PartnerAlly Docs
Risks

Adding Risks

Learn how to add new risks to your Risk Registry.

Adding Risks

While PartnerAlly automatically identifies some risks through document analysis and gap detection, you'll often need to add risks manually. This guide covers how to create comprehensive risk entries.

When to Add Risks Manually

Add risks when:

  • Completing risk assessments
  • Reviewing vendor relationships
  • Identifying operational risks
  • Recording audit findings
  • Documenting security concerns
  • Tracking business risks

Not every concern is a risk. A risk should represent a potential negative outcome with identifiable likelihood and impact.

Creating a Risk

Basic Process

Go to the Risk Registry from the sidebar.

Click "Add Risk"

Find the button in the top right corner.

Enter Risk Details

Fill in the required and optional fields (described below).

Save the Risk

Click "Create Risk" to add it to the registry.

Risk Form Fields

Required Fields

FieldDescriptionTips
TitleBrief risk descriptionBe specific and clear
DescriptionDetailed explanationInclude context and potential consequences
CategoryRisk typeChoose the most applicable category
SeverityOverall risk levelBased on likelihood × impact

Optional Fields

FieldDescriptionTips
LikelihoodProbability (1-5)1=Rare, 5=Almost Certain
ImpactBusiness impact (1-5)1=Minimal, 5=Catastrophic
OwnerResponsible personAssign for accountability
Due DateTarget resolutionWhen should this be addressed?
Related GapsLinked compliance gapsConnect to gaps this risk relates to
Related ControlsAssociated controlsWhich controls mitigate this?
NotesAdditional contextAny other relevant information

Assessing Likelihood

Use this scale to assess how probable the risk is:

ScoreLikelihoodDescriptionExample
1RareUnlikely to ever occurOnce in 50 years
2UnlikelyCould happen but doubtfulOnce in 10 years
3PossibleMight occur at some timeOnce in 3 years
4LikelyWill probably occurOnce per year
5Almost CertainExpected to occurMultiple times per year

Assessing Impact

Use this scale to assess potential business impact:

ScoreImpactDescriptionExample
1MinimalNegligible effectMinor inconvenience
2MinorSome effect, easily managedSmall financial loss
3ModerateSignificant but recoverableMedium financial loss, reputational impact
4MajorSerious damageLarge financial loss, regulatory action
5CatastrophicExistential threatCompany survival at risk

Severity Assignment

Severity is typically calculated from likelihood × impact:

CalculationResultSeverity
L × I = 1-4Very LowLow
L × I = 5-9Low-MediumLow/Medium
L × I = 10-14MediumMedium
L × I = 15-19Medium-HighHigh
L × I = 20-25Very HighCritical

Or assign severity directly based on judgment.

Risk Categories

Security

Examples:
- Unauthorized access to systems
- Data breach through vulnerability
- Malware infection
- Insider threat
- Social engineering attack

Compliance

Examples:
- Failure to meet SOC 2 requirements
- GDPR violation
- Audit finding not remediated
- Regulatory penalty risk
- Certification lapse

Operational

Examples:
- Key system downtime
- Process failure
- Staff capacity shortage
- Critical skill dependency
- Communication breakdown

Vendor/Third-Party

Examples:
- Vendor data breach
- Service availability failure
- Contract non-compliance
- Concentration risk
- Vendor financial instability

Financial

Examples:
- Revenue loss
- Unexpected costs
- Currency exposure
- Credit risk
- Fraud

Writing Good Risk Descriptions

Risk Title

Good titles are:

  • Specific and clear
  • Action or outcome focused
  • Scannable
Bad TitleGood Title
"Security""Unauthorized access to customer data"
"Vendor issue""Cloud provider outage affecting production"
"Compliance thing""SOC 2 audit failure due to access control gaps"

Risk Description

Include:

  1. What could happen
  2. How it could happen
  3. What the impact would be
  4. Any context or history

Example:

Our primary cloud provider could experience an extended outage (>4 hours), causing our SaaS platform to become unavailable to customers. This would result in SLA violations, potential customer churn, and reputational damage. We have had 2 minor outages in the past year.

Linking to Other Items

Linking to Gaps

Connect risks to related compliance gaps:

  1. In the risk form, find "Related Gaps"
  2. Search for and select relevant gaps
  3. The risk and gaps are linked

Why link:

  • Closing gaps may mitigate risks
  • Shows relationship between compliance and risk
  • Helps prioritize gap remediation

Linking to Controls

Connect risks to controls that mitigate them:

  1. In the risk form, find "Related Controls"
  2. Search for and select controls
  3. Control status affects risk assessment

Linking risks to controls and gaps creates a complete picture of how compliance activities affect your risk posture.

Creating Risks from Gaps

You can create a risk directly from a gap:

  1. Open a compliance gap
  2. Click "Create Risk"
  3. Risk form pre-populates with gap info
  4. Adjust and complete the risk details
  5. Risk is automatically linked to the gap

Bulk Risk Import

Import multiple risks at once:

Download Template

Click "Import" then "Download Template" to get the CSV format.

Fill in Data

Complete the spreadsheet with your risk data.

Upload File

Click "Import" and select your completed file.

Review and Confirm

Check the preview and confirm the import.

Risk from Assessment

When completing a risk assessment:

  1. Document findings in your assessment tool
  2. Export or manually enter significant risks
  3. Link assessment document as evidence
  4. Track remediation via workflows

Common Mistakes to Avoid

MistakeBetter Approach
Too vagueBe specific about the risk
No ownerAlways assign accountability
Wrong categoryChoose the primary category
Duplicate risksSearch before adding
Severity mismatchBase on likelihood × impact

After Adding a Risk

Once a risk is created:

  1. Assign owner if not already done
  2. Link to gaps that relate to the risk
  3. Create workflow if mitigation is needed
  4. Set reminders for periodic review
  5. Communicate to stakeholders if significant

Next Steps

Priority Queue

Use AI-powered risk prioritization to focus on what matters most.

Risk Details

Understanding the risk detail view and managing individual risks.

On this page

Adding RisksWhen to Add Risks ManuallyCreating a RiskBasic ProcessNavigate to RisksClick "Add Risk"Enter Risk DetailsSave the RiskRisk Form FieldsRequired FieldsOptional FieldsAssessing LikelihoodAssessing ImpactSeverity AssignmentRisk CategoriesSecurityComplianceOperationalVendor/Third-PartyFinancialWriting Good Risk DescriptionsRisk TitleRisk DescriptionLinking to Other ItemsLinking to GapsLinking to ControlsCreating Risks from GapsBulk Risk ImportDownload TemplateFill in DataUpload FileReview and ConfirmRisk from AssessmentCommon Mistakes to AvoidAfter Adding a RiskNext Steps