Dashboard & Reporting
Dashboard Overview
The Risk Management dashboard gives you a real-time view of your organization's risk posture — all on one page.
KPI Cards (Top Row)
At the top of the dashboard, five cards give you an instant summary:
| KPI | What It Shows |
|---|---|
| Total Risks | How many active (non-closed) risks you have |
| Avg Residual Score | The average residual score across all active risks — with your appetite threshold shown for comparison |
| Open Treatments | How many risks have active treatment plans, and how many are overdue |
| Exceeding Appetite | How many risks have a residual score above your appetite threshold |
| Controls Failing | Whether any controls linked to active risks are currently failing |
Middle Row
Risk Heatmap (5x5 Matrix)
An interactive grid showing where your risks fall by residual likelihood and impact:
- Each cell shows the number of risks at that position
- Colors range from green (low) to yellow (medium) to orange (high) to red (critical)
- Click any cell to filter the registry table below to just those risks
- Only active risks are shown — closed risks are excluded
Treatment Breakdown (Donut Chart)
A visual breakdown of how your risks are being treated:
- Mitigate (blue) — the most common approach
- Accept (green)
- Transfer (orange)
- Avoid (gray)
Risk Score Trend (Line Chart)
A monthly view of how your risk scores are changing over time:
- Red line: Average inherent score (your raw exposure)
- Green line: Average residual score (your actual exposure after controls)
- The gap between the lines shows how effective your controls are
- A shrinking gap means your controls need attention; a growing gap means they're working well
Bottom Tabs
By Category
Horizontal stacked bars for each category (Access Control, Data Protection, etc.), showing the breakdown by risk level — Critical, High, Medium, and Low.
Registry
A full table of all your risks with these columns:
| Column | What It Shows |
|---|---|
| Title | The risk name — click to open the detail page |
| Category | Which security category it belongs to |
| Inherent | The inherent score with a color-coded badge |
| Residual | The residual score with a color-coded badge |
| Treatment | The strategy: Mitigate, Accept, Transfer, or Avoid |
| Owner | Who is responsible for this risk |
| Status | The current lifecycle stage |
Treatments
The same table, filtered to show only risks with active treatment plans. Includes a Due Date column so you can track deadlines.
CSV Export
Click Export CSV in the top-right corner to download your complete risk register as a spreadsheet.
The export includes all key fields: title, category, scope, inherent and residual scores with levels, treatment strategy, treatment notes, owner, status, and creation date.
Great for Audits
Use CSV export for quarterly management reports, board presentations, or auditor evidence. The export includes both inherent and residual scores — auditors want to see the difference between them to understand your control effectiveness.
Risk Settings
Appetite Threshold
You can configure your risk appetite threshold from the Risk Settings page or the settings panel on the dashboard.
| Setting | Default | What It Does |
|---|---|---|
| Appetite Threshold | 10 | Any risk with a residual score above this number is flagged as "Exceeding Appetite" on the dashboard |
| Review Cycle | 90 days | The default review interval — used to suggest the next review date for your risks |
Review Dates
Each risk can have a next review date. When that date passes, the risk is flagged in your dashboard stats as needing review. You can set review dates on the risk detail or edit pages using the date picker.
Comments
Every risk has a comment thread where you can document decisions, provide context, and have discussions:
- Add comments from the risk detail page
- Each comment shows who wrote it and when
- Comments are preserved even after the risk is closed
- Use comments for: assessment notes, treatment progress updates, review decisions, and auditor questions
Related Risks
You can link risks that are connected to each other:
| Relationship | What It Means |
|---|---|
| Related | These risks are thematically connected |
| Parent | This risk is a broader umbrella for the linked risk |
| Duplicate | These risks describe the same threat — consider merging them |
Related risks appear on the detail page with clickable links for easy navigation between them.