AEGIS · AEGIS Policy Core
Artifact 1.3
AI Risk Register
The live inventory of AI risks — quantified, owned, and reviewed. Risks that are not on this register cannot be addressed; risks on this register cannot be ignored.
- Client
- [CLIENT NAME]
- Engagement
- [ENGAGEMENT ID]
- Version
- v1.0
- Issued
- 2026-05-18
Delivered by TechFides under the AEGIS Governance Operating Services engagement. This document is proprietary to the client named above. Redistribution beyond the engagement steering committee requires written consent.
Purpose
Intent — A risk register is a living document, not a deliverable. Its value is in what it forces the organization to do — name risks, assign owners, quantify exposure, and return to the decisions quarterly.
This register is the system of record for AI risks at [CLIENT NAME]. It is owned by the AI Governance Lead, ratified by the Council, and reviewed in full every quarter. Any risk discussed outside the register — in a meeting, an email, or an incident debrief — must be recorded here within five business days or it does not exist for governance purposes.
Risk Categories
Intent — Six buckets covering the territory. Every risk in the register is tagged to one primary category; secondary categories are noted in the detail row.
Data & Security
- Regulated data (PHI, PII, PCI) sent to an AI tool without a BAA or DPA.
- Model provider retains prompts and outputs despite enterprise settings, exposing trade secrets.
- Vector database used for RAG contains restricted content that bypasses access controls.
Legal & Regulatory
- EU AI Act obligations apply to a deployed system and no conformity evidence exists.
- AI-generated communication with customers creates an implied contract or regulatory disclosure duty.
- Copyright or IP exposure from model training data or generated output that mirrors a protected work.
Operational
- Production workflow depends on a model that can silently change version without notice.
- Shadow AI creates parallel processes that bypass SOP review steps.
- Critical business knowledge concentrated in a prompt library with no backup or version control.
Financial & Vendor
- AI spend growing 40%+ YoY with no cost owner or utilization data.
- Vendor lock-in on a model or tool with no defensible switching plan.
- License-per-seat spend on tools used by a small fraction of the license holders.
Reputational & Ethical
- Hiring or performance decisions made with AI screening that has not been bias-audited.
- Customer-facing chat feature produces harmful, discriminatory, or defamatory output.
- Undisclosed AI use in professional services creates a trust breach when discovered.
Personnel & Change
- Key employees quietly use unsanctioned AI, resigning with institutional knowledge embedded in external tools.
- Policy fatigue: staff stop reading updates and miss a material change.
- Training completion high but retention low — assessment scores drop in spot-checks.
Scoring Method
Intent — Quantified exposure, not adjectives. Every risk gets a likelihood, an impact, and a dollar band.
Likelihood scale (1–5)
- 1 — Rare. Would require an unlikely combination of failures; no realistic scenario in the next 12 months.
- 2 — Unlikely. Could occur but no evidence it has or is trending up.
- 3 — Possible. Has occurred at peers, or there is indirect evidence inside the organization.
- 4 — Likely. Near-misses already observed; the condition for occurrence is present.
- 5 — Near certain. Expected to occur in the next 12 months without intervention.
Impact scale (1–5)
- 1 — Negligible. Cost or disruption absorbed without material effect.
- 2 — Minor. Addressable within a function; no board or regulator attention.
- 3 — Moderate. Cross-functional response required; may trigger client notification.
- 4 — Major. Executive attention; material financial cost; reputational exposure.
- 5 — Severe. Board-level incident; regulatory action plausible; existential for a product or line of business.
Severity = Likelihood × Impact
A risk's severity is the product. Score ≥20 is P0 and is reviewed at every Council meeting. 12–19 is P1 and is reviewed quarterly. 6–11 is P2, reviewed annually. Below 6 is tracked but not actively managed unless re-scored.
Dollar exposure
Every scored risk carries a dollar band (range, with stated assumptions). Dollar bands are the currency of board conversations and force a discipline that adjective-based risk assessments do not. Bands can be wide, but they cannot be absent.
Active Register
Intent — The live inventory. Populated from the diagnostic and maintained continuously. The rows below are illustrative starting risks that appear in most engagements.
| ID | Risk | Cat | L | I | Sev | Exposure | Owner | Treatment | Due |
|---|---|---|---|---|---|---|---|---|---|
| R-001 | Shadow AI use of consumer tools on client material | DS | 4 | 5 | 20 | $250–$800K | CISO | Mitigate | Week 8 |
| R-002 | Model provider retention settings not verified in writing | DS | 3 | 4 | 12 | $100–$400K | CISO | Mitigate | Week 5 |
| R-003 | AI coding assistant produces insecure authentication flow | OP | 3 | 5 | 15 | $200–$1.2M | CTO | Mitigate | Ongoing |
| R-004 | Customer-facing AI ships without disclosure notice | LG | 2 | 5 | 10 | $100–$500K | General Counsel | Avoid | Pre-launch gate |
| R-005 | AI spend grows untracked across function budgets | FN | 5 | 3 | 15 | $50–$200K / yr | CFO | Mitigate | Week 8 |
| R-006 | Resume-screening AI lacks bias audit | RP | 3 | 4 | 12 | $150–$2M | CHRO | Mitigate | Week 10 |
| R-007 | Vendor subprocessor change unnoticed | DS | 3 | 4 | 12 | $75–$300K | CISO | Mitigate | Ongoing |
| R-008 | Prompt library contains P1 data pasted into templates | DS | 4 | 3 | 12 | $50–$200K | Knowledge Ops | Mitigate | Week 10 |
Risk Detail Template
Intent — The format every entry in §4 expands to. One page per risk when the row is clicked through, or on a standalone sheet for P0 risks.
[R-XXX]
[RISK TITLE]
- Condition
- [THE STATE OR PATTERN THAT MAKES THE RISK POSSIBLE]
- Consequence
- [WHAT HAPPENS IF THE RISK LANDS, STATED CONCRETELY]
- Likelihood · Impact · Severity
- [L=X, I=Y, SEV=XY]
- Exposure
- [$ LOW–$ HIGH · WITH STATED ASSUMPTIONS]
- Owner · Backup
- [NAME + TITLE · BACKUP NAME]
- Treatment
- [MITIGATE / ACCEPT / TRANSFER / AVOID]
- Treatment Plan
- [CONCRETE ACTIONS, WITH DATES, THAT WILL CHANGE L OR I]
- Review cadence
- [NEXT REVIEW DATE]
- Related artifacts
- [VRA #, INCIDENT #, POLICY SECTION, ETC.]
Treatment Decisions
Intent — Four paths, chosen explicitly. The register is not a to-do list — it is a record of decisions made about exposure.
Mitigate
Reduce likelihood, impact, or both through controls, process changes, or engineering. Default treatment for risks at P0/P1. A mitigate decision comes with a treatment plan and a due date.
Accept
Choose to carry the risk at its current level because treatment is disproportionate to exposure. Acceptance requires an accountable decision-maker named in the register and a scheduled re-review date.
Transfer
Shift the exposure to a third party — insurance, a vendor contract, or a client assumption. Transfer is never total; the residual risk stays on the register.
Avoid
Change the activity so the risk condition no longer applies. Avoid is the strongest treatment but is not always available — use it when the risk is intolerable and the activity is optional.
Review Cadence & Governance
Intent — The operating rhythm. Without cadence the register rots; with cadence it becomes the heartbeat of the program.
At every Council meeting (bi-weekly)
- Every P0 risk reviewed with owner present.
- New risks added in the preceding two weeks ratified.
- Closed risks removed with a closure statement on file.
Quarterly
- Full register reviewed; P1 risks re-scored.
- Exposure totals rolled up and reported to the Executive Sponsor.
- Materiality threshold re-confirmed.
Annually
- Categories reviewed; new categories added as needed.
- Scoring scales recalibrated against incident history and peer benchmarks.
- Register reported to the board with rollup and trend.