Risk Management Guide
Everything you need to know about creating, categorizing, and managing risks throughout their lifecycle in Risk Companion.
Getting to the Risk Register
To add or manage risks, navigate to your project's Risk Register:
Adding a Risk
Click Add Risk to open the risk creation form. Enter a title to create the risk, then fill in additional details on the risk detail page.
Risk Detail Page
After creating a risk, open its detail page to complete all information. The page is organized into tabs:
Details Tab
Required. Enter a clear, descriptive name (e.g., "Supplier delays construction materials").
Select from a dropdown that includes subcategories (e.g., Technical > Design Flaws).
Select from a dropdown showing team members. The owner is responsible for monitoring and mitigating this risk.
Choose your risk response strategy (Tolerate, Treat, Terminate, Transfer) and who bears responsibility (Contractor, Client, Shared).
Set Next Review date, plus optional Start and End dates for the risk window.
Bowtie Tab
The Bowtie view visualizes the relationship between causes, the risk event, and its effects:
Click to add cause events (left side) and effect events (right side) of your risk.
Attach preventive measures to causes and mitigating measures to effects to show your control strategy.
Assessment Tab
Score your risk using Current and Target assessments to track improvement over time:
Select your scoring approach from the dropdown (e.g., 5x5 matrix, custom scales).
Rate how likely the risk is to occur.
Score impact across multiple dimensions (e.g., Cost, Schedule, Safety, Reputation) as configured for your project.
Risk Properties Reference
Here is a complete reference of all fields available when creating or editing a risk:
Title *
Required. A concise, descriptive name (e.g., "Supplier delays construction materials"). This is the only required field for Quick Add.
Category & Subcategory
Two-level classification. Select a main category, then optionally choose a subcategory for more precise grouping.
Occurrence Phase
The project phase when this risk is most likely to materialize (e.g., Planning, Execution, Closeout).
Owner
Select from team members (shown with avatars). The owner receives notifications and is accountable for this risk.
Control Type
Your response strategy: Tolerate, Treat, Terminate, or Transfer. Selected via radio buttons.
Allocation
Who bears responsibility for this risk: Contractor, Client, or Shared between parties.
Key Dates
Next Review (when to reassess), Start Date (when risk window begins), End Date (when risk window closes).
Tags
Free-form labels for filtering and organizing risks (e.g., "critical-path", "vendor", "safety").
Risk Categories
Categorizing risks helps you organize, analyze, and report on your risk portfolio. Risk Companion supports customizable categories, but here are common classifications:
Technology failures, system integration issues, design flaws
Budget overruns, currency fluctuations, funding gaps
Regulatory changes, market shifts, natural events
Process inefficiencies, resource constraints, quality issues
Vendor disputes, scope changes, compliance breaches
Timeline delays, dependencies, milestone slippage
Risk Status Workflow
Every risk follows a defined lifecycle from identification to closure. Understanding the status workflow helps you track progress and manage risks effectively.
Status Lifecycle
Draft
Initial state for newly identified risks. Use this status while gathering information and before formal review.
Active
The risk has been reviewed and accepted into the register. It requires ongoing monitoring and potential action.
In Progress
Mitigation actions are currently being implemented. Track progress and update assessments as work proceeds.
On Hold
Temporarily paused due to dependencies, resource constraints, or pending decisions. Document the reason for holding.
Closed
The risk is no longer active. When closing, specify a substatus: Mitigated (risk was successfully addressed) or Occurred (risk materialized).
Control Types
Risk Companion supports the four standard risk response strategies. Choose the appropriate control type based on the risk's nature and your organization's risk appetite:
Treat
Take action to reduce the probability or impact of the risk.
Use when: The risk can be reasonably mitigated through preventive or corrective actions.
Transfer
Shift the risk to a third party through insurance, contracts, or outsourcing.
Use when: Another party can better manage the risk or absorb its impact.
Tolerate
Accept the risk without taking specific action, often with contingency plans.
Use when: The cost of mitigation outweighs the potential impact, or the risk is low.
Terminate
Eliminate the risk by removing the activity or objective that creates it.
Use when: The risk is too severe and no acceptable mitigation exists.
Risk Allocation
In addition to control type, specify who bears responsibility for the risk:
Risk Ownership
Assigning clear ownership is critical for effective risk management. Risk owners are accountable for monitoring their assigned risks and driving mitigation actions.
Owner Responsibilities
- Monitor risk status and update assessments regularly
- Implement or coordinate mitigation actions
- Escalate risks that require management attention
- Document changes and lessons learned
- Close risks when resolved or no longer relevant
Ready to Score Your Risks?
Learn how to assess risk probability and impact using Risk Companion's scoring system.
Go to Risk Assessments Guide