The risk register is not a static list created once and forgotten. It is a living document that should be reviewed at defined intervals (for example, during regular risk reviews, project milestones, or after significant environmental changes) even if no new risks have been detected. Regular updates allow the organization to record changes in likelihood or impact, document mitigation efforts, retire risks that are no longer relevant, and add emerging risks. Updating only when a new risk is discovered-or worse, after a risk materializes-fails to keep decision-makers informed of the current risk landscape.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the risk register called a 'living document'?
Open an interactive chat with Bash
What are examples of events that should prompt an update to the risk register?
Open an interactive chat with Bash
What are the consequences of not regularly updating the risk register?