Adding Risks in the Compliance Project
Before you begin adding risks to your project, it’s important to understand what we mean by “risks” in the context of
compliance.
A risk is any event, condition, or weakness that could negatively affect your organization’s ability to meet its legal,
security, or operational obligations or goals. Risks may come from internal processes (e.g., lack of access control),
external threats (e.g., third-party vendors), or broader organizational gaps (e.g., missing policies).
To add a risk, you first need to identify it. This involves scanning your processes, technologies, vendors, and
workflows to identify potential areas of vulnerability. This step can vary depending on your business model, regulatory
requirements, and maturity level.
✅ Check our guide 👉 How to identify risks in compliance projects before you move on with adding your first risk.
📈 Go to the Risks tab and click "+ Add First Risk"
This opens a modal with three tabs:
1. Risk Information
- Add title, description, and select a risk category
- Categories are customizable under Settings > Risk Management (read more about Compliance Settings)
- Use this form to define a new compliance risk in your project. Provide details like title, owner, type, category,
and set the next review date.
2. Risk Assessment
- Under the Risk Assessment tab, define:
- Likelihood – How likely the risk is to occur
- Impact – How severe the consequences could be (e.g., financial, legal, reputational)
Humadroid supports multi-factor scoring across financial, legal, and reputational categories.
The scoring method you selected during project creation determines the scale and calculation. The system then produces a
risk score, used to determine whether the risk exceeds your treatment threshold.
✅ You can fully customize scoring models under Account Settings > Compliance > Scoring Methods.
3. Choose a Treatment Strategy
In the Treatment & Links tab, select how you’ll handle the risk:
- Accept – Acknowledge it without action
- Mitigate – Add controls to reduce exposure
- Transfer – Shift risk externally (e.g., insurance, vendor)
- Avoid – Eliminate the activity
- Other strategies: Share, Monitor, Investigate
You can also link the risk to:
- Controls that address it
- Documents (e.g. SOPs, policies, reports)
📎 Link Documents and Evidence
If you already have internal documents, audit evidence, or reference materials, now is the right time to upload and link
them.
If you don't, you can do it along the way:
1. Go to Documents in the left menu
2. Upload or import docs and assign them to your project
3. Later, attach them to risks or controls for full traceability