# Conduct a Risk Assessment

Risk assessment is a periodic activity that ensures your organisation's risk profile remains up to date with changes in operations, regulatory obligations, or technology. In Sprinto, you can perform assessments in-app or upload externally completed reports.

Here's a short walkthrough video on periodic risk assessment.

{% embed url="<http://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FY5OxcD8hxF3HmDF7PbsG%2FCompleting%20Periodic%20Risk%20Assessment.mp4?alt=media&token=6242e762-8b2a-47ee-9d5e-a74e3e5cfdf7>" %}

### Access the Risk Assessment Tab

1. Log in to the Sprinto dashboard and navigate to **Risks**.
2. Select the **Periodic Risk Assessment** tab at the top.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fx6R8Y4SnUZZoTdbTX3jZ%2FScreenshot%202025-06-03%20at%2011.36.29.png?alt=media&#x26;token=c32b8f4e-5040-4834-b700-e79a3ab25cb4" alt="" width="563"><figcaption></figcaption></figure>

3. Click **+** **Start Risk Assessment**.

You can choose to:

* Start an assessment for **all completed risks** in the organisation.
* Limit the scope to **risks from a specific zone** by selecting it from the dropdown.

{% hint style="info" %}

* You cannot start a new organisation-wide assessment if one is already in progress.
* Sprinto recommends performing this activity at least once per year.
  {% endhint %}

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FHS5CLoCk2RKV2Nzs8ylb%2FScreenshot%202025-06-03%20at%2011.37.30.png?alt=media&#x26;token=c59adc67-7982-487d-9707-3d92ee017282" alt="" width="375"><figcaption></figcaption></figure>

***

### Option 1: Perform In-App Assessment

This option allows you to review, update, and evaluate risks using your existing register.

#### Steps:

1. Select **Finish assessment using risks added to the Risk register**.
2. Review each risk for:
   * Accuracy of parameters (likelihood, impact, residuals)
   * Validity of mitigation plans
   * Treatment status
3. Register any new risks that have emerged.
4. Tick the checkbox **I have reviewed the risks above** to enable final submission.
5. Click **Finish assessment** to complete the cycle.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F2tYMkv4nnvNKBsdLls5s%2FScreenshot%202025-06-03%20at%2011.44.29.png?alt=media&#x26;token=3d160b06-880a-48ae-9f35-36388e4f4f07" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
ll changes made here are saved and reflected in the Risk Register.
{% endhint %}

***

### Option 2: Upload an External Risk Assessment

If you maintain your risk register externally (e.g. in Excel or a GRC tool), you can upload the risk document to complete the assessment in Sprinto.

#### Steps:

1. Click **Finish assessment** and then select **Upload to start assessment**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FNkhg0v1Gvzvpi7o7W0GU%2FScreenshot%202025-06-03%20at%2011.46.19.png?alt=media&#x26;token=a0d4b882-2b98-4c1f-bfbc-cd621aa3baa4" alt="" width="563"><figcaption></figcaption></figure>

2. Enter an **assessment name** (e.g. "February 2025 assessment").
3. Upload the file in supported formats (.xls, .xlsx, .doc, .docx, .dotx, .pdf).
4. Tick the checkbox **I have reviewed the uploaded document**.
5. Click **Finish assessment** to submit.

{% hint style="info" %}
You can also replace the uploaded document later if needed.
{% endhint %}

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FesQ6DoP4oudCP42SybLQ%2FScreenshot%202025-06-03%20at%2011.57.35.png?alt=media&#x26;token=53247d7a-df1c-4379-b89d-ce2d4bdace02" alt="" width="375"><figcaption></figcaption></figure>