Add Risk Controls
Add controls to reduce your risk and reassess the residual risk level.
When to Use This
After you've created a risk, add controls to document what you're doing to reduce it. Controls are the actions, policies, or procedures that make the risk less likely or less severe.
Steps
Open the risk
From Registers → Risk, click on the risk you want to add controls to. Click Edit Controls.
Add your controls
Describe each control — what are you doing to reduce this risk?
Examples:
"Annual trainer qualifications audit"
"Student feedback surveys after each course"
"Weekly backup of student records"
You can click Suggest Controls to get AI-generated ideas based on your risk.
Assess residual risk
After adding controls, rate the risk with controls in place:
Residual Likelihood: How likely is this now?
Residual Impact: How severe would it be now?
This should typically be lower than your inherent rating — that's the point of having controls.
Set a review date
Choose when you'll next review this risk. This is required to activate the risk.
Once you set a review date, you can change it but you can't remove it.
Save
Click Save. The risk status changes from Pending to Active.
What Happens Next
The risk matrix on the details page shows both your inherent risk (before controls) and residual risk (after controls)
The risk appears as
Activeon your registerYou'll receive reminders as the review date approaches
RTOSafe updates the AI analysis to reflect your controls
Reviewing Risks
When a review is due, open the risk and check if anything has changed. Update ratings or controls if needed, then set the next review date. RTOSafe tracks all changes in the risk history for your audit trail.
Common Issues
Residual risk is the same as inherent risk
Your controls may not be effective enough, or you may need to reconsider your ratings
Last updated
Was this helpful?