Recording a risk
Each risk captures title, description, category, likelihood, impact, an anchor (a linked asset or the organisation-wide flag), an optional vendor link, treatment decision, owners, and a next review date.
Open the Risk Register and click Add risk. Pick a category. Choose either a linked asset or the organisation-wide flag. Set likelihood and impact — the inherent rating band is derived server-side from the matrix and is not something you type. Save as a draft, assign a risk owner and a review owner with a next review date, then use Start monitoring on the detail page so the risk becomes part of active governance.
Asset-anchored risks let you answer "what could go wrong with this system?" cleanly. Organisation-wide risks (regulatory change, key-person dependency, brand exposure) are recorded with an explicit flag rather than a fake placeholder asset. Bands instead of numbers avoid false precision. "Start monitoring" replaces the older "Activate" label so the action describes what the organisation is doing, not what is happening to the record.
Once a risk has an owner, a review owner, and a next review date, Start monitoring moves it into active governance and it appears in Cadence under risk_review. Marking it reviewed updates the next review date. Retiring a risk hides it from the default list but keeps the record for restore.
