AI Risk Register Guide

Inherent/residual scoring, treatment plans, and incident-driven risk log for AI programs.

.xlsx AI-014b

AI Risk Register

Inherent/residual scoring, treatment plans, and incident-driven risk log for AI programs.

How to Fill Out This AI Risk Register

AI risk register template Excel — Operational risk data for AI — pair with AI-005 tiering and AI-014 tabletop findings.

Recommended Owner: AI Governance Lead | Risk owners per row

Before you start

Enable Editing: Click Enable Editing when Excel prompts you.
Instructions tab: Read the Instructions sheet first for version, owners, and tab order.
Dropdowns: Use validated lists — do not type free text in status or severity columns.
Sample rows: Gray example rows are samples — delete or overwrite before sharing with auditors.
Find placeholders: Use Cmd/Ctrl+F and search for [ to catch bracket placeholders.

Toolkit links

Keep these companion documents consistent (same owners, dates, and vendor names):

Quality check

Every production system in scope has current rows — no blank owner or review date.
Dropdown values match your live process (severity, status, role).
Sample or test rows are removed; file is ready for auditor sampling.

Evidence

Store the completed file in your compliance evidence folder (signed PDF for policies).
Register the document in COR-013 Document Control Log with version and review date.
Link to the record in your SOC-005 project plan or evidence index when ready.

After customizing AI Risk Register:

1Complete the file: Finish every section or tab in AI-014b.
2Register: Log version in COR-013; update AI-006 if this affects a production system.
3Operationalize: Deploy controls (e.g., AI-010 rules, AI-008 HITL) where this doc requires them.
4Workforce: Pair policies with AI-016 acknowledgments and security awareness (SOC-006).