Risk Intake

Risk Intake enables employees to report potential risks directly from the Sprinto employee portal and allows admins to review, approve, or reject those risks before adding them to one or more risk registers. This ensures early visibility into emerging risks while maintaining governance and control through an approval workflow.

Risk Intake is designed to streamline risk discovery across the organisation, reduce reliance on ad-hoc communication channels, and ensure that all reported risks follow a consistent review and documentation process.

Features

• Allows employees to report risks directly from the Sprinto employee portal.

• Centralised Intake tab for admins to review all reported risks.

• Configurable risk intake form with selectable fields.

  • Make necessary fields mandatory.

  • Decide the order of the fields on the form.

• Assignment of a dedicated intake reviewer.

• Approval and rejection workflow with audit-friendly reasoning.

• Ability to add approved risks to one or multiple risk registers.

• Clear visibility into risk status for both admins and employees.

Procedure

Configure Risk Intake (Admin)

1. Log in to Sprinto and navigate to Risks.

2. Select the Intake tab.

3. Click Configure.

1. Enable Allow risk intake from employees.

2. Select an Intake reviewer who will review all reported risks.

3. Choose the fields to include in the risk intake form (for example, Risk name, Risk details, Risk type, Risk category, Exposed threats).

4. You can mark the fields as mandatory and decide the order of the fields on the form.

5. Click Save changes.

Once enabled, the Intake tab displays all risks reported by employees.

Review and Approve a Risk (Admin)

1. In Risks → Intake, select a reported risk.

2. Review the risk details in the drawer.

3. Click Setup and approve.

1. If multiple risk registers exist, select the register(s) to add the risk to and click Next.

   • If only one risk register exists, this step is skipped.

1. Complete the risk scenario and risk attribute details.

2. Click Approve and add to register.

The risk status updates to Approved and the risk is added to the selected register(s). You can later add the same risk to additional registers using Add to another register.

Reject a Risk (Admin)

1. Open the reported risk from the Intake tab.

2. Click Reject.

1. Enter a reason for rejection.

2. Click Confirm.

The risk status updates to Rejected, and the rejection reason is recorded and visible in the risk details.

Report a Risk (Employee)

1. Log in to Sprinto and navigate to Risks.

2. Click Report a risk.

1. Fill in the required risk details.

2. Click Submit.

The reported risk appears in the employee’s risk list with the status Intake and is assigned to the configured intake reviewer.

Status Definitions

• Intake: The risk has been reported and is awaiting review by the intake reviewer.

• Approved: The risk has been reviewed, approved, and added to one or more risk registers.

• Rejected: The risk has been reviewed and rejected with a documented reason.

Key Notes

• Only admins can configure Risk Intake and approve or reject reported risks.

• Employees can only report and view risks they have submitted.

• If Risk Intake is disabled, employees cannot report new risks.

• Approved risks can be added to multiple risk registers if required.

• Rejected risks remain visible for audit and reference purposes, along with the rejection reason.