A risk register is a crucial risk analysis tool used in enterprise risk management. It is a record of information of identified risks. A risk register is used for regulatory compliance and keeps risk managers updated about the enterprise risks. It is important to regularly monitor risks and responses. A risk register simplifies this task by showing at a glance:

• Which risks exist?
• Which risks are the most threatening?
• How must the enterprise deal with those risks?
• Should some risks be accepted?
• What is the mitigation plan?

The components of the Risk Register are the following:

• Entities that are assessed for risks.
• The risk assessment methodology that is used for risk assessment.
• The assessor of the risk assessment
• The risk assessment scores for:
  • Inherent risks
  • Control effectiveness
  • Residual risk
• The risk responses for each risk.