Risks
      Back to home
      1. Help Center
      2. Navigation
      3. Risks

      Risk Assessment

      This guide will walk you through how to identify, evaluate, and track risks in one place

      1.) Scytale Automated Risk Generation 

      Select 'Use Scytale Automation' and let Scytale’s AI do all the heavy lifting.

      Scytale scans the data already in your workspace, creates a ready-to-go Risk Register, and pre-maps every risk to the right controls from your active audits—no setup required.

      Every risk shows up fully‑formed with its Risk Name, Connected Controls, Inherent Risk, and Residual Risk. Give it a quick review and tweak anything you like.

      Note: (CSV import for external risks coming soon.)

       
       
      2.) Review & Treat Risks

      Automation keeps the linked controls and risk scores in sync with your data.

      For every risk in the register:

      1. Assign an Owner – the person accountable for monitoring and mitigation.

      2.  Choose a Treatment Plan

        • Mitigate – reduce likelihood or impact.

        • Transfer – shift exposure to a third party (e.g., insurance).
        • Avoid – remove the activity causing the risk.
        • Accept – formally acknowledge and tolerate.

      3. Edit Details (optional)

      Make any changes to the connected Controls, Residual Risk Level, Asset Details and more.

      4. Select 'Save'.

       

      3.) Add New Risks

        Create Custom: fill in the details manually—name, owner, description—and we will auto‑do the rest of the details. You can edit anything later.

         (Note: Add risks from Risk Library coming soon.)
         

        4.) Automated Treatment Status

        Every risk shows a treatment status so you always know where things stand: 

        • Mitigation: Scytale automatically tracks each linked control’s readiness and updates the risk’s treatment status. The status flips to Complete only when all controls reach Ready for Review; otherwise it stays Incomplete.

        • Accept, Avoid, Transfer: Switch the status yourself whenever plans change.

        5.) Approve Risks

        Approving marks the risk ready for auditor review.

        Ensure the following in order to approve a risk:

        • Controls are established
        • An owner is assigned
        • Both residual and inherent risks are properly assessed


        6.) Generate Evidence 

        After you approve all risks, you’ll be prompted to generate evidence for your audit.


        Select 'Generate Evidence' to create a report that compiles every risk’s supporting evidence for your audit, stamped with today’s date.

        OR
        If you prefer to do this later, select 'Create Later'—you can generate the report manually at any time, and it will use the date on which you create it.