Overview
Matproof’s risk management module helps you identify, document, and track risks — with automatic linkage to the controls designed to mitigate them.Risk register
The risk register is your central view of all identified risks. Each risk includes:- Risk ID — unique identifier
- Category — cybersecurity, operational, compliance, financial, etc.
- Description — what the risk is
- Likelihood — probability (1-5)
- Impact — severity (1-5)
- Inherent risk score — Likelihood × Impact (before controls)
- Residual risk score — risk remaining after controls
- Owner — accountable person
- Treatment — accept, mitigate, transfer, avoid
- Controls — linked controls that reduce this risk
- Status — open, in treatment, accepted, closed
Risk scoring
Matproof uses a 5×5 risk matrix:Risk treatment
For each risk, select a treatment:| Treatment | When to use |
|---|---|
| Mitigate | Implement controls to reduce likelihood or impact |
| Accept | Risk is within tolerance; no action needed |
| Transfer | Insurance, contract clauses, outsourcing |
| Avoid | Stop the activity that creates the risk |
Linking risks to controls
When you add a control to a risk, Matproof tracks how effective the control is at reducing the risk score. Example:Framework mapping
Risks are automatically linked to relevant framework requirements:- ISO 27001 Annex A — risk treatment maps to controls
- DORA Art. 5-6 — ICT risk management requirements
- CSRD ESRS 2 — sustainability risk identification requirement
Risk assessment export
Export your risk register for:- Audit evidence (ISO 27001, SOC 2)
- Board reporting
- CSRD IRO documentation
- DORA risk management report