The Risk Management module provides a comprehensive framework for identifying, assessing, treating, and monitoring risks across every domain the organisation owns — ICT and cyber, regulatory and compliance, operational, financial crime / AML, strategic and business, conduct and reputation, fraud, third-party and concentration, and ESG / climate risk. It works against every framework you enable in Venvera (DORA, NIS2, ISO 27001, GDPR, SOC 2, NIST CSF, EU AI Act, AMLD, PCI DSS, HIPAA, CMMC, UAE IA and more) and includes a visual dashboard for executive oversight, a detailed risk register, and configurable risk appetite settings.

💡
The same register, scoring scale (5x5 likelihood × impact) and control library are used for every domain. Tag a risk to as many categories and frameworks as it needs — one risk, many regulatory mappings, no duplicates.
Venvera Risk Management dashboard with total risks, critical and high exposure, ICT assets tracked and a 5 by 5 risk heatmap
The Risk Management dashboard: headline exposure stats, the 5 by 5 inherent-risk heatmap, distribution by category, appetite and controls coverage.
ℹ️
Everything in this section lives under Risk Management in the sidebar: the Dashboard, ICT Assets, Risk Register, Risk Dashboard, Controls, KRIs, KRI Dashboard, Issues, Snapshots and Settings. This page covers the dashboard; the articles linked at the bottom cover each area in depth.

Risk Dashboard

The dashboard provides an executive-level overview of your organization's ICT risk posture through interactive visualizations and summary statistics.

Summary Stat Cards

CardContent
Total RisksThe total count of all risks in the register, with a breakdown by risk level: Critical, High, Medium, and Low counts displayed beneath.
Critical + HighThe combined count of Critical and High level risks, along with the percentage this represents of all risks. This highlights your most urgent risk exposure.
ICT Assets TrackedThe total number of ICT assets in the asset register, with the count of assets classified as Critical shown separately.
Overdue ReviewsThe number of risks whose Next Review Date has passed without an updated review. These require immediate attention.

Risk Heatmap

A 5x5 matrix with Impact (1-5) on the X-axis and Likelihood (5-1, top to bottom) on the Y-axis. Each cell displays the count of risks falling at that intersection of likelihood and impact. Cells are color-coded by the calculated risk score (Likelihood x Impact):

Score RangeColorLevel
1 – 4Emerald / GreenLow
5 – 9Amber / YellowMedium
10 – 15OrangeHigh
16 – 25RedCritical
💡
The heatmap uses inherent risk scores (before treatment). Use it to identify clusters of risk concentration and prioritize treatment efforts.
Venvera 5 by 5 risk heatmap coloured from low to critical
The heatmap. Each cell counts the risks at that likelihood-by-impact intersection, coloured Low to Critical.

Risk Distribution by Category

A horizontal bar chart showing how many risks exist in each category (Cybersecurity, Data Breach, System Failure, Third Party, etc.). The bars are proportionally sized so you can quickly see which risk categories dominate your register.

Horizontal bar chart of risks by category
Risks by category. Proportionally sized bars show which categories dominate the register.

Risk Appetite Indicator

Displays the organization's current risk appetite level (Conservative, Moderate, or Aggressive) along with the configured acceptance and escalation thresholds. This provides context for interpreting risk scores against the organization's stated tolerance.

Risk appetite indicator card
The appetite indicator shows your current posture and thresholds, so scores can be read against stated tolerance.

Controls Coverage

A grid visualization showing how ICT controls map to risk categories, helping you identify areas with strong control coverage and gaps that need attention.

Controls coverage grid mapping controls to risk categories
Controls coverage maps controls to risk categories, highlighting strong areas and gaps.

Top 10 Risks

A ranked table of the ten highest-scoring risks in the register, sorted by inherent risk score descending. This provides a quick view of the most critical risks that require management attention.

Explore the Risk Management module