1. Overview 2. Risk Register 3. 5×5 Matrix 4. Governance Triangle 5. Assessment History 6. Ownership 7. Before vs After 8. Receipts

TOURWB-MOD-006 · Architecture ratified 2026-04-16 · Tour shipped 2026-04-16

Risk Register

Controls define what should work. Findings document what didn't. Risk quantifies why it matters.

Risk Register started as a dimensional table inside AuditForge, tracking likelihood and impact as mutable fields that silently overwrote history. When the concept proved universal, it was extracted to WorkBench. But unlike Controls and Findings, Risk didn't just move. It matured. The promotion split one table into seven fact-disciplined artifacts. The data migrated. The overwrite semantics didn't.

Risks

14 extracted · 3 extended

Assessments

Immutable fact stream

Unmitigated

Zero controls mapped

Categories

All 8 represented

Triangle

Complete

Risk → Controls → Findings

Governance Triangle Complete

Three promoted modules, three cross-promoted sibling relationships. Controls · Findings · Risk. One substrate. No integration layer.

A risk register is not a list of what might go wrong. It is a list of what you are watching so you can act early.

All modules The 5×5 matrix ↓

Section 2

The Risk Register

17 risks across 8 categories. 10 have no controls mapped.

Try this: scan for the “Unmitigated” badges — those are risks with no controls yet.

RISK-001Extracted

CRITICALASSESSED

Critical context lost or corrupted during long conversations due to compaction, token limits, or platform interruption.

CybersecurityScore: 20Controls: 1Owner: CTO

RISK-002ExtractedUnmitigated

MEDIUMASSESSED

Context from one project contaminates another causing misattribution, scope confusion, or data leakage between engagements.

OperationalScore: 9Controls: 0Owner: Priya Shankar EMP-003

RISK-003ExtractedUnmitigated

HIGHASSESSED

The DDL Audit Universe framework is not independently reviewed, allowing structural errors, drift, or bias to persist undetected.

OperationalScore: 12Controls: 0Owner: Maya Okafor EMP-001

RISK-004ExtractedUnmitigated

HIGHACCEPTED

DDL operations depend on a single individual. Incapacitation, departure, or unavailability creates existential risk.

StrategicScore: 15Controls: 0Owner: CSO

RISK-005Extracted

MEDIUMMITIGATED

Control testing evidence not retained with defined standards, rendering controls unprovable under external audit.

ComplianceScore: 9 → 6Controls: 2Owner: Clara Nilsson EMP-005

RISK-006ExtractedUnmitigated

HIGHASSESSED

AI-generated artifact treated as canonical without human review. Builder-confirms-all boundary degrades over time.

ComplianceScore: 15Controls: 0Owner: Maya Okafor EMP-001

RISK-007Extracted

HIGHMONITORING

Human review threshold informally rises as operator becomes comfortable with AI outputs. Boundary degradation occurs gradually.

OperationalScore: 12 → 8Controls: 3Owner: Jordan Webb EMP-004

RISK-008Extracted

HIGHASSESSED

Prompts deployed to production without version control, review, or approval. Prompt drift causes inconsistent outputs.

OperationalScore: 15Controls: 1Owner: CTO

RISK-009ExtractedUnmitigated

HIGHASSESSED

Prompt produces outputs that do not match intended behavior due to ambiguous instructions or missing constraints.

OperationalScore: 12Controls: 0Owner: Priya Shankar EMP-003

RISK-010Extracted

HIGHASSESSED

Sensitive client data inadvertently included in prompts sent to external AI providers. Data exposure risk.

ComplianceScore: 10Controls: 2Owner: Jordan Webb EMP-004

RISK-011ExtractedUnmitigated

HIGHASSESSED

AI model outputs used to make financial, legal, or strategic decisions without human expert review.

OperationalScore: 12Controls: 0Owner: Hana Takeda EMP-007

RISK-012ExtractedUnmitigated

MEDIUMIDENTIFIED

Control framework grows beyond operational capacity, creating compliance overhead that diverts resources from core business.

FinancialScore: 6Controls: 0Owner: CFO

RISK-013Extracted

CRITICALASSESSED

Unauthorized access to financial systems due to stale user accounts and incomplete deprovisioning processes.

CybersecurityScore: 20 → 12Controls: 2Owner: Priya Shankar EMP-003

RISK-014Extracted

MEDIUMASSESSED

DDL deliverables incorporate material AI-generated content without appropriate disclosure, violating client contracts or regulations.

ComplianceScore: 6Controls: 1Owner: Theo Grant EMP-009

RISK-015Tour ExtensionUnmitigated

MEDIUMASSESSED

Negative media coverage or social media incident damages DDL brand, causing client attrition or talent loss.

ReputationalScore: 5Controls: 0Owner: CSO

RISK-016Tour ExtensionUnmitigated

MEDIUMASSESSED

Remote work ergonomic issues lead to repetitive strain injuries among extended-hours engineering staff.

Health & SafetyScore: 5Controls: 0Owner: Theo Grant EMP-009

RISK-017Tour ExtensionUnmitigated

MEDIUMASSESSED

Cloud infrastructure energy consumption exceeds sustainability commitments as compute scales with AI workloads.

EnvironmentalScore: 6Controls: 0Owner: CTO

Section 3 — Featured

The 5×5 Risk Matrix

Every risk plotted by likelihood × impact. Color + numeric score in every cell. Three visual states: unmitigated, inherent+residual, controls-mapped-awaiting-assessment.

Try this: find the risk in the top-right corner. That's the one that keeps the CFO up at night.

	Rare	Unlikely	Possible	Likely	Almost Certain
Severe	5	10	15	20	25
Major	4	8	12	16	20
Moderate	3	6	9	12	15
Minor	2	4	6	8	10
Negligible	1	2	3	4	5

● Solid = unmitigated or residual assessed◌ Dashed = controls mapped, awaiting residual

Section 4 — Featured

The Governance Triangle

Risk drives controls. Controls are tested. Findings MAY trigger reassessment. Three modules, one loop.

Try this: follow a risk through the entire circuit — from assessment to control to finding to reassessment.

Guided Exemplar · RISK-013 → CTRL-003 → FND-001 → Reassessment

1

Risk Assessed

RISK-013: Unauthorized access to financial systems due to stale user accounts and incomple…

9/1/2025: Likely × Major = 16 (High). Residual: 8

2

Controls Mapped

CTRL-003 (User Access Provisioning) + CTRL-001 (Privileged Access Review)

Bridge effective from 6/1/2025 — controls existed before assessment

3

Finding Discovered

FND-001: Stale user accounts in financial reporting system

1/10/2026: Medium severity. 14 stale accounts found.

4

Risk Reassessed

INCIDENT_TRIGGERED reassessment after finding

3/1/2026: Likely × Severe = 20 (Critical). Impact upgraded to SEVERE.

5

Circuit Closes

Risk drives controls. Controls are tested. Findings update risk.

Three modules, one loop. The Governance Triangle is complete.

Referential Integrity

The substrate protects relationships. Mapped controls and active assessments are preserved. Bridge_RiskControl references are maintained. The triangle holds because the FKs hold.

Section 5

Assessment History

Each assessment is a new row. The old row is unchanged. No overwrite. This is what the new model enables.

Try this: compare a migrated assessment to a native one. The migrated date is backfilled. The native date is real.

Assessment Timeline · RISK-013

INITIALBridgeHIGH

Likely × Major = 16 → residual 8

Initial assessment. Access provisioning controls (CTRL-003, CTRL-001) mapped. Residual assessed at UNLIKELY×MAJOR=8.

9/1/2025 · Priya Shankar EMP-003

INCIDENT_TRIGGEREDNativeCRITICAL

Likely × Severe = 20 → residual 12

Finding FND-001 (stale user accounts, 14 affected) triggered reassessment. Likelihood stays LIKELY. Impact upgraded to SEVERE: financial system access confirmed. Residual reassessed at POSSIBLE×MAJOR=12.

3/1/2026 · Jordan Webb EMP-004 · supersedes FRA-013a

Migrated assessments are marked BACKFILLED_SINGLE. They represent the state as of migration, not the full history. New assessments are fully native.

Section 6

Ownership & Coverage

Six modules, one identity. The tab count IS the Sibling Mandate proof.

Try this: click Maya's name to see her across six modules.

Priya Shankar

Senior Engineer

EMP-003

Maya Okafor

Operator

EMP-001

Jordan Webb

Engineer

EMP-004

Theo Grant

Operations Manager

EMP-009

Clara Nilsson

Senior Auditor

EMP-005

Hana Takeda

Junior Auditor

EMP-007

Control Coverage

Unmitigated

Partially mitigated

Well-mitigated

Independence Proof

RISK-013 is owned by Priya Shankar EMP-003. The reassessment was performed by Jordan Webb EMP-004. Different people, same substrate.

Section 7

Before vs After

Same risk. Better architecture. The promotion didn't just move data — it matured the model.

Try this: count how many rows exist for one risk. In the old model, there was always one. In the new model, there's one per assessment.

Before Promotion

Risk ID	RISK-005
Description	Control testing evidence not retained with defined standards…
Category	COMPLIANCE (enum)
Likelihood	LIKELY (mutable field)
Impact	MODERATE (mutable field)
Rating	HIGH (mutable)
Last Updated	2026-03-15 (overwrite — old value gone)

1 row. History lost on every update.

After Promotion

Risk ID	RISK-005
Description	Control testing evidence not retained with defined standards…
Category FK	Compliance

Assessments (2 immutable facts):

#1 6/1/2025 · Likely×Moderate=12 · INITIAL

#2 3/15/2026 · Possible×Moderate=9 · PERIODIC (supersedes #1)

2 rows. Full history preserved.

Translation Map

Before	→	After
likelihood (mutable field)	→	Fact_RiskAssessment.likelihoodId (FK)
impact (mutable field)	→	Fact_RiskAssessment.impactId (FK)
inherentRiskRating (mutable)	→	inherentRiskScore (derived, immutable)
updatedAt (overwrite timestamp)	→	effectiveDate + recordedDate (bitemporal)
(no history)	→	previousAssessmentId (supersede chain)

Same risk. Better architecture.

Section 8

Build Receipts

Council reviews, extraction history, the Governance Triangle proof.

CR-WB-RISK-001Ratified 2026-04-16

Risk Register — Architecture

Extraction ratification

Maturation split: dim_risk (1 table, overwrite) → 7 fact-disciplined artifacts. 5 migrations, 18/18 verify.

CR-WB-RISK-TOUR-001Ratified 2026-04-16

Risk Register — Tour

Tour specification

8/8 council convergence. 5×5 matrix, Governance Triangle circuit, maturation before/after, temporal coherence.

Invariant Checklist

✓R1riskId unique per company

✓R2Owner mutex (at most one)

✓R3Every risk has valid categoryId

✓R7Every risk has ≥1 status change

✓R9Every assessment has likelihood + impact

✓R11Score = likelihood.rank × impact.rank

✓SVSeverity correctly mapped from score

✓BTBitemporal fields on all artifacts

Extraction & Maturation Receipt

Migrations 1-4Dim_RiskCategory, Dim_Likelihood, Dim_Impact, Dim_Risk restructure, Fact_RiskAssessment + backfill, Fact_RiskStatusChange + seed, Bridge_RiskControl (6f38059)

Migration 5App code + verification (45a6f64)

Verification18/18 PASS

Maturationdim_risk (1 table, overwrite) → 7 fact-disciplined artifacts. Zero fields use overwrite semantics.

Governance Triangle Receipt

Three promoted modules, three cross-promoted sibling relationships:
Risk → Controls (Bridge_RiskControl) · Controls → Findings (Fact_Finding.controlId) · Findings → Risk (reassessment trigger).
One substrate. No integration layer.

Factlayer → Module Charter → Module Build → HR & People → Payroll & Comp → Time & Attendance → Controls → FindingsRisk Register (you are here)

Third module promoted. First maturation split shipped. Governance Triangle complete. The cathedral compounds.

Sibling · WB-MOD-004

Controls & Compliance →

Sibling · WB-MOD-005

Findings & Observations →