{ "risk_register_id": "FAMILYCASE-AI-ENTERPRISE-RISK-REGISTER-001", "generated_at": "2026-06-09T03:44:46.873Z", "generated_date": "2026-06-09", "brand": "FamilyCase.AI", "status": "risk_register_open_mitigation_required_live_execution_requires_approval", "production_customer_launch": "no_go", "control_plane_register_id": "FAMILYCASE-AI-CORPORATE-CONTROL-PLANE-REGISTER-001", "initiative_portfolio_id": "FAMILYCASE-AI-CORPORATE-INITIATIVE-PORTFOLIO-001", "scoring_model": { "probability_scale": "1_low_to_5_high", "impact_scale": "1_low_to_5_high", "score_formula": "probability * impact", "severity_thresholds": { "critical": "16_to_25", "high": "12_to_15", "medium": "8_to_11", "low": "1_to_7" }, "required_fields": [ "probability", "impact", "time_horizon", "mitigation_plan", "owner" ] }, "risks": [ { "id": "RISK-006", "title": "Revenue attribution or measurement gap: Revenue attribution schema seed", "category": "revenue_risk", "related_initiative_id": "CCI-006", "portfolio_id": "growth_portfolio", "owner": "chief_revenue_agent", "approval_tier": 2, "probability": 4, "impact": 5, "score": 20, "severity": "critical", "time_horizon_days": 30, "opened_date": "2026-05-17", "age_days": 23, "review_cadence": "daily", "escalation_path": [ "chief_revenue_agent", "program_management_office_agent", "executive_governance_council" ], "mitigation_plan": "Require attribution schema, metric owner, validation command, and privacy review before live analytics.", "status": "open_mitigation_required_live_external_actions_blocked", "required_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "docs/revenue-intelligence-attribution-operating-system.md", "public/corporate-control-plane-register.json" ] }, { "id": "RISK-005", "title": "Product readiness or coverage gap: Owner task queue artifacts", "category": "product_risk", "related_initiative_id": "CCI-005", "portfolio_id": "customer_portfolio", "owner": "chief_content_officer_agent", "approval_tier": 1, "probability": 4, "impact": 4, "score": 16, "severity": "critical", "time_horizon_days": 21, "opened_date": "2026-05-25", "age_days": 15, "review_cadence": "daily", "escalation_path": [ "chief_content_officer_agent", "program_management_office_agent", "executive_governance_council" ], "mitigation_plan": "Map each product-facing initiative to documentation, readiness, owner, and rollback evidence.", "status": "open_mitigation_required_live_external_actions_blocked", "required_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "docs/content-documentation-education-operating-system.md", "public/corporate-control-plane-register.json" ] }, { "id": "RISK-001", "title": "Product readiness or coverage gap: Corporate dashboard rollup", "category": "product_risk", "related_initiative_id": "CCI-001", "portfolio_id": "infrastructure_portfolio", "owner": "chief_operating_agent", "approval_tier": 2, "probability": 4, "impact": 4, "score": 16, "severity": "critical", "time_horizon_days": 21, "opened_date": "2026-05-29", "age_days": 11, "review_cadence": "daily", "escalation_path": [ "chief_operating_agent", "program_management_office_agent", "executive_governance_council" ], "mitigation_plan": "Map each product-facing initiative to documentation, readiness, owner, and rollback evidence.", "status": "open_mitigation_required_live_external_actions_blocked", "required_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "public/corporate-control-plane-register.json", "public/enterprise-operating-system-registry.json", "reports/enterprise-control-plane-readiness-latest.json" ] }, { "id": "RISK-002", "title": "Strategic execution drift: Initiative intake and scoring", "category": "strategic_risk", "related_initiative_id": "CCI-002", "portfolio_id": "infrastructure_portfolio", "owner": "program_management_office_agent", "approval_tier": 1, "probability": 4, "impact": 4, "score": 16, "severity": "critical", "time_horizon_days": 30, "opened_date": "2026-06-02", "age_days": 7, "review_cadence": "daily", "escalation_path": [ "program_management_office_agent", "executive_governance_council" ], "mitigation_plan": "Review portfolio scoring weekly and require evidence for reprioritization.", "status": "open_mitigation_required_live_external_actions_blocked", "required_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "public/corporate-control-plane-register.json", "reports/corporate-control-plane-register-latest.json" ] }, { "id": "RISK-003", "title": "Security governance or access-control gap: Risk register aging and mitigation", "category": "security_risk", "related_initiative_id": "CCI-003", "portfolio_id": "infrastructure_portfolio", "owner": "chief_security_agent", "approval_tier": 2, "probability": 3, "impact": 5, "score": 15, "severity": "high", "time_horizon_days": 14, "opened_date": "2026-05-13", "age_days": 27, "review_cadence": "weekly", "escalation_path": [ "chief_security_agent", "program_management_office_agent", "executive_governance_council" ], "mitigation_plan": "Require Security review, audit logging, least-privilege scope, and explicit no-live-system boundary.", "status": "open_mitigation_required_live_external_actions_blocked", "required_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "public/corporate-control-plane-register.json", "reports/corporate-control-plane-register-latest.json" ] }, { "id": "RISK-004", "title": "Compliance or data-governance gap: Knowledge graph seed export", "category": "compliance_risk", "related_initiative_id": "CCI-004", "portfolio_id": "product_portfolio", "owner": "chief_knowledge_officer_agent", "approval_tier": 2, "probability": 3, "impact": 5, "score": 15, "severity": "high", "time_horizon_days": 21, "opened_date": "2026-05-21", "age_days": 19, "review_cadence": "weekly", "escalation_path": [ "chief_knowledge_officer_agent", "program_management_office_agent", "executive_governance_council" ], "mitigation_plan": "Require source lineage, data-classification review, human approval, and privacy boundary validation.", "status": "open_mitigation_required_live_external_actions_blocked", "required_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "docs/knowledge-graph-rag-operating-system.md", "public/enterprise-operating-system-registry.json" ] } ], "risk_summary": [ { "category": "strategic_risk", "risk_count": 1, "highest_score": 16, "highest_severity": "critical" }, { "category": "product_risk", "risk_count": 2, "highest_score": 16, "highest_severity": "critical" }, { "category": "revenue_risk", "risk_count": 1, "highest_score": 20, "highest_severity": "critical" }, { "category": "security_risk", "risk_count": 1, "highest_score": 15, "highest_severity": "high" }, { "category": "compliance_risk", "risk_count": 1, "highest_score": 15, "highest_severity": "high" } ], "escalation_summary": { "critical_or_high_count": 6, "stale_risk_count": 1, "executive_escalation_count": 6 }, "no_side_effects_boundary": "This risk register creates local risk records only. It does not accept risk, approve launch, notify customers, change controls, access customer data, open tickets, connect security tools, or contact external systems.", "source_evidence": [ "public/corporate-control-plane-register.json", "public/corporate-initiative-portfolio.json", "docs/enterprise-governance-control-plane-operating-system.md" ] }