Skip to main content

Creating a risk

Roles and permissions

The following roles can create a risk:

  • Administrators

  • Compliance managers who are members of the Risk Register

  • Users who are members of the Risk Register

The steps below explain how to create a single risk. If you want to create multiple risks at once, you can add them to a CSV and then import them into Hyperproof.

  1. From the left menu, select Risk.

  2. Select your Risk Register.

  3. Select the Risks tab.

    risks-tab-generic.png

  4. Click New.

    The Create new risk window opens.

  5. Below Risk ID, enter an ID for the risk.

  6. Below Risk Name, enter a descriptive name for the risk.

  7. Below Description, enter a description of the risk.

  8. From the Owner drop-down menu, select the individual who owns the risk. Note that contacts can also be risk owners.

  9. Optionally, do any or all of the following:

    • From the Inherent Likelihood drop-down menu, select the status that best represents the chance of the risk happening.

    • Below Rationale for Likelihood, enter the reason for the status selected in the previous step.

    • From the Inherent Impact drop-down menu, select the status that best represents the risk's impact on your organization if it occurs.

    • Below Rationale for Impact, enter the reason for the status selected in the previous step.

    • From the Tolerance drop-down menu, select the status that best represents the level of risk your organization is willing to take.

    • From the Category drop-down menu, select the category the risk falls into.

      Tip

      To remove a category from the list, you must remove it from all risks. Once the category is removed from the risks, it no longer appears in the list. For example, if you have a 'Security' category, and change all of the risks assigned to that category to a new category, e.g. 'Safety', 'Security' is automatically removed from the list.

      Tip

      To fix a typo in the list of categories:

      1. Select the risk that belongs to the category with the typo.

      2. From the Details tab, mouse over Category and then click the Edit icon.

      3. Click Add a new category. Create the new category.

        The risk is automatically assigned to the new category and the misspelled category is removed from the list.

        Note that these steps must be done for all risks with the misspelled category.

    • From the Response drop-down menu, select the status that best represents your organization’s response should the risk happen.

      • Transfer - Risks that have been turned over to another party.

      • Accept - Risks that have been accepted because their repercussions aren’t considerable.

      • Avoid - Risks that are intended to be averted; no controls are put in place.

      • Mitigate - Risks with controls to avoid adverse repercussions.

    • Select one or more custom fields to attach to the risk.

  10. Click Create.

    The risk is created.

    Tip

    At any time, you can view a health snapshot of a risk from the Details tab. You can also override risk statuses by hovering over a status then clicking the Edit icon.

In this section: