I do this for a job 🙂 Remember that a risk is a ‘definition of any future event that would prevent the achievement of the strategy’ so you need to develop a fresh risk register at the strategy level
do you have a proper business strategy with a Target Operating Model? do you have an inventory of all products and services and key processes? what is your business appetite for taking risk? gather these things and then get the brightest sparks in a room
do a fresh risk assessment that is based on scenarios that would prevent achieving the strategy (the impact you can align to the products and/or strategy goals) and identify the inherent risk (worst case). look for themes in the existing operational registers, ask questions like ‘what is bothering you at the moment’ or ‘if you had another £xm in your budget what would you spend it on’
then go back to whatever control framework you have and figure out the residual risk (current risk accounting for processes and other reducing factors) to report back to the exec
the way to ensuring this will work is to make sure you state the risk right, think ‘situation X caused by Y results in Z’
I want to make sure these are then integrated into our long-term planning process to ensure that they’re properly managed.
your investment decision process needs to have risk reduction as part of the benefits case
you need to review the risks and your appetite as part of the strategic planning
also, don’t hide it, get it out in the open and make sure that the managers are having honest conversations about problems based on evidence not hunches/opinion
best of luck
WTF is he/she doing then ???