ICT-Governance-Framework-Application

Risk Register

Metadata

| Field | Value | |—|—| | Owner | Risk Manager / PM | | Version | 1.0 | | Status | Draft | | Last Updated | 2025-08-08 |

Purpose

Central record of all identified risks across ICT domains using FAIR-based quantitative risk assessment, providing comprehensive risk tracking, ownership, and treatment monitoring.

Structure (FAIR-Enhanced Fields)

Risk Identification

FAIR Risk Assessment

Risk Treatment

Risk Monitoring

FAIR-Based Risk Management Process

1. Risk Identification and Registration

2. FAIR Quantitative Risk Assessment

3. Risk Evaluation and Treatment Planning

4. Risk Monitoring and Control

Views & Reporting

Executive Dashboard Views

Operational Views

Standards Crosswalk

| Standard | Mapping | |—|—| | FAIR | Factor Analysis of Information Risk - Primary methodology | | PMBOK | Plan/Identify/Monitor Risks | | ISO 31000 | Risk management principles | | NIST 800-30 | Risk assessment | | COBIT 2019 | Risk management and governance alignment | | ISO/IEC 27001 | Information security risk management | | COSO | Enterprise risk management framework |

Compliance Checklist

References

Version History

| Version | Date | Author | Notes | |—|—|—|—| | 1.0 | 2025-08-08 | Risk Manager | Initial draft aligned to style guide |