How to Document Risks Effectively: Central Risk Register vs. Risk Aligned with Goals

In this case study, we compare two practical approaches to managing/documenting risks:

We explore if and how these practices can be combined for better risk resilience.

An example of a risk register functional scorecard.

An example of a risk register in a functional scorecard automated by BSC Designer. Source: View Risk Register online in BSC Designer Risk Register.

Method 1: Managing Risks with Risk Register

A risk register is a dedicated functional scorecard where all risks relevant to an organization are categorized in a hierarchical structure.

For example, we can have a branch of “Climate Change Risks” with sub-branches of “Business Continuity Risks” and “Supply Chain Risks.” Inside each category, we can list more specific risks.

For Business Continuity Risks:

  • Power outages
  • Flooding of office premises
  • Infrastructure failure
  • Workforce availability during extreme heatwaves

For Supply Chain Risks:

  • Transportation disruptions
  • Damage to inventory in warehouses
  • Reduced production capacity
  • Dependency on single suppliers
  • Loss of raw materials

Aligning Risk Register with Strategy or Incident Log

We can align specific risks or categories of risks with:

  • Relevant strategies/goals in other strategic scorecards or
  • With an incident log tracked in separate functional scorecards.

To align a risk from the risk register in BSC Designer:

  1. Select existing risk in the risk register scorecard or add a new one
  2. Open the strategic or functional scorecard, select the relevant goal or internal control.
  3. Copy the risk in the risk register and paste it into the strategy scorecard, selecting the connection by Context.

The connection between the risk register and the specific objective will be displayed on the Context tab.

Integrating Risk Register and Incident Log

A business continuity scorecard is an example of an alternative approach where:

  • Inventory of critical infrastructure
  • Risk register
  • Possible response scenarios
  • Incident logs

are integrated into a single functional scorecard.

Advantages of the risk register approach:

  • Better risk visibility and awareness.
  • Easier risk reporting.

Disadvantages:

  • Promotes a risk-first approach rather than an objective-first approach.
  • Requires manual alignment of risks with objectives.

Risk register is best for:

  • Risks that are common to various objectives.
  • General risks in the analysis stage, not yet projected onto the organization’s strategy or specific objectives.

Method 2: Objective-Centric Risk Management

Objective-centric risks are defined directly on the strategy scorecard, in the context of a specific objective.

Steps to Add a Risk to an Objective in BSC Designer

With the objective-centric approach, the risk is aligned with its parent objective “by design.”

Adding risk indicator in BSC Designer

Additionally, we can align a risk with other relevant objectives or internal controls.

To align objective-centric risks in BSC Designer:

  • Select a risk.
  • Use the Copy command in the Tools menu.
  • Select the goal, indicator, or action plan relevant to the risk.
  • Use the Paste command in the Tools menu.

Advantages of the objective-centric approach:

  • Focuses on the objective-first approach.
  • Provides clear visibility of the risk context.
  • Aligns risk with strategy and objectives “by design.”

Disadvantages:

  • The risk hierarchy/categories are not as obvious.

Best for:

  • Risks relevant to specific objectives.

Requirements of ISO 27001 and ISO 31000

Both standards require proper documentation and reporting of risk management activities and highlight the contextual nature of risk (“the effect of uncertainty on objectives”).

With these general requirements in mind, both approaches to risk documentation can be considered valid.

How to Organize Risks: Risk Register vs. Goal-Specific Risk

Summary: Hybrid Approach

In practice, we observe:

  1. The objective-centric approach during the early stages of strategic planning.
  2. A combination of the central risk register approach and objective-centric risk definitions in the later stages.

In addition to scorecard-level dashboards with risk diagrams and risk heat map diagrams, the global dashboard function addresses the risk visibility challenge. This function allows risks from all strategy and functional scorecards to be visualized in the form of a heat map diagram or as a list of risks with their respective statuses.

What's next?
  • Sign up for a free account at BSC Designer to access the scorecard templates, including 'Risk Register' discussed in this article.
  • Follow our “Strategy Strategy Implementation System to align stakeholders, strategic ambitions, and business frameworks into a comprehensive strategy.

More About Strategic Planning

Strategic Planning Process:
BSC Designer software will support your team on all steps of strategic planning.
Examples of the Balanced Scorecard:
Examples of the Balanced Scorecard with KPIs
Strategy Maps:
8 Steps to Create a Strategy Map By BSC Designer
Cite as: Alexis Savkín, "How to Document Risks Effectively: Central Risk Register vs. Risk Aligned with Goals," BSC Designer, June 22, 2024, https://bscdesigner.com/managing-risks.htm.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.