Skip to main content

How to Complete a Risk Assessment Task in BoardX

Written by Harper Tang

How to Complete a Risk Assessment Task

Once a Risk Statement is created and the First Assessment Launch Date has passed, the designated Risk Owner will receive a Risk Assessment Task in the Task Centre.

πŸ” How to Find Risk Assessment Tasks

From the Task Centre:

  1. Click Tasks on the left-hand navigation bar.

  2. Under the Risk Management Workspace, select Risk Assessment.

From the Risk Side Panel:

  • Open any risk from the Risk Dashboard, GRC List, or Master Risk page and click the Risk Activities tab to complete the assessment directly from there.

Additional options for Admins:

  • On the Dashboard, click the task donut charts to view all risk tasks.

  • Go to GRC List > Risk Assessment.

πŸ“ How to Complete a Risk Assessment Task Individually

  1. Locate your risk assessment task.

  2. Click on the task title to begin.

  3. Complete the first 4 steps to finish the assessment.

Step 1: Inherent Assessment

Assess the risk assuming no controls are in place.

  • Impact: Select from Very Low to Very High, based on the potential consequence.

  • Likelihood: Choose from Extremely Unlikely to Extremely Likely, based on the chance of occurrence.

  • Rationale/Comment: Provide context or justification for your selections.

➑️ Click "Save and Next Step" to continue.

Step 2: Link Mitigations

Link mitigations to address the risk. Mitigations provide a broader, more flexible way to manage risks by combining multiple types of supporting evidence in one place. When linking mitigations, you can include:

  • Controls from your Compliance Workspace

      1. Click on Linked Controls

      2. Click on "link"

      3. Check the check box next to the relevant controls

      4. Click "link"

  • Documents from the Document Centre, a local device, or the Policy Workspace

      1. Click Linked Documents

      2. Click Link

      3. Choose your document source

      4. Select the Document

      5. Click Link

πŸ’‘ Can't find an existing control? You can now create a new control directly from this page β€” click Create New Control without leaving the Risk Assessment workflow. This saves you time and keeps your workflow uninterrupted.

  • Optionally, add a Rationale/Comment.

➑️ Click "Save and Next Step" to proceed.

Step 3: Residual Assessment

Assess the current/leftover risk after mitigations have been applied.

  • Impact: Select from Very Low to Very High, based on the residual impact after controls have been applied.

  • Likelihood: Choose from Extremely Unlikely to Extremely Likely, based on the residual likelihood after controls have been applied.

  • Rationale/Comment: Provide context or justification for your residual risk ratings.

➑️ Click "Save and Next Step" to proceed.

Step 4: Define Risk Response

Outline how the organisation will respond.

  • Choose a Risk Response Strategy:

    • Accept

    • Mitigate

    • Transfer

    • Avoid

  • Decide if you need to create a risk response task.

  • If yes, Assign a Risk Respondent (person responsible for the response plan). and set a Due Date for the Risk Response Task.

➑️ Click Complete Assessment.

Your Risk Assessment is now completed.

Step 5: Risk Action Tasks (Optional)

Link existing action tasks to this risk or create new ones to track follow-up work.

  • Click Link to attach an existing task, or Create New to add a new action task.

  • Linked or created tasks are visible on the risk overview and the Risk Dashboard.

➑️ Click Next to proceed.

Step 6: Set Target (Optional)

Define the target risk score your organisation is working towards.

  • Target Impact: Select the desired impact level once controls and responses are fully effective.

  • Target Likelihood: Select the desired likelihood level.

πŸ’‘ This step is available to Admins only. Members will see this step, but cannot set target values.

➑️ Click Next to proceed.

Step 7: Risk Velocity (Optional)

Indicate how quickly this risk can materialise and how fast your organisation must respond.

  • Select a velocity from the available options β€” from Very Slow to Fast.

  • Each option includes a tooltip to help you choose the most appropriate value.

  • Velocity is optional but recommended for risks that require urgent attention.

πŸ’‘ This step is available to Admins only. Members will see this step but cannot set velocity values.

➑️ Click Next to proceed.

Step 8: Assurance Notes (Optional)

Add a formal assurance note to document how this risk is being managed and controlled.

  • Enter your note in the free-text field.

  • Assurance notes give senior management, the board, and auditors documented evidence that the risk is understood, actively controlled, and regularly reviewed.

  • This step is optional. Notes can be edited or removed after the assessment is complete.

➑️ Click Complete (top-right corner) to finish.

How to Bulk Complete Risk Assessment Tasks (Admin/GRC Admins Only)

  1. Go to GRC List > Risk Assessment.

  2. Hover over any unassessed risk β€” it will highlight in orange and show an Assess button.

  3. Click Assess.

Then, complete the following steps:

  • Step 1: Select Inherent Impact and Likelihood > click Next.

  • Step 2: Link mitigations or click Bypass > click Next.

  • Step 3: Select Residual Impact and Likelihood > click Next or Bypass.

  • Step 4: Choose a Risk Response Strategy, assign a Respondent, and select a Due Date > click Complete Assessment.

🟠 If you stop midway, click Complete Steps at the top-right to save your progress.

Did this answer your question?