that CRISC lectures is now made available in Udemy in recorded form. You can access them at any time as per your convenience. You will have life time access for the recorded lectures.  Following are the salient features of the lecture: This course is designed on the basis of official resources of ISACA. Course is designed specifically for candidates from non-technical background. Topics are arranged segment wise and aligned with lates

2.7 Risk Analysis Methodologies

2.7 Risk Analysis Methodologies Risk analysis is the process of ranking of various risk so that areas of high can be prioritized for treating them.   Risk can be measured and ranked by use of any of the following methods:   Quantitative Risk Assessment Qualitative Risk Assessment Semi-quantitative Risk Assessment   Factor that influence the selection for above technique is availability of accurate data for risk assessment. When data source is accurate and reliable, organization will prefer quantitative risk assessment as it will give risk value in some numeric terms like monitory values. Monetary value is easy to evaluate to determine the risk response. Quantitative Risk Assessment In quantitative risk assessment, risk is measured on the basis on numerical values. This helps in cost benefit analysis as risk in monetary term can be easily compared to cost of various risk responses.   In quantitative risk assessment, various statistical methods are us