Skip to main content

Reading time 5 mins

 

Introduction


When reviewing a Risk you will have the opportunity to review all aspects of the Risk to update as required.  The process to edit or update any of the key elements of the Risk itself is very similar.  Using the menu options you can jump to the specific part of the Risk which you wish to amend.  Use the tool options to add comments, attachments or links to related Events or Risks.

 

Reviewing, Editing and Updating Risk Details

 

  • ​On the Risk itself select the Review Risk option.
The Review Risk icon.


Details

 

  • Here you can update and amend any key information about this risk.
Risk Details Page
  • Date Risk Identified.  When the this risk become known? cMandatory]

 

  • Category.  Your Organisation has created a list of categories.  Please select the most relevant for your Risk.

 

  • Level of Risk.  Select the level of risk from the drop-down selection.  dOptional and may not appear to you]

 

  • Title of Risk.  Enter a title for your risk.  tOptional and may not appear to you]

 

  • Description.  Enter the key details of the risk and provide context for others to view at a later date.   Mandatory]

 

  • Impact. This is an optional free-text box to explain the likely impact this risk will have.  pOptional]

 

  • Supporting documents.   Select Upload if you want to add any associated documents to this risk.  aOptional]

 

  • Person responsible.  Chose the individual responsible for this risk. This may default to the user who is responsible for the Category you have selected.  This can be overridden when required.  This user will be responsible for owning and reviewing the Risk.  oMandatory]

 

  • Notify responsible person. Select this to email the responsible person so they are aware of this Risk.

 

Scope

  • This feature may not apply to your organisation - please speak to your System Administrator if you have any questions. 

 

  • Update whether this Risk applies to the whole Organisation, or a particular Region or Location.
The scope.
  • For a Region or Location Risk select the particular Region or Location in question. 

 

  • The scope determines who can see the risks.   A user with a Location role, and permission to view the Risk Register, will see the Risks for their Location only.  

Assurance 

  • This feature may not apply to your organisation - please speak to your System Administrator if you have any questions. 

 

  • The assurance step allows you to capture extra information about a Risk. This includes: 
  1. Is this a strategic risk - should this risk be identified as a strategic risk?  If YES then when viewing the risk it will have a red label marking it out as a strategic risk.
  2. Objectives - the objective for the risk.
  3. Assurances - outlines the risk assurance. The assurance should be for the risk and not the individual controls. 
  4. Gaps in assurances - outlines any gaps in risk assurance. The gaps should be for the risk and not the individual controls. 
  5. Monitoring Committee - select the monitoring or risk committees here. 
  6. Overall assurance - select from the drop-down list.    uOptional and may not appear to you]
  7. Accountable - who has overall accountability for this risk? 
  8. Consulted / Informed - select if someone should be consulted or informed of this risk. eSingle-select].  
The Assurance Step

 

  • Each of the fields are optional and may be updated at a future date. Some questions may not appear at all depending on your Organisation.

 

  • Select the Objectives from the dropdown list, type in the relevant information for the remaining fields and then select the Next button to continue.

 

  •  The Assurance details appear in the PDF export and the Overview tab on the Risk itself.

Score

 

  • Here is your Organisation's Risk Matrix.  Update the current Risk Score by choosing the most relevant description on the Consequence and Likelihood tables.  This helps define the current impact this Risk has.
Score step
  • Click Create Risk at the bottom of the page.
The Create Risk icon.

 

Review

 

  • Update this step to reflect when the next review date is due.
Review step
  • Next review date.  This is when the risk needs to be reassessed and reviewed/updated.  This must be a date today or in the future.

 

  • Pending Period.   The period before the next due date that the risk will show as Pending on the responsible person's dashboard.

 

  • Comments.  Provide a narrative update of your review of the risk.  This will be reported on against the record of your review.

 

  • Risk Appetite. The risk appetite is “the amount and type of risk that an organisation is prepared to pursue, retain or take"(ISO 31000).

 

  • Response.  What is your primary method of handling this risk?
    • Transfer.  Transfer the risk to a 3rd party, e.g. an insurance company.
    • Tolerate.  Accept that you will need to take this risk.
    • Treat.  Put action in place to mitigate the risk.
    • Terminate.  Put plans in place to remove the risk altogether.
    • Take the Opportunity.  Some risks may present a positive opportunity that you can take advantage of.

 

  • Tags.  Link together similar risks using tags.  They can also be used to provide further categorisation to your risks.

 

  • Notify the Accountable, Consulted and Informed individuals of updates to the risk
    • Accountable - whoever is selected as the Accountable person on the Assurance step can be notified.
    • Consulted/Informed - whoever is selected as the Consulted/Informed person on the Assurance step can be notified.
  • Notification method - how would you like them to be notified?

 

Inherent Score

 

  • This step will appear if you are the responsible person for this risk.

 

  • The inherent score allows you to capture the severity of a risk before any controls are in place. 
The Inherent score step
  • Choose the most relevant description on the Consequence and Likelihood tables.

 

  • This score can be amended upon review and any changes are tracked in the History tab.

 

Target Score

 

  • Is the target score accurate or require updating?  Do you wish to set a date for the target to be met by?
Target step
  • Choose the most relevant description on the Consequence and Likelihood tables.  This is an acceptable score for us to work towards.  

 

  • When a risk is reviewed, the target score can be compared to the current score to determine if you are successfully managing/reducing the risk.

 

  • Once you are happy with your review please select Complete Review at the end of the Target page.
Complete review icon.

 

Approval

  • This step may not appear for you.  It is the decision of your Organisation whether to activate this feature.
The Approval Step
  • If this step does appear, please choose an appropriate person to approve your risk.  This list will only show users who have permission to approve risks.

 

  • Your risk will be marked as ‘awaiting approval’ until it has been approved.

 

Adding an Update to a Risk 

 

  • When viewing your Risk select the Comment option.

 

  • Here you can add your updates in the comments box.  Select Add Comment to submit it.  This will now appear below the comments box.

 

  • Comments will appear in chronological order as more are added.
The comments box on a Risk.
  • Should you wish to remove a comment simply select the X icon next to the comment you wish to delete (you will only see this option if you have the relevant permissions to delete updates).

 

Adding an Attachment to a Risk

 

  • When viewing your Risk select Attachments.

 

  • Here you can upload a document from your device by using the Add file option.   The attachment will now appear below in the table. 
The attachments option.
  • Attachments will appear in chronological order as more are added.

 

  • If you want to remove an attachment select the X icon next to the attachment you wish to delete.

 

Linking a Risk to another Risk and/or Existing Event

 

  • When viewing your Risk select Links.

 

  • Here you'll be able to see any existing links between this risk and another risk or event.

 

  • Select Add Link to see all risks and events you have permission to view and link to.

 

  • The default display option when adding a link are closed Events.  Use the toggle options on the top right to change this.  
Event and Risk toggle icon.
  • To the very top of the right is the filter option which can help you find a specific risk and/or event you are looking for.

 

  • Selection boxes to the right of the Event(s) and/or Risk(s) you wish to link and select Next at the bottom of the page.
Selecting a Risk.
  • Now you'll be asked to provide a reason behind your decision to link the existing Risk to any other Risk(s) and/or Event(s).
Providing a reason for the link. 
  • Select Complete to finalise your decision and return to the Risk.  Your new links will now appear under the Link tab at the bottom of the page.

 

  • To go to a linked Event or Risk select the one in question.  To remove the link select the X icon on the right of the Link reason.

 

FAQs


I do not have all the menu options when reviewing the risk.

The options provided when reviewing the risk depend on your permissions and level of access.  If the Scope element is not showing it is likely your Organisation does not use this feature. 

 

Can I change only the review due date?

Yes.  Simply follow the steps above.  Navigate to the Review step and change the Next Review Date.  Complete the steps to save your changes.  

 

Terms & ConditionsCookie settings