What is the primary purpose of a risk register?

The primary purpose of a risk register is to serve as a comprehensive database that tracks and documents all identified risks within an organization. It facilitates the ongoing management of those risks by providing a structured way to regularly review and assess risks, including their impact, likelihood, and mitigation strategies. This periodic review is crucial, as it ensures that the organization adapts to changes in the risk landscape and addresses risks proactively rather than reactively.

While the other choices touch upon aspects of risk management, they do not capture the holistic purpose of the risk register effectively. Identifying risks and assigning roles and responsibilities, for instance, is certainly part of risk management practices but does not encompass the broader, ongoing review process. Similarly, identifying threats and probabilities provides essential information but lacks the context of continual assessment and the responsiveness that a risk register embodies. Recording financial amounts of expected losses provides valuable quantitative data, yet it does not represent the primary function of a risk register, which is focused on the overall management and review of risks.