Reasonable Risk July 2023 Product Update

Welcome to our first Product Update blog! We want to continue to share exciting news about updates and upgrades for Reasonable Risk and how they impact our users. As usual, we always welcome feedback, so if you experience bugs or needed fixes, contact and we will address those issues as soon as possible.


  1. Executive Status Presentation.
    1. We have added a new Executive Status Presentation to present current risk remediation project status.  This is based on a Plan-Do-Check-Act approach and coupled with some other new features (see below – run this deck now to see ALL the features). It provides a fantastic new way to manage risk remediation projects.
  2. New Ability to track Audits and Assessments.
    1. This entire new section allows for the addition of one-time and/or recurring events, such as Penetration Tests, Risk Assessments, Audits, Vulnerability scans, etc. By including dates and/or recurring timetables, tracking these becomes part of the overall risk management program and are included in the aforementioned Executive Status Presentation.

Here is a table with the latest key changes.

Area of Application Description of Change Impact to User Experience
New Task Feature Risk Title shows when associating risk to task When a user is editing a task, and they want to associate a risk – more than just the risk ID comes up. Now the risk description appears as well.
Search Filter Default the Sort Order to “Current Risk Score – High to Low” When looking at the risk register – the default sort is the highest risk scores are listed first.
New Executive Status Presentation We now have a new presentation!  This is an executive status presentation.  Users can get to this presentation by clicking “Generate Presentations” (notice the plural now!)  When there, users will see the opportunity to select the Budget Request Presentation or the Executive Status Presentation.
Audits and Assessments Create Audits and Assessments Tracking Screen – Assessments Tab New Section – Audits and Assessments.  This new area will enable users to plan and track various assessments, such as Risk Assessment, Penetration Test, Audits, Vulnerability Scans, etc.  By planning and tracking one-time and/or recurring events, you will be able to use the Executive Status Presentation to show the overall risk management program picture.
Project Status Add New Fields to Capture Progress on Projects The new Executive Status Presentation deck also requires new data that comes from the project information.  Therefore, there are new fields in the Project Overview page:  Schedule, Scope, Resources – these are manually changed by the project manager to “Good” (green) – “At Risk” (yellow) – “issue” (red). These statuses will be reported in the Executive Status Presentation.
Planning Horizon Add Planning Horizon Fields at the Scope Level After an audit or assessment, when new risks are entered into Reasonable Risk or Findings are promoted to the risk register, risks need to be added to projects (a.k.a. “planned for remediation”).  It is not optimal to wait too long before non-tolerable risks are assigned to a project, as it may take some time to remediate those risks. Therefore, as part of the scope settings, there is now a planning horizon timetable for both high and unacceptable risks measured in days.  Risks not assigned to a project within that planning horizon are reflected in the Executive Status Presentation.
Budget Presentation In the Budget Request Presentation, several edits were made. One key change is the addition of tasks to key areas which assists in the decision-making process.
Tasks are now on the Project Budget Slide of Budget Request Presentation

User Notes and Recommendations (To Do!):

  1. For the Executive Status Presentation to provide value, it is recommended that each project be reviewed and updated with status on Schedule, Scope, Resources for each open project.
  2. For each scope, review and update the planning horizon number (there is a default range, but you may want to change it).
  3. Optional – add one-time-time or recurring audits and assessments to the new “Audits and Assessments” area.


Any questions can be directed to

Learn more about Duty of Care Risk Analysis (DoCRA),

Share this Post
Share this Post