A risk registry is a formal tool used to document port risks along with the actions to manage each risk. The registry features all results of risk analyses carried out and information as to where response plans are recorded.

A risk registry is a record of risks, current controls, additional required controls, and responsibility for control activities. It should be a continuous process, with port staff logging risks that have been observed, including the actions taken. To appropriately respond to a risk, a risk manager may need to bring in experts to understand the steps that can be taken to reduce the likelihood of the risk occurring, or to mitigate the impact of a risk if it occurs.

A risk registry generally contains a Risk ID that is a unique identifier for the risk and the date raised, i.e., the date the risk was identified. The risk register also features: (i) the risk description, including indicating what might happen if the risk occurs; (ii) the likelihood that a risk will occur; (iii) the impact or magnitude, overall rating, which is measured by multiplying the likelihood by impact; and (iv) the risk owner or the person who will be responsible for managing the risk.

The risk register will also mention mitigating action and includes actions that can be taken to reduce the likelihood of the risk occurring again. This may also include acceptance of the risk or its transfer, e.g. insurance. Thus, these actions tend to take place before an event happens by way of anticipation, preparedness and prevention. Contingent action refers to efforts aimed at: (i) reducing and mitigating the impact on the operation and feedback on lessons learned; (ii) progress on activities that provides a regular update on the progress of the mitigating actions; and (iii) status of the identified risk event, i.e. whether the event is considered to be open, closed, in process, or accepted within tolerance, etc.