Measuring and managing risk register quality. Risk
registers, while not always the best way to understand
risk and controls, are becoming increasingly widespread.
In many cases writing a risk register is an imposed
requirement so, like it or not, it has to be done. Not
only do more organizations have them, but each
organization has more of them and they are getting
bigger. With this growth comes a growing need to
understand and manage the quality of these registers. Is
the content clear and suitable? Are departmental
registers compatible with each other? Can the design be
improved? How much evidence underpins judgements? These
are some of the questions that people increasingly want
to answer. This article offers suggestions on how to
measure quality in risk registers and how to use those
measurements to improve quality.
