The register contains the following key columns, which you can modify according to your requirements, including changing, adding, or removing the options.

• Risk ID: A unique identifier for each risk.
• Risk Name: A concise name for the risk.
• Risk Description: Detailed explanation of the potential risk.
• Risk Category: Classification of the risk - select or add an appropriate category (e.g., Technical, Financial, Operational.)
• Risk Controls: The controls that currently exist for the risk.
• Likelihood: Current probability of the risk occurring (Between Very Low - Very High.) You can change the options to whatever is suitable to your company, however you will also have to change the formula calculating the risk level.
• Impact: Current severity of the risk if it were to occur (Between Very Low - Very High.) You can change the options to whatever is suitable to your company, however you will also have to change the formula calculating the risk level.
• Risk Level: Combined rating calculated by a formula (Likelihood × Impact.)
• Risk Treatment: What happens to the risk (Treat = take mitigating actions; Tolerate = accept the risk as it is; Terminate = Stop the activity causing the risk altogether; Transfer = transfer the mitigation of the risk to someone or something else, e.g. external contractor, insurance company, etc.)
• Treatment Strategy: Actions planned to reduce or manage the risk.
• Owner: Person responsible for managing the risk.
• Status: Current state of the risk (Not Started, In Progress, Closed.)
• Due Date: When the treatment of the risk needs to be completed.
• Next Review Date: When the risk needs to be reassessed (e.g. in 6, 12 months, etc.)

ℹ️ Note on effective likelihood and impact assessment calculation - if you don’t want to change the rating description and therefore the formula, you can instead allocate a specific meaning to each option - this allows the formula to remain unchanged.

For example:

Likelihood

Happens every week

Rating

Very High

Impact

£1 - £10,000 per annum

Rating

Very Low

(Note that impact can, but does not have to be expressed in monetary terms.)