Overview
This guide covers how to identify, assess, and manage organizational risks including risk creation, assessment scoring, mitigation planning, linking to sources, and monitoring.Required Role: Compliance Officer or Organization Admin
Initial Setup
1. Configure Module Settings
1
- Enable/disable risk reminders
- Set default review frequency
- Configure risk rating thresholds
- Set mitigation reminder intervals
2. Define Risk Categories
The system includes standard risk categories:- Operational, Financial, Clinical, Safety, Compliance, Reputational
Risk Identification
Creating a New Risk
1
2
3
Risk Sources
Document how risks are identified:Linking to Source Entities
Risks can be linked to:- Audit Findings - Issues discovered during audits
- Compliance Requirements - Regulatory gaps
- Policies - Policy-related risks
1
Risk Assessment
Performing an Assessment
1
2
3
4
Risk Rating Matrix
Assessment History
Each risk maintains a complete assessment history:- Track changes in likelihood/impact over time
- Document reasons for rating changes
- Monitor effectiveness of mitigations
Risk Mitigation
Mitigation Strategies
Creating a Mitigation Action
1
2
3
Mitigation Status Workflow
Tracking Mitigation Progress
1
Residual Risk Assessment
After mitigations are implemented:1
Risk Monitoring
Risk Dashboard
The GR Overview shows:Risk Register Views
Filter the risk register by:- Status (Active, Mitigated, Resolved, Closed)
- Rating (Critical, High, Medium, Low)
- Category (Operational, Financial, etc.)
- Owner
- Site
Review Cycles
Set up periodic risk reviews:1
Integration with GR Modules
GR-03 Compliance Integration
Risks linked to compliance requirements:- View linked risks on Requirement Detail page
- Create risks from compliance gaps
- Track compliance-related risks separately
GR-04 Audit Integration
Risks linked to audit findings:- View linked risks on Audit Detail page
- Create risks from high-severity findings
- Link findings that indicate systemic risk
Viewing Linked Risks
On RequirementDetail and AuditDetail pages:- Risks tab shows all linked risks
- View risk ratings and status
- Navigate directly to risk detail
- Add new risk links
Notifications & Reminders
Automated Reminders
The system sends automatic reminders for:Configuring Reminders
1
- Toggle reminder types on/off
- Adjust reminder intervals
- Set escalation rules
Risk Reporting
Available Reports
Generating Reports
1
Customizing Dropdown Values
Risk categories and many other risk dropdowns are powered by picklists under thegr.risk.* namespace. The platform ships defaults so risk forms work out of the box, but you can tailor the options to match your risk taxonomy.
Common risk picklists to customize:
To customize:
1
/settings/picklists).gr.risk.* picklist you want to edit.Best Practices
Risk Identification
1
Risk Assessment
1
Risk Mitigation
1
Common Pitfalls to Avoid
- Incomplete descriptions: Document risks clearly
- Rating inflation/deflation: Use objective criteria
- Missing owners: Every risk needs accountability
- Stale assessments: Review and update regularly
- Unverified mitigations: Always verify effectiveness
Troubleshooting
Common Issues
Getting Help
For technical issues:1
Related Guides
- Risk User Guide - For all staff
- Audit Admin Guide - Audit management
- Compliance Admin Guide - Compliance tracking
- GR Documentation Index - GR module overview
Need Help? Contact your system administrator.