Skip to main content

How to Review a Risk

Complyance Support
Updated

Introduction

Risk reviews ensure that your treatment plans remain effective and relevant, helping your organization stay ahead of evolving threats and uncertainties. This process supports informed decision-making, reinforces accountability, and promotes continuous improvement.

The frequency of reviews depends on the type and severity of the risk. Most risks are reviewed annually, but critical risks may require more frequent assessment.

You can begin a review by navigating to the Risk Register from the left-hand sidebar in Complyance, then selecting the risk due for review.

 

Opening a Risk for Review

When a risk is approaching its review date, the Risk Owner will receive a notification that their review is Expiring or Overdue.

To begin, open the Risk Register and click on the risk marked for review. This will open the Risk Drawer, where you can access all relevant details.

 

Review the Risk Details

Go through all fields within the risk record and confirm their accuracy. You can make edits directly in the drawer — any changes will be recorded in the History Tab.

Key areas to review:

  • Risk Description: Ensure the risk information is still relevant.
  • Likelihood and Impact Ratings: Update if there’s a change in exposure.
  • Risk Owner: Confirm responsible individual remain correct.
  • Treatment Details: Check if the treatment strategy and plan is still valid, effective, and being followed.

 

Review Associated Tasks

Navigate to the Tasks Tab on the right bar of the risk to view actions linked to the risk. Review the status of each task:

  • Review how many of the tasks are complete.
  • For incomplete or overdue tasks, ensure they have an owner and due date assigned. You can update these fields if necessary.

If the treatment plan has changed, you can create new tasks directly from the treatment plan using AI.

 

Creating the Review

Once you’ve validated the risk details and associated tasks, open the Review Tab on the right-hand side of the risk.

This tab provides a log of all previous reviews, including who performed them and when.

To log a new review:

  1. Click the ‘New Review’ button in the bottom right.
  2. Your name and the current date will auto-populate, but these are both editable if you are back-dating a review or completing on behalf of someone else.
  3. You can customize the review title to match your review scope or department naming conventions.
  4. Use the Notes section to document any updates or observations.
  5. If applicable, attach supporting documentation (e.g., meeting minutes, updated risk assessments).

Once complete, click ‘Create’ to finalize the review. This will update the risk’s status to Reviewed, update the Last reviewed date field, and the review will be logged for future reference.

 

Still have questions? Reach out to our support team via the Support Center for assistance.

Related articles