Abstract
A risk database, or risk register, is a central tool for organisations to use to monitor and reduce risks, both those identified during initial safety assessments and those emerging during operations (Whipple and Pitblado, 2010). The risk register should contain all analysed risks and should prioritise the areas that require managerial attention. When populated with information on each risk, including risk ranking, the risk register can be analysed to present the risk profile for different aspects of the organisation (Filippin and Dreher, 2004). When reviewed and updated over time, it can also be analysed to present trends within the risk profile and focus management attention on the highest risk activities or facilities (Whipple and Pitblado, 2010). In order to successfully develop a risk registry that provides an accurate level of risk within a process, there is a requirement for real time data on risk to be input into a risk registry. Despite their place at the heart of safety management, there is relatively little guidance and research on how to construct, maintain and use a risk register. The challenges and ideas in this paper were developed during the initial phase of a case study to develop a single central risk register for an energy generation company. The case study used workshops with key stakeholders from the company to work through the issues faced in developing a single integrated risk register. Challenges faced ranged from ensuring employees contributing to the risk register had a basic understanding of risk concepts, through identification and scope of hazards to be included, to data collection and automatic population of the risk register. The challenges encountered during this project are believed to be those that many companies face, and therefore the resolutions proposed and adopted for this case study will be presented here as guidance for the implementation and management of risk registries in safety management systems.