AI risk register template
A practical AI risk register connects risks to owners, evidence, controls, review dates, and residual acceptance.
Core fields
System, risk statement, affected users, likelihood, impact, severity, owner, and status.
Control fields
Mitigation, evidence link, validation result, monitoring signal, escalation trigger, and due date.
Review fields
Reviewer, decision, residual risk, acceptance rationale, next review date, and change log.
- Use one row per risk, not one row per model.
- Link evidence instead of copying long reports.
- Close risks only when the control is verified.