Enterprise Risk

Central register with treatment and appetite

Enterprise Risk is Acuna's answer to scattered risk registers: one scoring model, owned treatments, and monitoring against appetite. Heat maps and trends give committees a view that matches the detail auditors sample.

Interactive demo

See how it works.

Capabilities

What Enterprise Risk does.

Risk Register with Likelihood x Impact

Record inherent and residual risk using consistent likelihood and impact scales. Scores aggregate to programme and entity views so you do not maintain parallel Excel heat maps.

Treatment Plans with Task Breakdown

Attach mitigation, transfer, accept, or avoid decisions to concrete tasks and owners. Progress rolls up to risk level so stale treatments are obvious.

Risk Appetite Thresholds and Monitoring

Define appetite statements and thresholds; flag breaches or near misses when scores or indicators cross the line. That supports ISO 31000-style governance without manual traffic-light slides.

Heat Maps and Trend Analysis

Visualise concentration and movement over time for management review. Trends help you explain whether the risk profile is improving or just being reclassified.

Related panes

operate assure

FAQ

Common questions about Enterprise Risk.

Can enterprise risk align with ISO 31000 or COSO expectations?

The register, treatment, appetite, and monitoring pattern maps cleanly to common ERM frameworks; your methodology text still belongs in policy, but the operational record lives in Acuna.

How do treatment tasks connect to the wider tasking model?

Risk treatments decompose into trackable work items so implementation status is not a narrative comment field updated once a quarter.

What do heat maps actually show?

They plot likelihood against impact (and optionally other dimensions) so committees see clustering and outliers instead of reading a 200-row spreadsheet.

Questions practitioners ask.

How does enterprise risk management work in Acuna?

Enterprise Risk in Acuna provides a structured risk register where each risk is scored on likelihood and impact across configurable dimensions (financial, operational, reputational, regulatory). Risks are linked to controls, assets, processes, and owners. The module supports risk treatment plans (mitigate, accept, transfer, avoid) with action tracking, residual risk recalculation after control implementation, and heat-map visualisation for management reporting. Risk data integrates with other modules: a high-risk supplier in Supplier Shield or a failed control in Implement surfaces as a risk event automatically.

What is a risk treatment plan in GRC?

A risk treatment plan documents how an organisation addresses identified risks. Four standard options exist: mitigate (implement controls to reduce likelihood or impact), accept (acknowledge the risk with formal sign-off), transfer (shift risk to a third party via insurance or outsourcing), and avoid (eliminate the activity that creates the risk). In Acuna, each treatment option is tracked with an owner, due date, linked controls, and progress status. After treatment actions are completed, residual risk is recalculated and the risk register updates automatically — providing auditors with a clear before-and-after trail.

See Enterprise Risk in action.

Get access and our team will walk you through Enterprise Risk and the full Acuna platform.

Get Access