Risk register
One cited row per risk, ranked by severity across the eleven categories.
- Reviewed by
- Partner and risk committee
- Defensibility
- Each row cites the span it rests on — a risk that cannot be cited is omitted.
RISK ANALYSIS · Workflow
Risk analysis for teams that need a source-backed, severity-ranked register they can defend.
Point the chamber at a data room and get a defensible risk register — one cited row per risk, ranked by severity, with a follow-up question written next to every critical and high item.
Closed-system workflow. Source-backed outputs. Versioned review.
Engagement console
Source intake through review state
Source intake
- S-014 · PPM.pdfadmitted
- S-021 · LPA.pdfadmitted
- S-028 · DDQ.xlsxscanning
Workflow stage
risk register
Stage running · citations required
Evidence anchors
[S-014 · p.42 ¶3][S-021 · cl. 8.2][S-028 · tab 3]
Open risks
Concentration breach
severity · high · cited
Draft artifact
Risk-analysis memorandum · v1 draft
schema valid · 47 claims cited
Review state
Partner review
Awaiting challenge before lock
Risk registers fail when rows are asserted from memory, not grounded in the documents.
A register draws on the offering pack, financials, governing agreements, exposure schedules, and the regulatory record. Analysts rank by instinct; rows lose their evidence; a critical flag arrives with no citation behind it. A risk that cannot be cited is not evidence — it is opinion.
- Risks are ranked by instinct, not against a stated limit or a contradicting source
- Critical and high flags arrive without the span that supports them
- The same room produces a different register depending on who ran it
- Follow-up questions are drafted without tying each to a specific risk
- By-category structure is lost in a single narrative blob
Who uses this workflow
Built for senior finance teams who need committee-ready artifacts — not chat transcripts.
- Risk committee
Use caseStandalone risk sweep on a new room
Moment of needThe committee wants a register it can defend line by line
OutputSeverity-ranked, cited risk register
- LP underwriting lead
Use caseFirst pass before a fuller diligence
Moment of needA fast, ranked read of the risk surface before committing analyst hours
OutputRisk register and IC question pack
- Allocator analyst
Use caseRe-run the register on a refreshed data room
Moment of needThe room changed and the prior register needs a delta
OutputUpdated register with by-category sections
- Family office CIO
Use caseCross-cutting risk read on a manager or deal
Moment of needThe question is the risk surface, not the full recommendation
OutputExecutive summary of top risks with cited rationale
Admitted source envelope
Source materials enter the engagement as a controlled register — scanned, classified, and scoped before the workflow runs.
Source register
Pending admission · scanner gate
| Source | Description | Status |
|---|---|---|
| The core pack the room is built around — PPM, term sheet, deck, or charter | The core pack the room is built around — PPM, term sheet, deck, or charter. | 01 |
| Audited or management financial statements for the subject | Audited or management financial statements for the subject. | 02 |
| Governing agreements — LPA, charter, side letters — where rights and limits live | Governing agreements — LPA, charter, side letters — where rights and limits live. | 03 |
| Exposure schedules — position, sector, or counterparty concentration detail | Exposure schedules — position, sector, or counterparty concentration detail. | 04 |
| Regulatory and compliance record — registration, examinations, disclosed proceedings | Regulatory and compliance record — registration, examinations, disclosed proceedings. | 05 |
Workflow process
A versioned pipeline — each stage records what happened, what you can review, and what output it produces.
Stage pipeline
Topological DAG · runtime enforced
01
Admit source materials
The offering pack, financials, governing agreements, exposure schedules, and regulatory record enter the engagement envelope.
- Recorded
- Source admission with hash and kind classification per document.
- Review
- Lead confirms the room is complete for the risk surface in scope.
- Output
- Admitted source register.
02
Build the risk register
A domain-general theme-family sweep walks the structural risk families and emits a cited row for every family the documents support.
- Recorded
- Each row carries the source span it rests on.
- Review
- Analyst confirms coverage against the families in scope.
- Output
- Cited risk register across the eleven categories.
03
Prioritise and gate
The register is deduplicated by code and sorted by severity deterministically. A block gate refuses any critical or high risk that lacks a grounded, cited rationale.
- Recorded
- Deterministic ordering and the block-gate result are recorded.
- Review
- Lead reviews the critical and high rows first.
- Output
- Prioritised register with a passing block gate.
04
Synthesise the memorandum
The memorandum is composed from the prioritised register — executive summary, recommendation, and one cited IC question per critical and high risk.
- Recorded
- Every narrative claim is anchored to a source span.
- Review
- Partner challenges the recommendation against the register.
- Output
- Risk-analysis memorandum draft.
05
Verify citations before lock
Every claim is checked against its source span. A draft that does not validate is refused at this gate.
- Recorded
- Citation verification result recorded before lock.
- Review
- Partner signs the locked memorandum.
- Output
- Locked, partner-signed risk-analysis memorandum.
Workflow outputs
Committee-ready artifacts — each with a named reviewer and a defensibility standard.
By-category sections
Alignment, concentration, valuation, and the rest, each readable on its own.
- Reviewed by
- Lead and partner
- Defensibility
- Rendered from the same cited rows as the register — no divergence.
IC question pack
One follow-up for every critical and high risk, ready to send.
- Reviewed by
- Partner before send
- Defensibility
- Each question anchors to the same source span as its risk.
Risks are ranked by what the documents support — not by instinct.
Risk analysis refuses to emit a risk it cannot cite, and refuses to rank a risk critical or high without a grounded rationale. The register, the by-category sections, and the IC questions render from the same facts.
- A risk that cannot be cited is omitted, not asserted
- Critical and high require a grounded, cited rationale or the run is refused
- Deterministic ordering — the same room produces the same register
- The system supports risk judgment; it does not replace the committee
Diligence OS supports investment judgment. It does not make investment decisions, provide investment advice, or guarantee risk detection.
Why not generic AI
Prompt-based tools produce inconsistent outputs with weak provenance. This workflow runs a structured process with an admitted source envelope and a versioned review path.
| Dimension | Generic AI | Diligence OS |
|---|---|---|
| Starting point | Chat-first | Workflow-first |
| Process | User-defined prompts | Versioned process |
| Provenance | Weak provenance | Source-span citations |
| Across documents | One file at a time | The full set reconciled; contradictions surfaced |
| Review | Hard to review | Partner review states |
| Outputs | Inconsistent outputs | Repeatable artifacts |
| Memory | No durable workflow memory | Append-only audit trail |
| Committee use | Difficult to defend | Committee-ready outputs |
| Risk register | Freeform list, ranked by instinct | Cited rows, deterministic severity order, block-gated critical/high |
Starting point
Generic AIChat-first
Diligence OSWorkflow-first
Process
Generic AIUser-defined prompts
Diligence OSVersioned process
Provenance
Generic AIWeak provenance
Diligence OSSource-span citations
Across documents
Generic AIOne file at a time
Diligence OSThe full set reconciled; contradictions surfaced
Review
Generic AIHard to review
Diligence OSPartner review states
Outputs
Generic AIInconsistent outputs
Diligence OSRepeatable artifacts
Memory
Generic AINo durable workflow memory
Diligence OSAppend-only audit trail
Committee use
Generic AIDifficult to defend
Diligence OSCommittee-ready outputs
Risk register
Generic AIFreeform list, ranked by instinct
Diligence OSCited rows, deterministic severity order, block-gated critical/high
Business value
Institutional outcomes — not productivity slogans.
- Standardize risk-register quality across rooms and analysts
- Surface critical and high risks early with cited rationale
- Produce IC question packs that map one-to-one to ranked risks
- Re-run a register against a refreshed room with a clear delta
- Preserve a defensible record for committee and IC sign-off
- Improve partner leverage on the risk surface
Security and control
Closed by construction — each engagement runs inside a dedicated chamber with an append-only audit trail.
- Closed-system workflow — each engagement runs in an isolated chamber
- Engagement-level isolation with row-level tenant scoping
- Source-controlled review — partners read drafts against the audit log
- No training on customer documents — ever, by anyone
- Citation-backed artifacts with hash-verified source spans
- Versioned workflow history preserved on every run
- Audit trail on reads, retrievals, model calls, and locks
- Reviewer traceability — partner review recorded before sign-off
Related workflows
Adjacent diligence processes in the same controlled system.
Request an introduction
Diligence OS is introduced through a controlled evaluation process. No public signup. No self-serve access.