AI Risk Register: Score Risk in Dollars With Five Entries the Board Will Act On

Most enterprise AI risk registers are dead documents. Created during an annual compliance cycle, padded with vague threats like "model bias" and "data leakage," scored on a 1-5 matrix nobody calibrated, filed in a SharePoint folder the board will never open.

The gap is not awareness. It is language. Technical teams write for technical audiences. Boards want three answers: what could break, what it would cost, and what we're doing about it. A register that does not answer those three in financial terms becomes furniture — present in the room, ignored by everyone at the table.

This is the rebuild. A register that scores AI risk in the language a board operates in, maps it to regulatory obligations that actually apply to your systems, and draws a hard line between security theater and operational risk management.

What we got wrong the first time: completeness. We catalogued 41 entries across 18 systems before we ever brought it to leadership. The board spent 45 minutes debating whether "hallucination risk" and "model accuracy degradation" were distinct, then walked out without approving a dollar of mitigation budget. Version two had five entries. Each one carried a dollar range and a named executive. The next meeting ran 20 minutes and produced three budget decisions.

Roughly 72% of board members report feeling inadequately informed about AI-specific risks — even at organizations that maintain formal registers.^[5] The disconnect is structural. The information exists. It is unreadable to the audience that has to act on it.

Meanwhile, 78% of business executives in Grant Thornton's 2026 AI Impact Survey lack strong confidence that they could pass an independent AI governance audit within 90 days.^[9] Eighty-three percent of organizations are deploying AI tools; only 25% have strong governance frameworks.^[9] The disclosure gap is reversing: S&P 500 companies disclosing AI as a material risk jumped from 12% to 83% between 2023 and 2025 — but AI expertise on boards sits below 3%.^[10] Boards are being asked to govern a domain their directors do not understand.

Technical teams document risks as attack vectors, model architectures, and failure modes. Boards think in revenue impact, regulatory fines, reputational damage, competitive position. "Adversarial prompt injection may cause unintended model outputs" registers as noise. "A prompt injection on our customer chatbot exposes 200,000 customer records, triggers GDPR Article 83 fines up to 4% of global turnover, and an estimated 15% churn in the affected segment" registers as a decision the board has to make this quarter.

The second failure is granularity. Engineering wants every risk for every model. The board wants the top five things that could materially move the business. A register with forty equally-weighted line items guarantees none of them get attention. Volume is the enemy of action.

The ubiquitous 5x5 likelihood-by-impact grid was built for workplace injuries and supply chain disruptions. Discrete events, observable frequencies, calibrated actuarial data. AI fails all three. Risks compound across systems, depend on context the model cannot see, and stay invisible until the cascade hits production.

Four scoring dimensions map to what boards actually allocate against. Each scores 0-10. Composite is a weighted average — the weights are configurable per organization based on risk appetite and regulatory exposure. The point of the four dimensions is not precision. It is that each one carries a verb the board can act on: write a check, change a vendor, escalate to legal, halt a deployment.

Calibration is the step most organizations skip. Before running any system through this model, score 3-5 real AI incidents from your industry retroactively. The IBM 2025 Cost of a Data Breach Report puts the global average breach at $4.44M, with AI-powered attacks averaging $4.49M and shadow AI incidents running $670K above the global average.^[11] If your scoring model rates a shadow AI event as low financial exposure, the weights are miscalibrated.

An internal summarization tool and a credit decisioning model do not deserve the same review depth. Treating them the same is how risk programs collapse — engineers route around heavy controls on lightweight tools, and the high-stakes systems hide inside the same checklist as the low-stakes ones.

The EU AI Act codifies this into law: unacceptable, high, limited, minimal.^[4] Even outside EU jurisdiction, the same tiering pattern works. It catches the two failure modes that kill governance programs: over-governing low-risk tools until teams stop using them, and under-governing high-risk systems because nothing flagged them on the way in.

The critical practical question at tier-assignment time: does this system's output directly affect a person's access to services, rights, or safety-critical environments? If yes, it is Tier 3 or Tier 4. If no, start at Tier 1 or 2 and escalate on evidence.

The regulatory landscape moved from advisory to operational. EU AI Act governance rules and GPAI model obligations became enforceable in August 2025. Full high-risk system compliance lands August 2, 2026.^[4] Organizations selling into the EU cannot treat this as planning material.

Penalty tiers are structured to match severity. Prohibited AI practices: up to €35M or 7% of global annual turnover. Non-compliance for high-risk systems: up to €15M or 3% of global turnover. Supplying incorrect information to regulators: up to €7.5M or 1% of turnover.^[4] These are not advisory ceilings — national authorities can withdraw noncompliant systems from the EU market entirely.

The EU is not the only jurisdiction. NIST AI RMF 1.0 is voluntary in the United States but increasingly referenced in enforcement guidance by the FTC, CFPB, FDA, SEC, and EEOC when evaluating whether AI practices meet reasonable standards of care.^[3] ISO/IEC 42001 sets AI management system requirements. Sector regulation layers on top: HIPAA for healthcare AI, SR 11-7 for banking model risk, FDA guidance for AI medical devices.

The register maps each system to the obligations that actually apply to it. Not every system triggers every regulation — and the mapping prevents two expensive mistakes: pouring compliance budget into low-risk systems that do not need it, and missing obligations on high-risk systems until a regulator asks for documentation that does not exist.

Most high-risk system providers under the EU AI Act conduct self-assessment — evaluating their own compliance and maintaining a technical file. Third-party assessment by a notified body is required only for biometric identification systems and AI safety components in regulated products.^[4]

Self-assessment sounds easy until you read Articles 8-15. The requirements are specific: a documented risk management system that runs throughout the system lifecycle, data governance measures covering training and validation data quality, technical documentation sufficient for a regulator to reconstruct what was built, automatic event logging, appropriate human oversight mechanisms with documented roles, and demonstrated accuracy, robustness, and cybersecurity safeguards.

For an engineering team, this translates to deliverables:

• Risk management plan covering the model's lifecycle from training to retirement
• Data sheets documenting training data provenance, known biases, and mitigation steps
• Model card with performance metrics disaggregated by demographic group
• Logging architecture that captures decision inputs and outputs — per decision, not aggregate
• Human-in-the-loop runbook with defined escalation thresholds
• CE declaration of conformity signed before EU market deployment

The minimum viable documentation set is roughly 40-80 pages for a Tier 3 system. Teams that start building it at deployment time will not finish before August 2026.

Security theater is risk management optimized for the appearance of control instead of the reduction of harm. AI governance is full of it. The field is new, the threats are abstract, most programs are built under regulatory pressure rather than operational scar tissue. Decoration accumulates faster than enforcement.

The test is a single question: would this activity change the outcome of a real incident? A comprehensive AI ethics policy that nobody reads before deploying a model would not. A bias audit conducted once during development and never repeated after the data distribution shifted would not. A register that catalogues forty risks and triggers zero operational changes would not. All decoration.

Real risk management is boring, repetitive, and specific. Specific metrics for specific systems. Specific tests on specific schedules. Specific actions when specific thresholds breach. It looks worse in a slide deck and runs better in a crisis.

The single most effective lever for board communication is financial translation. Every score maps to an estimated annual loss exposure denominated in the currency the board allocates. The FAIR (Factor Analysis of Information Risk) model decomposes each risk into loss event frequency and loss magnitude and expresses the result as a dollar range.^[6]

The FAIR Institute has extended this with FAIR-AIR™ — a methodology specifically designed for AI-related loss scenarios. Where traditional FAIR captures primary losses (productivity, response costs, containment) and secondary losses (missed competitive advantage, regulatory fines, reputational damage), FAIR-AIR adds AI-specific factors: model degradation rate, inference pipeline failure modes, and data poisoning event frequencies.^[12] The mechanics: identify the loss scenario, estimate loss event frequency from threat modeling and historical data, estimate probable loss magnitude per event, multiply to get annualized loss expectancy, and present it as a range rather than a point estimate.

A composite score of 7.2 is a number with no frame of reference. The same system expressed as $1.8M-$3.2M in annual loss exposure from bias-related regulatory action, with a 15-25% probability of occurrence in the next 12 months, sits next to every other capital allocation decision the board is making. These are ranges — calibrate them against your incident history and regulatory context, not industry averages.

The second lever is trend. A single score is a snapshot. Boards allocate against direction. Is the risk increasing or decreasing? Is the mitigation budget actually moving the number? Present scores as time series with quarter-over-quarter deltas. A 6.5 declining from 8.2 over three quarters is a different story than a 6.5 climbing from 4.1. Same number, opposite decision.

The schema is not theoretical. Each field is there because a board member or a regulator will ask for it.

owner forces accountability — without a named executive, nobody escalates. annualLossExposure splits primary and secondary loss because the mitigation levers are different: primary loss (containment, response) is an engineering spend; secondary loss (fines, reputational) is a legal and communications spend. trend is the temporal context that turns a static score into a signal worth a meeting. euAiActDocumentationStatus flags systems that need the 40-80 pages of technical file before August 2026.

Populating the register takes about six weeks for a mid-size enterprise. Week one is inventory — every system in production and development. Weeks two and three are tier classification and scoring workshops with engineering, legal, and business in the same room. This is the friction step: remote workshops do not produce calibrated scores. Week four is regulatory mapping with outside counsel where it matters. Weeks five and six are financial translation, where loss estimates get pressure-tested against industry benchmarks and your own incident history. Skip the pressure-test and the numbers fall apart the first time the board asks where they came from.

This entry answers three board questions in under two minutes. What could break: automated credit decisions affecting a large applicant volume, with documented disparate impact risk and a GDPR gap on explanation rights. What it costs: $1.5M-$2.8M annual loss exposure at a 22% probability, plus EU AI Act penalties up to €15M if the August deadline is missed. What we're doing: two active mitigations consuming $30K/month, composite score declining from 8.4 to 8.0, external audit firm engaged.

The board now has a decision: approve an additional $180K for the external audit to accelerate completion, or accept the residual risk of running to the August deadline without a buffer. That is a capital allocation conversation. It replaces the 45-minute debate about whether "model drift" and "data quality degradation" are the same risk.

Dead registers create a dangerous illusion of control. They let leadership believe governance exists because the document exists. The fix is a quarterly cadence with enforced accountability — and the enforcement matters more than the cadence.

Every quarter, each owner presents a five-minute update on their risks to the AI governance committee. Three questions, no slides beyond that: Has the score moved and why? Are mitigations on track? Does this need a board escalation? Any risk above 7.0 with the third answer at yes goes on the next board agenda automatically — the political negotiation about whether something is "important enough" to surface gets removed by the rule.

Between reviews, automated feeds update two fields continuously: incident count touching the system, and performance drift on accuracy or fairness metrics. Either crosses a trigger and an ad-hoc review fires outside the quarterly cycle. The register is a system, not a document.

Board presentations on AI risk follow a strict format. Limited time. Competing priorities. Zero tolerance for transformer architecture explainers. The goal is decision enablement.

Four sections, twenty minutes or less, every time. Anything longer gets cut short or skipped — and a skipped slide is a risk that never made it onto the agenda.

The gap between organizations with real AI governance and those running theater will widen sharply over the next 18 months. Regulators are moving from guidance to enforcement. Boards are being asked to certify AI risk exposure with the same rigor they apply to financial controls. The organizations that built real registers — scored in dollars, mapped to regulations, reviewed on cadence, owned by named individuals — will navigate the transition without scrambling.

Start with the five highest-exposure systems. Score them this week. Translate the scores to dollars next week. The board is not asking for a perfect register. It is asking for five entries it can make decisions about. Give them that.