QEHSQEHS
Sign inBook a demo

Risk register

Enterprise risk, operational risk, and hazard risk — one register.

Composable risk matrix, bow-tie analysis, control mapping, treatment plans, and residual-risk tracking. Links to every audit, incident, and action.

Most risk registers live in a spreadsheet somebody forgot to update. We make risk a live record — linked to the controls that mitigate it, the audits that test them, and the incidents that prove (or disprove) them.

N×N

Risk matrix configurable per tenant

1

Register spans strategic, operational, compliance risk

Bow-tie

Causal + consequence modelling with control coverage

Book a demoSee pricingContact sales

Configurable risk matrix

The matrix is a Composer capability — not a hard-coded 5x5.

  • N×N matrix with per-tenant likelihood + consequence scales
  • Tier bands (low/medium/high/critical) with threshold actions
  • Per-programme matrices (EHS, quality, strategic) — or one shared
  • Inherent, current, and residual scoring on the same record

Bow-tie analysis

For critical risks, a heatmap is not enough.

  • Top-event with causal chain + consequence chain
  • Preventive + mitigative controls mapped per pathway
  • Control effectiveness scoring tied to audit + incident outcome
  • Visual bow-tie export for board pack + regulator submission

Control library and framework mapping

Controls are re-usable across risks, programmes, and audit cycles.

  • Tenant-wide control library with ownership + cadence
  • ISO 31000, COSO ERM, NIST RMF, NIST CSF mappings
  • SOC 2 TSC, SOX, J-SOX control-test evidence
  • Per-risk control coverage score with gap visualisation

Treatment, escalation, and review

Track what you are going to do about each risk.

  • Treatment plan with owner, target date, and cost
  • Threshold actions fire when residual exceeds tolerance
  • Quarterly + annual review cadence with auto-reminders
  • Board-ready heatmap with filters by function, site, framework
Risk leaders replace a dormant spreadsheet with a living register. Controls map to audits, incidents feed back into control effectiveness, and residual risk is a real number — not an opinion.

Ready to see Risk register?

Pick a slot with our team.

30-minute demo tailored to your QEHS programs and your stack. No slide decks, just a working tenant.

Book a demoTalk to sales