Working with the risk register

Create, treat and review risks - including multi-entity setups.

The risk register is where identified risks live, get treated and get reviewed on a cycle you control.

Creating risks

Capture likelihood, impact and ownership. Risks link to the controls and assets that mitigate them, so treatment is verifiable rather than aspirational.

Treatment and review

Risk acceptance and closure follow a four-eyes principle: the person who requests a decision can never be the one who approves it. Reviews are scheduled automatically.

Multi-entity risk management

Groups with multiple legal entities can manage a group-wide catalogue and propagate risks to each entity, while entity teams work only in their own register.

On this page

Section