Risk registers should identify:
- a description of each risk and its potential consequences (operational and strategic);
- factors that may impact upon the likelihood and consequence of the risk;
- an assessed risk grade – Low, Medium, High or Extreme;
- whether the risk grade is acceptable;
- actions and controls that currently exist to mitigate risks;
- early warning factors and upward reporting thresholds.