GRC Risk Register Calculator

Risk Assessment Calculator

ISO 31000 Methodology

R-001 New Risk Assessment

Fields marked * are required

Risk Name *

Category *

Description (optional but recommended)

Step 1 — Inherent Risk Score

Score BEFORE any controls exist. Represents the raw business risk.

Inherent Likelihood * 1 (rare) → 5 (almost certain)

Inherent Impact * 1 (minimal) → 5 (catastrophic)

Existing Controls (describe briefly)

Step 2 — Control Effectiveness & Residual Risk

Residual Risk = Residual Likelihood × Residual Impact (ISO 31000 correct methodology)

Control Effectiveness 1=strong, 2=partial, 3=weak

Residual Likelihood * after controls

Residual Impact * after controls

Step 3 — Ownership & Treatment

Risk Owner

Risk Treatment *

Regulatory Reference

ISO 27001:2022 Annex A Ref.

Risk Acceptance requires formal justification

Inherent Risk Score

—

Enter scores

Control Reduction

—

Effectiveness

Residual Risk Score

—

Final level

GRC Recommendations

Risk Register

0 risks

No risks added yet

Add your first risk in the calculator to see it here

Risk Heat Map

Likelihood × Impact

Inherent Risk Heat Map

Each cell shows Score = Likelihood × Impact. Your risks are plotted as dots.

Residual Risk Heat Map

After controls applied. Compare with inherent to see control effectiveness.

CRITICAL ≥16

HIGH 10–15

MEDIUM 5–9

LOW 1–4

Export & Report

Export Risk Register

Download your risk register as CSV for import into Excel, Google Sheets, or your GRC tool.