Edit a Risk

Sprinto allows users to edit risk details during different stages of the risk lifecycle. This helps ensure that your risk register remains accurate and up to date as your organisation evolves.

Access a Risk Entry

1. Log in to the Sprinto dashboard and navigate to Risks.

2. Click on the Risk Register tab.

3. Locate and click the name of the risk you want to update.

4. Click Edit to start editing the details.

Editable Fields

Depending on the risk’s current status, the following elements can be edited:

General Risk Information

• Risk scenario

• Risk owner

• Applicable CIA

• Risk source

• Risk managers

• Exposed threats

• Exposed vulnerabilities

• Monetary Value

• Additional information

To edit these:

1. Click the Edit icon in the top-right of the risk details section.

2. Update the required fields.

3. Click Save and close.

Scoring Parameters

• Inherent Likelihood & Impact

• Residual Likelihood & Impact

• Notes related to scoring decisions

Treatment Plan

• Change treatment approach (Accept, Transfer, Avoid, Further Mitigate)

• Update treatment reason or notes

To make these changes:

1. Navigate to the Treatment tab inside the risk.

2. Click Edit Treatment Plan.

3. Apply your changes and save.

Control Mappings

• Add or remove mapped controls

To update:

1. Navigate to the Controls tab.

2. Use + Map Controls or click the bin icon to remove.

Risk Treatment Tasks

• Edit task name, assignee, or due date

• Add or update task notes.

Customise your risk data table

Sprinto lets you tailor the risk data table to match how you review and manage risks. You can choose which columns are visible and reorder them to focus on the information that matters most to your workflow.

Customise visible columns

1. Open the required risk register.

2. In the risk table, select the Configure columns icon.

1. Review the list of available columns:

   • Columns under Visible columns are currently shown in the table.

   • Columns under Hidden columns are not shown.

2. To show or hide a column, select the eye icon next to the column name.

Reorder columns

1. In the Configure columns panel, locate the column you want to move.

2. Select and hold the grid icon next to the column name.

3. Drag the column to the required position in the list.

Save your view

• Select Save to apply your changes to the risk data table.

• The updated column order and visibility are applied immediately.

Key notes

• Column customisation applies only to the current view.

• You can revisit Configure columns at any time to update the table layout.

• Hidden columns do not affect risk data; they are only removed from view.

Bulk actions on the risk table

Bulk actions let you update or manage multiple risk scenarios at once, helping you save time when applying the same change across several risks.

Actions you can perform

When you select multiple risks, you can perform the following bulk actions:

• Update risk owner

• Update risk approvers

• Update risk type

• Update risk category

• Update risk treatment decision

• Run Compliance Gap Analysis

• Archive risks

• Delete risks

How it works

1. Navigate to Risks and open the required risk register.

2. In the risk data table, use the checkboxes to select one or more risks.

1. Once selected, a bulk action bar appears at the top of the table.

2. Choose the required action and complete the update in the confirmation dialog.

Examples:

• Updating risk owner: Select multiple risks and click Update risk owner. In the dialog that opens, choose the new risk owner and click Update. The selected risks are immediately reassigned to the chosen owner.

• Running Compliance Gap Analysis: Select multiple risks and click Compliance Gap Analysis. Review the details in the confirmation dialog and click Confirm to run the analysis for all selected risks at once.

• Archiving or deleting risks: Select one or more risks and choose Archive risks or Delete risks from the bulk actions menu. Confirm the action in the dialog to apply it to all selected risks simultaneously.

Customise risk charts

You can customise the risk charts displayed on the Risk register page to control how risk data is visualised across your organisation. Sprinto lets you configure up to three charts, allowing you to focus on the risk metrics that matter most.

The available charts include:

• Inherent risk

• Residual risk

• Effective residual risk score

Each chart can be enabled, disabled, and customised independently.

What you can customise

For each risk chart, you can:

• Choose the risk formula to visualise (Inherent Risk, Residual Risk, or Effective Residual Risk Score).

• Select the chart type:

  • Heatmap (likelihood vs impact)

  • Donut (risk distribution by severity)

• Control whether the chart is shown or hidden on the Risk register dashboard.

How to customise risk charts

1. Log in to the Sprinto dashboard and go to Risks.

2. Open the required Risk register.

3. Navigate to the Configuration tab.

4. Select Visualisation.

A side panel opens showing all available charts. You can configure up to three charts at a time.

1. Use the toggle next to a chart to enable or disable it.

2. Select the edit (pencil) icon to customise the chart.

In the Edit visualisation panel: 7. Choose the formula to visualise (for example, Inherent Risk or Residual Risk). 8. Select the chart type:

• Heatmap, or

• Donut.

1. Configure the X and Y axis for Heatmap chart type.

1. Review the live preview.

2. Select Save.

3. Ensure the chart toggle is turned on.

Once enabled, the chart appears on the Risk register page above the risk data table.

Examples

• If you want to analyse how risks are distributed by severity, you can configure an Inherent Risk donut chart to quickly see how many risks fall under low, medium, or high categories.

• If you need deeper insight into likelihood versus impact, you can enable a Residual Risk heatmap to visually identify high-impact, high-likelihood risks that require attention.

Key notes

• You can display up to three charts at a time on the Risk register dashboard.

• Charts must be saved and toggled on to appear on the dashboard.

• Changes apply at the risk register level, not globally across all registers.

Saved filter views

Saved filter views let you create and reuse customised risk register views based on specific filters such as risk categories, risk type, ownership, status, and other attributes. This helps teams quickly switch between commonly used perspectives without reapplying filters every time.

You can save these views with custom names and access them anytime from the View dropdown in the risk register.

What you can do with saved filter views

Using saved filter views, you can:

• Filter risks by risk category (for example, Control health, Fraud)

• Narrow down risks by risk type (such as Process-based or Asset-based)

• Apply additional filters from More, including risk owner, approver, treatment decision, status, scores, and custom fields

• Save the configured view with a personalised name

• Quickly switch between saved views from the View selector

Saved views are available to all users, making it easier for teams to stay aligned on commonly used risk perspectives.

How to create and use a saved filter view

1. Go to Risks and open the required Risk register.

2. Use the filters at the top of the page (Risk categories, Risk type, and More) to customise the view.

1. Once the filters are applied, click Save view.

2. Enter a name for the view and click Save.

1. To access the saved view later, open the View dropdown and select the saved filter view.

The risk register will automatically update to show the saved configuration.

Restrictions on Editing

• You cannot edit uploaded risk assessment documents.

• Risks under final review by senior management are locked until the review is completed.

• Audit logs and historical scoring events are view-only.