Skip to main content

1.10 IT Risk Register

1.10 IT Risk Register

 

 

·         Risk register serves as a central repository for all risk related documentation. It documents the entire risk universe of the organization. It maintains inventory of identified potential risk.

 

·         Risk register includes following information for each risk:

 

§  Description of the risk

§  Probability/likelihood of occurrence

§  Impact

§  Risk score

§  Risk owner

§  Controls implemented

§  Residual risk

§  Risk response action plan

 

·         Process of maintaining a risk register begins from risk identification stage itself.  Results of risk identification are the initial entries into the risk register.

 

·         Risk register should be reviewed at periodic interval to ensure that same is updated with new risk. Risk register helps to track each risk. Best way to ensure that risk register is updated and accurate is to publish the same centrally with workflow feature to automate risk assessing and risk polling process.

 

·         Risk register provides value to the organization by:

 

§  Driving the risk response plan

§  Improving the decision making for risk

 

·         Risk register improves the decision making process for risk response as all the relevant information related to specific risk is captured and available to evaluate and determine the prioritization of risk responses.

 

 

Key aspects from CRISC exam perspective

 

CRISC Question

Possible Answer

Best way to ensure that an accurate risk register is maintained over time

A centralized risk register with automated risk assessing and polling features.

Main advantage/purpose of creating and maintaining a risk register is to

Documentation & inventory of all identified risks

Preparation of a risk register begins in which risk management process

Risk identification phase

Document that improves decision making by providing all the relevant information about risks

Risk Register

Value of risk register is best described as

·         It drives the risk response plan

·         Improves decision making for risk

 

 

Video Tutorial - 1.10 IT Risk Register

 

Practice Questions - The IT Risk Register

Popular posts from this blog

2.7 Risk Analysis Methodologies

2.7 Risk Analysis Methodologies Risk analysis is the process of ranking of various risk so that areas of high can be prioritized for treating them.   Risk can be measured and ranked by use of any of the following methods:   Quantitative Risk Assessment Qualitative Risk Assessment Semi-quantitative Risk Assessment   Factor that influence the selection for above technique is availability of accurate data for risk assessment. When data source is accurate and reliable, organization will prefer quantitative risk assessment as it will give risk value in some numeric terms like monitory values. Monetary value is easy to evaluate to determine the risk response. Quantitative Risk Assessment In quantitative risk assessment, risk is measured on the basis on numerical values. This helps in cost benefit analysis as risk in monetary term can be easily compared to cost of various risk responses.   In quantitative risk assessment, various statist...
Read more

2.5 Project & Program Management

2.5 Project & Program Management ·          It is very important for a risk practitioner to monitor the risk related to the management of the projects.   ·          Some of major reason for failing of IT projects are:   §   Scope creep i.e. requirements are not properly defined at the initial phase. §   Lack planning resulting into over budget and unavailability of skilled resources. §   Lack of structured project management process. §   Systems not tested before implementation §   Compliance or regulatory issues   ·          Root cause for the system failure is to be determined so the learnings can be applied to all the future projects.   ·          Major cause for a project failure is delay in completion. It may happen to make for the time lapsed...
Read more