What is a Risk Review?
A Risk Review is an essential component of an organisation's risk management strategy. It provides an opportunity to assess and update a risk profile (across one or more Risk Categories at one or more Sites), identify changes, and ensure that existing controls are effective. This guide outlines the steps to initiate a Risk Review, ensuring a structured approach to managing your organisation's risks.
Users require a Risk R/W Org permissions to create a new Risk Review (i.e. an Organisational Safety Manager or similar)
The Risk Review Workflow
The workflow for a Risk Review follows the following steps which are explained in more detail below:
The Risk Review is created with a defined Scope by selecting 1 or more Risk Categories and the Sites to review the selected Risks (each Category can contain multiple Risks). The scope of the review can be refined to ‘Mandatory Controls’ for important/more frequent Risk Reviews.
Once the Risk Review is created → Risk Owners will receive an action for each Risk they are the Owner for:
Each Risk Owner should then review the Controls for their Risks and make any updates required (including any changes to the Residual Risk).
When this Action has been marked as completed by All Risk Owners the Risk Review is deemed as ‘completed’.
The Risk Review can also be used to attach images, comments and feedback (i.e. to capture ideas for continual improvement)
External audits can also be attached to the Risk Review detail screen.
How Can You Start A Risk Review?
You can start a Risk Assessment or Review for new or existing risks and group them as needed. You can also schedule assessments as one-off or recurring tasks (for example, every 1, 3, 6, or 12 months).
You will need Risk RW (also Manage Categories, Risks & Owners) permissions to create a Risk Review.
Follow the steps below to Start a one-off or a recurring Risk Review:
From the Risk Review Module, select the Risk Review tab on the left panel.
Then select the Schedule Risk Review button.
The Risk Review Panel will be displayed. You need to complete the required fields below:
Scope of Review - this will be the title of your Risk Review and should describe in a nutshell what you’d like your Risk Owners to do, for example, ‘Review all Controls for Working at Heights’
Information for Risk Owners - here, you can provide a description that will act as a useful reference for the Risk Owners (e.g. any new safety standards or controls that should be in place, or other information)
What do you want to Review? - by default, Assess all Categories and Assess all sites will be selected:
Assess all categories and Assess all sites - this will allow you to assess all existing and upcoming risks from all categories and sites.
Assess Mandatory Controls only toggle - this option will only be available if you select the default Assess all categories and Assess all sites options. When the toggle is dark blue (ON), it will assess the Mandatory Controls only. If grey (OFF), it will assess all Controls
Select Categories - by selecting this option, you will be given a list of all Risk Categories. You can select one or multiple categories
Select Sites - by selecting this option, you will be given a list of all Sites, however, you can only select one site at a time (the default is ‘Assess all sites’)
Select Categories
Select Sites
Select the + Add Site button to add more sites, if needed.
Review Date - tap the box to open the calendar and select a review date
Repeat Every - here, you can select Not Recurring to schedule the Review once. You can also schedule the recurring assessment every 1, 3, 6, or 12 months
4. Select Schedule Review to save. This will redirect you to the Risk Review details:
Description
Organiser
Review Date
Repeat Every
Actions are automatically generated and assigned to each Risk Owner
How to complete an Action for a Risk Review
There are a few different ways for you to complete an Action Risk Review:
Selecting the link to complete the Action from the email
via the new Dashboard (Option 1, below)
via the Risk Review tab of the Risk Register Module (Option 2, below), or;
by Selecting the Action from the Actions list
Option 1: Selecting the link to complete the Action from the email
Option 2: Completing an Action a Risk Review via the new Dashboard
From the new Dashboard, select the Manage button to action a Risk Review assigned to you:
Select the View / Update button for the Action. You can modify the Action, Details, Assign to, and the Due date for this Review:
At the bottom, you’ll have three buttons to select:
Delete Action - you can remove this action if not needed
Save - to record any updates you have made
Complete - if you want to mark this action as Completed
Please note that you will be advised to Update the Controls & Residual Risk for the Risk Review you are updating if required.
Option 3: Completing Action a Risk via the Risk Review tab
In the Risk Review tab, search the list view for the Risk Review you need to complete an Action for
Choose the Title of the Risk Review in the adjacent Manage > Manage Review option
Selecting the Manage Review button will take you to the Risk Review details page. Here, you will be able to view the following:
Progress Rate - this will turn to green if 100% Completed (1)
Add Risk item + - this will allow you to add a new Risk to Review (2)
Risk - this will allow you to view the existing Risk for this review (3)
Complete Action - this will open a slider showing the Action that needs to be completed (4)
Organiser Comments - this is a comment box to add further instructions or details for this Review (5)
Upload Files - you may attach a file for this Review (6)
Save comment - to record any comments or feedback from Risk Owners or Managers (7)
Complete Review - this will mark the Review as complete, see Completing a Review, below. (8)
As each Action is completed (i.e. for each Risk) the overall status for the Risk Review is updated (i.e. the percentage completed)
Any changes to the Controls or Residual Risk need to be manually updated for each Risk (i.e. by the Risk Owner)
Option 4: Selecting the Action from the Actions list
Completing a Review
Only Users who can schedule a Risk Review (with Risk R/W Org permissions) can complete a Risk Review.
To complete a Risk, navigate to the Risk Review detail screen and select the Complete Review button.
Select cancel and select the Complete Action button instead, to see all the pending Actions. Follow the steps here to complete each Risk Review Action.
Otherwise, select Continue to close off the Review.
If there are 1 or more pending actions, the Actions will be deleted and the status will change to Completed.
How to Change the Schedule of a Risk Review?
Updating the schedule for a recurring Risk Review is easy. From the Risk Review tab:
Choose the Title of the Risk Review you want to update and the Manage > Schedule Review option
Selecting the Schedule Review button allows you to modify the Recurring Interval easily. Select Cancel to exit the pop-up box or Save to update the interval.
Conclusion
Initiating a Risk Review is a proactive step toward strengthening an organisation's risk resilience. Organisations can protect their interests and enhance their decision-making processes by systematically identifying, reviewing, and managing risks. The Risk Review process helps with:
Evaluation of Existing Risks: Assessing current risks to determine if their likelihood or impact has changed and if current mitigation strategies are effective
Reviewing Mitigation Strategies: Evaluating the effectiveness of existing risk mitigation measures and identifying areas where additional controls are needed
Compliance Checks: Ensuring that the organisation's risk management practices comply with relevant laws, regulations, and standards
Stakeholder Communication: Updating stakeholders on the current risk landscape and any changes in risk management strategies (i.e board level reporting)
Prioritisation of Risks: Ranking risks based on their severity or potential impact on the organisation to allocate resources and attention appropriately