COMPEL Glossary / ai-risk-register
AI Risk Register
An AI Risk Register is a documented, maintained inventory of all identified AI-related risks within an organization, capturing each risk's description, likelihood, potential impact, current mitigation measures, assigned owner, and review status.
What this means in practice
Unlike a one-time risk assessment, the register is a living governance tool that is regularly reviewed, updated as new risks emerge, and used to track the effectiveness of mitigation actions over time. For organizations managing multiple AI systems, the register provides a consolidated view that enables pattern recognition across projects and prevents the same risks from being overlooked repeatedly. In COMPEL, the risk register is established during the Calibrate stage, maintained throughout the engagement lifecycle, and features prominently in the risk management practices of Module 2.1, Article 9 and Module 3.4.
Why it matters
A living risk register prevents the common failure of rediscovering the same risks repeatedly across different AI projects. By maintaining a consolidated view of all identified AI-related risks with their likelihood, impact, mitigations, and owners, organizations can recognize patterns, allocate mitigation resources efficiently, and demonstrate to regulators that risk management is systematic rather than reactive.
How COMPEL uses it
The risk register is established during the Calibrate stage as a foundational governance artifact and maintained throughout the entire COMPEL engagement lifecycle. During Model, newly identified risks from the target state design are added. During Produce, mitigation effectiveness is tracked. The Evaluate stage reviews risk trends and mitigation progress, and the Learn stage captures lessons about risk patterns that inform the next Calibrate assessment.
Related Terms
Other glossary terms mentioned in this entry's definition and context.