Categories and status
Categorise risks for better reporting, move them through a defined status lifecycle, and assign control types and ownership to clarify your response strategy.
Risk categories
Categories help you organise, analyse, and report on your risk portfolio. Risk Companion supports customisable categories with optional subcategories. Here are the common defaults.
Technology failures, system integration issues, design flaws
Budget overruns, currency fluctuations, funding gaps
Regulatory changes, market shifts, natural events
Process inefficiencies, resource constraints, quality issues
Vendor disputes, scope changes, compliance breaches
Timeline delays, dependencies, milestone slippage
Project administrators can create custom categories tailored to your industry or project type in the Settings area.
Status lifecycle
Every risk follows a defined lifecycle from identification to closure. Understanding the statuses helps you track progress and keep the register current.
Draft
Initial state for newly identified risks. Use this while gathering information and before formal review.
Active
The risk has been reviewed and accepted into the register. It requires ongoing monitoring and potential action.
In Progress
Measures are being implemented. Track progress and update assessments as work proceeds.
On Hold
Temporarily paused due to dependencies, resource constraints, or pending decisions. Document the reason.
Closed
The risk is no longer active. When closing, specify a substatus: Mitigated (successfully addressed) or Occurred (risk materialised).
Control types
Risk Companion supports the four standard risk response strategies. Choose the control type that matches the risk and your organisation's risk appetite.
Treat
Take action to reduce the probability or impact of the risk.
Use when the risk can be reasonably reduced through preventive or corrective measures.
Transfer
Shift the risk to a third party through insurance, contracts, or outsourcing.
Use when another party can better manage the risk or absorb its impact.
Tolerate
Accept the risk without specific action, often with contingency plans in place.
Use when the cost of response outweighs the potential impact, or the risk is low.
Terminate
Eliminate the risk by removing the activity or objective that creates it.
Use when the risk is too severe and no acceptable response exists.
Risk allocation
In addition to the control type, specify who bears responsibility for the risk.
Risk ownership
Assign clear ownership so someone is accountable for monitoring each risk and driving its measures. Risk owners are responsible for:
- Monitor risk status and update assessments regularly
- Implement or coordinate measures
- Escalate risks that require management attention
- Document changes and lessons learned
- Close risks when resolved or no longer relevant
Assign owners who have the authority and resources to act on risks. Avoid assigning ownership to team members who cannot influence outcomes.
See also
- Current vs target assessments — track improvement as risks move through the lifecycle
- Understanding bow-ties — visualise causes and effects for each risk