Skip to main content

Overview

The Risk Card is the detailed view of a single risk. This is where you review the risk’s current scoring, update its assessment, manage linked controls and actions, and view the full audit trail of changes. It follows the same pattern as the Control Card, giving you a consistent experience across your risk and control framework. To open a Risk Card, click on any risk title from the Risk Register or the Risks Dashboard. You can also navigate from the sidebar via Risks > Risk Card and use the Load Risk panel to select a specific risk.

Basic Information

Risk Card showing basic information, risk details, and the Load Risk panel
The top section shows everything that defines the risk:
  • Reference and title — the risk’s unique ID (e.g., #RR1) and name
  • Risk Class — the top-level risk category (e.g., Financial, Operational)
  • Risk Sub-Class — the more specific classification within the class
  • Concern Statement — a narrative description of what could go wrong and why it matters
On the right-hand side you will find:
  • Load Risk — select and load a different risk from the dropdown
  • Status — current status and go-live date
  • Ownership — the team, owner, reviewer, and manager assigned to this risk
  • Additional Info — entity, business unit, and reference number

Risk Assessment

Risk Assessment section showing inherent, residual, and forecast scoring with likelihood and impact dimensions
The assessment section is where you evaluate and score the risk across three perspectives:
  • Inherent Risk — the risk level before any controls are applied
  • Residual Risk — the risk level after taking your current controls into account
  • Forecast Risk — where you expect the risk to be in the next assessment period
Each perspective is scored using a matrix that combines Likelihood and Impact. Impact is broken down across multiple dimensions:
  • Financial — monetary loss exposure
  • People — health, safety, or workforce impact
  • Brand — reputational damage
  • Regulatory — compliance or regulatory action
The resulting score (e.g., C4, D3) places the risk on the organisation’s risk matrix, where the letter represents likelihood and the number represents impact severity.

Assessment workflow

Use the assessment buttons to progress through the review cycle:
  1. Prepare — the risk owner completes their assessment with a supporting comment
  2. Sign-off — the reviewer validates the assessment
  3. UPDATE — saves changes and records the assessment date

Linked Items

Linked items showing Controls, Actions, Indicators, and Risk Incidents connected to this risk
The linked items section shows everything connected to this risk, organised into columns:
  • Controls — the controls that mitigate this risk, shown as coloured badges (e.g., CR1, CR358). Click any badge to open that control’s Control Card. Use the link icon to add or remove control associations.
  • Actions — open actions related to the risk (e.g., remediation tasks or improvement initiatives). See Actions for more detail.
  • Indicators — key risk indicators that help you monitor whether this risk is trending in the right direction. See Indicators for more detail.
  • Risk Incidents — incidents where this risk materialised. Use these to validate your scoring and to evidence the risk for auditors.
Tracks and Trends section showing the audit trail of risk assessments and changes
At the bottom of the Risk Card, the Tracks & Trends section provides a full audit trail. Click the + icon to expand it. It contains three tabs:

Risk Assessment

A complete log of every assessment cycle for this risk, showing:
  • When each assessment was performed
  • Who prepared and signed off
  • The inherent, residual, and forecast scores at each point in time
  • How long the review cycle took

Basic Info

A timestamped record of every change to the risk’s core fields — title, class, sub-class, concern statement, ownership, and status. Use this to understand how a risk has evolved or to audit configuration changes.

Relational Info

A history of how the risk’s relationships have changed over time — which controls, actions, indicators, and incidents were linked or unlinked and when. Each row shows the full set of linked items at that point in time.

Tips & Tricks

Always include a clear Concern Statement that explains what could go wrong and the potential consequences. This helps reviewers, auditors, and board members understand the risk without needing additional context.
When scoring impact, consider all four dimensions — Financial, People, Brand, and Regulatory. A risk that seems low-impact financially may carry significant regulatory or reputational consequences.
Use the Forecast Risk score to signal where you expect the risk to move. If your forecast is higher than your residual, it flags a deteriorating trend that may need pre-emptive action.
Changes to the Risk Card are only saved when you click UPDATE. If you navigate away without updating, your changes will be lost.
The linked items section mirrors the layout on the Control Card. Linking a control to a risk here has the same effect as linking a risk to a control from the Control Card — the relationship is bidirectional.