Examples
Example Risk Register
Use this example to calibrate risk language. Replace the example entries with evidence from the client environment.
Example entries
| Risk | Impact | Owner | Next step |
|---|---|---|---|
| Critical services have no tested rollback path | Failed deployments may extend customer impact | Engineering lead | Document current process and add rollback workflow |
| Production secrets are manually rotated | Credential leaks or outages are harder to contain | Security partner | Inventory secrets and move pilot service to approved store |
| Alerts page on infrastructure symptoms only | Responders may miss user-impacting failures | SRE lead | Define SLO burn alerts for critical workflow |
| Untagged cloud spend is above target | Teams cannot own or reduce cost drivers | Finance partner | Enforce required tags on new resources |
| Runbooks are stale for critical services | Incident recovery depends on tribal knowledge | Service owners | Exercise and update top five runbooks |
Risk quality checks
A good risk entry:
- Describes consequence, not just condition.
- Names the affected system or workflow.
- Links to evidence.
- Has an owner.
- Has a next step.
- Has a review date or decision needed.
Watchouts
- Do not list every inconvenience as a risk.
- Do not accept risks silently through inaction.
- Do not leave severe risks without escalation.