Risk Register
Track and manage AI-related risks across all systems
Total Risks
12
Critical / High Open
4
Mitigated / Closed
1
Avg Risk Score
11
Risk Heat Map
Likelihood
Almost Certain
Likely
1
Possible
2
2
1
Unlikely
2
1
Rare
NegligibleMinorModerateMajorCatastrophic
Impact
Low (1-4)
Medium (5-9)
High (10-15)
Critical (16-25)
Risk Distribution by Status
| Risk ID | Title | System | Category | Likelihood | Impact | Score | Treatment | Status | Due Date |
|---|---|---|---|---|---|---|---|---|---|
| RSK-001 | Model bias in student performance predictions | SYS-002 | ethical | 4 | 4 | 16 | Mitigate | Open | Jun 30, 2026 |
| RSK-003 | Non-compliance with EU AI Act | legal | 3 | 5 | 15 | Mitigate | Open | Sep 30, 2026 | |
| RSK-004 | Algorithmic discrimination in HR screening | SYS-006 | ethical | 3 | 4 | 12 | Mitigate | Open | May 31, 2026 |
| RSK-010 | GDPR conflict with AI processing | SYS-002 | legal | 3 | 4 | 12 | Mitigate | Mitigating | May 15, 2026 |
| RSK-002 | Data breach via AI system vulnerability | SYS-005 | technical | 2 | 5 | 10 | Mitigate | Mitigating | Apr 30, 2026 |
| RSK-006 | Insufficient AI explainability | SYS-001 | legal | 3 | 3 | 9 | Mitigate | Mitigating | Jul 31, 2026 |
| RSK-008 | Vendor lock-in for AI models | operational | 3 | 3 | 9 | Transfer | Mitigating | Aug 31, 2026 | |
| RSK-005 | AI-generated phishing false positives | SYS-003 | operational | 4 | 2 | 8 | Accept | Accepted | Dec 31, 2026 |
| RSK-007 | Training data poisoning | SYS-001 | technical | 2 | 4 | 8 | Mitigate | Open | Jun 30, 2026 |
| RSK-009 | Reputational damage from AI errors | SYS-008 | reputational | 2 | 4 | 8 | Mitigate | Open | May 31, 2026 |
| RSK-011 | Overreliance on AI recommendations | SYS-004 | operational | 3 | 2 | 6 | Accept | Accepted | Dec 31, 2026 |
| RSK-012 | AI system availability failure | SYS-007 | technical | 2 | 3 | 6 | Mitigate | Closed | Jan 31, 2026 |
12 row(s) total
Page 1 of 1