Risk Registry
View and manage all organizational risks in the Risk Registry.
Risk Registry
The Risk Registry is your central repository for all identified organizational risks. It provides a comprehensive view of your risk landscape and tools to manage each risk effectively.
Accessing the Risk Registry
Navigate to risks via:
- Sidebar - Click "Risks" then "Registry"
- Dashboard - Click the Risk Exposure card
- Keyboard - Press
GthenR
Registry Layout
List View
The default view shows risks in a table:
| Column | Description |
|---|---|
| Title | Risk name (click to open details) |
| Severity | Color-coded severity badge |
| Status | Current status (Open, Mitigating, etc.) |
| Category | Risk category |
| Owner | Assigned owner |
| Score | Calculated risk score |
| Created | When risk was added |
Summary Bar
Above the list:
- Total risks - Count of all risks
- Severity breakdown - Visual bar showing distribution
- Status summary - Open, mitigating, closed counts
Filtering Risks
By Severity
Filter to show only specific severity levels:
- All severities
- Critical only
- High only
- Medium only
- Low only
By Status
Filter by risk status:
- All statuses
- Open
- Mitigating
- Mitigated
- Accepted
- Closed
By Category
Filter by risk category:
- Security
- Compliance
- Operational
- Vendor/Third-Party
- Financial
- Reputational
- Strategic
By Owner
Filter to see:
- Unassigned risks
- Risks you own
- Risks owned by specific team members
Combine filters to create focused views. For example: "Critical + Open + Security" shows critical open security risks.
Sorting Options
Click column headers to sort:
| Sort Option | Description |
|---|---|
| Severity | Critical first or Low first |
| Score | Highest or lowest risk score |
| Status | Group by status |
| Created | Newest or oldest |
| Title | Alphabetically |
| Owner | Grouped by owner |
Searching Risks
Use the search bar to find risks by:
- Risk title
- Description content
- Category name
- Owner name
- Linked items
Search Tips
- Use quotes for exact phrases
- Combine with filters for precision
- Search is case-insensitive
Risk Scores
Understanding the Score
Each risk has a calculated score:
| Score Range | Meaning |
|---|---|
| 81-100 | Critical risk level |
| 61-80 | High risk level |
| 41-60 | Medium risk level |
| 21-40 | Low risk level |
| 1-20 | Minimal risk level |
Score Calculation
Score = Likelihood × Impact
Where:
- Likelihood = 1-5 scale (rare to almost certain)
- Impact = 1-5 scale (negligible to catastrophic)
Example: Likelihood 4 × Impact 5 = Score 20 (normalized to scale)
Working with Risks
Quick Actions
Hover over any risk row to see:
- View - Open risk details
- Edit - Modify risk properties
- Create Workflow - Start remediation
- Delete - Remove risk (with confirmation)
Bulk Actions
Select multiple risks to:
- Change status
- Assign owner
- Change severity
- Export selection
- Delete
Risk Categories
Security Risks
- Data breaches
- Unauthorized access
- Malware and viruses
- Insider threats
Compliance Risks
- Regulatory violations
- Audit failures
- Framework non-compliance
- Reporting failures
Operational Risks
- System downtime
- Process failures
- Human errors
- Resource constraints
Vendor Risks
- Third-party breaches
- Service interruptions
- Contract violations
- Dependency risks
Financial Risks
- Fraud
- Revenue loss
- Cost overruns
- Currency exposure
Registry Management
Adding Risks
Click "Add Risk" to create new entries:
- Enter risk details
- Assess likelihood and impact
- Assign owner
- Link to gaps if applicable
- Save
See Adding Risks for details.
Updating Risks
Click the Risk
Open the risk detail view.
Click Edit
Modify any risk property.
Update Fields
Change status, severity, owner, or details.
Save Changes
All changes are logged in the audit trail.
Closing Risks
When a risk is no longer relevant:
- Open the risk details
- Change status to "Closed"
- Add closure notes explaining why
- Risk moves to closed view
Don't delete risks to keep a clean registry. Close them instead. Deleted risks lose all history and audit trail.
Exporting the Registry
Export your risk data for reporting:
- Apply desired filters
- Click "Export"
- Choose format (CSV or PDF)
- Select columns to include
- Download
Export Uses
- Management reporting
- Board presentations
- Audit evidence
- Backup purposes
Registry Health
Signs of a healthy registry:
| Indicator | Healthy | Concerning |
|---|---|---|
| Open risks | Reasonable count | Excessive backlog |
| Age of risks | Recently reviewed | Stale, untouched |
| Owner assignment | All risks owned | Many unassigned |
| Status updates | Regular progress | No movement |
Maintaining the Registry
- Review all risks monthly
- Archive closed risks quarterly
- Reassess severities annually
- Clean up duplicates regularly
Saved Views
Create saved views for common filters:
Example Views
| View Name | Filters |
|---|---|
| My Risks | Owner = Me |
| Critical Open | Severity = Critical, Status = Open |
| Security Risks | Category = Security |
| Needs Owner | Owner = Unassigned |
Creating a View
- Apply filters
- Click "Save View"
- Name your view
- Access from Views dropdown
Common Questions
Can I import risks?
Yes. Use the import feature:
- Download the template CSV
- Fill in your risk data
- Upload the completed file
- Review and confirm import
How do I merge duplicate risks?
- Identify the duplicate
- Copy relevant information to the primary risk
- Close the duplicate with a note
- Link related items to the primary
Who can edit risks?
- Admins can edit any risk
- Risk owners can edit their risks
- Team members can add risks
- Viewers can only read
Next Steps
- Priority Queue - See AI prioritization
- Risk Details - Deep dive into a risk
- Workflows - Create remediation plans