# Define and Track Risk Treatments

Once controls are mapped to a risk, the next step is to define how you plan to treat that risk. Sprinto supports multiple treatment strategies, with optional task creation to ensure follow-through.

### Access the Treatment Section

1. Log in to the Sprinto dashboard and navigate to **Risks**.
2. Click on the **Risk Register** tab.
3. Open the relevant risk.
4. In the left-side navigation panel, click **Treatment**.

<figure><img src="/files/j9QG4uvB85EEMcjJOaLl" alt="" width="563"><figcaption></figcaption></figure>

***

### Choose a Treatment Strategy

You can choose one of the following approaches for each risk:

* **Accept**: Acknowledge the residual risk and take no further action.
* **Transfer**: Shift responsibility (e.g. outsource or insure the risk).
* **Further Mitigate**: Apply additional actions to reduce risk further.
* **Avoid**: Discontinue the process or activity causing the risk.

<figure><img src="/files/vBeJp7ym4vQLNyoFDfUX" alt="" width="563"><figcaption></figcaption></figure>

For each strategy, you can:

* Select a **treatment reason** (e.g. “Risk is insured”, “Work is outsourced”).
* Add optional **treatment notes** to document your decision.

Click Save and close once you have selected the appropriate treatment strategy.

***

### Create a Risk Treatment Task (Optional)

You can assign mitigation tasks to ensure that treatment actions are implemented.

#### To create a treatment task:

1. In the **Treatment** section, click **+ Add Task**.

<figure><img src="/files/NzLOTs5qbgbgiWApr0kG" alt="" width="563"><figcaption></figcaption></figure>

2. Enter the following details:
   * **Task name**
   * **Assignee** (Security Hub admin)
   * **Due date**
   * **Optional notes** or attachments
3. Click **Add Task** to save.

<figure><img src="/files/7p8mo35487gYXIVRHNdq" alt="" width="375"><figcaption></figcaption></figure>

{% hint style="info" %}
Tasks appear in the dashboard and are tracked until completion. Once completed, the task status is marked as Passing.
{% endhint %}

***

### **Control Weightages**

Control weightages allow you to define how much each control and task contributes to the overall treatment effectiveness for a risk. Assigning custom weights ensures that high-impact controls influence the final score more than lower-impact items, resulting in a more accurate and realistic view of the organisation’s mitigation posture.

Here's a short video explaining how control weightages work.

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FmCgVPHpTFv68Uac7AJwN%2FControl%20Weightage%20for%20Risk%20Management%20(1).mp4?alt=media&token=d0752ce3-2646-4d8f-bab7-ccb81f8bcbbd>" %}

#### **Enable Control Weightages**

Before assigning weights, you must enable this feature.

#### **To enable control weightages:**

1. Sign in to Sprinto and select **Risks** from the left navigation panel.
2. Open the **Configuration** tab.
3. Locate **Adjustable risk treatment weightage**.
4. Turn on the toggle.

<figure><img src="/files/R0yoVy4RRZF81pzUlZAq" alt="" width="563"><figcaption></figcaption></figure>

#### **Requirements**

* **Risk Monitoring** must be enabled.
* Available only on the **Enterprise (Plan 4)** subscription.

When Risk Monitoring is off, weightages and treatment effectiveness values are hidden.

***

#### **Add Weightages to Controls and Tasks**

Once the feature is enabled, you can assign custom weightages to the controls and tasks associated with a risk.

#### **To assign weightages:**

1. Go to **Risks** and open the **Risk Register** tab.
2. Select any risk and open the **Treatment** tab.
3. Scroll to the **Risk treatment effectiveness** section.
4. Enter edit mode to update weight percentages.

<figure><img src="/files/5Gsk2P1yzL36ck8l41fs" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="warning" %}

### **Error States for Control Weightages**

Sprinto validates weightages at both Level 1 (controls + tasks bucket) and Level 2 (subtasks). You may encounter the following error states while assigning weights:

* **Blank weight field**\
  A weight value has not been entered.\
  \&#xNAN;*Message shown:* “Enter a value for the highlighted weight fields to continue. To ignore a risk treatment measure in the effectiveness, enter 0%.”
* **L1 total exceeds 100%**\
  The combined weight of all controls and the tasks bucket is more than 100%.\
  \&#xNAN;*Message shown:* “Adjust the weights so that the total is 100%. Current total is X% (exceeds by Y%).”
* **L1 total falls short of 100%**\
  The combined weight of all controls and the tasks bucket is less than 100%.\
  \&#xNAN;*Message shown:* “Adjust the weights so that the total is 100%. Current total is X% (falling short by Y%).”
* **L2 total exceeds 100%**\
  Subtasks inside the tasks bucket exceed 100% when assigned weights.\
  \&#xNAN;*Message mirrors the L1 version but applies to tasks.*
* **L2 total falls short of 100%**\
  Subtasks inside the tasks bucket sum to less than 100%.\
  \&#xNAN;*Message mirrors the L1 version but applies to tasks.*
* **Weight required after starting weighting**\
  If a single control or task is assigned a weight, all other items must also have a defined weight.\
  \&#xNAN;*This enforces consistent weighting across the entire risk.*
* **Overlapping or conflicting L1/L2 values**\
  If weights in L1 and L2 conflict after edits, Sprinto highlights the specific bucket that must be corrected.

Sprinto prevents you from proceeding until all errors are resolved.
{% endhint %}

***

### **Understanding Weightage Buckets**

Sprinto uses a two-level system to calculate treatment effectiveness: **Level 1 (L1)** and **Level 2 (L2)**.

Your provided diagram illustrates this flow perfectly.

***

#### **Level 1 (L1): Controls + Tasks Bucket (Must Equal 100%)**

All mapped controls and the **Tasks** bucket must sum to **exactly 100%**.

Example:

<table><thead><tr><th width="142.88671875">Item</th><th width="100">Weight</th></tr></thead><tbody><tr><td>Control C1</td><td>30%</td></tr><tr><td>Control C2</td><td>30%</td></tr><tr><td>Tasks (bucket)</td><td>40%</td></tr><tr><td><strong>Total</strong></td><td><strong>100%</strong></td></tr></tbody></table>

This ensures the overall treatment effectiveness calculation is based on the relative importance of each main contributor.

***

#### **Level 2 (L2): Sub-tasks Inside the Tasks Bucket (Must Equal 100%)**

If the Tasks bucket contains multiple subtasks, you can optionally assign weights to each subtask.

All subtasks must total **exactly 100%**, independent of the L1 total.

Example:

<table><thead><tr><th width="124.421875">Sub-task</th><th width="100">Weight</th></tr></thead><tbody><tr><td>Task T1</td><td>60%</td></tr><tr><td>Task T2</td><td>40%</td></tr><tr><td><strong>Total</strong></td><td><strong>100%</strong></td></tr></tbody></table>

Sprinto uses these L2 weights to compute the weighted completion percentage of the Tasks bucket before contributing it to the L1 calculation.

***

#### **Set Equal Weightage**

You can automatically distribute weights equally.

#### **To apply equal weightage:**

1. Select **Set equal weightage**.
2. Confirm in the dialogue box.

<figure><img src="/files/poWkCMoLE7aVQixyXNbK" alt="" width="456"><figcaption></figcaption></figure>

Sprinto resets all L1 weights equally, and all L2 weights (if any) equally.

***

#### **Validation and Error Handling**

Sprinto validates both L1 and L2 totals independently.

You will see an error when:

* A weight field is blank
* L1 total is not 100%
* L2 total is not 100%
* Weights exceed or fall short of 100%

The system highlights the problematic fields in red and displays the difference (for example, *“exceeds by 3.34%”* or *“falling short by 0.66%”*).

You cannot continue until all weightages are corrected.

***

#### **Impact on Treatment Effectiveness**

The treatment effectiveness score becomes a **weighted average** instead of a simple average, ensuring accurate representation of control importance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/risks/dashboard-actions/define-and-track-risk-treatments.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.