Enterprise Risk Register Checklist

• Strategic (5): market shift, competitive disruption, regulatory change, geopolitical, reputation
• Financial (4): liquidity, FX/commodity, credit, cost inflation
• Operational (4): key supplier, tech outage, cyber, key person
• People (3): talent loss, leadership transition, culture
• Compliance and legal (4): litigation, IP, data protection, anti-bribery

Each with likelihood, impact, mitigation owner, next-review date, and trigger thresholds for escalation.

• Net risk score = likelihood × impact / controls
• Top five risks reviewed every board meeting
• Full register reviewed quarterly

Each risk: likelihood (1-5), impact (1-5), current control strength (1-5). Every material change in net score triggers a written update. Without the rhythm, the register rots within six months. With it, it becomes a living discipline — the most important single artifact in boardroom governance.

• Add a section for emerging risks — ones not yet material but worth watching
• AI regulation, climate policy, geopolitical shifts, new technology paradigms
• Early warning beats late reaction — the enterprises that move before regulators, activists, or markets force them to are the ones who compound through uncertainty
• Emerging-risk discipline is how boards earn their keep

Each with a 'we'd act if' trigger.