top of page
what is a KeyRisks Register

A central record for identified severe risks, including statements of their likelihood, potential impact and mitigation measures. 


Used to communicate changes in risk profiles, inform decision-making, allocate budgets and prioritise resources and reduce uncertainty, unpredictability and complexity.

It is developed on's highly reputable and affordable cloud platform in a very straightforward process:

  1. gather risk data for:

  • analytics

  • predictive modeling

  • scenario building

  • simulation

2. calculate vulnerability and severity indicators such as::

  • hazard Impact 

  • exposure likelihood

3. make informed risk response decisions to:

  • accept / tolerate

  • avoid / remove

  • reduce Impact / likelihood

  • transfer to insurance, by contract or other means

  • crisis plan

It provides an objective source of risk knowledge

take a questioning approach
other things you need to ask
  1. Do you know your current total cost of risk (TCOR)?

  2. Is your risk management budget adequate in terms of dealing with all the big threats?

  3. Do you have a cloud “platform” that allows you to collect, access, maintain and communicate key risk issues?

  4. Are you concerned that some of your key risks have gone unnoticed or are underestimated?

  5. Do you currently have the right level of internal capabilities for predicting, measuring and mitigating harmful risks?

  6. Have you assessed the interconnectedness of keyrisks such as breach of contract, cyber and conduct risk

  7. Have you prepared the following in case harmful risk materialises?

    1. Business Impact Analysis

    2. Incident Response Plan

    3. Disaster Recovery Plan / Crisis Management Plan

    4. Business Continuity Plan

  8. What happens when something goes wrong – do you learn and share lessons from it?

Note: Total Cost of Risk (or TCOR) is the only accepted measurement of an organization’s entire cost structure as it relates to risk.

bottom of page