Risk Manager™ – ISO 31000

This software is also available in Chinese, Spanish, Portuguese, German, Thai and Estonian, and easily translated into any other language.
Risk Manager™ is based on a simple proven approach to risk reduction, supporting ISO 31000 and other standards such as ISO 27001/17799 and COSO.  A brochure is available at the top of this page.

Risk Manager supports qualitative risk assessments and provides the ability to record and sort data by risk category, asset/area at risk, location, department, division, risk assessor, risk owner, risk contact, action owner, action type and responsible party.

Risk Manager provides risk review and action due reminders by task list or by automated email.  There are many ways to slice and dice the information to produce snapshot reports of top risks and to monitor mitigation actions (controls and treatment) in progress. Not only manage risks, but also organizational resilience.  Also track and manage audit findings and action items resulting from Internal Audit.


The risk management structure may be altered to suit your business. All data fields may be renamed so that Division may be renamed to Branch, Campus or Client, Consequence may be renamed to Impact, and Likelihood may be renamed to Probability. In fact Risk Manager™ has been totally translated to Spanish, Portuguese, German, Thai and Chinese.

The risk matrix may be selected from 3×3 to 9×9, with 5×5 the most popular.

Any number of risk categories may be setup. Any number of risks may be entered against any category, asset, department, division, etc. An estimate of the likelihood and consequence is assigned to each risk and the risk rating is derived by the system. Any number of mitigation actions may be applied to any risk, whereby the action may reduce the likelihood or the consequence, thereby reducing the risk rating to an acceptable level.



All risk reports allow risks to be selected and filtered by category, asset, department, division, etc.  An Executive Risk Summary report cuts right across the risk system (or within a specific context) to report the highest risks giving a quick snapshot for senior executives.

The software includes a Reporting Wizard and a Charting Wizard with powerful graphical charting capabilities.

Self Monitoring

Risk Manager monitors itself with aggregated data relating to risk categories and actions, the number of risks relating to each category, active risks, high risks, critical risks, risk reviews due and overdue, actions due and overdue, mitigation in progress and completed, risk and action contacts and owners.



Conduct cost-benefit at the mitigation level, the risk level or across the whole portfolio of risks.

Alerts and Notifications

It is normal to assign risk and action owners, then any user may list actions for which they are responsible. The system has an automated email alert process to remind owners of overdue tasks.

Technical Description

The multi-user Risk Manager starts at 5 users and user numbers may be added as you deploy the system enterprise-wide.
Risk Manager is a web-enabled multi-user Microsoft .NET application using SQL Server relational database supporting hundreds of decision makers across the enterprise. It includes Microsoft Windows single sign-on authentication, role based security for risk management in context, Internationalization, and translatability to any other natural (human) language.