Appearance
Governance Risk Control Register
Use this register during governance workshops, internal reviews, and validation reviews to keep risk decisions evidence-based. Every material risk should have a control owner, evidence requirement, test method, residual risk score, and approval or acceptance path.
Download the raw source: governance-risk-control-register.csv.
Fields
| Field group | Fields |
|---|---|
| Identity | Risk ID, Use Case ID, Risk Category, Risk Statement |
| Risk score | Likelihood 1-5, Impact 1-5, Inherent Risk Score |
| Control | Control Type, Control Description, Platform Control Or Service, Evidence Required, Control Owner, Test Method |
| Residual decision | Residual Risk Score, Residual Risk Decision, Approver, Review Date, Status, Notes |
Starter CSV
The starter rows show risk coverage for data leakage, unauthorized action, and unsupported analytical claims.
| Risk ID | Use Case ID | Risk Category | Inherent Risk Score | Residual Risk Decision |
|---|---|---|---|---|
| R-001 | UC-001 | Data leakage | 12 | Accept with controls |
| R-002 | UC-002 | Unauthorized action | 15 | Mitigate before pilot |
| R-003 | UC-003 | Unsupported claim | 9 | Accept with monitoring |
csv
Risk ID,Use Case ID,Risk Category,Risk Statement,Likelihood 1-5,Impact 1-5,Inherent Risk Score,Control Type,Control Description,Platform Control Or Service,Evidence Required,Control Owner,Test Method,Residual Risk Score,Residual Risk Decision,Approver,Review Date,Status,Notes
R-001,UC-001,Data leakage,Agent may expose HR policy exceptions or employee-specific guidance to unauthorized users,3,4,12,Preventive,Enforce Microsoft 365 permissions and source-level sensitivity labels,Microsoft Purview and SharePoint permissions,Permission test results and sensitivity label review,HR Knowledge Manager,Run role-based access tests with pilot users,4,Accept with controls,HR Operations Lead,2026-06-20,Open,Complete stale content cleanup before pilot
R-002,UC-002,Unauthorized action,Agent may create or route invoice exception cases without proper AP approval,3,5,15,Preventive,Require human approval before ERP writeback and log every tool call,Copilot Studio approvals and Power Automate audit history,Approval configuration and sample audit trail,AP Process Owner,Run tool-call tests for approved and rejected cases,5,Mitigate before pilot,Finance Controller,2026-06-20,Open,Approval SLA needs owner
R-003,UC-003,Unsupported claim,Summary may overstate forecast causes when data is incomplete,3,3,9,Detective,Show source measures and require confidence note for variance explanations,Power BI semantic model and report annotations,Sample report output and reviewer signoff,Revenue Operations Lead,Compare summary against source report for 20 accounts,3,Accept with monitoring,Revenue Operations Lead,2026-06-20,Open,Keep as analytics route