This article guides OnePlan administrators through setting up and managing an Enterprise Risks Area in OnePlan. It covers recommended configuration for Plan Types, fields, forms, views, dashboards, and process steps to effectively identify, assess, prioritize, and manage risks across strategic, operational, financial, compliance, and technical domains.
While this guide assumes prior OnePlan administration experience, new administrators can also use it as a reference to understand how the Enterprise Risks Area is structured and managed.
This is an extensive guide, so buckle in and let's get configuring!
What you will accomplish
After completing this guide, you will be able to:
- Create and configure an Enterprise Risks Area in OnePlan
- Define a Risk Plan Type with appropriate associations
- Configure lookup fields to support Risk traceability
- Design Plan Details forms for Risks
- Create preconfigured views to support risk assessment and reporting
- Build dashboards for executive-level visibility into enterprise risk exposure
Requirements
OnePlan Administrator / Owner permissions
Background
Organizations face risks across multiple domains—strategic, operational, financial, compliance, and technical. OnePlan’s Enterprise Risks Area provides a unified location to identify, assess, prioritize, and manage risks while linking them to the initiatives, portfolios, and plans they affect.
By enabling consistent risk tracking, prioritization, and mitigation planning, the Enterprise Risks Area supports proactive, enterprise-wide risk oversight. This ensures risks are identified early, responses are coordinated, and leadership has visibility into organizational exposure.
Step 1: Create the Enterprise Risks Area
In this step, you will create the Enterprise Risks Area and apply the recommended base settings.
To do this, follow the instructions in Create and Manage Areas.
Here are the recommended settings for this Area:
- Name: Enterprise Risks
- Description: OnePlan’s Enterprise Risks area helps organizations identify, assess, and manage a comprehensive portfolio of risks across strategic, operational, financial, compliance, and technical domains. It enables consistent risk tracking, prioritization, and mitigation planning, while allowing seamless association with initiatives, portfolios, and plans to ensure integrated, proactive, and enterprise-wide risk oversight.
- Icon Name: Warning
- Available Views: List, Board, Roadmap, Dashboard
- Available Controls: Gantt
- Display on left navigation panel: ✔️
Step 2: Create the Risk Plan Type and Hierarchy
In this step, you will create the new Risk Plan Type that will serve as the foundation for your Enterprise Risks Area.
Before you can save your new Area, you must add Plan Types. First, create the Enterprise Risk Plan Type, then create a new lookup field (Associated Risk) so you can add associated Plan Types into the hierarchy.
Why this matters
The Plan Type hierarchy defines how Risk items relate to delivery plans, portfolios, and other work items. Correct configuration is required for traceability, reporting, and association with other OnePlan Areas.
1. Add the Enterprise Risk Plan Type
Follow the instructions in Create and Update Plan Types to create a new parent Plan Type named Risk.
2. Create a New Associated Risk Lookup Field
For the recommended Plan Type hierarchy to function properly, you must configure a new multi-lookup field for the Risk Plan Type, called Associated Risk. This will allow you to associate other Plan Types to the Risk Plan Type.
See Configure Lookup Fields for instructions.
Here is the recommended configuration for the Associated Risk field:
3. Add Associated Plan Types to the Enterprise Risks Plan Type Hierarchy
Return to the Enterprise Risks Area configuration and add existing Plan Types as children of the Risk Plan Type (using Associated Risk as the Parent Relation). Recommended Plan Types to add into the hierarchy include:
- Key Result
- Project
- Epic
- Engagement
- Product
- Application
See Add Existing Plan Types to a Hierarchy for instructions.
Step 3: Configure the Enterprise Risk Plan Details Form
In this step, you will configure the Plan Details form for the Risk Plan Type.
See Set Up Plan Details Forms for instructions.
The following sections detail the recommended settings for the Risk Plan Details form.
1. Risk Process Steps and Available Tabs
First, configure the Risk Process Steps. See Configure the Plan Details Process Flow for instructions.
The recommended process steps and available tabs are as follows:
| Process Step | Available Tabs |
|---|---|
| Draft | Details, Visualizer, Files, Status Reports |
| Under Review | Details, Visualizer, Files, Status Reports |
| Approve | Details, Visualizer, Files, Status Reports |
| Active | Details, Visualizer, Files, Status Reports |
| Mitigate | Details, Visualizer, Files, Status Reports |
| Closed | Details, Visualizer, Files, Status Reports |
(At all stages, the Details tab is available for risk information, Visualizer for timeline/hierarchy views, Files for attachments, and Status Reports for regular progress updates.)
2. Risk Plan Details Fields and Sections
Next, set up the Plan Details form sections and fields. See Set Up Plan Details Forms for detailed instructions on adding new fields via the form designer.
Note
Fields marked as “New field, must be configured” must be created before they can be added to the form. See Add, Edit, or Remove Form Fields for instructions on how to add new fields directly from the Plan Details configuration interface.
Section 1
Section Name: Risk Information
Section Layout: 2 Equal Columns
Section Fields:
| Column 1 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Name | Text | Existing field, no configuration required | |
| State | Choice | Proposed, Active, Closed, On Hold | Existing field, no configuration required |
| Status | Choice | On Track; At Risk; Off Track | Existing field, no configuration required |
| Owner | Lookup | Existing field, no configuration required | |
| Manager | User | Existing field, no configuration required |
| Column 2 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Priority | Choice | High; Medium; Low | Existing field, no configuration required |
| Business Unit | Choice | Organization-specific (departments or teams) | Existing field, organization-specific, must be configured |
| Category | Choice | Strategic; Operational; Financial; Compliance; Technical; Resource; Schedule | New field, must be configured |
| Sub-Category | Choice | Sub-options filtered by Category (see mapping below) | New field, must be configured |
Category → Sub-Category Mapping: Configure the Sub-Category field choices so that each value corresponds to a specific Category, and set Filter Choice Field to Category. Recommended mappings are as follows:
| Sub-Category Choices | Associated Category |
|---|---|
| Market Shift | Strategic |
| Competitive Pressure | Strategic |
| M&A | Strategic |
| Regulatory Change | Strategic |
| Process Failure | Operational |
| Human Error | Operational |
| Supply Chain | Operational |
| Facility Risk | Operational |
| Cost Variance | Operational |
| Revenue Drop | Operational |
| Budget Overrun | Financial |
| Fraud | Financial |
| Privacy | Compliance |
| Audit | Compliance |
| Legal | Compliance |
| Policy Violation | Compliance |
| Cybersecurity | Technical |
| System Outage | Technical |
| Data Integrity | Technical |
| Obsolescence | Technical |
| Staffing Shortage | Resource |
| Skill Gap | Resource |
| Contractor Gap | Resource |
| Equipment Limited | Resource |
| Delay Risk | Schedule |
| Milestone Slippage | Schedule |
| Dependency Risk | Schedule |
| Long Lead Items | Schedule |
(With Sub-Category filtering by Category, when a user selects a Category on the form, they will only see relevant Sub-Category options.)
See Create Cascading Choice Fields for more information.
Section 2
Section Name: Risk Description
Section Layout: 1 Column
Section Fields:
| Column 1 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Description | Rich Text |
Detailed context/overview of the risk. AI Assist enabled for suggestions. |
Existing field, no configuration required |
| Trigger | Rich Text | Conditions or events that might trigger the risk. | New field, must be configured. (Consider not enabling AI Assist suggestions for this field on new risks unless needed.) |
Section 3
Section Name: Risk Assessment
Section Layout: 2 Equal Columns
Section Fields:
| Column 1 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Likelihood | Choice | Very Low = 1; Low = 2; Medium = 3; High = 4; Very High = 5 | New field, must be configured (Numeric values enable scoring calculations.) |
| Impact | Choice | Very Low = 1; Low = 2; Medium = 3; High = 4; Very High = 5 | New field, must be configured (Same scale as Likelihood.) |
| Column 2 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Impact Score | Calculated (Number) |
Formula: [Plan.Likelihood] [Plan.Impact] Calculated risk score from 1 (min) to 25 (max)* |
New field, must be configured |
| Risk Rating | Calculated (Choice) | Low; Moderate; High; Critical Determined by Impact Score thresholds |
New field, must be configured |
(Recommended thresholds for Risk Rating: 1–5 = Low; 6–10 = Moderate; 11–15 = High; 16–25 = Critical. Adjust as needed to align with your organization’s risk scoring model.)
Section 4
Section Name: Risk Impact
Section Layout: 2 Equal Columns
Section Fields:
| Column 1 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Risk Response | Choice | Avoid; Mitigate; Transfer; Accept | New field, must be configured. (Selected risk handling strategy.) |
| Mitigation Status | Choice | Not Started; In Progress; On Hold; Completed; Cancelled | New field, must be configured. (Status of mitigation actions.) |
| Mitigation Owner | User | New field, must be configured. (Person responsible for executing the mitigation plan.) |
| Column 2 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Estimated Financial Impact | Choice | < $250K; $250K–$1M; $1M–$5M; $5M–$10M; > $10M | New field, must be configured. (Potential dollar impact if risk materializes.) |
| Estimated Start | Date | Existing field, no configuration required | |
| Estimated End | Date | Existing field, no configuration required |
Mitigation Strategy (Hidden Section):
Directly below the Risk Response section, add a Mitigation Strategy field (Rich Text) in a 1-column section.
Leave Show Header unchecked and set the section background to white, so it appears as a continuation of the Risk Response section without an extra heading.
This field is used to describe the mitigation approach or plan in detail. (Optionally, enable AI Assist for suggestions but disable auto-suggestions on new risk creation if not desired.)
Section 5
Section Name: Monitor and Tracking
Section Layout: 2 Equal Columns
Section Fields:
| Column 1 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Risk Status | Choice | Open; Active; Monitoring; Escalated; Closed | New field, must be configured. (Overall status of the risk.) |
| Risk Status Trend | Trend (Choice) | Trend indicator for changes in Risk Status over time | New field, must be configured. (Shows if Risk Status is improving, stable, or worsening across reports.) |
| Column 2 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Next Review Date | Date | Next scheduled date for risk review | New field, must be configured. |
| Last Assessment Date | Date | Date of last risk assessment/update | Existing field, no configuration required (use existing Last Updated if available). |
| Escalation Level | Choice | Team; Department; Executive; Board | New field, must be configured. (If Risk Status = Escalated, indicates to whom it’s escalated.) |
Additional Comments (Hidden Section)
Optionally, add a 1-column section after Monitor and Tracking. Insert Additional Comments (Rich Text), hide the section header, and set background color to white (to visually merge with the section above).
This provides space for any extra notes not captured by other fields. (AI Assist can be enabled for suggestions, but typically “Suggest on new” is turned off for this field.)
Section 6
Section Name: Audit / Governance (Optional)
Section Layout: 1 Column
Section Fields:
| Column 1 Fields | Field Type | Field Values / Information | Notes |
|---|---|---|---|
| Compliance Requirement | Choice | SOX; GDPR; HIPAA; ISO 27001; PCI | New field, must be configured. (Regulatory domain relevant to the risk, if any.) |
| Control Owner | User | New field, must be configured. (If a control or policy is relevant, designate its owner.) | |
| Control Reference | Text | New field, must be configured. (Reference code for a related control/policy, if applicable.) | |
| Risk Appetite Alignment | Choice | Within Appetite; Exceeds Appetite | New field, must be configured. (Indicates if risk’s severity is within or beyond tolerance.) |
| Audit Notes | Rich Text | New field, must be configured. (Notes related to audits or compliance reviews.) |
Section 7
Section Name: Associated Plans
Section Layout: 1 Column
Section Elements:
This section contains a Child Plans table element that must be configured. See Create, Add, Edit, or Remove Form Elements for instructions.
| Column 1 Elements | Work Type | Lookup Field | Plan Types | Columns | Notes |
|---|---|---|---|---|---|
| Child Plans > Associated Risk | Child Plans | Associated Risk | Key Result, Project, Epic, Engagement, Product, Application | Plan Type, Name, Status, Manager, Business Unit | New element, must be configured. |
The associated plans table automatically displays any projects, epics, key results, etc., that have this risk selected in their Associated Risk field, providing traceability of where the risk impacts or is mitigated.
Step 4: Configure Area List Views
After configuring the Plan Details form for the Risk Plan Type, set up a set of views for the Enterprise Risks Area. These preset views help users review and analyze risks without building new views from scratch.
See Add or Remove Columns in Portfolio Areas and Save, Use, and Manage Views in Portfolio Areas for full instructions.
Recommended views for the Enterprise Risks Area:
Risk Register Summary (Default)
A comprehensive list of all risk items with core attributes.
View Name: Risk Register Summary
Columns:
| Field Name | Move to Fixed? | Notes |
|---|---|---|
| Plan Type | ✔️ | See Fixed Columns for details. |
| Name | ✔️ | See Fixed Columns for details. |
| State | ✖️ | |
| Status | ✖️ | |
| Category | ✖️ | |
| Sub-Category | ✖️ | |
| Business Unit | ✖️ | |
| Risk Status | ✖️ | |
| Impact Score | ✖️ | |
| Next Review Date | ✖️ | |
| Last Assessment Date | ✖️ |
When saving this view, select the Default checkbox so this is the default view.
High & Critical Risks
Focuses on the most severe risks.
View Name: High & Critical Risks
Columns:
| Field Name | Move to Fixed? | Notes |
|---|---|---|
| Plan Type | ✔️ | See Fixed Columns for details. |
| Name | ✔️ | See Fixed Columns for details. |
| State | ✖️ | |
| Status | ✖️ | |
| Risk Status | ✖️ | |
| Category | ✖️ | |
| Likelihood | ✖️ | |
| Impact Score | ✖️ | |
| Risk Rating | ✖️ | |
| Escalation Level | ✖️ | |
| Risk Status Trend | ✖️ |
Filter plans in this view by Risk Rating = High OR Critical to see the most pressing risks. See Filter Your Portfolio for full instructions.
Risks by Category
Shows the distribution of risks by category.
View Name: Risks by Category
Columns:
| Field Name | Move to Fixed? | Notes |
|---|---|---|
| Plan Type | ✔️ | See Fixed Columns for details. |
| Name | ✔️ | See Fixed Columns for details. |
| State | ✖️ | |
| Status | ✖️ | |
| Category | ✖️ | |
| Risk Rating | ✖️ | |
| Risk Status | ✖️ | |
| Risk Status Trend | ✖️ |
Group plans in this view by Category to visualize scope and effort across releases.. See Group Plans in the Portfolio List for full instructions.
Risks by Business Unit
Reveals which departments or teams have the most risks.
View Name: Risks by Business Unit
Columns:
| Field Name | Move to Fixed? | Notes |
|---|---|---|
| Plan Type | ✔️ | See Fixed Columns for details. |
| Name | ✔️ | See Fixed Columns for details. |
| State | ✖️ | |
| Status | ✖️ | |
| Risk Status | ✖️ | |
| Category | ✖️ | |
| Impact Score | ✖️ |
Group plans in this view by Business Unit to visualize scope and effort across releases.. See Group Plans in the Portfolio List for full instructions.
Overdue / Upcoming Reviews
Monitors risk review cadences.
View Name: Overdue / Upcoming Reviews
Columns: Plan Type (fixed), Name (fixed), State, Status, Risk Status, Owner, Last Assessment Date, Next Review Date.
| Field Name | Move to Fixed? | Notes |
|---|---|---|
| Plan Type | ✔️ | See Fixed Columns for details |
| Name | ✔️ | See Fixed Columns for details |
| State | ✖️ | |
| Status | ✖️ | |
| Risk Status | ✖️ | |
| Last Assessment Date | ✖️ | |
| Next Review Date | ✖️ |
Risk Mitigation Overview
Tracks risk response progress.
View Name: Risk Mitigation Overview
Columns: Plan Type (fixed), Name (fixed), State, Status, Category, Mitigation Strategy, Mitigation Status, Estimated Financial Impact, Impact Score, Status Trend.
| Field Name | Move to Fixed? | Notes |
|---|---|---|
| Plan Type | ✔️ | See Fixed Columns for details |
| Name | ✔️ | See Fixed Columns for details |
| State | ✖️ | |
| Status | ✖️ | |
| Category | ✖️ | |
| Mitigation Status | ✖️ | |
| Estimated Financial Impact | ✖️ | |
| Impact Score | ✖️ | |
| Status Trent | ✖️ |
Step 5: Configure Area Board Views
Next, set up Board (Kanban) views for visualizing risks by stage, mitigation progress, and escalation.
See Configuring the Portfolio Board for instructions.
Risks Lifecycle Board
A pipeline-style view of all risks by their lifecycle stage.
- Plan Type: Enterprise Risk
- Column: Process Step (Draft, Under Review, etc.)
- Lanes: Category (e.g., Strategic, Operational, etc.)
- Card Fields: Title, Category, Likelihood, Impact, Impact Score, Mitigation Status
- Color By: Status
- Totals: Count per column
Mitigation Action Board (Default)
Shows risks grouped by the status of mitigation activities.
- Plan Type: Enterprise Risk
- Column: Mitigation Status (Not Started, In Progress, etc.)
- Lanes: None (single lane for all risks)
- Card Fields: Title, Category, Risk Status, Mitigation Status, Next Review Date, Impact Score
- Color By: Status
- Totals: Count per column
Mark this view as Default so it opens by default on the Board tab.
Escalated Risks Board
Isolates risks that have been escalated for higher-level attention.
- Plan Type: Enterprise Risk
- Column: Risk Status (focus on the “Escalated” column)
- Lanes: Escalation Level (Team, Dept, Executive, Board)
- Card Fields: Title, Owner, Category, Impact Score, Next Review Date, Risk Rating, Risk Status
- Color By: Status
- Totals: Count
(Add additional board views if needed, such as grouping by Risk Ratings or by Business Unit, to address other perspectives.)
Step 6: Configure Area Roadmap Views
If desired, configure Roadmap views to visualize risk timelines (e.g., risk durations or review schedules).
See Introduction to the Portfolio Roadmap for further detail.
Risk by Rating Roadmap (Default)
- Plan Type: Enterprise Risk
- Group By: Risk Rating
- Color By: Status
When saving this view, select the Default checkbox so this is the default Roadmap view.
Risk by Category Roadmap
- Plan Type: Enterprise Risk
- Group By: Category
- Color By: Status
Risk by Compliance Requirement Roadmap
- Plan Type: Enterprise Risk
- Group By: Compliance Requirement
- Color By: Status
Risk by Escalation Level Roadmap
- Plan Type: Enterprise Risk
- Group By: Escalation Level
- Color By: Status
Risk by Risk Status Roadmap
- Plan Type: Enterprise Risk
- Group By: Risk Status
- Color By: Status
Step 7: Configure Area Dashboard
Finally, create an Enterprise Risks dashboard for high-level risk monitoring and communication.
See OnePlan Built-In Reporting Dashboards: What They Are and How to Set Them Up for full instructions. Below details the recommended configuration for the Enterprise Risks Area Dashboards.
(01) Enterprise Risks Dashboard
Dashboard Settings
- Name: (01) Enterprise Risks Dashboard
- Slicers: Resource Type (Resource)
- Filters: Plan Type = Enterprise Risk
Widgets and Their Settings
Card Widgets
The Card Widgets should be lined up along the right side of the Dashboard.
Pre Filter: Resource Type (Resource)
- Filter: Plan Type = Risk
-
Total Risks
- Display Title: ✔️
- Title: Total Risks
- Value: (Id)
- Aggregate: Count
- Display Unit: None
- Filters: N/A
-
High & Critical Risks
- Display Title: ✔️
- Title: High & Critical Risks
- Value: (Id)
- Aggregate: Count
- Display Unit: None
- Filters: Risk Rating = High, Risk Rating = Critical
-
Average Impact Score
- Display Title: ✔️
- Title: Avg. Impact Score
- Value: Impact Score
- Aggregate: Average
- Display Unit: None
- Filters: N/A
Chart Widgets
The Chart Widgets should be lined up across the middle of the Dashboard.
-
Risks by Priority
- Chart Type: Pie
- Display Title: ✔️
- Display Legend: ✔️
- Title: Risks by Priority
- Y-Axis: (Id)
- Aggregate: Count
- Group By: Priority
- Labels: Show Values
- Display Unit: None
- Filters: N/A
-
Risks by Category
- Chart Type: Bar
- Display Title: ✔️
- Display Legend: ✖️
- Title: Risks by Category
- Y-Axis: (Id)
- Aggregate: Count
- X-Axis: Category
- Group By: N/A
- Labels: Show Values
- Display Unit: None
- Filters: N/A
Table Widget
The Table Widget should occupy the bottom row of the Dashboard. This table provides a sortable, filterable list of all Requirements included in the dashboard context.
Risks Table
- Display Title: ✔️
- Display Totals: ✖️
- Title: Risks
- Columns: Plan Type, Name, State, Status, Business Unit, Category, Sub-Category, Risk Rating, Risk Response, Mitigation Status, Estimated Financial Impact, Estimated Start, Estimated End
- Group By: N/A
- Sort By: N/A
- Sort Direction: Descending
- Filters: N/A
Step 8: Configure the Enterprise Risk Visualizer Runway View
In this step, you will configure a Runway view for Enterprise Risk to visualize how Risks ct the broader portfolio of work.
You will need to create an Enterprise Risk plan to access the Visualizer configuration settings for that Plan Type.
Once you have an Enterprise Risk plan, go into the plan and select Reporting > Visualize. Then switch to the Runway view.
See Use the Visualizer Runway View for full instructions.
- View Name: Risk Runway
- Default: ✔️
- Color By: Status
- Column 1
- Name: Objective
- Plan Types: Objective
- Lookup Field: Objective
- Column 2
- Name: Key Result
- Plan Types: Key Result
- Lookup Field: Associated Risk
- Column 3 - System generated based on Plan Type, no configuration required.
- Name: Risk
- Column 4
- Name: Projects / Epics / Engagements
- Plan Types: Project, Epic, Engagement
- Lookup Field: Associated Risk
- Column 5
- Name: Applications
- Plan Types: Application
- Lookup Field: Associated Application
- Column 6
- Name: Products
- Plan Types: Product
- Lookup Field: Associated Products
By implementing these configurations, you ensure complete traceability, enabling users to navigate from a risk to any linked projects (and vice versa) using the Visualizer’s interactive graph.
Conclusion
Having followed all these steps, you will have a fully configured Enterprise Risks Area that supports consistent, centralized risk management across your organization, linking risks to relevant plans and providing clear insights through custom views, dashboards, and plan-level visualizations.
Related to
Comments
0 comments
Please sign in to leave a comment.