The primary purpose of a risk register is to:

Definition of a Risk Register

A risk register is a key tool in risk management used to document, track, and manage risks throughout their lifecycle. It serves as a central repository for all identified risks, detailing their nature, status, and potential impact​​.

Purpose of a Risk Register

The primary purpose is to maintain a log of discovered risks. It provides a structured approach to risk documentation, ensuring that all risks are identified, recorded, and available for review and analysis.

The risk register typically includes:

Risk descriptions.

Risk owners.

Likelihood and impact assessments.

Mitigation measures and actions.

Explanation of Options

A. Maintain a log of discovered risks:This is the correct answer. The risk register's main function is to act as a comprehensive inventory of risks, ensuring visibility and traceability across the organization.

B. Track individual risk assessments:While the risk register may include information from risk assessments, its primary purpose is not to track these assessments individually but to log and manage risks holistically.

C. Develop plans for mitigating identified risks:Risk mitigation plans are a separate output of the risk management process. The risk register may document these plans, but developing them is not its primary purpose.

D. Coordinate the timing of scheduled risk assessments:Scheduling risk assessments is part of the broader risk management process, not the primary function of the risk register.

EC-Council CISO Best Practices on Risk Management Tools

The framework advises using a risk register to:

Ensure a single source of truth for organizational risks.

Facilitate communication between stakeholders regarding risk priorities.

Support decision-making by providing a clear picture of the organization's risk landscape.

Serve as a foundation for regular updates, reviews, and audits of risk management activities​​​.

Conclusion

The primary purpose of a risk register is A. Maintain a log of discovered risks. By centralizing risk information, it helps organizations manage risks effectively and ensures a transparent, documented approach to risk tracking.