Introduction

The Risks module gives you a clear view of your organization’s risk profile and makes it easy to track, manage, and review risks.

You’ll find the Risks module in the left-hand navigation bar of Complyance, just below the Compliance section. There are two key areas to be aware of:

• Risk Dashboard – provides visibility into the status and breakdown of your risks (fully customizable).

• Risk Register – your centralized risk register, consolidating all risks in one place.

   

Risk Dashboard

The Risk Dashboard provides a high-level overview of your risks, including:

• Total Risks – the total number of risks currently in your register.

• Risk Breakdown – how risks are distributed across treatment statuses, with a sum of the total risks in each category.

• Risks with Passing Controls – the number of risks linked to passing controls.

• Risk Categories – all of your risk categories separated out into tiles, showing the percentage of treated risk per category. Click on a category to view the risks within this category.

• Heat Maps – two heat maps (Inherent Risk and Residual Risk) showing the number of risks within each section of the matrix:

  • Inherent Risk: The level of risk before any mitigation measures are applied.

  • Residual Risk: The level of risk that remains after controls or treatments have been implemented.

Navigating the Risk Register

Your Risk Register is the central repository for all risks. You can customize the columns in this table to show the fields most relevant to your team. For details, see How to configure your Table View.

By default, the Risk Register includes:

• Status: Indicates whether the risk is Reviewed, Expiring, Overdue, or Closed, based on review frequency and last review date.

• Name: The name of the risk.

• Linked Controls: Any controls linked to the risk.

• Inherent Risk: Calculated from the inputted risk levels within the Risk Level tab (likelihood and impact) and matrix configuration.

• Residual Risk: Calculated from the inputted risk levels within the Risk Level tab (likelihood and impact) and matrix configuration.

• Residual Score: Derived by multiplying residual risk impact by residual risk likelihood.

• Treatment Strategy - This is how you plan to action the risk (Pending, Accept, Avoid, Mitigate, Monitor or Transfer).

• Treatment: The treatment approach assigned to the risk:

  • Accepted – Acknowledged risk that falls within acceptable tolerance.

  • Avoided – The activity causing the risk has been discontinued or removed.

  • Mitigated – Controls/actions have reduced the likelihood or impact to an acceptable level.

  • Pending – Under review or awaiting a decision.

  • Transferred – Responsibility shifted to a third party (e.g., insurance or outsourcing).

• Owner: The in-platform user responsible for the risk.

You can filter this table to view only relevant risks, such as filtering by status to show all overdue risks.

Navigating the Risk Drawer

Clicking a risk name in the table opens the Risk Drawer, where you can view and manage all related information.

The right-hand navigation bar in the Risk Drawer lets you quickly switch between tabs.

Details Tab

The Details tab includes key information about the risk:

• Description – A detailed description of the risk (you can use Core AI to regenerate or enhance this).

• Inherent and Residual Risk Scores – Generated from the risk level configuration.

• Category – A customizable field for your risk categories.

• Owner – The user responsible for the risk; they will receive notifications for changes and upcoming reviews.

• Frequency – How often the risk must be reviewed.

• Last Reviewed – The date of the most recent review.

• Treatment Strategy - This is how you plan to action the risk (Pending, Accept, Avoid, Mitigate, Monitor or Transfer).

• Treatment – The assigned treatment approach (Accepted, Avoided, Mitigated, Pending, or Transferred).

• Treatment Details – Notes on the treatment plan. Core AI can generate, enhance, or shorten treatment details.

• Custom Fields – Add custom fields to track additional attributes, such as:

  • Financial impact (e.g., < $500k, $500k–$1M, $1M–$3M, $3M+)

  • Confidentiality, availability, integrity score

At the top of the drawer, you’ll see the unique Risk ID (e.g., Risk / R0001) and its current status.

Risk Level Tab

Here, you can assign scores for Inherent Impact, Inherent Likelihood, Residual Impact, and Residual Likelihood. 

These values generate the Inherent and Residual Risk scores based on the pre-configured Matrix in your environment.   

You can learn how to configure your Risk Matrix here How to Configure your Custom Risk Matrix

Documents Tab

Store and manage any risk-related documents here. You can drag and drop files from your device directly into this section.

Controls Tab

Link controls that mitigate or relate to the risk.

• Primary Controls: Key controls directly mitigating this risk; their status is reflected in the control validity.

• Secondary Controls: Supporting controls not factored into control's validity.

Linking controls helps visualize which mitigation actions are in place for each risk.

Reviews Tab

Every risk review is logged here, creating a clear audit trail. As part of a review, you can:

• Add comments about updates or actions taken.

• Attach supporting documents related to the review.

To find out how to Review a risk and add a risk review - visit this article: How to Review a Risk