Skip to content

Building an effective risk review process with 6clicks’ Risk Review 2.0

Louis Strauss |

March 6, 2024
Building an effective risk review process with 6clicks’ Risk Review 2.0

Audio version

Building an effective risk review process with 6clicks’ Risk Review 2.0


Establishing an efficient risk review process is essential in executing a comprehensive risk management strategy. During the risk review process, an organization identifies potential risks to its operations, customers, and other stakeholders and evaluates their likelihood and potential so they can develop strategies to mitigate or manage these risks effectively.

Risk reviews are a way to ensure that identified risks and treatment plans remain applicable to your risk management strategy despite any changes in your organization’s internal and external environment.

The latest enhancement to 6clicks’ Risk Review functionality aims to streamline the risk review process and improve risk assessments. Let's break down the existing capabilities of 6clicks’ Risk Management solution and examine how its upgraded Risk Review feature augments organizations’ overall risk lifecycle.

What are the features of 6clicks’ Risk Management solution?

The main features of 6clicks’ Risk Management module include the Risk Library, Risk Register, Risk Workflow, and Risk Reviews.

The Risk Library is where you can create or import your risk libraries which contain different types of potential risks to your organization that are not yet properly identified or assessed. It is also home to 6clicks’ vast collection of templated risks curated from various domains.

On the other hand, the Risk Register is where identified risks that were produced from risk reviews are stored for monitoring, management, and mitigation, while the Risk Workflow is where you can create and customize risk management workflows to align with your organizational processes.

The Risk Reviews feature enables users to create and send risk reviews to team members to identify risks that are relevant to their organization. The Reviews tab is where all created, ongoing, and completed reviews are listed.

image (3)

With the previous Risk Review, users had to select templated or unidentified risks from the Risk Library to add them to the Risk Register as identified risks. Initially, creating a risk review required users to go to the Reviews tab, create a new risk review, and assign risks to respondents for identification and assessment, splitting the review process into two.

Introducing 6clicks’ Risk Review 2.0

Recently, we enabled users to push risks from the Risk Library to the Risk Register. This meant that users could bypass the identification stage of the old risk review process and add risks to the Register without identifying them.

Risk Review 2.0 further enhanced this by moving the risk review process to the Risk Register, eliminating the identification step and accelerating the assessment stage.

Now, you can create a review in the Risk Register and directly run an assessment of your selected risks. From a previously multi-step process, Risk Review 2.0 simplifies the review process by treating all risks as identified, making the assessment stage more straightforward.

image (2)

Risk Review 2.0 also improves the previous review workflow through automatic status updates. Before, users had to manually change the status of a risk review with every new action. Now, the system automatically updates when one or all respondents start reviewing their assigned risks.

All in all, Risk Review 2.0 provides organizations with a scalable risk review process, wherein identified and assessed risks on the Risk Register can be repeatedly and regularly reviewed, promoting an iterative process of risk assessment and ensuring that these risks stay relevant to your organization’s risk management strategy.

By providing organizations with an efficient risk review capability, 6clicks empowers organizations with a more agile approach to risk reviews that reinforces their risk management strategy.

What’s new in Risk Review 2.0

Risk Review 2.0 offers new features such as:

  • Risk Register reviews – Users can now create a risk review on the Risk Register. The Reviews tab now only shows a list of all reviews that users can filter based on their status.
  • Displaying the number of risks in a review - Another key difference in Risk Review 2.0 is that it now displays the number of risks in a particular risk review, providing risk owners with a better view of the subtasks contained in each risk review.
  • Adding and removing risks – Risk Review 2.0 also provides risk owners with more flexibility to modify an ongoing review by adding or removing risks.
  • Review History – Risk owners can now view any updates or changes made to a review in the Review History, which helps in establishing and maintaining context.
  • Automatic status updates – Risk Review 2.0 still supports manual status updates but also introduces automatic status updates. The In Progress status is automatically triggered by the completion of tasks by one or all respondents.
  • Review start date – Risk Review 2.0 now includes a start date for reviews to facilitate more efficient planning and preparation for tasks.
  • Additional email notifications – Risk owners will now receive additional email notifications throughout the review workflow, such as when a start date or due date is approaching or when a review is returned to an assignee.

What does this update mean for existing users?

For current users of 6clicks’ Hub & Spoke, Risk Review 2.0 presents a few changes:

  • Migration of selective reviews from the past – Only ongoing and completed reviews with identified risks will be migrated to the Reviews tab. New reviews containing risks that have not been identified will no longer be visible.
  • No Hub reviews – Risk reviews will no longer be rolled out from the Hub and existing Hub reviews will not be carried over with the new update. Enterprises can create risk reviews for their organizations, while Spoke users can create separate risk reviews for their projects, teams, or departments.

6clicks prioritizes the protection of valuable and sensitive data, and our customers can rest assured that any data impacted by this transition will be securely kept and will remain unaltered.

How can organizations build an effective risk review process through Risk Review 2.0?

With 6clicks’ new and improved Risk Review feature, organizations can make the most of built-in reviews in the Risk Register to conduct regular assessments of identified risks to maintain the effectiveness of their treatment plans.

The automatic status updates and added notifications allow risk managers to stay on top of the whole risk review process, supporting the different stages of the review workflow starting from the creation of a review, all the way to the closing of the entire review task.

Treatment plans can then be created and linked to assessed risks as well as the controls and provisions that will be implemented as part of their remediation.

Finally, 6clicks’ comprehensive risk reporting capabilities allow organizations to gain valuable insights into their risk profile with risk matrix reports, Risk Register reports, and risk treatment plan reports.

Optimize your risk review process with 6clicks’ Risk Management solution

Leverage 6clicks’ advanced risk management capabilities to enhance your overall risk management process and achieve strategic resilience. Discover how 6clicks’ integrated platform can transform your organization’s GRC strategy.

Louis Strauss

Written by Louis Strauss

Louis is the Co-founder and Chief Product Marketing Officer (CPMO) at 6clicks, where he spearheads collaboration among product, marketing, engineering, and sales teams. With a deep-seated passion for innovation, Louis drives the development of elegant AI-powered solutions tailored to address the intricate challenges CISOs, InfoSec teams, and GRC professionals face. Beyond cyber GRC, Louis enjoys reading and spending time with his friends and family.