Decision Risk Register — excerpt

Artifact supporting Board and Compliance decisions

Executive Overview

The register highlights areas where a decision may be:

• not defensible,
• not auditable,
• based on implicit assumptions.

Each risk has: a level, an owner and a decision gate.

Risk classification

• CRITICAL — risk that blocks the use of the decision output
• MAJOR — risk requiring escalation / control
• MODERATE — monitored risk

Sample Risk Register

Sample slice of the table (3–4 entries) showing the register format.

Level	Risk description	Owner	Control gate	Consequence
CRITICAL	Missing validity boundaries for the decision (conditions of use undefined).	Decision Owner / Governance	Gate: Validity Boundary Confirmed	Decision cannot be taken (block).
MAJOR	High-leverage assumption without an owner (unowned assumption).	Compliance	Gate: Assumption Ownership Assigned	Escalation required to the Board / committee.
MAJOR	Input data drift without a detection mechanism.	Data / MLOps	Gate: Drift Monitoring Active	Risk of degradation, conditional or suspended decision.
MODERATE	Inconsistent documentation of exceptions and fallbacks.	Product / Engineering	Gate: Exceptions & Fallbacks Documented	Monitoring + correction before the next decision cycle.

Decision Gates

A decision gate (control gate) is a control verifying a necessary condition for a decision to be auditable and defensible.

• when it blocks the decision: for CRITICAL risk or unmet conditions for MAJOR,
• who approves: gate owner and escalation body (e.g. Compliance / Board),
• what is evidence: explicit artifact or record (e.g. snapshot, validation, approval).

Decision interpretation

• a decision may be taken when all CRITICAL risks are closed and MAJOR risks are controlled,
• a decision must be suspended when any critical gate is not met,
• escalation is required when a MAJOR risk affects liability, compliance or defensibility.

Final note (SAMPLE)