AI Governance
A practical guide to building an AI risk register for Australian risk and governance teams — the columns that matter, a worked example of common AI risks, and how it maps to the Voluntary AI Safety Standard and APRA CPS 230.
Quantum Associates — Quantum Associates
· 8 min read
Most organisations already have an enterprise risk register. Very few have one that actually copes with how AI fails. AI systems do not break in the tidy, discrete ways your operational risk framework was built for — they degrade quietly, they behave differently in production than in testing, and they introduce failure modes (a model confidently inventing a fact, a user smuggling instructions into a prompt) that simply have no equivalent in a traditional process-and-control world. That gap is where ai risk management either becomes a real discipline or stays a slide in a board pack.
The summary you can act on: stand up a dedicated AI risk register as a living operating artefact — not a compliance document you write once and file. Give it AI-specific columns, populate it with the failure modes that are actually characteristic of these systems, map each entry to the guardrails you are expected to meet, and review it on a cadence that matches how fast your models and vendors change. Below is a structure and a worked example you can adapt.
The obvious question from any risk committee is: why not just add a few rows to the register we already have? Because the general enterprise register is optimised for a different shape of risk. It tends to assume stable, testable controls, clear ownership, and failure modes that stay put once you understand them. AI breaks all three assumptions.
A dedicated register does not replace your enterprise risk framework — it feeds it. Think of it as a specialised sub-ledger that rolls up into the top-level register, giving your risk team the granularity to manage AI properly while still reporting in a language the board recognises. If you are formalising this alongside a broader programme, our view on how this fits the operating model is set out in /services/ai-governance/.
A workable AI risk register does not need to be elaborate. It needs a consistent set of columns that force the right thinking. Here is the structure we recommend, and why each field earns its place.
Below is a representative AI risk register — generic, not tied to any client — showing how a handful of characteristic AI risks are treated. It is deliberately small; a real register grows per use case, but the pattern holds.
| Risk | Category | Inherent | Key controls | Residual | Owner | Cadence |
|---|---|---|---|---|---|---|
| Hallucinated information in a customer-facing chatbot leads to wrong advice and a complaint | Accuracy | High | Retrieval grounding to approved content; confidence thresholds; clear scope limits; human handoff for high-stakes queries; standing disclaimer | Medium | Head of Customer Ops | Monthly |
| Sensitive data leaked to an external model provider via prompts | Data & privacy | High | Data classification and input filtering; contractual no-training/retention terms; regional hosting; DLP on the integration | Low–Medium | CISO | Quarterly |
| Prompt injection in an agent with tool access causes unintended actions | Security | High | Least-privilege tool scopes; input sanitisation; action allow-lists; human approval for irreversible steps; monitoring | Medium | Security Architecture | Monthly |
| Model drift degrades output quality over time as data or the model version changes | Model behaviour | Medium | Output quality monitoring; periodic re-evaluation against a golden set; change alerts from the provider; rollback plan | Medium | ML/Platform Lead | Monthly |
| Third-party model supplier changes terms, deprecates a version, or suffers an outage | Third-party / supply chain | Medium | Vendor due diligence; contractual notice periods; abstraction layer to enable switching; documented fallback | Medium | Vendor Manager | Quarterly |
| Biased outputs produce unfair treatment across customer segments | Fairness / bias | Medium | Representative test sets; outcome monitoring by segment; human review of adverse decisions; documented evaluation | Medium | Model Risk / Governance | Quarterly |
A few things are worth drawing out. Notice that residual risk is rarely “low” — honest registers accept that AI carries irreducible uncertainty, and the point is to make that acceptance deliberate and visible rather than accidental. Notice too that the controls mix technical, procedural and contractual measures; over-relying on any one layer is a common failure. And notice the cadence varies: the fast-moving risks get looked at monthly because that is roughly how fast the underlying systems move. If you want a deeper treatment of the failure modes themselves — particularly retrieval and the reasons pilots stumble — /insights/why-most-enterprise-ai-pilots-fail/ is a useful companion.
Australia’s Voluntary AI Safety Standard sets out guardrails covering accountability, risk management, data governance, testing, human oversight, transparency, contestability and record-keeping. A well-built register is one of the more direct ways to evidence several of them at once — which is the practical reason to bother.
The mapping is not one-to-one, and you should not oversell it — a register alone does not make you compliant with the Standard. But it is a load-bearing piece of evidence, and it turns an abstract set of guardrails into something a risk team can actually operate. We walk through the guardrails in practical terms in /insights/voluntary-ai-safety-standard-guide/.
For APRA-regulated entities, an AI risk register is not just good practice — it plugs directly into existing obligations. CPS 230 requires strong operational risk management, including identifying and assessing operational risks, maintaining effective controls, and managing the risks arising from material service providers. AI systems generate operational risk (accuracy failures, security exposure, availability of a model service) and frequently involve third-party model suppliers who may be material to a critical operation.
An AI-specific register helps you meet CPS 230 in three concrete ways: it surfaces AI operational risks in a form that rolls up into your operational risk profile; its controls column evidences the effectiveness testing the standard expects; and its third-party rows feed your service-provider assessments, including the tolerance and continuity questions APRA cares about. For entities juggling CPS 230 alongside CPS 234 and the prudential expectations more broadly, the register becomes a shared reference point across risk, security and technology. Our broader take on the regulated-entity context is at /insights/ai-for-apra-regulated-entities/.
The single biggest failure with risk registers of any kind is that they are written once, approved, and then quietly ignored until an incident or an audit. With AI that failure is fatal, because the systems change faster than almost anything else on your register. A model version ships, a vendor changes a default, your usage scales into a new pattern — and yesterday’s residual risk assessment is simply wrong.
Treat the register as an operating artefact with a heartbeat:
If you want a running start, our /tools/ai-policy-template/ gives you the policy scaffolding that sits above the register, and a structured /productised/ai-governance-review/ will pressure-test both your register and the controls behind it. For risk and board-level framing specifically, /insights/ai-governance-for-australian-boards/ covers what directors should actually be asking.
None of this needs to be heavy to be effective — a disciplined register run properly beats an elaborate one that nobody maintains. If you would like a second set of eyes on how you are structuring ai risk management, or help mapping your register to the guardrails and CPS 230 obligations that apply to you, get in touch. We will tell you plainly what is working and what is theatre.
Related insights
AI Governance
The questions a board should ask management about AI. Aligned to the Voluntary AI Safety Standard and the audit-committee-friendly framing AU boards actually need.
AI Governance
What the Voluntary AI Safety Standard's 10 guardrails actually mean in practice — and how to implement each one without paralysing the AI work that's already moving.
Next step
30 minutes, no pitch, no deck — just a working conversation about how this applies to your situation.