You have been employed by Regional Gardens as their first ever Chief Information Officer
(CIO). You have been tasked by the Board to conduct a review of the company’s risks.
1. As the first step, you are to provide a Risk Register for Regional Gardens. This risk
register must contain, as a minimum:
a. A description of each risk identified.
b. A summary of the impact or consequence if the risk was to arise.
c. The inherent risk assessment (this is the assessed, raw/untreated risk
inherent in a process or activity without doing anything to reduce the
likelihood or consequence).
d. The key controls to mitigate the risk.
e. The residual risk assessment (this is the assessed risk in a process or activity,
in terms of likelihood and consequence, after controls are applied to mitigate
the risk)
f. Prioritisation of the risk using a standardised framework (such as the ANSI
B11.0.TR3 Risk Assessment Matrix)
Your Risk Register should be in table format using the following column headings:
• Risk
• Impact
• Assessment
• Controls
• Residual Risk
• Priority
Attachments: