Risk Register vs. Goal-Aligned Risks: Which Is Better for Reporting and Resilience?

Comparison of two approaches to registering risk: central risk register for better risk visibility vs. objective-centric risk definition for better alignment.

Risk management is one of the strategic planning trends we expect to gain more focus in 2024 and 2025. In this case study, we compare two practical approaches to managing/documenting risks:

We explore if and how these practices can be combined for better risk resilience.

An example of a risk register functional scorecard.

An example of a risk register in a functional scorecard automated by BSC Designer. Source: View Risk Register online in BSC Designer Risk Register.

Method 1: Managing Risks with Risk Register

A risk register is a dedicated functional scorecard where all risks relevant to an organization are categorized in a hierarchical structure.

For example, we can have a branch of “Climate Change Risks” with sub-branches of “Business Continuity Risks” and “Supply Chain Risks.” Inside each category, we can list more specific risks.

For Business Continuity Risks:

  • Power outages
  • Flooding of office premises
  • Infrastructure failure
  • Workforce availability during extreme heatwaves

For Supply Chain Risks:

  • Transportation disruptions
  • Damage to inventory in warehouses
  • Reduced production capacity
  • Dependency on single suppliers
  • Loss of raw materials

Aligning Risk Register with Strategy

We can align specific risks or categories of risks with:

  • Relevant strategies/goals in other strategic scorecards or
  • With an incident log tracked in separate functional scorecards.

To align a risk from the risk register in BSC Designer:

  1. Select existing risk in the risk register scorecard or add a new one
  2. A risk selected in risk register

  3. Open the strategic or functional scorecard, select the relevant goal or internal control.
  4. Select an objective that will be linked with the risk

  5. Copy the risk in the risk register and paste it into the strategy scorecard, selecting the connection by Context.
  6. Select linking risk by context to the objective

The connection between the risk register and the specific objective will be displayed on the Context tab.

A risk visualized on the context tab of the objective.

If you need to reference a specific risk outside of the platform, use the link button tool:

Using the risk tool to link to the risk.

Advantages of the risk register approach:

  • Better risk visibility and awareness.
  • Easier risk reporting.

Disadvantages:

  • Promotes a risk-first approach rather than an objective-first approach.
  • Requires manual alignment of risks with objectives.

Risk register is best for:

  • Risks that are common to various objectives.
  • General risks in the analysis stage, not yet projected onto the organization’s strategy or specific objectives.

Method 2: Objective-Centric Risk Management

Objective-centric risks are defined directly on the strategy scorecard, in the context of a specific objective.

Steps to Add a Risk to an Objective in BSC Designer

With the objective-centric approach, the risk is aligned with its parent objective “by design.”

Adding risk indicator in BSC Designer

Additionally, we can align a risk with other relevant objectives or internal controls.

To align objective-centric risks in BSC Designer:

  • Select a risk.
  • Use the Copy command in the Tools menu.
  • Select the goal, indicator, or action plan relevant to the risk.
  • Use the Paste command in the Tools menu.

Advantages of the objective-centric approach:

  • Focuses on the objective-first approach.
  • Provides clear visibility of the risk context.
  • Aligns risk with strategy and objectives “by design.”

Disadvantages:

  • The risk hierarchy/categories are not as obvious.

Best for:

  • Risks relevant to specific objectives.

Alternative: Integrating Risk Register and Incident Log

A business continuity scorecard is an example of an alternative approach where a single function scorecard integrates:

  • Inventory of critical infrastructure,
  • Risk register,
  • Possible response scenarios,
  • Incident logs.

Training programTraining session: 'Risk Management with BSC Designer' is offered as part of our ongoing learning program and included with a BSC Designer subscription.

Training sessions are delivered weekly via Zoom, providing practical insights and personalized guidance. Upon completion, participants receive an attendance certification. Explore all available training sessions here.

Requirements of ISO 27001 and ISO 31000

Both standards require proper documentation and reporting of risk management activities and highlight the contextual nature of risk (“the effect of uncertainty on objectives”).

With these general requirements in mind, both approaches to risk documentation can be considered valid.

How to Organize Risks: Risk Register vs. Goal-Specific Risk

What’s Better for Risk Resilience? Hybrid Approach

To improve risk resilience, organizations can combine the strengths of both a risk register and goal-aligned risk management.

  • The risk register provides a comprehensive overview of potential threats, ensuring documentation and preparedness.
  • By aligning risks with specific strategic goals, organizations can prioritize those that have the greatest impact on key objectives.

In practice, we observe:

  1. The objective-centric approach during the early stages of strategic planning.
  2. A combination of the central risk register approach and objective-centric risk definitions in the later stages.

Use Risk Register Template

BSC Designer helps organizations implement their complex strategies:

  1. Sign up for a free plan on the platform.
  2. Use the Scorecard Template Risk Register template as a starting point. You will find it in New > New Scorecard > More Templates.
  3. Follow our Strategy Implementation System to align stakeholders and strategic ambitions into a comprehensive strategy.

Get started today and see how BSC Designer can simplify your strategy implementation!

Cite as: Alexis Savkín, "Risk Register vs. Goal-Aligned Risks: Which Is Better for Reporting and Resilience?," BSC Designer, June 22, 2024, https://bscdesigner.com/managing-risks.htm.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.