Most risk registers are theater. Someone fills one out at kickoff because the template demands it, everyone nods, and nobody opens it again until the postmortem asks whether the risk was logged. A register like that protects no one. It just documents that you saw the cliff before you drove off it.
A living register looks different. It's short, because a list of forty risks is a list of zero risks, nobody can hold forty things. I keep the handful that are both likely and serious, and I cut the rest. A risk that's neither likely nor serious is clutter wearing a warning label.
Each entry has an owner, not a team. "Engineering owns this risk" means no one owns it. A name owns it, and that person reports on it in the weekly rhythm. Ownership without a name is the most common defect I see.
And it changes. Risks get retired when they pass, new ones get added as the program reveals them, and severity gets re-rated as conditions shift. A register that looks identical to its kickoff version isn't being used. It's being stored.