Working with the risk register
Create, treat and review risks - including multi-entity setups.
The risk register is where identified risks live, get treated and get reviewed on a cycle you control.
Creating risks
Capture likelihood, impact and ownership. Risks link to the controls and assets that mitigate them, so treatment is verifiable rather than aspirational.
Treatment and review
Risk acceptance and closure follow a four-eyes principle: the person who requests a decision can never be the one who approves it. Reviews are scheduled automatically.
Multi-entity risk management
Groups with multiple legal entities can manage a group-wide catalogue and propagate risks to each entity, while entity teams work only in their own register.