Risk Management
Evolving The Risk Register: A Board ' s Shift To Foresight
By Reuben Kisigwa
From Oversight to Foresight
In today’ s boardrooms, risk oversight is no longer just about what’ s on the list, it’ s about what’ s coming next. Having worked with a few boards across different sectors, I’ ve seen how a simple shift in perspective can turn a static risk register into a living conversation about strategy, resilience, and preparedness.
The Familiar Tool on the Board Table
Every boardroom I have had the opportunity to sit in or engage with, whether it was a financial institution, a cooperative, or a non-profit, has had one familiar document on the table, the risk register. It is usually neatly printed and well-structured, listing the main risks the institution faces, who is responsible for managing them, and what actions are being taken.
In many ways, the risk register is the
master list of vulnerabilities that could derail an institution’ s strategy or shake the confidence of customers, funders, or shareholders. It gives a comforting sense of order, a feeling that everything risky has been identified and recorded somewhere.
For many years, that was enough. Boards took comfort in the assurance that management had“ thought through the threats.” The register gave directors a sense of control and a starting point for oversight conversations. And truthfully, it served its purpose quite well.
However, as I interact with boards today, I am noticing a gradual shift. The business environment especially in financial services has become faster, more complex, and increasingly interconnected. A static list of risks, no matter how neatly arranged or color-coded, does not always give directors the full picture they need.
Sometimes, the register begins to feel like
When the risk register is complemented by dashboards, predictive insights, and scenario rehearsals, something meaningful happens in the boardroom. The tone of the discussion changes. It moves from oversight which is about checking that risks are listed and tracked to foresight, which is about anticipating what might come next and preparing for it. That shift marks the difference between a board that reacts to change and one that leads through it. a filing cabinet of worries something that is looked at because it must be, but not necessarily used to spark deeper reflection. I have seen boards where the review of the register is a routine agenda item: it gets discussed, noted, and approved, but the conversation ends up staying quite narrow.
Typical questions arise: Are the controls in place? Has management updated the risk ratings? Are there any new risks since the last meeting?
All good questions, but sometimes directors leave with lingering doubts. Is this risk really under control? Could there be blind spots that are not listed? What happens if two or three of these risks materialize at the same time?
From my own experience working with different boards, I have seen this tension first-hand. Directors genuinely want to go deeper, but the structure of the register itself limits how far the conversation can go. It was never meant to be a live radar or a forward-looking tool it was designed to capture and catalogue.
That is why some boards are now beginning to evolve how they use the register. Rather than relying on it as the only source of truth, they are complementing it with tools that make risks more visible, interactive, and timely. The intention is not to discard the register but to give it life to turn it from a static record into a living conversation about resilience and preparedness.
A Moment That Changed How We Saw Risk
Not long ago, I was part of a consulting team working with a rural microfinance institution that wanted to strengthen its risk management practices. On paper, everything looked fine their risk register
48 MAL69 / 25 ISSUE