Skip to content

The quarterly risk register

The Standard requires a risk register, reviewed at least quarterly. This is one of the most onerous requirements to do from a blank page — and one Chronity takes almost entirely off you, leaving exactly the part that needs your judgement.

Find it at Library → Risk register.

The quarterly risk register list

The list shows each quarter's register: the period it covers, its status, when it was generated, and when and by whom it was signed. The example firm has four signed quarters — Q2 2025 through Q1 2026 — exactly the unbroken quarterly cadence an auditor will look for.

How it works

On the first of January, April, July, and October, Chronity auto-drafts the quarter's register from the firm's own data:

  • use-case frequency — what kinds of AI work the firm actually did,
  • classification patterns and any anomalies,
  • new tools that appeared,
  • gaps where work didn't map cleanly to the signed taxonomy,
  • the quarter's alerts and incidents,
  • override activity.

That starter document lands as a draft for you.

Your part — the judgement

You open the draft in a side-by-side markdown editor: the auto-drafted content on one side, your edits on the other. You add the things only a qualified person can:

  • the qualitative judgement — likelihood and impact assessments, the RAG ratings the Standard asks for,
  • the mitigations the firm is actually putting in place,
  • an executive summary in your own words,
  • context the data can't see — a known issue, a planned change, a regulatory development.

Then you sign it. Signing moves it from draft to signed in one deliberate, atomic step, and the signed version becomes the firm's official register for that quarter — timestamped, attributed, immutable.

Generate now lets you produce a register off-cycle if you need one (a mid- quarter regulator request, say).

Why this division is right

The data half — "what did the firm do, what changed, what went wrong" — is laborious and error-prone to assemble by hand, and Chronity has it precisely. The judgement half — "how risky is that, and what are we doing about it" — is irreducibly professional and the Standard rightly insists a person owns it. Chronity gives you a strong, data-grounded first draft so your quarterly effort is reviewing and judging, not researching and typing.

Don't just sign the draft

The auto-draft is a genuinely good starting point — but a register that's obviously been signed without the qualitative sections filled in is a weak audit position. The few minutes you spend adding real judgement is the part that makes it defensible. That's the whole point of the role.

Next: Audit reports.