Welcome to the Risk Treatment Module in Risk Application product!
Risk Treatment in a Risk Application refers to the set of actions and strategies implemented to address identified risks. Once a risk is assessed, treatment options are selected based on the risk level, impact, and likelihood.
This guide will walk you through the complete functionality and capabilities of the My Schedules module in detail.
- Overview of Risk Treatment
- Purpose
Risk Treatment helps reduce, eliminate, transfer, or accept risks to bring them to an acceptable level for the organization. - The Risk Treatment section in the application is organized into three key components:
- Risk Response
- Risk Mitigation
- Risk Review/Monitoring
- Treatment Options : Users can select from the following Risk Response options when determining how to handle identified risks:
- Mitigate: Take actions to reduce the impact or likelihood of the risk occurring.
- Accept: Acknowledge the risk and its consequences, typically used when the risk is within acceptable limits or cannot be cost-effectively treated.
- Transfer: Shift the responsibility or consequences of the risk to a third party (e.g., via insurance, outsourcing, or contracts).
- Avoid: Eliminate the risk entirely by choosing not to proceed with the activity or altering the plan.
- Accepted: This indicates that the risk has already been reviewed and formally accepted, and no further treatment actions are required.
- Where It Appears in the Application
- Risk Treatment options appear during or after the Risk Assessment process.
- Users can select treatment strategies from a dropdown or designated field while editing or reviewing a risk.
- Action Triggers
- When "Mitigate" is selected, the system may automatically generate a Mitigation Task.
- Users can assign responsibilities, due dates, and track treatment implementation.
- Tracking and Status
- The progress of risk treatment actions is monitored through the Tasks Module or Risk Register.
- Risk status updates as treatment actions are completed or modified.
Benefits
- Ensures a proactive approach to risk management.
- Supports accountability through task assignments and progress tracking.
- Enhances risk visibility across teams and departments.
- Accessing Risk Treatment module
To access the Risk Treatment Module
- Go to the Main Menu.
- Select Risk Treatment module menu
- It opens Risk Treatment module
- Roles to Accessing Risk Treatment Module
The following user roles can access and view the Risk Treatment section:
- Risk Administrator
- Risk Manager
- Risk Assessor
- Risk Owner
- Risk Viewer
- Risk Response details in Risk Treatment Module
The Risk Response tab is the first section of the Risk Treatment module and serves as the starting point for addressing identified risks. It allows users to select and document the appropriate treatment strategy for each risk.
Purpose:
To define how the organization plans to handle or respond to each risk based on its severity, likelihood, and impact.
Key Features in the Risk Response Tab:
- Risk Details Display:
- Risk Name
- Associated Facility or Business Unit
- Risk Category and Sub-category
- Risk Score (Before Treatment)
- Owner and Assessor Information
- Response Options:
Users can choose from the following standardized response strategies:- Mitigate – Take action to reduce the risk.
- Accept – Acknowledge the risk without taking any action.
- Transfer – Shift the risk to a third party (e.g., insurance, outsourcing).
- Avoid – Eliminate the risk entirely by changing plans or activities.
- Accepted – Used when a risk has been reviewed and deemed acceptable within current controls.
- Justification Field:
- Mandatory field where users must enter a reason for choosing a particular response.
- Attachments (Optional):
- Upload supporting evidence or documents related to the selected response.
- Save and Proceed:
- Once a response is selected and justified, users can save and proceed to the Mitigation or Monitoring tab for further action.
- Risk Mitigation details in Risk Treatment Module
The Risk Mitigation tab is a key section in the Risk Treatment module that captures and manages the mitigation activities defined for a risk where the response is Mitigate.
Purpose
To document, assign, and track actionable steps that reduce the likelihood or impact of identified risks, aligning them with the organization’s acceptable risk thresholds.
Key Components & Fields
- Risk Details Panel
- Displays the selected Risk Name, Risk ID, Facility, Inherent Risk Score, and other metadata.
- Provides context before assigning mitigation actions.
- Mitigation Action Grid
A structured layout where mitigation plans are added, showing:- Mitigation Title: Short name of the action.
- Description: Detailed explanation of the control or strategy.
- Start Date / End Date: Timelines for implementation.
- Assigned Owner: Responsible person or role.
- Status: Tracks progress (Not Started, In Progress, Completed, etc.)
- Attachments: Option to add supporting documents.
- Add New Mitigation Action
Users can:- Click on “Add” or “+” to create a new mitigation plan.
- Fill required fields and assign the task to a user.
- Multiple actions can be created under a single risk.
- Task Creation
once saved, each mitigation item becomes a task in the system, assigned to the selected owner. These tasks are visible in the My Actions or Tasks module for tracking and updates. - Action Buttons
- Save – To retain added mitigation actions.
- Next – Navigate to the Review/Monitoring tab.
- Back – Return to the Risk Response section.
Access and Permissions
- Editable by: Risk Managers, Risk Assessors, and Administrators.
- View only: May apply to Risk Owners or Viewers depending on role configuration.
Notes
- All fields may be mandatory based on the system settings or template.
- If no mitigation is needed (e.g., for “Accept” or “Transfer” responses), this tab may be disabled or optional.
- Risk Review/Monitoring details in Risk Treatment Module
The Risk Review/Monitoring tab is the final step in the Risk Treatment process, where organizations review and monitor the effectiveness of their mitigation strategies and overall risk response plans.
Purpose
- Ensure that implemented mitigation actions are effective and ongoing.
- Periodically review risks and decide whether further treatment is needed.
- Document risk re-evaluation, updated risk scores, and any changes in treatment strategy.
Key Features & Fields
1. Review Schedule
- Defines how often the risk should be reviewed.
- Common values: Quarterly, Bi-annually, annually, or Custom date.
2. Review Date / Next Review Date
- The last completed review date and the upcoming scheduled review.
3. Residual Risk Assessment
- Users are prompted to reassess:
- Residual Likelihood
- Residual Impact
- Residual Risk Score (auto-calculated based on selection)
- Helps in determining whether the risk is now within acceptable limits.
4. Review Outcome/Comments
- A text box for entering:
- Observations
- Lessons learned
- Suggestions for improvement
- Any changes needed in mitigation approach
5. Reviewer Details
- Shows or captures the details of the reviewer (name, role, and date).
Workflow
- Risk mitigation actions are executed.
- At scheduled intervals or upon completion, the Review/Monitoring tab is accessed.
- Reviewer assesses and enters the residual risk scores.
- Based on the outcome:
- If risk is still high, new mitigation actions may be initiated.
- If risk is reduced to an acceptable level, the treatment can be marked as Complete.
Access & Permissions
- Editable by: Risk Manager, Risk Assessor, and Risk Administrator.
- Read-only for Risk Viewer or non-assigned users.
- Risk Owner may or may not have access depending on configurations.
- Language Options for Risk Treatment module
To support diverse user needs across regions, the Risk Treatment module in the Risk Application offers multi-language support.
Users can choose their preferred language in two ways:
- At Login: Select the desired language before signing in.
- Within the Application: Use the language dropdown located at the top-right corner of the screen after logging in.
Once a language is selected, the entire Risk Treatment module — including the Risk Response, Risk Mitigation, and Risk Review/Monitoring sections — will be displayed in the chosen language, ensuring a seamless and user-friendly experience.
- Risk Treatment questionnaires
- How to Open Risk Treatment module?
- Login to the application.
- Go to Risk Treatment main navigation
- How to add Risk Responses?
- Navigate to the Risk Treatment module from the main menu.
- Select the appropriate:
- Risk Assessment
- Facility
- Risk Template
- Click on Fetch Data.
- Risk Display and Filtering
- All Risk Names mapped to the selected Risk Template and Facility will be displayed.
- A toggle option is available to switch views:
- High Risk Data: Displays only high-risk items.
- All Data: Displays all risks mapped with the selected Risk Template.
Grid View Details
The data is displayed in a grid with the following columns:
- Risk Name
- Likelihood
- Impact
- Risk Response
- Comments
- Inherent Risk
- Residual Risk
- Action
Adding or Editing Risk Responses
- In the Action column:
- Click to add or edit Risk Responses.
- Available response options include:
- Avoid
- Transfer
- Review
- Mitigate
- Accepted
- You can also add comments explaining your choice.
- Click Save to apply the selected Risk Response.
- The grid will be updated with the saved response.
Audit Trail
- All actions are recorded in the Event Logs for traceability and compliance.
- How to mitigate risk in Risk Mitigate tab?
- Open the Risk Treatment module from the main menu.
- Select the Risk Assessment, Facility, and Risk Template.
- Click Fetch Data.
- Go to the Risk Mitigation tab.
Understanding the Risk Mitigation Tab
This tab displays all risks for which the Risk Response was set to "Mitigate" in the Risk Response tab.
Grid View Details
The data is displayed in a grid with the following columns:
- Risk Name
- Likelihood
- Impact
- Risk Response
- Comments
- Inherent Risk
- Residual Risk
- View Recommendations / Convert Tasks
This column contains two key options:
- View Recommendations:
- Allows the user to view, add, or edit recommendations related to the selected risk.
- Recommendations can guide risk mitigation planning.
- Convert Tasks:
- Used to create actionable tasks from the given risk.
- Tasks can be assigned to users and tracked within the system
- Assigned To: Select the user responsible for executing the mitigation.
- Status: Choose from options like Not Started, In Progress, Completed, etc.
- Comment: Optional, for context or instructions.
- Click Save to record the mitigation plan.
Other Functionalities
- You can update or track progress of mitigation actions over time.
- Assigned users can receive tasks/notifications as part of follow-up.
- All changes are logged in the system’s audit/event logs
- How to perform Risk Review / Monitoring?
- Go to the main menu and open the Risk Treatment module.
- Click on the Risk Review/Monitoring tab.
Step 1: Select the Required Inputs
- Select:
- Risk Assessment
- Facility
- Risk Template
- Click on Fetch Data.
Step 2: View Risk Details
- The system displays a grid of risks that have undergone treatment or mitigation.
- The grid includes:
- Risk Name
- Residual Risk Score
- Previous Risk Response
- Review Comments
- Monitoring Frequency
- Next Review Due Date
- Action Column
Step 3: Initiate Risk Review
- In the Action column, click the Review or Edit icon for the desired risk.
Step 4: Add Review/Monitoring Information
- Enter:
- Review Comments or Observations
- Updated Risk Information (if applicable)
- Any New Residual Risk details (if reassessed)
- Next Review Date
Step 5: Save Review
- Click the Save/Submit icon.
- The system logs the review, updates the risk's review cycle, and may trigger a reminder for the next scheduled review.
Step 6: Audit Trail
- All review actions are logged as event entries, maintaining a complete audit history of all reviews and monitoring actions performed.
Purpose
- Ensure risks are actively monitored over time.
- Validate whether treatment actions are effective.
- Reassess the risk if there are changes in environment, controls, or outcomes