> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Risk Wizard

> Guided six-step wizard for creating or editing a risk: identification, analysis, owner, controls, mitigation plan, and review.

The Risk Wizard is a full-page guided workflow for creating a new risk or editing an existing one. It is located at routes `/gr/risks/wizard` (new) and `/gr/risks/wizard/:riskId` (edit existing). Both routes share the same component.

## Overview

The page is rendered by `RiskAssessmentWizardPage` using `WizardShell` (horizontal step layout). Six steps are rendered in sequence:

1. **Identification** — Describe the risk (title, description, category)
2. **Analysis** — Likelihood and impact scoring
3. **Owner** — Assign accountability
4. **Current Controls** — Document existing safeguards
5. **Mitigation Plan** — Strategy and planned actions
6. **Review** — Confirm and submit

On submission, the wizard creates a risk record, an assessment record, and mitigation items in sequence. PF-29 task creation follows as a best-effort step. When a `riskId` param is present, the wizard loads and edits the existing risk.

Both routes are protected by `gr.risks.admin`.

## Who it's for

Requires permission: `gr.risks.admin`

## Before you start

* Your account must have `gr.risks.admin`.
* For editing an existing risk, the risk ID must be provided in the URL.

## Steps

1. Navigate to `/gr/risks/wizard` or select **New Risk (Wizard)** from the risk register.
2. Complete **Step 1 — Identification**: enter title, description, and category.
3. Complete **Step 2 — Analysis**: set likelihood and impact scores.
4. Complete **Step 3 — Owner**: assign the risk owner.
5. Complete **Step 4 — Current Controls**: describe existing safeguards.
6. Complete **Step 5 — Mitigation Plan**: define strategy and action items.
7. Review the summary on **Step 6** and submit.
8. The wizard creates the risk, assessment, and mitigation records, then navigates to the risk register.

## Key concepts

| Concept          | Description                                                                    |
| ---------------- | ------------------------------------------------------------------------------ |
| `WizardShell`    | Platform-level wizard container with horizontal step indicator                 |
| Submission order | createRisk → createAssessment → createMitigation(s) → PF-29 task (best-effort) |
| `riskId` param   | When present, wizard operates in edit mode on the existing risk                |

## Related

<Columns cols={2}>
  <Card title="Governance & Compliance" icon="scale-balanced" href="/gr/overview">
    Governance & Compliance core overview.
  </Card>

  <Card title="Governance & parity" icon="clipboard-check" href="/governance/index" />
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/gr.tsx
  * src/cores/gr/wizards/risk-assessment/RiskAssessmentWizardPage.tsx
  * src/cores/gr/wizards/risk-assessment/useRiskAssessmentWizard.ts
  * src/platform/permissions/constants.ts
</Accordion>
