Risk Tracking
Learn how to identify, document, and track organizational risks in the Risk Radar registry with full audit trails and ownership.
Introduction#
Risk tracking is the foundation of effective risk management. The Risk Radar registry provides a centralized hub for documenting all identified risks, assigning ownership, tracking status changes, and maintaining complete audit trails for compliance and governance purposes.
By systematically tracking risks, organizations gain visibility into their risk landscape, can prioritize resources effectively, and ensure accountability for risk mitigation activities.
Centralized Registry
All risks in one place with consistent documentation standards.
Full Audit Trail
Track every change with timestamps and user attribution.
Clear Ownership
Assign accountability for each risk to specific team members.
Risk Registry#
The risk registry is your organization's master list of all identified risks. It provides a comprehensive view of your risk landscape with filtering, sorting, and search capabilities to quickly find and manage risks.
Access the risk registry by navigating to Risk Radar from the main navigation. The registry displays all risks in a table format with key information visible at a glance.
Permission Requirements
- Viewer: Can view risks and their details
- Editor: Can create and edit risks
- Admin: Can delete risks and manage settings
Creating a Risk#
Adding new risks to the registry is straightforward. Follow these steps to document a newly identified risk:
Click "Add Risk"
Enter basic information
Classify the risk
Assign ownership
Add supporting details
Save the risk
Risk Fields#
Each risk in the registry contains a comprehensive set of fields to capture all relevant information:
| Field | Required | Description |
|---|---|---|
| Title | Yes | A brief, descriptive name for the risk (e.g., "Supply Chain Disruption") |
| Description | Yes | Detailed explanation of the risk, its causes, and potential impact |
| Category | Yes | Classification of the risk type (Operational, Financial, etc.) |
| Severity | Yes | Impact level if the risk materializes (Critical to Low) |
| Likelihood | Yes | Probability of the risk occurring (Very Likely to Unlikely) |
| Status | Yes | Current state of the risk (Active, Monitoring, Mitigated, Closed) |
| Owner | Yes | Person accountable for managing this risk |
| Due Date | No | Target date for next review or mitigation completion |
| Tags | No | Labels for additional categorization and filtering |
| Related Risks | No | Links to other risks for systemic analysis |
| Notes | No | Additional context, updates, or comments |
| Attachments | No | Supporting documents, images, or files |
Risk Categories#
Risk categories help organize risks by their nature and enable reporting by risk type. The system includes the following default categories:
| Category | Description | Examples |
|---|---|---|
| Strategic | Risks affecting long-term goals and competitive position | Market shifts, competitor actions, M&A failures |
| Operational | Risks in day-to-day business operations | Process failures, supply chain, quality issues |
| Financial | Risks impacting financial health and stability | Cash flow, credit risk, currency fluctuation |
| Compliance | Regulatory and legal obligation risks | Regulatory changes, audit findings, lawsuits |
| Technology | IT and cybersecurity-related risks | System outages, data breaches, tech debt |
| Reputational | Risks to brand and stakeholder perception | PR crises, customer complaints, social media |
| Human Capital | People and talent-related risks | Key person dependency, turnover, skill gaps |
| External | Macro environment and third-party risks | Economic downturn, natural disasters, vendors |
Custom Categories
Severity & Likelihood#
Risk assessment uses a standard severity and likelihood matrix to prioritize risks. This enables consistent evaluation across the organization and helps focus resources on the most critical risks.
Severity Levels#
| Level | Impact | Criteria |
|---|---|---|
| Critical | Catastrophic | Existential threat, major financial loss (>20% revenue), regulatory shutdown |
| High | Major | Significant financial loss (5-20% revenue), major operational disruption |
| Medium | Moderate | Noticeable impact (1-5% revenue), temporary disruption, manageable |
| Low | Minor | Minimal impact (<1% revenue), easily absorbed, inconvenience only |
Likelihood Levels#
| Level | Probability | Criteria |
|---|---|---|
| Very Likely | >75% | Expected to occur within the next year, has happened before |
| Likely | 50-75% | More likely than not, similar events have occurred |
| Possible | 25-50% | Could occur, some precedent exists |
| Unlikely | <25% | Not expected, would be surprising if it occurred |
The combination of severity and likelihood determines the overall risk score, which is used to prioritize risks in the registry and dashboard views.
Risk Lifecycle#
Risks progress through different statuses as they are managed over time. Understanding the risk lifecycle helps ensure proper handling at each stage:
Active
Newly identified risks requiring assessment and mitigation planning. This is the default status for new risks.
Monitoring
Risks with mitigation in progress or stable risks being watched. KRIs may be actively tracked.
Mitigated
Risks where controls have been implemented and residual risk is acceptable. May still require periodic review.
Closed
Risks that no longer apply or have been fully resolved. Retained for historical reference and audit.
Don't Close Prematurely
Risk Relationships#
Risks rarely exist in isolation. Linking related risks helps identify systemic issues, understand cascading effects, and ensure comprehensive mitigation strategies address root causes.
Parent-Child Relationships
Break down complex risks into component parts or roll up specific risks to broader themes.
Peer Relationships
Connect risks that share common causes, controls, or impacts for holistic analysis.
To link risks, open a risk's detail view and use the "Related Risks" section to search for and connect other risks in the registry.
Filtering & Search#
The risk registry includes powerful filtering and search capabilities to help you quickly find specific risks:
Filter Options
Filter by category, severity, likelihood, status, owner, tags, and date ranges.
Full-Text Search
Search across titles, descriptions, and notes to find risks by keyword.
Tag-Based Filtering
Use custom tags to create your own groupings and filter by multiple tags.
Saved Views
Save filter combinations as named views for quick access to common queries.
Exporting Risks#
Export risk data for reporting, analysis, or sharing with stakeholders who may not have system access:
CSV Export
Export filtered or all risks to CSV format for use in spreadsheets.
PDF Report
Generate a formatted PDF risk report for board presentations or audits.
To export, apply any desired filters, then click the "Export" button and select your preferred format. Exports include all visible columns and respect the current filter settings.