GR Risk Management - Admin Guide

Module: GR-05 Risk Register
Audience: Risk Managers, Compliance Officers, Administrators
Last Updated: 2025-12-14

Overview

This guide covers how to identify, assess, and manage organizational risks including risk creation, assessment scoring, mitigation planning, linking to sources, and monitoring.

Required Role: Compliance Officer or Organization Admin

Initial Setup

1. Configure Module Settings

Navigate to GR → Settings
Configure Risk Management settings:
- Enable/disable risk reminders
- Set default review frequency
- Configure risk rating thresholds
- Set mitigation reminder intervals
Save your settings

2. Define Risk Categories

The system includes standard risk categories:

Operational, Financial, Clinical, Safety, Compliance, Reputational

Custom categories can be configured in module settings if needed.

Risk Identification

Creating a New Risk

Navigate to GR → Risks
Click New Risk
Complete the form:

Field	Description	Required
Title	Clear risk name	Yes
Description	Detailed risk description	Yes
Category	Operational, Financial, Clinical, etc.	Yes
Risk Owner	Person responsible for risk	Yes
Site	Affected site(s)	No
Source	How risk was identified	No

Click Create Risk

Risk Sources

Document how risks are identified:

Source	Examples
Audit Finding	Linked from GR-04
Compliance Gap	Linked from GR-03
Incident Report	From incident management
Staff Report	Employee-identified
External	Industry alerts, regulatory changes

Linking to Source Entities

Risks can be linked to:

Audit Findings - Issues discovered during audits
Compliance Requirements - Regulatory gaps
Policies - Policy-related risks

Open the risk detail page
Go to Linked Items tab
Click Add Link
Select entity type and search for the item
Click Link

Risk Assessment

Performing an Assessment

Open the risk detail page
Click New Assessment
Rate likelihood and impact:

Likelihood	Score	Description
Rare	1	< 1% chance of occurring
Unlikely	2	1-10% chance
Possible	3	10-50% chance
Likely	4	50-90% chance
Almost Certain	5	> 90% chance

Impact	Score	Description
Insignificant	1	Minimal effect on operations
Minor	2	Small impact, easily managed
Moderate	3	Noticeable impact, requires action
Major	4	Significant operational impact
Catastrophic	5	Severe impact, potential failure

The risk score is calculated automatically (Likelihood × Impact)
Add assessment notes
Click Save Assessment

Risk Rating Matrix

Score	Rating	Color	Response
1-4	Low	Green	Monitor quarterly
5-9	Medium	Yellow	Monitor monthly
10-15	High	Orange	Active mitigation required
16-25	Critical	Red	Immediate executive attention

Assessment History

Each risk maintains a complete assessment history:

Track changes in likelihood/impact over time
Document reasons for rating changes
Monitor effectiveness of mitigations

Risk Mitigation

Mitigation Strategies

Strategy	When to Use	Example
Avoid	Eliminate the risk source	Stop high-risk activity
Reduce	Lower likelihood or impact	Add controls, training
Transfer	Shift risk to third party	Insurance, outsourcing
Accept	No action, monitor only	Low-impact risks

Creating a Mitigation Action

Open the risk detail page
Go to Mitigations tab
Click Add Mitigation
Complete the form:

Field	Description	Required
Title	Clear action description	Yes
Strategy	Avoid, Reduce, Transfer, Accept	Yes
Description	Detailed action steps	Yes
Responsible Party	Who will complete it	Yes
Due Date	Deadline for completion	Yes
Expected Outcome	What success looks like	No

Click Create Mitigation

Mitigation Status Workflow

Planned → In Progress → Completed → Verified

Tracking Mitigation Progress

Navigate to GR → Risks
Filter by mitigations or use the dashboard
Review status and progress notes
Verify completed mitigations

Residual Risk Assessment

After mitigations are implemented:

Open the risk
Click New Assessment
Rate the current (residual) risk with controls in place
Document how mitigations affected the rating
Continue monitoring if risk remains above tolerance

Risk Monitoring

Risk Dashboard

The GR Overview shows:

Metric	Description
Total Risks	Count of active risks
Critical Risks	Risks rated critical
High Risks	Risks rated high
Pending Mitigations	Actions not yet complete

Risk Register Views

Filter the risk register by:

Status (Active, Mitigated, Resolved, Closed)
Rating (Critical, High, Medium, Low)
Category (Operational, Financial, etc.)
Owner
Site

Review Cycles

Set up periodic risk reviews:

Navigate to GR → Settings
Configure default review frequency
Risks will show “Review Due” when period expires
Conduct reviews and update assessments

Integration with GR Modules

GR-03 Compliance Integration

Risks linked to compliance requirements:

View linked risks on Requirement Detail page
Create risks from compliance gaps
Track compliance-related risks separately

GR-04 Audit Integration

Risks linked to audit findings:

View linked risks on Audit Detail page
Create risks from high-severity findings
Link findings that indicate systemic risk

Viewing Linked Risks

On RequirementDetail and AuditDetail pages:

Risks tab shows all linked risks
View risk ratings and status
Navigate directly to risk detail
Add new risk links

Notifications & Reminders

Automated Reminders

The system sends automatic reminders for:

Reminder	When Sent	Recipients
Risk Created	On creation	Risk owner
High Risk Alert	When rated high/critical	Risk owner, admins
Review Due	At review interval	Risk owner
Mitigation Due	7, 3 days before	Responsible party
Mitigation Overdue	When past due	Responsible + supervisor

Configuring Reminders

Navigate to GR → Settings
Under Risk Management:
- Toggle reminder types on/off
- Adjust reminder intervals
- Set escalation rules
Save settings

Risk Reporting

Available Reports

Report	Description
Risk Register	Complete list with ratings
Risk Summary	High-level statistics
Mitigation Status	Progress on all mitigations
Trend Analysis	Risk patterns over time
Heat Map	Visual likelihood/impact matrix

Generating Reports

Navigate to GR → Risks
Click Reports
Select report type
Choose filters (category, rating, date range)
Export as PDF or CSV

Best Practices

Risk Identification

Encourage reporting - Create culture of risk awareness
Regular reviews - Conduct periodic risk assessments
Learn from incidents - Create risks from near-misses
Industry awareness - Monitor external risk sources
Cross-functional input - Include multiple perspectives

Risk Assessment

Be objective - Use consistent criteria
Document rationale - Explain likelihood/impact ratings
Consider controls - Factor in existing mitigations
Regular reassessment - Update as conditions change
Calibrate across organization - Ensure consistent ratings

Risk Mitigation

Prioritize by rating - Address critical risks first
Set realistic timelines - Allow adequate time
Assign clear ownership - Single responsible party
Verify effectiveness - Don’t assume mitigations work
Monitor residual risk - Continue tracking after mitigation

Common Pitfalls to Avoid

Incomplete descriptions: Document risks clearly
Rating inflation/deflation: Use objective criteria
Missing owners: Every risk needs accountability
Stale assessments: Review and update regularly
Unverified mitigations: Always verify effectiveness

Troubleshooting

Common Issues

Issue	Solution
Can’t create risk	Verify compliance officer role
Risk score not calculating	Ensure likelihood and impact are set
Reminders not sending	Check module settings
Can’t link to finding	Ensure finding exists in GR-04
Can’t assign mitigation	User must be in organization

Getting Help

For technical issues:

Check this documentation
Contact your system administrator
Submit a support ticket

Risk User Guide - For all staff
Audit Admin Guide - Audit management
Compliance Admin Guide - Compliance tracking
GR Documentation Index - GR module overview

Need Help? Contact your system administrator.

Overview

Clinical

Practice Management

Recovery Housing

Finance & Revenue

Workforce & HR

Community Engagement

Facilities & Inventory

Forms & Workflow

Governance & Compliance

IT Service Management

Leadership

Platform

Documentation Index

​Overview

​Initial Setup

​1. Configure Module Settings

​2. Define Risk Categories

​Risk Identification

​Creating a New Risk

​Risk Sources

​Linking to Source Entities

​Risk Assessment

​Performing an Assessment

​Risk Rating Matrix

​Assessment History

​Risk Mitigation

​Mitigation Strategies

​Creating a Mitigation Action

​Mitigation Status Workflow

​Tracking Mitigation Progress

​Residual Risk Assessment

​Risk Monitoring

​Risk Dashboard

​Risk Register Views

​Review Cycles

​Integration with GR Modules

​GR-03 Compliance Integration

​GR-04 Audit Integration

​Viewing Linked Risks

​Notifications & Reminders

​Automated Reminders

​Configuring Reminders

​Risk Reporting

​Available Reports

​Generating Reports

​Best Practices

​Risk Identification

​Risk Assessment

​Risk Mitigation

​Common Pitfalls to Avoid

​Troubleshooting

​Common Issues

​Getting Help

​Related Guides

Overview

Initial Setup

1. Configure Module Settings

2. Define Risk Categories

Risk Identification

Creating a New Risk

Risk Sources

Linking to Source Entities

Risk Assessment

Performing an Assessment

Risk Rating Matrix

Assessment History

Risk Mitigation

Mitigation Strategies

Creating a Mitigation Action

Mitigation Status Workflow

Tracking Mitigation Progress

Residual Risk Assessment

Risk Monitoring

Risk Dashboard

Risk Register Views

Review Cycles

Integration with GR Modules

GR-03 Compliance Integration

GR-04 Audit Integration

Viewing Linked Risks

Notifications & Reminders

Automated Reminders

Configuring Reminders

Risk Reporting

Available Reports

Generating Reports

Best Practices

Risk Identification

Risk Assessment

Risk Mitigation

Common Pitfalls to Avoid

Troubleshooting

Common Issues

Getting Help

Related Guides