Risk register information

You asked

Please can you provide me with the information below.

1. Does your organisation have a risk register?

2. How many separate risk registers does your organisation have?

3. Approximately how many risks are on your largest risk register?

4. Approximately how often is/are the risk register(s) reviewed per annum?

5. What IT software is the risk register held on (eg Excel)?

6. Please can you send a copy of the risk register column headings (as a single row in Excel if easiest).

7. Do provide a graphical representation of the risk register for your board/senior management/leadership team? If so please can you send a copy of the summary, even if anonymised?

We said

Thank you for your recent request. The answers to your questions are as follows;

1. Yes, we have a corporate risk management database which records all strategic and operational threats, issues and opportunities

2. Aside from the corporate database we have several ‘lower level’ registers aligned to projects within the business that are maintained by Project Managers. However, any corporate risk is expected to be logged on the single corporate risk register.

3. 86 x Threats, 21 x Opportunities & 9 x Issues. Threats and Opportunities together represent the risks we face.

4. The corporate risk register is reviewed on an ongoing basis both by the owners of each risk and by our central Assurance & Risk team. Risks are expected to be reviewed at a frequency determined by the severity of the risk and the central team constantly assess the register for impending updates required and to improve the narrative to effectively detail the progress made within each entry.

5. The corporate risk register is currently held on Lotus Notes but we are moving to a SharePoint platform in the very near future. Lower level project registers are held on Excel.

6. The headings are as follows;

• Reference number
  
• Title
  
• Cause
  
• Event
  
• Impact
  
• Original Exposure to ONS
  
• Current Exposure to ONS
  
• Target ONS Exposure
  
• Risk Type
  
• Raised By
  
• Raised Date
  
• Risk Owner
  
• Quality Assurer
  
• Co-ordinator/Champion
  
• Strategic Risk (the ‘risk type’ each risk is linked to)
  
• Directorate
  
• Division
  
• Branch
  
• Risk Category
  
• Programme/Project
  
• BAU
  
• Proximity
  
• Associated Risks
  
• Risk Assessment/Evaluation
  
• Treatment Plan
  
• Target Date
  
• Mitigating Actions & Updates
  
• Risk Owner Review
  
• Contingency Plan
  

7. We provide several risk reports for various parts of the governance structure. Some are detailed for particular projects and some are summary reports or visualisations for senior level. One example is in the associated download which shows a visualisation of risks vs targets. Note the title of each risk has been removed.