Professional Documents
Culture Documents
Definitions For Template - Full Risk Register
Definitions For Template - Full Risk Register
Impact Impact
Value Reputation Impact
Rating
Marginal 0.05 Little or no impact.
May be noticeable
by a limited
Significant 0.10
audience, some
embarrassment
Damage to
Serious 0.20 reputation, loss of
confidence
Loss of business
confidence,
Very Serious 0.40 compromise of
large amount of
information
Complete
Catastrophic 0.80 compromise of
information.
Example: Very Serious
Impact Value Impact value of impact rating given.
(Part of Semi-
Quantitative) Example: 0.40
Risk Exposure Level Identify probability value * impact value;
then use scale to identify exposure level.
Example: (0.70)*(0.40) = 0.28
High
Medium
Low
Probabilit
y
0.04 0.0 0.1 0.3 0.7
0.9 5 9 8 6 2
0.03 0.0 0.1 0.2 0.5
0.7 5 7 4 8 6
0.02 0.0
0.5 5 5 0.1 0.2 0.4
0.01 0.0 0.0 0.1 0.2
0.3 5 3 6 2 4
0.00 0.0 0.0 0.0 0.0
0.1 5 1 2 4 8
Impact -> 0.05 0.1 0.2 0.4 0.8
Example: High
Template – Full Risk Register definitions
Business Impact How will the mitigating control affect the business?
Analysis Changes can affect business operations:
performance, end users, computer systems, etc.
Example: Automatic plugins can impair
functionality and cause additional downtime.
Members/Roles: John/CEO
Mark/Auditor
Documentation Reviewed: risk analysis
General Outcome of the reviewed risk
Meeting: analysis
Ending time: 3:00 p.m.
Action items until next Implement four
meeting: approved
mitigating
controls.
Date of next Meeting: MM-DD-YYYY
Approved Risk Risk management is part of due care and due
Management Response diligence in choosing how the organization decides
to proceed with risk (accept, mitigate or transfer).
Accepting a risk takes place when a risk identified
during a risk assessment, and its impact, analyzed
and deemed to be an acceptable risk. Avoid refers
to ignoring the risk without properly analyzing its
potential impact.
Example: Mitigate. Hire the webmaster
immediately.
Approved by The Risk Owner is usually the Asset/Data Owner or
(Risk Owner) the Business owner. The owner determines
whether to Accept, Mitigate, or Transfer the Risk.
Example: John Smith, CEO
Risk Mitigation Control Keeping track of the lapse in time between the
Implementation Date approval and implementation date is critical, as it
shows for how long the control was approved but
not implemented. There can be multiple factors.
Example: MM-DD-YYYY
Risk Mitigation Control Justification for any delays in the implementation
Implementation Delay of an approved control.
Template – Full Risk Register definitions