Pelican | Quantitative Risk Register Software
Quantitative Risk Register

What is a risk register?

A risk register, sometimes called a risk log, is a database of risks used to identify, assess and manage risks, particularly operational risks (losses caused by human error, failed processes, fraud, etc.). It is also typically used to fulfill regulatory compliance by documenting and reporting identified risks.

A risk register will list the risks that are considered the most threatening to the organization. The risks often have some potential financial impact, but they can also include other dimensions like injury, environmental impact, and loss of reputation.

How a risk register supports risk management

Identifying all the operational risks that are faced by an organization, and then assessing their likelihood and potential impact, enables the organization to rank risks and focus mitigation efforts on managing the most important risks. Listing all the control and mitigation efforts, along with who is responsible for ensuring those efforts are implemented and maintained, makes it possible for an internal audit function to check whether the processes are being followed.

A risk register mostly addresses event-driven operational risks like accidents, failures to comply with a law, fraud, errors in business processes, etc. It is unsuitable for assessing commercial risks that threaten the strategic objectives of an organization, like the effects of competition, changes in market size, inflation, supply chain uncertainty, cost overruns, or delays in launching key products. Other analytic tools like ModelRisk and Tamara are used for assessing these risks.

The value of a quantitative risk register

Qualitative risk registers, although common, do not provide the necessary information for effective risk management. Pelican’s risk register is fully quantitative. Risk quantification provides numerous benefits that are not possible with qualitative methods:

  • Unify the risk management strategies across the different disciplines of an organization
  • Unambiguous, flexible evaluation of risks that make the greatest use of available information
  • Precise risk ranking to identify the key risks that jeopardize the achievement of corporate objectives
  • Aggregation of risk exposure and compare against your risk tolerance
  • Evaluate and optimize the effectiveness of risk management strategies
  • Use cost-benefit analysis to maximize the efficiency of risk treatment
  • Save on insurance premiums by optimizing coverage parameters

Trusted by

Pelican client Orsted company logo
Pelican client Merck company logo
Pelican client Access company logo
Pelican client Edison company logo
Pelican client Verizon company logo
Pelican client AirLiquide company logo
Pelican client UOB company logo
Pelican client Fidelity company logo
Pelican client De Gray Mining company logo
Pelican client Ericsson company logo
Pelican client The World Bank company logo
Pelican client Virgin company logo

Pelican Risk Register Use Cases

Risk and Insurance Manager

picture of the user stories character Kate


Kate is able to save money each quarter by investing in the most cost-effective risk treatments and insurance

Risk Assessor

picture of the user stories character George


George uses bowties to clearly describe complex risk scenarios and develop effective risk management strategies

Risk Owner

picture of the user stories character Rachel


Pelican is connected to Rachel's calendar to remind her in good time of the risk treatment tasks she is responsible for


picture of the user stories common stakeholder character

User identifies a possible risk issue
and submits it for assessment

Book a session to discuss whether Pelican Risk Register is right for you

Key features of the Pelican Risk Register

Incorporate multiple impact types into one analysis

  • Extend beyond purely financial losses to risks that impact safety, the environment, ESG measures, service availability and other key performance metrics
  • Assign suitable impact scales by entity, e.g. by each entity’s financial capacity
  • Maintain global definitions of impacts that match your organisation’s good corporate citizenship policy
  • Balance how to assign resources appropriately where there are several impact types

Interconnected Bowtie diagram

  • See your risk management strategy immediately with easy and natural visual description about how a risk event can occur, what the consequences might be, which controls you can add that could stop that risk from occurring or reduce the chance or size of the consequences.
  • Understand how risks interact with each other.
  • Use the Bowtie editor for brainstorming

Risk Management overview

  • A live, user-friendly and customizable risk reporting and monitoring platform, accessible by PC, tablet or smartphone
  • Reports tracking the top risks, their evolution and the execution of critical risk management tasks
  • Customizable key performance indicators for each entity
  • Customizable key risk indicators to track emerging trends in risk exposure
  • Comparison of risk profiles and metrics across different entities, projects and regions
  • Rich and customizable ability to describe, integrate and compare any types of possible risk consequences – from financial loss to H&S, from availability to project delay
  • A hierarchal structure for the enterprise, down to any required level

Detailed risk strategy information

  • Assignment of specific risk treatment tasks and responsibilities to individuals
  • Tools for identifying the weak points in the overall risk treatment
  • Methods for visually mapping out the strategy around each risk, with automated quantitative risk evaluation and mapping to the risk appetite
  • A harmonized risk appetite tool that can be tailored to each business entity or project
  • Automated analysis to show your business’ dependence on third parties for the management of your risk exposure
  • Tools for evaluating the cost-effectiveness of individual risk management controls, accounting for the different types of impacts that can be faced, and any cascading risks

Powerful risk analysis tools

  • Tools for evaluating the capital that should be allocated to cover potential financial losses at a required level of confidence
  • Tools to reflect the interactions between risks at any level of complexity, and to show the resultant influence, importance and cost-effectiveness of any specific risk treatment

Implementation and monitoring of risk management strategy

  • Individual profile pages displaying risk management tasks that need to be completed
  • Overview of owners of risks, their management components and consequences showing how much reliance is placed on key individuals

Auditing and reporting features

  • A complete log and recorded history
  • Customizable online and published reporting
  • Ability to drill down and search for any risk, review the status of any risk treatment action, review the performance of any actor
  • Risk management tools to achieve compliance with all current regulatory standards including ISO 31000, COSO ERM framework, BS 31100, OCEG Red Book, and FERMA

Pelican Risk Register features overview

Book a demo

What the Pelican Risk Register is not

The Pelican Risk Register is not a Governance, Risk and Compliance (GRC) system. GRC systems offer flexible workflow configurations designed to operationalize business processes and ensure that people follow them. GRC systems manage strict and complex regulatory and industry requirements across corporate environments and may involve thousands of users. A by-product of such systems is the evaluation of the risk of failing to meet such requirements.

The Pelican Risk Register can be integrated with a GRC system to import the risk evaluations into its register and thus incorporate GRC risks into the broader picture provided the GRC system uses quantitative evaluations in their risk assessment. One such example is Archer, the largest GRC system vendor. Archer Insight is Archer’s risk quantification offering. A version of Pelican, rebranded as Archer Insight Workbench, offers Archer clients the full suite of Pelican tools that incorporate Archer data.

How much does the Pelican Risk Register cost?

The following prices are indicative, based on the number of Pelican users we typically see for different company sizes. Organisations with a larger than usual fraction of employees involved in manual labour, lower regulatory restrictions or operating in a low risk environment will have fewer Pelican users relative to its size, and vice versa. The actual cost will depend on the number of registered users, technical aspects associated with installation, and any customized configurations. Training and consulting are available and priced separately.

Number of employees One-off installation and configuration Annual license fee Time to go live (weeks)
< 5000 20k - 40k 40k - 60k 2-4
5,000 – 20,000 30k - 60k 80k - 150k 2-6
20,000-100,000 40k - 80k 100k - 200k 4-8
100,000+ 60k - 100k 150k - 300k 6-10

Get a better idea of how much Pelican Risk Register would cost you

The Pelican Advantage

lightbulb icon

Complete understanding of risks

The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.

reward icon

Consistent evaluation of risks

The evaluation of these risks is based on a methodology that is consistent throughout the enterprise and allows the portfolio of risks to be aggregated up through the entity structure of the enterprise.

destination sign icon

Coordinated management of risks

The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.

icon with several persons related to each other

Shared responsibility for risk

The responsibility for executing the risk management plan is shared appropriately amongst the employees of the enterprise. In essence, employees work as a team. Risk (and opportunity) identification, assessment, management and communication is a shared responsibility and an integral part of the enterprise’s culture.