Somewhere in your organisation, there is a spreadsheet. It has columns for risk description, likelihood, consequence, rating, and treatment actions. It was last updated three months ago. The person who built it has since left. And nobody is entirely sure who owns it now. This is not a risk management process. This is a risk register as a document - a record of risks as they existed at a point in time, maintained manually, reviewed inconsistently, and disconnected from the operational workflow...

Somewhere in your organisation, there is a spreadsheet. It has columns for risk description, likelihood, consequence, rating, and treatment actions. It was last updated three months ago. The person who built it has since left. And nobody is entirely sure who owns it now. This is not a risk management process. This is a risk register as a document - a record of risks as they existed at a point in time, maintained manually, reviewed inconsistently, and disconnected from the operational workflow...