Risk register

Category: Risk management frameworks · Reviewed by Simon Temme, Account Executive · Last reviewed

Risk register

A risk register is the central record of identified risks, their assessment, ownership and treatment. It is the most basic operational artefact of any risk management system and is referenced in ISO 31000, COSO ERM and the PRA’s Insurance Rulebook.

Minimum columns

A practical register contains, at minimum:

Field Purpose
Risk ID Unique reference for traceability
Risk description Specific, observable event (not a generic category)
Cause(s) The drivers that could give rise to the event
Consequence(s) What happens if the event occurs
Inherent likelihood / impact Pre-control assessment
Current controls What is in place today
Residual likelihood / impact Post-control assessment
Risk owner A named individual (not a committee)
Treatment / action Tolerate, transfer, treat or terminate, with action owner and due date
Last reviewed Date of last formal review

Beyond the spreadsheet

In small firms a spreadsheet is sufficient. As complexity grows, registers should integrate with:

Common failure modes

References

Cross-references

Maintained by Matt Bartlett, Director, Apex Insurance Brokers Limited. FCA FRN 724952. Companies House 07014570.

Talk to a specialist broker

Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.

Get a quote
Our service promise. We acknowledge every quote request the same working day. For straightforward risks, indicative terms typically follow within five working days. Complex risks — higher-risk buildings, cladding, mid-term proposals requiring fresh underwriting — may take longer; we’ll send you a progress note by the end of the fifth working day in those cases.
★ 4.0 on Trustpilot (verified)|Listed on the ARB PI broker list|FCA FRN 724952