They are usually a list of things that might threaten the business. You can see an example here http://www.ipcc.gov.uk/item13a_260907.pdf They tend to include risks to financial viability, premises, people, reputation etc. Safety may, or may not, appear in the ratings, depending on the type of organisation and the composition of the team that put together the register!

I think that they can be anything that you want them to be. But we use them simply as an index. As we use a system of risk assessment (IOSH risk rating system) in a very large business, we need to focus on the most important stuff at times. So for each location, we have a document that WE call a risk register where the top 6 tasks rated by risk value are noted along with the current action plan for those tasks. We believe that we cannot expect people to be focused at ALL times on every risk assessment that needs attention, but we do expect you to know the 'top of the pops' as it were. Do you know the top 40 chart? Or just the top few every week? Are some more important then others? Of course they are, that's why they have a higher risk value! These local risk registers are collected centrally and in a way that is too long to go into now, a central risk register of the top 6 issues facing the business is produced. The key factors for getting on there are: That which we can't manage locally That which must be common and we need a company approach That which we manage - but you need to know that we are doing it It's not actually that hard to work out the top six really. This divisional register then goes back to the local centers so that they know what plan the company has. If they see that 3 of their issues are not on the divisional document then, they need to recheck their assessments to make sure that they are correct and if they are, they have to realise that they are not in the same position as most others and they need to look at a more local solution for now. For the three that are on there, then they look at the action plan to see what help is coming downwards. These registers change of course as the level of risk associated with these tasks is reduced. So over time the order and content looks quite different. As it should be really. Already, the content of some is looking more like: 1.Med(4) 2.Med(3) 3.Low(2) 4.Low(2) 5.Low(2) 6.Low(1) Whereas a couple of years ago the were: 1.High(9) 2.High(9) 3.High(6) 4.Med(4) 5.Med(3) 5.Med(3) Well you get the idea. We have risk management committees in each location (instead of H&S committees) whose prime focus is the risk assessments and the local and divisional risk registers. We have 80 000 employees across two main companies and the joint board get a risk register of the top three main issues facing us. It's top three simply because we have found that most of the top six from each side is the same or simply has the same root. It works very well for us and well call them risk registers. Now when the business get a little more sophisticated, we will start to include financial, reputation etc etc on there too. But at present 'safety' is still seen as a separate silo. We're working on that. C

Hi John where you said - They can also be used to produce the kind of top 6 summary jericho is talking about, but really there should be a register somewhere with all your significant risks identified. I absolutely agree. Maybe I wasn't clear. The risk register is as long as the number of risk assessments as exist in the location. But in our environment there are lots of those that have been assessed as low. So let's say we have 50 assessments (which are all records of significant findings - yes? remembering that low is still significant because we wrote it down - not insignificant which we didn't) we might have number one as a high, number 2 as medium and then 3 to 50 all as low. That's a lot of not very interesting reading. So yes there is a list of ALL assessments but they are prioritised. I don't want managers trying to prioritise number 34 against 35 if they are BOTH low risk anyway. If I visit a site to speak with the management team, in my position, not being snooty, but I am not interested in number 43 and 44, nor even number 7 and 8. I want to know the top stuff. Now if they show me a register with 1. High 2. High ---- 6. High, then I am going to book into a hotel and camp on their doorstep. Number 7 might turn out to be high too. But when I can see that at least number 6 is low, then I know that every other assessment from 7 to 50 must be low too or it would be on the top 6 as a medium. Our external auditors check this through too just to make sure that the assessments have been done properly and there have been no mistakes that got through our risk assessment QC process. I see what you mean - I think. You have a list of everything that applies to your business in terms of regulatory compliance? So do we. But we do not use it as a driver. We are driven by tasks which I covered in a thread yesterday. So I can say yes, we have identified all the assessments that we need and can show you what we dismissed. Perhaps not appropriate in this thread but we use one sort of format for 'simple' task based assessment and a different one for MH. We don't 'risk rate' MH tasks. In our view it's a binary decision. It's ok as it is - or it isn't and needs more work. (simplified explanation folks) But we have a thing called an overview assessment which is a non technical assessment of a technical area such as MH - let's say moving large items in the warehouse. We can still apply the IOSH matrix to that to get a quick conclusion and reflect it on the risk register. In fact half of our divisional register is made up from MH of one sort or another purely based on overview assessments. This has prompted us to drill down using 'proper' MH assessment to isolate the naughty bits. But as I say - this is what WE call them. We could have called them risk indexes, Top of the Chops or anything but we chose register. I guess that in our system we aren't looking for compliance with all regs. We are looking for safe. In a very simple sense, don't shoot me guys, if the job is being done safely, it will be most likely compliant because that is the aim of all regulations. Unless you talk about COSHH with very particular exposure standards or glass and glazing thicknesses or periods of inspection under LOLER, we are trying to manage safely not manage safety. Hey it works for us. Chris