Skip to main content
COMPEL Body of Knowledge

COMPEL Glossary / GL-40

Incident and Risk Review

A structured review of all AI-related incidents, near-misses, and emerging risks that occurred during the evaluation period — including root cause analysis, control failure attribution, and required remediation actions — to ensure that the organization learns from operational experience and updates its risk profile accordingly.

What this means in practice

Incidents without documented root cause analysis are treated as unresolved.

Context in the COMPEL framework

Produced in the Evaluate stage on a defined cadence and after any significant incident. Incident findings directly update the Risk Assessment Report and may trigger changes to the Control Requirements Matrix.

Where you see this

Incident and Risk Review is most commonly referenced when teams work across the Evaluate and Learn stages — especially within the Operational Readiness layer . It appears in governance artifacts, assessment instruments, and delivery playbooks wherever COMPEL is operationalized.

Related COMPEL stages

Related domains

Synonyms

incident review report , AI risk review , safety and incident log

Related Terms Network

This diagram shows how Incident and Risk Review connects to other concepts in the COMPEL body of knowledge. Each linked node is a term you can explore in turn.

Related terms for Incident and Risk Review Network graph showing 3 related glossary terms connected to Incident and Risk Review. Incident and R… Risk Asses… Control Pe… Policy Upd…
3 related concepts connected to Incident and Risk Review.
Accessible list of related terms
  • Risk Assessment Report — A structured, evidence-based evaluation of the risks associated with each AI system or use case — covering technical, operational, ethical, regulatory, and reputational risk dimensions — with scored likelihood and impact ratings, existing control effectiveness ratings, and residual risk determinations.
  • Control Performance Report — A structured report that assesses the effectiveness of every active governance control — presenting evidence of control operation, pass/fail status against defined thresholds, exceptions, and remediation actions — to demonstrate that governance is working as designed rather than merely documented.
  • Policy Update Register — A tracked register of all policy changes, additions, and retirements triggered by insights from the Evaluate stage — documenting the rationale for each policy change, the approver, the effective date, and the affected systems or processes.

See also

  • Risk Assessment Report — A structured, evidence-based evaluation of the risks associated with each AI system or use case — covering technical, operational, ethical, regulatory, and reputational risk dimensions — with scored likelihood and impact ratings, existing control effectiveness ratings, and residual risk determinations.
  • Control Performance Report — A structured report that assesses the effectiveness of every active governance control — presenting evidence of control operation, pass/fail status against defined thresholds, exceptions, and remediation actions — to demonstrate that governance is working as designed rather than merely documented.
  • Policy Update Register — A tracked register of all policy changes, additions, and retirements triggered by insights from the Evaluate stage — documenting the rationale for each policy change, the approver, the effective date, and the affected systems or processes.

Related Terms

Other glossary terms mentioned in this entry's definition and context.