A record of all risks identified during the risk management process. Each risk is described, classified by type and assessed in terms of its potential in terms of severity and probability. The proposed control or responses measures are noted together with details of the ‘risk owner’, i.e. the manager or employee responsible for implementing the control measures and monitoring the risk. The ‘owner’ is given a target date for implementation or other designated action.