GOV-02 · Risk Register (Concept Summary)
Purpose
The Risk Register is the institution’s authoritative, living record of every AI capability in operation or development, the risks they carry, and how those risks are governed. It is the primary artefact regulators, auditors, counterparties, and internal assurance functions use to assess the defensibility of the AI function.
Core Role in the Governance Stack
- Canonical artefact: Published as GOV-02, the operational instantiation of the AI Governance Charter (GOV-01).
- Living document: Updated on the cadence defined in GOV-01; never treated as a one-off catalogue.
- Defensibility spine:
- DE-3 (operational evidence) is generated directly from the Register.
- DE-4 (governance posture) is evidenced by how the Register is maintained and used.