Risk Register reporting and Evidence Pack
Risk Register summary counts surface on four reporting surfaces: a dashboard tile, a Position Summary section ("Risk Register Oversight"), a board-report section ("Risk Register Coverage"), and the Evidence Pack ("Risk Register"). Counts cover active risks, high/critical residual risks, accepted risks, overdue reviews, and missing owners. The Evidence Pack also exports a per-risk row table and a risk activity summary scoped to recent risk_* audit events.
Open the Compliance dashboard to see the Risk Register tile. Open Position Summary for the narrative section. Generate the board report or download the Evidence Pack to include risks in the exported document.
Bringing the Risk Register onto the same governance surfaces as the Asset Register lets leadership see risk ownership, treatment, and review attention points without leaving the dashboard or report. Operator-supplied free text — risk descriptions, treatment notes, acceptance notes, retire reasons — is deliberately not exported on any of these surfaces; only structured fields and presence flags leave the Risk Register.
Risk-to-Control mapping is now live as a Phase 4 MVP — see "Treatment & safeguards on a risk". Full Control Library expansion, formal exception/acceptance records, risk-aware attestation, and risk-driven issue creation remain deferred. Until they ship, the Risk Register reporting surfaces show what is recorded, who owns it, and whether it is due for review — not whether a risk has been resolved.
