Creating a Risk in the Risk Register

Learn how to create risks on the 6clicks risk register

Create a Risk

To create a Risk,  you will need to head to the Risk Register. To do this select Risks, then Register from the left menu. 

To create a new risk, you can either select New Risk from the top right of the Risk Register screen or using the New dropdown.

When creating a new risk the New Risk modal will appear. Enter in the name and description of the risk and then click Create Risk.

Upon creating the risk you will be navigated to the risk details page. The risk details page is broken into five sections:

  1. Overview
  2. Risk Assessment
  3. Existing Controls & Compliance
  4. Treatment Plan
  5. Versions

Overview

This section provides the high-level details of the risk. This section has a number of different fields that can be used to categorise and manage the risk.

1. Name: the name of the risk can be updated directly from the risk using the pencil icon.

2. Description: the description can be updated by clicking on the Aa button at the bottom of the description box.

3. Common Cause & Potential Impact: you can add any common causes and potential impacts in the respective text boxes to provide more contextual information on the risk.

4. Risk Rating: the risk rating pulls through from the selected Risk Rating section (see Risk Rating section).

5. Treatment Status: the treatment status tracks the progress of the risk treatment plan and can be updated directly from the Overview section or from the Risk Treatment section (see Risk Treatment section).

6. Risk Domain: the risk category the risk belongs to.

7. Risk Owner: the user responsible for the risk.

8. Identified By: the user which identified the risk.

9. Access Members: by default, only administrators can view all risks on the risk register. The Access Members field allows you to select users you wish to grant access to this specific risk. You can select individual users or groups.

10. Risk Registers / Tags: risk registers and tags allow you to create groupings of risks, which can then be filtered by in the Risk Register and reported on.

11. Linked Data: in the linked data section you can associate any object from across the 6clicks platform, including:

  • Assets
  • Issues
  • Assessment questions (note this has to be done from the Assessment Response page)
  • Register items from Custom Registers
  • Metrics

Metrics can be viewed by clicking on their respective badge and they will be displayed in the right-hand panel.

Risk Assessment

The Risk Assessment section is where you run your risk assessments. To create a new risk assessment, click the Risk Assessment header and the Risk Assessment table will appear. Next enter in the name of the risk assessment you want to create, and then hit enter.

The risk assessment will appear in the table the risk assessment details will appear in the right-hand panel.

To add a risk rating, select the likelihood and impact, and the risk rating will dynamically display.

You can also add a date and a risk rating label to categorise the risk rating. This allows you to group and track risk ratings over time.

To create a new risk assessment, hit the back arrow.

You can create as many risk ratings as you like, as well as use the same or different labels.

Risk rating labels play an important part when viewing the Risk Matrix report.

Lastly, you can select your favourite risk rating by starring it.

You can only select one favourite risk rating. Your favourite risk rating will be displayed in the Overview Section.

It will also be displayed in the risk register.

Existing Controls & Compliance

This section allows you to link controls from control sets and provisions from authorities to the risk. To link a control, you first need to add a control set. Click the plus button in the panel under the control tab.

Then select a control set from the dropdown.

After you have added a control set, all the controls will appear in the right-side panel. You can add a control to the risk by clicking the Add button (1). To view, the details of a control hit the pop up button (2).

After adding controls, they will appear in the table.

Similarly with provisions, under the authority tab, you can associate provisions to the risk.

Treatment Plan

The treatment Plan section is where you create, assign and manage your risk treatments. The overall risk treatment decision and treatment status is managed from the two top dropdowns.

For an in-depth article on how to create a Treatment Plan for risks, head here.

Versions

Lastly, each time you Publish a Risk, you create a version (1). You can view and restore previous versions from the Version section (2).