Risk assessment in Dock means an agent reads the asset inventory from AuditBoard or ServiceNow GRC, drafts a candidate register row by row, and parks each entry in a Dock table with a pointer back to the source asset. The risk committee reviews the threat model, edits scores, and approves. The approved row syncs back to the GRC system. The blank page is gone; human judgment is preserved.
AuditBoard and ServiceNow GRC stay the system of record for assets, controls, and the approved register. Dock is the system of record for what the agent interpreted from that inventory. Each Dock row carries a pointer back to the platform record (auditboard_asset_id or servicenow_cmdb_ci_id), the agent identity that drafted the threat model, the reviewer who approved it, the decision, and the timestamp. When the agent needs current state, it re-fetches from the GRC platform through a fresh API read. See Dock for compliance for the broader pattern.
The risk register surface
| asset_pointer | asset | threat (agent draft) | likelihood | impact | reviewer | status |
|---|---|---|---|---|---|---|
auditboard_asset_id: AST-4412 |
Customer PII warehouse | Misconfigured IAM role exposes prod read access to staging service accounts | 3 | 5 | priya@ | approved |
servicenow_cmdb_ci_id: CI-88321 |
Stripe webhook handler | Replay attack against unsigned webhook endpoint enables duplicate refunds | 2 | 4 | jordan@ | needs-edit |
auditboard_asset_id: AST-4501 |
Vendor SFTP for payroll | Credential reuse across vendors enables lateral pivot if one vendor is breached | 3 | 4 | priya@ | pending |
Every row links back to the GRC record, so the committee can click through to controls and prior findings without leaving the asset's history behind.
The workflow
The risk agent runs on a quarterly cadence. It pulls assets from AuditBoard, joins them against the ServiceNow CMDB for infrastructure context, and drafts a threat model per asset using prior incidents and the control catalog as grounding. Each draft lands as a Dock row in pending. The risk committee reviewer opens the row, edits likelihood and impact, and approves. Approval is the consent gate; until a reviewer signs the row, the agent cannot push the draft into the authoritative AuditBoard register. The push is a two-key handshake because writing to the official register is irreversible. The contract for that write is declared in the agent's dangerous-ops manifest.
Why it matters
A risk register is only useful if the committee trusts it. Trust comes from knowing which threats were drafted by the agent, which were edited by humans, and which were rejected. Dock surfaces that lineage on every row instead of burying it in version history.
The agent identity matters as much as the reviewer's. A drafted threat model carries the agent's signed identity, so an audit can ask which agent version produced which interpretation. The agent identity lifecycle and agent audit and compliance posts cover how Dock keeps that record durable.
This pattern lines up with NIST SP 800-30 Rev. 1 (September 2012) and ISO 31000:2018. Both frameworks treat the register as a living artifact owned by humans; Dock makes the agent's contribution legible. See Dock for security operations for the sibling pattern where incident rows live next to register rows.
Spin up a risk register in Dock and let your agent draft it.
FAQ
Does the agent overwrite the AuditBoard register directly? No. The agent writes a Dock row first. The push to AuditBoard fires only after a reviewer approves, and runs as a two-key handshake.
What if the asset inventory changes mid-quarter? The agent re-fetches assets on every run. The Dock row stores the snapshot used plus the pointer to the live record, so reviewers see drift between draft and approval.
Can the agent score likelihood and impact? Yes, as a draft. The reviewer accepts or overrides every score. The Dock row records both values, so calibration becomes auditable.
Is the agent allowed to read prior incident data? Yes, as grounding context. Read access is scoped to the incident table; write access to the register is gated by the reviewer.
