About This Guide
This user guide covers all features and workflows within the Risk IQ application. It is designed for procurement professionals, risk managers, and compliance officers who oversee supplier risk, enterprise risk registers, and mitigation programmes.
Risk IQ provides a centralised platform for maintaining a risk register, conducting supplier assessments across five dimensions, tracking mitigation actions, monitoring incidents, and visualising risk analytics — all within a single, intuitive interface.
Key Capabilities
Risk Dashboard
Real-time portfolio overview with KPI stat cards, risk distribution doughnut chart, category bar chart, and top risks table.
Risk Register
Full risk register with likelihood × impact scoring, four risk levels (Critical/High/Medium/Low), and multi-filter search.
Supplier Assessments
Five-dimension risk assessments (Financial, Operational, Compliance, Strategic, Cyber) with radar charts and review scheduling.
Mitigation Tracking
Action-level mitigation management with progress bars, priority badges, status filtering, and overdue tracking.
Analytics & Trends
Four Chart.js visualisations: score distribution, mitigation completion, supplier risk comparison, and 6-month risk trend line.
Incident Register
Track supplier incidents with severity ratings, impact descriptions, resolutions, and lessons learned for continuous improvement.
AI Assistant
Built-in AI chat panel that answers questions about your risks, assessments, mitigations, and incidents using live data context.
Notifications & Alerts
Bell icon notifications for critical risks, overdue assessments, overdue mitigations, and risk level escalations.
Table of Contents
- 1. Quick-Start: Your First 10 MinutesPage 3
- 2. Navigation & Getting StartedPage 4
- 3. Risk DashboardPage 4
- 4. Risk RegisterPage 5
- 5. Supplier AssessmentsPage 6
- 6. Mitigations & AnalyticsPage 7
- 7. AI Assistant, Profile & Data SyncPage 8
- 8. FAQ & TroubleshootingPage 9
How Do I… Quick Reference
Find the answer to common tasks instantly:
| I want to… | Go to |
|---|
| See my risk portfolio at a glance | Dashboard §3 (p.4) |
| Find a specific risk by code | Risk Register §4.1 (p.5) |
| Filter risks by category | Risk Register §4.1 (p.5) |
| Understand a risk score | Risk Register §4.2 (p.5) |
| Review a supplier assessment | Assessments §5.1 (p.6) |
| Check overdue mitigations | Mitigations §6.1 (p.7) |
| View analytics charts | Analytics §6.3 (p.7) |
| Switch to Light Mode | Getting Started §2.2 (p.4) |
| I want to… | Go to |
|---|
| Search for a supplier or risk | Getting Started §2.3 (p.4) |
| See which risks are Critical | Dashboard §3.1 (p.4) |
| View the risk trend over time | Analytics §6.3 (p.7) |
| Ask AI about my risks | AI Assistant §7.1 (p.8) |
| Check notifications | Getting Started §2.4 (p.4) |
| Switch organisations | Profile §7.2 (p.8) |
| View supplier radar chart | Assessments §5.2 (p.6) |
| Track mitigation progress | Mitigations §6.2 (p.7) |
1. Quick-Start: Your First 10 Minutes
This walkthrough takes you from first login to a full understanding of your risk posture. Follow these 6 steps to explore the Dashboard, Risk Register, Assessments, and Mitigations end-to-end.
- Open Risk IQ — Launch the app in your browser. If authenticated, your organisation's risk data loads from Supabase automatically. If exploring, Demo Mode loads 20 sample risks, 10 supplier assessments, 15 mitigation actions, and 8 incidents so you can try everything risk-free.
- Orient yourself — The sidebar (left) has 6 navigation items: Dashboard, Risk Register, Assessments, Mitigations, Analytics, and AI Assistant. The topbar (top) holds the search bar, notification bell, help button, and your profile avatar.
- Review the Dashboard — The Dashboard loads by default showing four KPI stat cards (Active Risks, Critical/High count, Open Actions, Avg Risk Score), a Risk Distribution doughnut chart, a Risks by Category bar chart, and a Top Risks table sorted by score.
- Explore the Risk Register — Click Risk Register in the sidebar. Four stat cards break down risks by level (Critical, High, Medium, Low). Use the filter bar to narrow by Category, Status, Level, or free-text search. The table shows Code, Title, Category, Supplier, Likelihood (L), Impact (I), Score, Level, Owner, and Status.
- Review a Supplier Assessment — Click Assessments. Each supplier card shows a five-dimension radar chart (Financial, Operational, Compliance, Strategic, Cyber) alongside findings, recommendations, and next review date.
- Check Mitigations — Click Mitigations. Filter by status (All, Not Started, In Progress, Completed, Overdue). Each row shows the linked Risk Code, Action, Owner, Due Date, Priority, a progress bar, and Status badge.
Screenshot: Risk Dashboard Overview
Capture the Dashboard page showing KPI stat cards, Risk Distribution doughnut, Risks by Category bar chart, and Top Risks table.
i
Demo Mode: If you are not authenticated, Risk IQ loads comprehensive demo data covering 5 risk categories, 20 risks, and 10 supplier assessments. This lets you explore all features without affecting production data. When you sign in, your organisation's real data replaces the demo data automatically.
Common Workflows at a Glance
Three workflows you will use most often:
Monitor Risk Posture
Dashboard → review KPI cards → check Top Risks table → drill into Risk Register for any Critical/High items.
Assess a Supplier
Assessments → locate supplier card → review 5-dimension radar chart → read findings & recommendations → note next review date.
Track Overdue Actions
Mitigations → click "Overdue" filter tab → review action owners and due dates → follow up with responsible parties.
Screenshot: Risk Register with Filters
Capture the Risk Register page showing the filter bar (Category, Status, Level, Search) and the full risk table with scoring columns.
2. Navigation & Getting Started
Risk IQ is accessed via your web browser. No installation is required. The application supports both authenticated (Supabase) and demo modes.
2.1 Layout Overview
The application uses a fixed sidebar (left, 280px) + topbar (top, 85px) layout. The sidebar holds 6 navigation items: Dashboard, Risk Register, Assessments, Mitigations, Analytics, and AI Assistant. The topbar holds the global search bar, notification bell, help button, and user profile avatar.
2.2 Theme Toggle (Dark / Light Mode)
Click the moon/sun icon at the bottom of the sidebar to switch between Dark Mode and Light Mode. Your preference is persisted in local storage and applied on next visit. All charts, cards, and gradient borders automatically adapt to the selected theme.
2.3 App Switcher & Global Search
App Switcher: Click the IQ logo in the sidebar header to open a dropdown listing all IQ platform apps (Admin IQ, Contract IQ, Deal IQ, Perform IQ, Renewal IQ, Request IQ, RFx IQ, Risk IQ, Spend IQ, Vendor IQ). Click any tile to navigate to that application.
Global Search: The topbar search bar searches across risk codes, risk titles, supplier names, and mitigation actions. Results appear in a dropdown with type badges (Risk or Action). Click any result to navigate directly to the relevant page.
2.4 Notifications
The bell icon in the topbar displays a gradient badge with the count of active alerts. Click it to reveal a dropdown showing recent notifications such as critical risk alerts, overdue assessment reviews, overdue mitigation actions, and risk level escalations. Each notification includes a title and description.
3. Risk Dashboard
The Dashboard is the default landing page, providing a real-time overview of your risk portfolio.
3.1 KPI Stat Cards
Four stat cards provide instant portfolio metrics:
| Card | What It Shows | Why It Matters |
|---|
| Active Risks | Count of risks with status Open or Mitigating | Know how many risks need attention right now. |
| Critical / High | Count of risks scored at Critical (20–25) or High (12–19) | Identify the highest-severity risks requiring escalation. |
| Open Actions | Count of mitigation actions not yet completed | Track outstanding work across your mitigation programme. |
| Avg Risk Score | Mean Likelihood × Impact score across all risks | Monitor the overall risk posture of your organisation. |
3.2 Dashboard Charts
Risk Distribution — A doughnut chart showing the count of risks at each level (Critical, High, Medium, Low) with colour-coded gradient segments and an interactive legend.
Risks by Category — A horizontal bar chart showing the count of risks per category (Financial, Operational, Compliance, Strategic, Cyber). Helps identify which risk domains have the highest concentration.
3.3 Top Risks Table
A table at the bottom lists the top 10 risks sorted by score (highest first). Columns: Code, Risk Title, Category, Supplier, Score (bold), Level (colour-coded badge), and Status (colour-coded badge).
Screenshot: Dashboard Charts & Top Risks
Capture the two dashboard charts side by side and the Top Risks table below them.
4. Risk Register
The Risk Register is your master catalogue of all identified risks. Each risk is scored using a Likelihood × Impact matrix (1–5 each, producing scores from 1 to 25) and classified into one of four risk levels.
4.1 Filters & Search
A filter bar at the top provides four controls for narrowing the register view:
| Filter | Options |
|---|
| Category | All Categories, Financial, Operational, Compliance, Strategic, Cyber |
| Status | All Statuses, Open, Mitigating, Closed, Accepted |
| Level | All Levels, Critical, High, Medium, Low |
| Search | Free-text search across risk titles, supplier names, and risk codes |
4.2 Risk Scoring Matrix
Each risk is assigned a Likelihood (L: 1–5) and Impact (I: 1–5). The score is calculated as L × I. The resulting score determines the risk level:
| Score Range | Level | Badge Colour |
|---|
| 20 – 25 | Critical | Red |
| 12 – 19 | High | Amber |
| 6 – 11 | Medium | Blue |
| 1 – 5 | Low | Green |
| Status | Meaning |
|---|
| Open | Risk identified, no mitigation in progress |
| Mitigating | Active mitigation actions underway |
| Closed | Risk resolved or no longer applicable |
| Accepted | Risk acknowledged, no further action planned |
4.3 Register Stat Cards
Four stat cards at the top of the Risk Register page break down the total risk count by level, each with a colour-coded icon:
4.4 Register Table Columns
| Column | Description |
|---|
| Code | Unique risk identifier (e.g. RSK-001) |
| Risk Title | Short description of the risk |
| Category | Financial, Operational, Compliance, Strategic, or Cyber |
| Supplier | The supplier associated with this risk |
| L | Likelihood score (1–5) |
| I | Impact score (1–5) |
| Score | L × I (1–25), styled by severity |
| Level | Critical / High / Medium / Low badge |
| Owner | Person responsible for managing this risk |
| Status | Open / Mitigating / Closed / Accepted badge |
i
Score Highlighting: Critical risk scores (20–25) are displayed in red bold text, High scores (12–19) in amber bold, and all other scores in standard weight. This visual treatment makes it easy to spot the most severe risks at a glance.
5. Supplier Assessments
The Assessments page provides structured supplier risk assessments across five dimensions. Each supplier receives a score (0–100) in each dimension, visualised as a radar chart with findings and recommendations.
5.1 Assessment Stat Cards
Three stat cards at the top summarise the assessment programme:
| Card | What It Shows |
|---|
| Total Assessments | Number of supplier assessments on file. |
| Overdue Reviews | Assessments where the next review date has passed. |
| Avg Overall Score | Mean of all five dimension scores across all suppliers. |
5.2 Five-Dimension Radar Chart
Each supplier assessment card features a radar chart plotting scores across five risk dimensions:
| Dimension | What It Measures |
|---|
| Financial | Supplier financial stability, pricing risk, FX exposure |
| Operational | Service delivery, SLA performance, resource availability |
| Compliance | Regulatory adherence, GDPR, anti-bribery, data residency |
| Strategic | Vendor lock-in, market position, strategic alignment |
| Cyber | Security posture, vulnerability management, incident response |
Screenshot: Radar Chart
Capture a supplier assessment card showing the five-dimension radar chart on the left and findings/recommendations on the right.
5.3 Assessment Card Layout
Each supplier assessment card is a panel with a two-column grid layout:
| Section | Content |
|---|
| Header | Supplier name, assessment date, assessor name, overall level badge (High/Medium/Low), and average score. |
| Left Column | Interactive radar chart (Chart.js) plotting all five dimension scores (0–100 scale). |
| Findings | Narrative summary of key risk findings from the assessment. |
| Recommendations | Specific actions recommended to address identified risks. |
| Next Review | Scheduled date for the next periodic reassessment. |
5.4 Assessment Level Classification
The overall assessment level is derived from the average of all five dimension scores:
i
Theme-Aware Charts: All radar charts automatically adjust their colours, grid lines, point styles, and tooltip styles when switching between Dark Mode and Light Mode. The data remains identical — only the visual presentation changes.
!
Overdue Reviews: Assessments with a next review date in the past are counted in the "Overdue Reviews" stat card. Regularly check this metric to ensure your assessment programme stays current and compliant.
6. Mitigations & Analytics
6.1 Mitigation Tracking
The Mitigations page tracks all risk mitigation actions, each linked to a specific risk via its Risk Code. Use the filter tabs across the top to focus on specific statuses.
All
Not Started
In Progress
Completed
Overdue
6.2 Mitigation Stat Cards & Table
Four stat cards summarise the mitigation programme:
| Card | What It Shows |
|---|
| Total Actions | Total number of mitigation actions across all risks. |
| In Progress | Actions currently being worked on. |
| Overdue | Actions past their due date that are not yet completed. |
| Avg Progress | Mean completion percentage across all actions. |
The mitigations table contains the following columns:
| Column | Description |
|---|
| Risk Code | Links back to the parent risk (e.g. RSK-001). |
| Action | Description of the mitigation action to be taken. |
| Owner | Person responsible for completing the action. |
| Due Date | Target completion date. |
| Priority | High (red badge), Medium (amber badge), or Low (blue badge). |
| Progress | Visual gradient progress bar (0–100%) with percentage label. |
| Status | Not Started, In Progress, Completed, or Overdue badge. |
6.3 Analytics & Insights
The Analytics page provides four interactive Chart.js visualisations for deeper risk analysis:
Risk Score Distribution
Bar chart bucketing all risks into score ranges: 1–5 (Low), 6–11 (Medium), 12–19 (High), 20–25 (Critical). Shows concentration of risk severity.
Mitigation Completion
Doughnut chart breaking down mitigation actions by status: Completed, In Progress, Not Started, Overdue. Tracks programme health.
Supplier Risk Comparison
Grouped bar chart comparing average assessment scores across the top 8 suppliers. Identifies which suppliers carry the most risk.
Risk Trend (6 Months)
Dual-line chart tracking Open Risks and Critical/High risks over a 6-month period. Shows whether risk posture is improving or deteriorating.
Screenshot: Analytics Page
Capture all four analytics charts: Risk Score Distribution, Mitigation Completion doughnut, Supplier Risk Comparison bars, and Risk Trend lines.
7. AI Assistant, Profile & Data Sync
7.1 AI Assistant
Risk IQ includes a built-in AI Assistant accessible from the sidebar. It opens as a slide-in panel on the right side of the screen with a semi-transparent overlay.
- Open the AI Panel — Click AI Assistant in the sidebar. The panel slides in from the right.
- Configure your API key — On first use, enter an API key (supports Anthropic, OpenAI, or Google Gemini). Select your preferred provider from the dropdown. The key is stored in local storage.
- Ask a question — Type your question in the textarea at the bottom and press Send. The AI has context about your current risks, assessments, mitigations, and incidents.
- Review the response — AI responses appear in the chat area with distinct styling for user messages (blue) and assistant messages (purple border). Responses stream in real time.
i
Data Context: The AI Assistant automatically includes your current risk register data, mitigations, and assessment information in its context. Ask questions like "Which suppliers have the highest risk scores?" or "What mitigations are overdue?" and receive answers based on your live data.
7.2 User Profile & Multi-Org
Click the user avatar in the topbar to open the Profile Popover. Edit your name, position, and organisation. If you belong to multiple organisations, a dropdown lets you switch context — all data (risks, assessments, mitigations, incidents) is scoped to the selected organisation.
Invite Code: Share this code with colleagues so they can join your organisation.
7.3 Help Button
Click the ? icon in the topbar (next to the bell) to open the Help dropdown. This provides a direct link to the User Guides page, which opens in a new tab.
7.4 Cloud Sync (Supabase)
When authenticated, all data syncs to Supabase (PostgreSQL) in real time. Four tables are used:
| Supabase Table | Contains |
|---|
| risk_register | All risk entries with scores, categories, owners, and statuses. |
| risk_assessments | Supplier assessment records with five-dimension scores. |
| risk_mitigations | Mitigation actions with progress, priority, and due dates. |
| risk_incidents | Incident records with severity, impact, and lessons learned. |
Row-Level Security (RLS) ensures data isolation between organisations. In Demo Mode (not authenticated), sample data is loaded into the browser session only and will not persist.
7.5 Incident Register
Risk IQ maintains an incident register tracking supplier incidents with the following data fields:
| Field | Description |
|---|
| Incident Code | Unique identifier (e.g. INC-001). |
| Supplier | The supplier involved in the incident. |
| Date / Category | When the incident occurred and its risk category. |
| Severity | High, Medium, or Low. |
| Description | What happened. |
| Impact | Business impact of the incident. |
| Resolution | How the incident was resolved. |
| Lessons Learned | Insights for future prevention. |
8. FAQ & Troubleshooting
Quick answers to the most common questions:
Q1: I just logged in and see no risk data. Where are my risks?
If you are logging in for the first time, your organisation's risk database is empty. Your administrator will need to populate the risk register, assessments, and mitigations in Supabase. If you expected to see existing data, check that you are signed into the correct organisation via the Profile Popover (§7.2).
Q2: How is the risk score calculated?
Each risk is scored using Likelihood × Impact, both on a 1–5 scale. This produces a score from 1 to 25. The score maps to four levels: Critical (20–25), High (12–19), Medium (6–11), and Low (1–5). See §4.2 for the full scoring matrix.
Q3: What do the five assessment dimensions mean?
Each supplier is assessed on Financial risk (stability, pricing), Operational risk (delivery, SLAs), Compliance risk (regulatory adherence), Strategic risk (lock-in, alignment), and Cyber risk (security posture). Scores range from 0 to 100, where higher is better. See §5.2 for details on each dimension.
Q4: How do I know which mitigations are overdue?
Navigate to the Mitigations page and click the Overdue filter tab. This shows only actions past their due date. You can also check the "Overdue" stat card at the top of the page for the total count, or look at the notification bell for overdue alerts.
Q5: Can I filter the Risk Register by multiple criteria simultaneously?
Yes. All four filters (Category, Status, Level, Search) work simultaneously. For example, you can filter for "Cyber" category + "Open" status + "High" level to see only high-severity open cyber risks. All filters are applied as AND conditions.
Q6: What does the "Accepted" risk status mean?
An "Accepted" risk is one where the organisation has acknowledged the risk exists but decided that no further mitigation action is required. This typically applies to low-severity risks or situations where the cost of mitigation outweighs the potential impact. Accepted risks are still tracked in the register.
Q7: How does the AI Assistant access my data?
The AI Assistant builds a context string from your current risk register and mitigation data at the time you send a message. This context is sent alongside your question to the chosen AI provider (Anthropic, OpenAI, or Google). Your API key is stored locally in your browser and never sent to Risk IQ servers.
Q8: Can my colleague see the risks I am viewing?
Yes — if you are both authenticated and belong to the same organisation, all data syncs in real time via Supabase. Your colleague will see the same risk register, assessments, and mitigations. In Demo Mode, data is local to your browser only.
Q9: What is the difference between Dark Mode and Light Mode functionally?
There is no functional difference — both modes offer identical features. The choice is purely visual preference. All charts, gradient borders, and badges adapt automatically. Your theme selection is saved in local storage and persists across sessions.
Q10: The Dashboard shows different numbers than the Risk Register. Why?
The Dashboard stat cards show Active Risks (Open + Mitigating only), while the Risk Register shows all risks including Closed and Accepted. The Dashboard focuses on risks requiring attention. The Risk Register provides the complete historical view.
Q11: How do I switch between organisations?
Click your avatar (top-right) to open the Profile Popover. If you belong to multiple organisations, the Organisation field becomes a dropdown picker. Select a different organisation and click Save. All data will refresh to show that organisation's risk data.
Q12: What risk categories does Risk IQ support?
Five categories: Financial (FX, budget, pricing), Operational (SLAs, delivery, key person), Compliance (GDPR, regulatory, anti-bribery), Strategic (vendor lock-in, IP, dependency), and Cyber (phishing, API security, insider threats). These align with the five assessment dimensions.
IQ Platform Applications
Admin IQ
Platform administration
Contract IQ
Contract lifecycle
Perform IQ
Supplier performance
Renewal IQ
Contract renewals
Request IQ
Procurement requests
Vendor IQ
Vendor management