Core Idea
A risk register should be a decision system, not a storage container. The useful register connects risk statements to owners, evidence, treatment choices, engineering work, business constraints, and review rhythms. If it only grows, ages, and produces heat maps, it is documenting anxiety rather than helping the organisation act.
A useful register row should create motion. If the risk says "excessive cloud permissions," the learner should be able to trace it to a backlog item, owner, review date, and signal of improvement. Otherwise the register is preserving concern without changing reality.
Use In Teaching
Invoke this card when learners describe static registers, stale accepted risks, disconnected remediation, or board-facing risk decks that engineering never sees. It helps turn the register into an action surface.
Use it to turn a stale register into a learning surface. Ask the learner to pick one old risk and identify the missing link: no owner, no signal, no treatment path, no business decision, or no engineering work. That diagnosis teaches more than adding another row.
A reviewer should check that Risk Register leaves the learner with one artefact to inspect, one assumption to test, and one behaviour to observe in their local context. That keeps the concept practical instead of turning it into vocabulary.
Contrast
This is not a call to delete risk registers. It pushes back against registers that preserve descriptions while failing to change prioritisation, investment, or ownership.
Practice Prompt
Which risk in your register has the clearest next action, owner, and signal that would prove it is getting better?