Posts

How to Build Your Risk Register

One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.