/gr/risks.
Overview
The page is rendered byRiskList and fetches risks via useRiskList with search and filter parameters. Quick-stats (total, critical, active, mitigated) are loaded from useRiskStats. A New Risk button opens RiskFormDialog. If an in-progress risk assessment wizard draft exists (hasRiskAssessmentDraft), a banner prompts the user to continue. No permission gate is declared on this route in gr.tsx.
Categories: operational, financial, clinical, safety, compliance, reputational.
Ratings: critical, high, medium, low.
Statuses: active, mitigated, resolved, closed.
Who it’s for
Access follows your organization’s role and module configuration.- No special permission is required to view the risk register.
- Creating risks via wizard requires
gr.risks.admin.
Finding a risk
- Go to Governance & Compliance → Risks at
/gr/risks. - Review quick-stats at the top of the page.
- Use the search bar to find a risk by keyword.
- Apply Category, Rating, and Status filters to narrow the list.
- Select a risk card to open the Risk Details page.
- Select New Risk to open the risk creation form.
- For a guided wizard, navigate to
/gr/risks/wizard(requiresgr.risks.admin).
Viewing a risk
The Risk Details page (/gr/risks/:id) shows a single risk record with full lifecycle management.
The page is rendered by RiskDetail and loads data via useRiskDetail. Four URL-synced tabs are available: overview, assessments, mitigations, links. Status transitions — Mitigate, Resolve, Close — are performed via useRiskMutation. Mitigation items are managed via useRiskMitigationMutation. Linked items (requirements, audits, etc.) are managed via RiskLinkManager. Users with edit access see an Edit button; the route itself has no permission gate in gr.tsx.
Displayed fields include: title, category, rating badge, status badge, owner, site, dates, and description.
Before you start: navigate from the Risk Register at /gr/risks. A risk record must exist for the given ID.
- Go to Governance & Compliance → Risks and select a risk.
- Review the Overview tab for category, rating, status, owner, and description.
- Open the Assessments tab to view or add risk assessments.
- Open the Mitigations tab to view or add mitigation actions and mark them complete.
- Open the Links tab to view linked requirements, audits, or other items.
- Use the Mitigate, Resolve, or Close buttons to transition risk status.
- Select Edit to update risk details.
Creating a risk
Risk creation is performed via the Risk Assessment wizard at/gr/risks/wizard (or /gr/risks/wizard/:riskId to edit an existing risk). The /gr/risks/new route does not exist in the shipped application. Both wizard routes require gr.risks.admin.
The Risk Assessment wizard (RiskAssessmentWizardPage) has 6 steps:
- Identification — Describe the risk
- Analysis — Likelihood × impact scoring
- Owner — Accountability assignment
- Current controls — Existing safeguards
- Mitigation plan — Strategy and actions
- Review — Confirm and submit
createRisk → createAssessment → createMitigation × N are called in blocking order; PF-29 task creation follows as a best-effort operation.
Before you start: navigate to /gr/risks/wizard (not /gr/risks/new). Have risk description, likelihood/impact scores, owner, existing controls, and mitigation strategy ready.
- Navigate to
/gr/risks/wizard. The 6-stepWizardShellloads. - Identification — enter a title and description for the risk.
- Analysis — select likelihood and impact values to compute the risk score.
- Owner — select the risk owner from available users.
- Current controls — list controls already in place that address this risk.
- Mitigation plan — choose a mitigation strategy and add specific mitigation actions.
- Review and submit — confirm all entries and submit. Records are created in order: risk → assessment → mitigations. Task creation follows.
Related
Governance & Compliance
Governance & Compliance core overview.
Governance & parity
This page documents shipped product behavior. It is not medical, legal, or
billing advice. Verify against your organization’s policies and applicable
regulations before using it for clinical, compliance, or billing decisions.
Protected health information (PHI) shown in the product is governed by your
tenant’s access controls and is never exposed in this documentation.
Documentation sources
Documentation sources
- src/routes/gr.tsx
- src/cores/gr/pages/RiskList.tsx
- src/cores/gr/pages/RiskDetail.tsx
- src/cores/gr/hooks/useRiskList.ts
- src/cores/gr/hooks/useRiskStats.ts
- src/cores/gr/hooks/useRiskDetail.ts
- src/cores/gr/hooks/useRiskMutation.ts
- src/cores/gr/wizards/risk-assessment/RiskAssessmentWizardPage.tsx
- src/platform/permissions/constants.ts