5. Documenting Risks

You can easily manage your organization’s risks in QualiWare, whether they are related to GDPR or not. You can add the risks to the business process or, if the business process is decomposed – to a workflow diagram and its activities. You can then add a control activity to a risk and place it on the workflow diagram. Below is an example of a workflow diagram containing risks and control activities for risk and impact reduction:

You can choose to have the risk icons showing on both the activities that are control activities and the activities where the risks originate. These attributes can also be viewed in a dedicated tab for the diagram, where the risks are showed along with the activity it concerns, its original likelihood and significance, the control activities which have created, the control responsible and the residual risk and likelihood after the controls have been implemented.


There can also be linked to a heatmap showing how the risk is reduced by the control activity. Below, you can see that the risk has lowered it likelihood while its significance has remained unchanged:


The risks can be categorized, enabling you to sort them to only show the ones relevant to a specific area – for example GDPR:


Above is shown a sortable overview of Risks, their concerns, likelihood and significance. You can also see any control activities that have been implemented, the control responsible, as well as residual likelihood and residual significance.

The risks can be created and described from either QLM or the collaboration platform. On the collaboration platform, you can create a risk from a workflow diagram:

By clicking ‘Create Risk’, you will open a window for a risk template, where you can add the relevant information such as a short description of the risk, a description of the cause of the risk, type and likelihood of the risk, a description of the rationale behind the determined likelihood, description of the potential impact of the risk and a description behind the rationale of the impact assessment:


The impact of the likelihood and significance of the risk can be scored as being negligible, low, moderate, substantial or catastrophic:


The same types of scoring can be added to describe the residual risk along with descriptions of the rationale behind the calculations. You should link to the activity or process the risk concerns and if additional risk assessments have been performed, you can link to them also.


You can add a control activity and place it on the workflow diagram from QLM:

The functionality for creating control activities from the collaboration platform is available, but they can only be placed graphically on the workflow diagram via QLM.