Set Up the Enterprise Risks Area

  • Updated

This article guides OnePlan administrators through setting up and managing an Enterprise Risks Area in OnePlan. It covers recommended configuration for Plan Types, fields, forms, views, dashboards, and process steps to effectively identify, assess, prioritize, and manage risks across strategic, operational, financial, compliance, and technical domains.

While this guide assumes prior OnePlan administration experience, new administrators can also use it as a reference to understand how the Enterprise Risks Area is structured and managed.

This is an extensive guide, so buckle in and let's get configuring!

What you will accomplish
After completing this guide, you will be able to:
- Create and configure an Enterprise Risks Area in OnePlan
- Define a Risk Plan Type with appropriate associations
- Configure lookup fields to support Risk traceability
- Design Plan Details forms for Risks
- Create preconfigured views to support risk assessment and reporting
- Build dashboards for executive-level visibility into enterprise risk exposure

Requirements

OnePlan Administrator / Owner permissions

Background

Organizations face risks across multiple domains—strategic, operational, financial, compliance, and technical. OnePlan’s Enterprise Risks Area provides a unified location to identify, assess, prioritize, and manage risks while linking them to the initiatives, portfolios, and plans they affect.

By enabling consistent risk tracking, prioritization, and mitigation planning, the Enterprise Risks Area supports proactive, enterprise-wide risk oversight. This ensures risks are identified early, responses are coordinated, and leadership has visibility into organizational exposure.

Step 1: Create the Enterprise Risks Area

In this step, you will create the Enterprise Risks Area and apply the recommended base settings.

To do this, follow the instructions in Create and Manage Areas.

Here are the recommended settings for this Area:

  • Name: Enterprise Risks
  • DescriptionOnePlan’s Enterprise Risks area helps organizations identify, assess, and manage a comprehensive portfolio of risks across strategic, operational, financial, compliance, and technical domains. It enables consistent risk tracking, prioritization, and mitigation planning, while allowing seamless association with initiatives, portfolios, and plans to ensure integrated, proactive, and enterprise-wide risk oversight.
  • Icon NameWarning
  • Available Views: List, Board, Roadmap, Dashboard
  • Available Controls: Gantt
  • Display on left navigation panel: ✔️

EnterpriseRiskAreaGeneral.png

Step 2: Create the Risk Plan Type and Hierarchy

In this step, you will create the new Risk Plan Type that will serve as the foundation for your Enterprise Risks Area.

Before you can save your new Area, you must add Plan Types. First, create the Enterprise Risk Plan Type, then create a new lookup field (Associated Risk) so you can add associated Plan Types into the hierarchy.

Why this matters
The Plan Type hierarchy defines how Risk items relate to delivery plans, portfolios, and other work items. Correct configuration is required for traceability, reporting, and association with other OnePlan Areas.

1. Add the Enterprise Risk Plan Type

Follow the instructions in Create and Update Plan Types to create a new parent Plan Type named Risk.
EnterpriseRiskPlanType.png

2. Create a New Associated Risk Lookup Field

For the recommended Plan Type hierarchy to function properly, you must configure a new multi-lookup field for the Risk Plan Type, called Associated Risk. This will allow you to associate other Plan Types to the Risk Plan Type.

See Configure Lookup Fields for instructions.

Here is the recommended configuration for the Associated Risk field:
AssociatedRiskField.png

3. Add Associated Plan Types to the Enterprise Risks Plan Type Hierarchy

Return to the Enterprise Risks Area configuration and add existing Plan Types as children of the Risk Plan Type (using Associated Risk as the Parent Relation). Recommended Plan Types to add into the hierarchy include:

  • Key Result
  • Project
  • Epic
  • Engagement
  • Product
  • Application

FullERiskHierarchy.png

Step 3: Configure the Enterprise Risk Plan Details Form

In this step, you will configure the Plan Details form for the Risk Plan Type.

See Set Up Plan Details Forms for instructions.

The following sections detail the recommended settings for the Risk Plan Details form.

1. Risk Process Steps and Available Tabs

First, configure the Risk Process Steps. See Configure the Plan Details Process Flow for instructions.

The recommended process steps and available tabs are as follows:

Process Step Available Tabs
Draft Details, Visualizer, Files, Status Reports
Under Review Details, Visualizer, Files, Status Reports
Approve Details, Visualizer, Files, Status Reports
Active Details, Visualizer, Files, Status Reports
Mitigate Details, Visualizer, Files, Status Reports
Closed Details, Visualizer, Files, Status Reports

(At all stages, the Details tab is available for risk information, Visualizer for timeline/hierarchy views, Files for attachments, and Status Reports for regular progress updates.)

2. Risk Plan Details Fields and Sections

Next, set up the Plan Details form sections and fields. See Set Up Plan Details Forms for detailed instructions on adding new fields via the form designer.

Note
Fields marked as “New field, must be configured” must be created before they can be added to the form. See Add, Edit, or Remove Form Fields for instructions on how to add new fields directly from the Plan Details configuration interface.

Section 1

Section Name: Risk Information
Section Layout: 2 Equal Columns

Plan Details Form 2 Equal Sections.png

Section Fields:

Column 1 Fields Field Type Field Values / Information Notes
Name Text   Existing field, no configuration required
State Choice Proposed, Active, Closed, On Hold Existing field, no configuration required
Status Choice On Track; At Risk; Off Track Existing field, no configuration required
Owner Lookup   Existing field, no configuration required
Manager User   Existing field, no configuration required
Column 2 Fields Field Type Field Values / Information Notes
Priority Choice High; Medium; Low Existing field, no configuration required
Business Unit Choice Organization-specific (departments or teams) Existing field, organization-specific, must be configured
Category Choice Strategic; Operational; Financial; Compliance; Technical; Resource; Schedule New field, must be configured
Sub-Category Choice Sub-options filtered by Category (see mapping below) New field, must be configured

Category → Sub-Category Mapping: Configure the Sub-Category field choices so that each value corresponds to a specific Category, and set Filter Choice Field to Category. Recommended mappings are as follows:

Sub-Category Choices Associated Category
Market Shift Strategic
Competitive Pressure Strategic
M&A Strategic
Regulatory Change Strategic
Process Failure Operational
Human Error Operational
Supply Chain Operational
Facility Risk Operational
Cost Variance Operational
Revenue Drop Operational
Budget Overrun Financial
Fraud Financial
Privacy Compliance
Audit Compliance
Legal Compliance
Policy Violation Compliance
Cybersecurity Technical
System Outage Technical
Data Integrity Technical
Obsolescence Technical
Staffing Shortage Resource
Skill Gap Resource
Contractor Gap Resource
Equipment Limited Resource
Delay Risk Schedule
Milestone Slippage Schedule
Dependency Risk Schedule
Long Lead Items Schedule

(With Sub-Category filtering by Category, when a user selects a Category on the form, they will only see relevant Sub-Category options.)

See Create Cascading Choice Fields for more information.

CascadingChoiceField.png

Section 2

Section Name: Risk Description
Section Layout: 1 Column

Plan Details Form 1 Section.png

Section Fields:

Column 1 Fields Field Type Field Values / Information Notes
Description Rich Text Detailed context/overview of the risk. 
AI Assist enabled for suggestions.
Existing field, no configuration required
Trigger Rich Text Conditions or events that might trigger the risk. New field, must be configured.
(Consider not enabling AI Assist suggestions for this field on new risks unless needed.)

Section 3

Section Name: Risk Assessment
Section Layout: 2 Equal Columns
Section Fields:

Column 1 Fields Field Type Field Values / Information Notes
Likelihood Choice Very Low = 1; Low = 2; Medium = 3; High = 4; Very High = 5 New field, must be configured (Numeric values enable scoring calculations.)
Impact Choice Very Low = 1; Low = 2; Medium = 3; High = 4; Very High = 5 New field, must be configured (Same scale as Likelihood.)
Column 2 Fields Field Type Field Values / Information Notes
Impact Score Calculated (Number) Formula: [Plan.Likelihood] [Plan.Impact] 
Calculated risk score from 1 (min) to 25 (max)*
New field, must be configured
Risk Rating Calculated (Choice) Low; Moderate; High; Critical 
Determined by Impact Score thresholds
New field, must be configured

(Recommended thresholds for Risk Rating: 1–5 = Low; 6–10 = Moderate; 11–15 = High; 16–25 = Critical. Adjust as needed to align with your organization’s risk scoring model.)

Section 4

Section Name: Risk Impact
Section Layout: 2 Equal Columns
Section Fields:

Column 1 Fields Field Type Field Values / Information Notes
Risk Response Choice Avoid; Mitigate; Transfer; Accept New field, must be configured. (Selected risk handling strategy.)
Mitigation Status Choice Not Started; In Progress; On Hold; Completed; Cancelled New field, must be configured. (Status of mitigation actions.)
Mitigation Owner User   New field, must be configured. (Person responsible for executing the mitigation plan.)
Column 2 Fields Field Type Field Values / Information Notes
Estimated Financial Impact Choice < $250K; $250K–$1M; $1M–$5M; $5M–$10M; > $10M New field, must be configured. (Potential dollar impact if risk materializes.)
Estimated Start Date   Existing field, no configuration required
Estimated End Date   Existing field, no configuration required

Mitigation Strategy (Hidden Section):

Directly below the Risk Response section, add a Mitigation Strategy field (Rich Text) in a 1-column section.

Leave Show Header unchecked and set the section background to white, so it appears as a continuation of the Risk Response section without an extra heading.

This field is used to describe the mitigation approach or plan in detail. (Optionally, enable AI Assist for suggestions but disable auto-suggestions on new risk creation if not desired.)

Hidden Section Config.png

Section 5

Section Name: Monitor and Tracking
Section Layout: 2 Equal Columns
Section Fields:

Column 1 Fields Field Type Field Values / Information Notes
Risk Status Choice Open; Active; Monitoring; Escalated; Closed New field, must be configured. (Overall status of the risk.)
Risk Status Trend Trend (Choice) Trend indicator for changes in Risk Status over time New field, must be configured. (Shows if Risk Status is improving, stable, or worsening across reports.)
Column 2 Fields Field Type Field Values / Information Notes
Next Review Date Date Next scheduled date for risk review New field, must be configured.
Last Assessment Date Date Date of last risk assessment/update Existing field, no configuration required (use existing Last Updated if available).
Escalation Level Choice Team; Department; Executive; Board New field, must be configured. (If Risk Status = Escalated, indicates to whom it’s escalated.)

Additional Comments (Hidden Section)

Optionally, add a 1-column section after Monitor and Tracking. Insert Additional Comments (Rich Text), hide the section header, and set background color to white (to visually merge with the section above).

This provides space for any extra notes not captured by other fields. (AI Assist can be enabled for suggestions, but typically “Suggest on new” is turned off for this field.)

Section 6

Section Name: Audit / Governance (Optional)
Section Layout: 1 Column

Section Fields:

Column 1 Fields Field Type Field Values / Information Notes
Compliance Requirement Choice SOX; GDPR; HIPAA; ISO 27001; PCI New field, must be configured. (Regulatory domain relevant to the risk, if any.)
Control Owner User   New field, must be configured. (If a control or policy is relevant, designate its owner.)
Control Reference Text   New field, must be configured. (Reference code for a related control/policy, if applicable.)
Risk Appetite Alignment Choice Within Appetite; Exceeds Appetite New field, must be configured. (Indicates if risk’s severity is within or beyond tolerance.)
Audit Notes Rich Text   New field, must be configured. (Notes related to audits or compliance reviews.)

Section 7

Section Name: Associated Plans
Section Layout: 1 Column
Section Elements:

This section contains a Child Plans table element that must be configured. See Create, Add, Edit, or Remove Form Elements for instructions.

Column 1 Elements Work Type Lookup Field Plan Types Columns Notes
Child Plans > Associated Risk Child Plans Associated Risk Key Result, Project, Epic, Engagement, Product, Application Plan Type, Name, Status, Manager, Business Unit New element, must be configured.

The associated plans table automatically displays any projects, epics, key results, etc., that have this risk selected in their Associated Risk field, providing traceability of where the risk impacts or is mitigated.

AssociatedPlansTable.png

Step 4: Configure Area List Views

After configuring the Plan Details form for the Risk Plan Type, set up a set of views for the Enterprise Risks Area. These preset views help users review and analyze risks without building new views from scratch.

Recommended views for the Enterprise Risks Area:

Risk Register Summary (Default)

A comprehensive list of all risk items with core attributes.

View Name: Risk Register Summary
Columns:

Field Name Move to Fixed? Notes
Plan Type ✔️ See Fixed Columns for details.
Name ✔️ See Fixed Columns for details.
State ✖️  
Status ✖️  
Category ✖️  
Sub-Category ✖️  
Business Unit ✖️  
Risk Status ✖️  
Impact Score ✖️  
Next Review Date ✖️  
Last Assessment Date ✖️  

When saving this view, select the Default checkbox so this is the default view.

High & Critical Risks

Focuses on the most severe risks.

View Name: High & Critical Risks
Columns:

Field Name Move to Fixed? Notes
Plan Type ✔️ See Fixed Columns for details.
Name ✔️ See Fixed Columns for details.
State ✖️  
Status ✖️  
Risk Status ✖️  
Category ✖️  
Likelihood ✖️  
Impact Score ✖️  
Risk Rating ✖️  
Escalation Level ✖️  
Risk Status Trend ✖️  

Filter plans in this view by Risk Rating = High OR Critical to see the most pressing risks. See Filter Your Portfolio for full instructions.

Risks by Category

Shows the distribution of risks by category.

View Name: Risks by Category
Columns:

Field Name Move to Fixed? Notes
Plan Type ✔️ See Fixed Columns for details.
Name ✔️ See Fixed Columns for details.
State ✖️  
Status ✖️  
Category ✖️  
Risk Rating ✖️  
Risk Status ✖️  
Risk Status Trend ✖️  

Group plans in this view by Category to visualize scope and effort across releases.. See Group Plans in the Portfolio List for full instructions.

Risks by Business Unit

Reveals which departments or teams have the most risks.

View Name: Risks by Business Unit
Columns:

Field Name Move to Fixed? Notes
Plan Type ✔️ See Fixed Columns for details.
Name ✔️ See Fixed Columns for details.
State ✖️  
Status ✖️  
Risk Status ✖️  
Category ✖️  
Impact Score ✖️  

Group plans in this view by Business Unit to visualize scope and effort across releases.. See Group Plans in the Portfolio List for full instructions.

Overdue / Upcoming Reviews

Monitors risk review cadences.

View Name: Overdue / Upcoming Reviews
Columns: Plan Type (fixed), Name (fixed), State, Status, Risk Status, Owner, Last Assessment Date, Next Review Date.

Field Name Move to Fixed? Notes
Plan Type ✔️ See Fixed Columns for details
Name ✔️ See Fixed Columns for details
State ✖️  
Status ✖️  
Risk Status ✖️  
Last Assessment Date ✖️  
Next Review Date ✖️  

Risk Mitigation Overview

Tracks risk response progress.

View Name: Risk Mitigation Overview
Columns: Plan Type (fixed), Name (fixed), State, Status, Category, Mitigation Strategy, Mitigation Status, Estimated Financial Impact, Impact Score, Status Trend.

Field Name Move to Fixed? Notes
Plan Type ✔️ See Fixed Columns for details
Name ✔️ See Fixed Columns for details
State ✖️  
Status ✖️  
Category ✖️  
Mitigation Status ✖️  
Estimated Financial Impact ✖️  
Impact Score ✖️  
Status Trent ✖️  

Step 5: Configure Area Board Views

Next, set up Board (Kanban) views for visualizing risks by stage, mitigation progress, and escalation.

See Configuring the Portfolio Board for instructions.

Risks Lifecycle Board

A pipeline-style view of all risks by their lifecycle stage.

  • Plan Type: Enterprise Risk
  • Column: Process Step (Draft, Under Review, etc.)
  • Lanes: Category (e.g., Strategic, Operational, etc.)
  • Card Fields: Title, Category, Likelihood, Impact, Impact Score, Mitigation Status
  • Color By: Status
  • Totals: Count per column

Mitigation Action Board (Default)

Shows risks grouped by the status of mitigation activities.

  • Plan Type: Enterprise Risk
  • Column: Mitigation Status (Not Started, In Progress, etc.)
  • LanesNone (single lane for all risks)
  • Card Fields: Title, Category, Risk Status, Mitigation Status, Next Review Date, Impact Score
  • Color By: Status
  • Totals: Count per column

Mark this view as Default so it opens by default on the Board tab.

Escalated Risks Board

Isolates risks that have been escalated for higher-level attention.

  • Plan Type: Enterprise Risk
  • Column: Risk Status (focus on the “Escalated” column)
  • Lanes: Escalation Level (Team, Dept, Executive, Board)
  • Card Fields: Title, Owner, Category, Impact Score, Next Review Date, Risk Rating, Risk Status
  • Color By: Status
  • Totals: Count

(Add additional board views if needed, such as grouping by Risk Ratings or by Business Unit, to address other perspectives.)

Step 6: Configure Area Roadmap Views

If desired, configure Roadmap views to visualize risk timelines (e.g., risk durations or review schedules).

See Introduction to the Portfolio Roadmap for further detail.

Risk by Rating Roadmap (Default)

  • Plan Type: Enterprise Risk
  • Group By: Risk Rating
  • Color By: Status

When saving this view, select the Default checkbox so this is the default Roadmap view.

Risk by Category Roadmap

  • Plan Type: Enterprise Risk
  • Group By: Category
  • Color By: Status

Risk by Compliance Requirement Roadmap

  • Plan Type: Enterprise Risk
  • Group By: Compliance Requirement
  • Color By: Status

Risk by Escalation Level Roadmap

  • Plan Type: Enterprise Risk
  • Group By: Escalation Level
  • Color By: Status

Risk by Risk Status Roadmap

  • Plan Type: Enterprise Risk
  • Group By: Risk Status
  • Color By: Status

Step 7: Configure Area Dashboard

Finally, create an Enterprise Risks dashboard for high-level risk monitoring and communication.

See OnePlan Built-In Reporting Dashboards: What They Are and How to Set Them Up for full instructions. Below details the recommended configuration for the Enterprise Risks Area Dashboards.

(01) Enterprise Risks Dashboard

Dashboard Settings

  • Name: (01) Enterprise Risks Dashboard
  • Slicers: Resource Type (Resource)
  • Filters: Plan Type = Enterprise Risk

Widgets and Their Settings

Card Widgets

The Card Widgets should be lined up along the right side of the Dashboard.

  • Pre Filter: Resource Type (Resource)

  • Filter: Plan Type = Risk
    EnterpriseRiskCards.png
  1. Total Risks
    • Display Title: ✔️
    • Title: Total Risks
    • Value: (Id)
    • Aggregate: Count
    • Display Unit: None
    • Filters: N/A
  2. High & Critical Risks
    • Display Title: ✔️
    • Title: High & Critical Risks
    • Value: (Id)
    • Aggregate: Count
    • Display Unit: None
    • Filters: Risk Rating = High, Risk Rating = Critical
  3. Average Impact Score
    • Display Title: ✔️
    • Title: Avg. Impact Score
    • Value: Impact Score
    • Aggregate: Average
    • Display Unit: None
    • Filters: N/A
Chart Widgets

The Chart Widgets should be lined up across the middle of the Dashboard.
EnterpriseRiskCharts.png

  1. Risks by Priority
    • Chart Type: Pie
    • Display Title: ✔️
    • Display Legend: ✔️
    • Title: Risks by Priority
    • Y-Axis: (Id)
    • Aggregate: Count
    • Group By: Priority
    • Labels: Show Values
    • Display Unit: None
    • Filters: N/A
  2. Risks by Category
    • Chart Type: Bar
    • Display Title: ✔️
    • Display Legend: ✖️
    • Title: Risks by Category
    • Y-Axis: (Id)
    • Aggregate: Count
    • X-Axis: Category
    • Group By: N/A
    • Labels: Show Values
    • Display Unit: None
    • Filters: N/A
Table Widget

The Table Widget should occupy the bottom row of the Dashboard. This table provides a sortable, filterable list of all Requirements included in the dashboard context.
EnterpriseRiskTable.png

Risks Table

  • Display Title: ✔️
  • Display Totals: ✖️
  • Title: Risks
  • Columns: Plan Type, Name, State, Status, Business Unit, Category, Sub-Category, Risk Rating, Risk Response, Mitigation Status, Estimated Financial Impact, Estimated Start, Estimated End
  • Group By: N/A
  • Sort By: N/A
  • Sort Direction: Descending
  • Filters: N/A

Step 8: Configure the Enterprise Risk Visualizer Runway View

In this step, you will configure a Runway view for Enterprise Risk to visualize how Risks ct the broader portfolio of work.

You will need to create an Enterprise Risk plan to access the Visualizer configuration settings for that Plan Type.

Once you have an Enterprise Risk plan, go into the plan and select Reporting > Visualize. Then switch to the Runway view.

See Use the Visualizer Runway View for full instructions.

  • View Name: Risk Runway
  • Default: ✔️
  • Color By: Status
  • Column 1
    • Name: Objective
    • Plan Types: Objective
    • Lookup Field: Objective
  • Column 2
    • Name: Key Result
    • Plan Types: Key Result
    • Lookup Field: Associated Risk
  • Column 3 - System generated based on Plan Type, no configuration required.
    • Name: Risk
  • Column 4
    • Name: Projects / Epics / Engagements
    • Plan Types: Project, Epic, Engagement
    • Lookup Field: Associated Risk
  • Column 5
    • Name: Applications
    • Plan Types: Application
    • Lookup Field: Associated Application
  • Column 6
    • Name: Products
    • Plan Types: Product
    • Lookup Field: Associated Products

By implementing these configurations, you ensure complete traceability, enabling users to navigate from a risk to any linked projects (and vice versa) using the Visualizer’s interactive graph.

EnterpriseRiskRunway.png

Conclusion

Having followed all these steps, you will have a fully configured Enterprise Risks Area that supports consistent, centralized risk management across your organization, linking risks to relevant plans and providing clear insights through custom views, dashboards, and plan-level visualizations.

Related to

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.