The Risk Register module provides a comprehensive risk management capability within Access Care Compliance (ACC). Care providers can identify, assess, and mitigate organisational risks through a structured register, with scoring, controls, actions, and a visual heat map.

Please speak to your Account Manager to find out how to access these module.

Access to Risk Management functionality is controlled through role-based permissions. Administrators can assign the following permissions to roles via the role management settings:

Permissions are additive, so users will only see and interact with the features their assigned role permits. It is recommended that Administrator access is limited to those responsible for configuring and overseeing the risk management setup

Before users can begin logging risks, an administrator must first configure the Risk Management settings. This is found in the left-hand navigation under Admin, then Risk Management, then Risk Management Configuration.

Administrators select the matrix size that will be used for all risk scoring across the organisation. There are three options:

A live Matrix Preview is displayed as you select each option so you can see how the scoring grid will look before confirming.

Important note: Once a matrix type has been selected and the first risk has been added, the matrix type is locked and cannot be changed. It is important to choose the right level of granularity for your organisation before getting started.

Administrators also configure which organisational tiers are available for risk management. There are three tiers:

A Tier Structure Preview is shown at the bottom of the page illustrating how the Home, Region, and Company views will appear to users.

Note that if a user does not have access to all locations within a region, they will not be able to use the Region tab in the Risk Register, as they would only see a partial view of the data.

Once configuration is complete, click Save Configuration to apply the settings.

Administrators can configure the categories and subcategories available when logging a risk. This is found in the left-hand navigation under Admin, then Configure Master Data, then Risk Management Categories.

The page displays all existing primary categories — such as Clinical/Health, Safeguarding, and Operational/Organisational — each with their associated subcategories listed beneath.

Administrators can add new primary categories using the Add New Category button in the top right, and add subcategories to any existing category using the + button on the category row. Both new categories (excluding the default) and subcategories can be edited or deleted at any time using the edit and delete icons on each row.

These categories feed directly into the Risk Categorisation panel when a user adds or edits a risk, so it is worth ensuring your category list reflects the risk types relevant to your organisation before users begin logging risks.

The Risk Register is found in the left-hand navigation under Risk Management, then Risk Register. It's your central hub for managing all identified risks at a location.

When you land on the page, you'll immediately see four summary tiles at the top showing Total Risks, Critical Risks, Fully Assured Controls, and Open Actions for the location you're viewing — along with an Average Risk Score badge in the top right indicating the overall risk level (e.g. Medium).

The four summary tiles provide an instant snapshot of your current risk position:

Use the Home, Region, and Company tabs to switch between views and understand risk exposure across different levels of your organisation. The location dropdown beneath these tabs lets you navigate to a specific site.

Below the summary, the Filters & Search bar lets you search risks by title, description, or owner, and the All Levels dropdown filters your register by risk severity — Low, Medium, High, or Critical.

Each risk in the register displays as an expandable card showing the risk title, description, owner, number of controls and actions, last updated date, and gross risk score. A colour-coded badge (e.g. Low, Medium, High, Critical) gives you an instant read on severity.

Click View on any card to open the full risk detail, or use the + Add Risk button in the top right to log a new risk.

To log a new risk, click the + Add Risk button in the top right of the Risk Register. This opens a structured three-panel form where you'll work left to right to capture all the details.

In the Risk Information panel, enter a clear Risk Title and a detailed Risk Description covering potential causes and consequences.

Select the Location the risk applies to, then assign a Risk Owner (the person responsible for managing the risk day-to-day) and a Risk Sponsor (the senior person ultimately accountable).

In the Risk Categorisation panel, select a Primary Category to classify the risk — options include Clinical/Health, Safeguarding, Operational, Environmental, Regulatory, and Financial. Once a primary category is selected, a Subcategory dropdown will appear for more granular classification. A reference list of category examples is shown to help guide your selection.

In the Risk Assessment panel, score the risk using the 3x3, 4x4, or 5x5 matrix by selecting a Likelihood (how likely the risk is to occur) and an Impact (the severity if it did). The Gross Risk Score calculates automatically in real time, displaying the score, risk level badge (Low, Medium, High, or Critical), and guidance on recommended next steps.

Once complete, click Save to add the risk to the register. Residual Risk scoring becomes available after you have added at least one Control, and the optional Target Risk fields unlock when a Residual Risk Score has been added.

To view the full detail of a risk, click View on any risk card in the register. This opens a read-only panel giving you a complete picture of the risk's current status.

The Risk Overview section at the top displays the risk title, description, Risk Owner, Risk Sponsor, and the date it was last updated.

Below this, the Risk Assessment panel shows the Gross Risk, Residual Risk, and Target Risk scores side-by-side, each with their likelihood and impact breakdown and a colour-coded level badge. This gives you an at-a-glance view of how the risk has moved from its initial score through to where you're aiming to get it.

Use the Controls and Actions tabs to switch between the two. The Controls tab lists all mitigating measures added to the risk, and if controls exist but a residual score hasn't yet been set, a Set Residual prompt will appear. The Actions tab lists all tasks associated with the risk, showing the action title, description, owner, due date, priority, and current status.

From this panel you can click Edit Risk to make changes, or Close to return to the register.

Each risk is assessed using three scores, which together show the journey of a risk from its initial state through to where you want it to be.

Gross Risk is the raw, unmitigated score — the inherent level of risk before any controls or actions are in place. It is calculated by multiplying the Likelihood score by the Impact score on the 3x3, 4x4, or 5x5 matrix, giving a score between 1 and 25. This is always the starting point and is set when the risk is first created.

Residual Risk is the remaining level of risk after your controls have been applied. Once you have added at least one control, you can set a Residual Likelihood and Residual Impact to calculate this score. It reflects how much risk remains even with your mitigating measures in place, and should be lower than the Gross Risk if your controls are effective. This score is what your location or organisation is currently carrying.

Target Risk is the score you are aiming to achieve. It is optional and becomes available when the Residual Risk Score has been added to the risk. It gives teams a clear goal to work towards and helps demonstrate the intended direction of travel for managing the risk down over time.

Controls are the mitigating measures you put in place to reduce the likelihood or impact of a risk. To add one, open the risk detail view and click + Add Control within the Controls tab.

Each control requires a Control Name, a Description of how it works and what it achieves, a Control Owner, and an Assurance Rating. The assurance rating reflects how effective the control currently is, with three options: Fully Assured, Partially Assured, or Not Assured. You can edit any control after it has been saved.

Adding at least one control to a risk unlocks the Residual Risk Assessment fields on the Edit Risk form, and activates the Set Residual prompt on the detail view — prompting you to score the remaining risk after controls have been applied. Select Set Residual to Add A Residual Risk Score

Actions are tasks assigned to actively address or mitigate a risk over time. To add one, open the risk detail view and click + Add Action within the Actions tab.

Each action requires an Action Title, a Short Description, a Priority (Low, Medium, or High), a Deadline, an Action Category, an Owner, and a Responsible Team Member who will carry out the work. You can also set an Action Status — On Hold, In Progress, Pending, Validated or Completed — to keep track of progress.

The Heat Map is accessed by clicking the Heat Map tab at the top of the Risk Register page, next to the Risks tab.

Before adding your first risk, you'll be asked to select your matrix size — either 3x3, 4x4, or 5x5 in the Admin Configuration — which determines how likelihood and impact are scored across your register. This is set once at the outset, so it's worth considering the level of granularity your organisation needs before getting started.

The heat map itself is a colour-coded grid that plots all your risks by Likelihood (vertical axis) and Impact (horizontal axis). Each cell displays its combined score and the number of risks sitting at that score. The grid is colour-coded by risk band — green for Low (1–5), yellow for Medium (6–12), orange for High (13–20), and red for Critical (21–25) — giving you an instant visual picture of where your risks are concentrated.

The position of each risk on the heat map is determined by its Residual Risk score where one has been set, reflecting the current level of risk after controls have been applied. Where no residual score exists, the Gross Risk score is used instead. The Target Risk score is never used to plot the heat map, as it represents a future aspiration rather than the current position.

To filter your register, simply click on any cell in the matrix and the Risk Register will update to show only the risks with that specific likelihood and impact combination, making it easy to focus on a particular area of concern.

Beneath the matrix, the Current Risk Distribution section gives a detailed breakdown of each risk, showing the Gross Risk Score, Residual Risk Score, controls in place with their assurance rating, and open actions with owner and due date — giving you a full picture of your risk position in one view.

The same summary tiles shown on the Risks tab — Total Risks, Critical Risks, Fully Assured Controls, Open Actions, and Average Risk Score — are also displayed at the top of the Heat Map for consistent at-a-glance context.