Pryme Risk Management
Learn how to identify, score, monitor, and mitigate business risks in Business Central.
Pryme Risk Management lets you register, score, and track risks directly in Business Central. Risks are scored by likelihood and impact, assigned to owners, and linked to the projects, customers, vendors, resources, or items they relate to. Score zones and review rules ensure risk assessments stay current, and mitigation actions track the steps taken to reduce each risk to an acceptable level.
What you can do
- Register risks and score them by likelihood and impact
- Assign risks to owners and link them to projects, customers, vendors, resources, and items
- Define score zones and review schedules to keep assessments up to date
- Track mitigation actions and their completion
- Visualize your risk portfolio on the interactive risk matrix
- Monitor overdue risk reviews from your role center
1 - Setup and Configuration
Learn about the setup required before you start using Risk Management.
Before you start registering risks, configure the scoring model and review settings that drive the app. Setup is a one-time task, though you can adjust it as your risk framework evolves.
This section covers:
When the setup is complete, you can move on to creating risks and managing your risk portfolio.
1.1 - Risk Management Setup
Configure the core settings for Pryme Risk Management.
The Risk Management Setup page holds the core configuration for Pryme Risk Management. Open this page and complete the required settings before you register your first risk.
Open Risk Management Setup
Choose the 🔎 icon, enter Risk Management Setup, and then choose the related link.
Settings
Configure the fields on the setup page:
Risk No. Series — the number series used to generate risk numbers automatically when a new risk is created.
Note
You must set up Likelihood Levels, Impact Levels, and Risk Score Zones before risks can be scored and assigned to zones. These are configured separately from the main setup page.1.2 - Scoring Setup
Define the likelihood levels, impact levels, and risk categories used to score risks.
Before you can score risks, set up the scales you will use to rate likelihood and impact, and the categories that classify your risks. The risk score is calculated by multiplying the numeric weight of the selected likelihood level by the numeric weight of the selected impact level.
Likelihood levels
Likelihood levels define how probable a risk is to occur. Each level has a numeric weight that feeds into the risk score calculation.
To set up likelihood levels
- On the Risk Management Setup page, choose Likelihood Levels. Alternatively, choose the 🔎 icon, enter Likelihood Levels, and then choose the related link.
- For each level, fill in the following fields:
Code — a short identifier for the level (for example, L1, L2, L3, or RARE, POSSIBLE, LIKELY).Description — the label shown when scoring a risk (for example, Rare, Possible, Likely).Numeric Weight — the value used in the score calculation. Higher weights indicate higher likelihood.
- Close the page when done.
Levels are displayed in ascending Numeric Weight order on list pages and lookups.
Impact levels
Impact levels define how severe the consequences would be if a risk occurs.
To set up impact levels
- On the Risk Management Setup page, choose Impact Levels. Alternatively, choose the 🔎 icon, enter Impact Levels, and then choose the related link.
- For each level, fill in the following fields:
Code — a short identifier (for example, I1, I2, I3, or MINOR, MODERATE, MAJOR).Description — the label shown when scoring a risk (for example, Minor, Moderate, Major).Numeric Weight — the value used in the score calculation. Higher weights indicate greater impact.
- Close the page when done.
Impact levels are also displayed in ascending Numeric Weight order.
Risk categories
Risk categories classify risks by type. Assigning a category makes it easier to filter and report across the risk register.
To set up risk categories
- On the Risk Management Setup page, choose Risk Categories. Alternatively, choose the 🔎 icon, enter Risk Categories, and then choose the related link.
- For each category, enter a
Code and a Description. - Close the page when done.
1.3 - Risk Score Zones
Define score thresholds, zone labels, and review frequencies for risk monitoring.
Risk score zones group risks by score range and determine how often risks in each zone must be reviewed. When a risk’s likelihood and impact are set, the app assigns it to a zone automatically based on the calculated score.
How zones work
The risk score is the product of the likelihood numeric weight and the impact numeric weight. Zones define the score ranges that correspond to each risk level, for example, scores 1–6 map to Low, 7–14 to Medium, 15–25 to High.
Each zone has a review interval. Risks in a higher zone are typically reviewed more frequently than risks in a lower zone.
To set up risk score zones
- On the Risk Management Setup page, choose Risk Score Zones. Alternatively, choose the 🔎 icon, enter Risk Score Zones, and then choose the related link.
- For each zone, fill in the following fields:
Code — a short identifier (for example, LOW, MED, HIGH).Description — the label shown on the risk and matrix (for example, Low, Medium, High).Min. Score — the lowest score that falls into this zone.Max. Score — the highest score that falls into this zone.Review Interval (Days) — the number of days between required reviews for risks in this zone.Color — the color used to display this zone on the risk matrix.
Note
Score ranges must not overlap. Make sure the Min. Score of each zone is one point above the Max. Score of the zone below it.How zone assignment works
When you set the Likelihood and Impact fields on a risk, the app calculates the score and assigns the risk to the matching zone. The zone updates automatically whenever likelihood or impact changes. The zone’s review interval is also used to calculate the Next Review Date on the risk.
1.4 - Permission Sets
Manage user access to Pryme Risk Management using the included permission sets.
Pryme Risk Management includes dedicated permission sets that control what users can see and do in the app. Assign the appropriate permission set to each user based on their role.
Available permission sets
| Permission set | Description |
|---|
RISK ADMIN RMYME | Full access to all Risk Management pages, setup, and configuration. |
RISK BASIC RMYME | Create and edit risks and mitigation actions. No access to setup pages. |
RISK READ RMYME | Read-only access to the risk register and mitigation actions. |
To assign a permission set to a user
- Choose the 🔎 icon, enter Users, and then choose the related link.
- Select the user you want to update.
- Choose Permission Sets.
- Add the relevant Risk Management permission set.
Note
Users without a Risk Management permission set cannot access Risk Management pages, including the Risks and New Risk actions available on project, customer, vendor, resource, and item pages.2 - Risk Register
Create and manage risks, track mitigation actions, and monitor your risk portfolio.
The risk register is the central record of all business risks in your organization. This section covers the full workflow — from creating and scoring risks, to tracking mitigation actions, reviewing overdue risks, and visualizing the risk portfolio.
This section covers:
- Risks — create and manage risks, set likelihood and impact, assign owners
- Risk Reviews — mark risks as reviewed and manage review schedules
- Overdue Risk Reviews — work through risks that are past their review date
- Mitigation Actions — create mitigation actions and track them to completion
- Risk Matrix — visualize your risk portfolio on the interactive matrix
- Related Records — open and create risks from projects, customers, vendors, resources, and items
2.1 - Risks
Learn how to create and manage risks in the risk register.
The Risks page is the central list of all registered risks. From here you can create new risks, review scoring, track status, and navigate to related mitigation actions.
When to use it
Register a risk whenever you identify a potential event or condition that could affect a project, relationship, resource, or item, even if the probability is low. Registering it early lets you score it, assign an owner, and decide whether mitigation is needed.
To create a risk
From the role center, choose Risks in the menu. Alternatively, choose the 🔎 icon, enter Risks, and then choose the related link.
Choose New.
Fill in the Risk Card:
No. — assigned automatically.Description — describe the risk in plain language.Related Type — select the type of record this risk relates to: Project, Customer, Vendor, Resource, or Item.Related No. — select the specific record.Category — classify the risk by choosing from the available categories.Owner — assign the person responsible for monitoring and managing this risk.Likelihood — select a likelihood level from the list.Impact — select an impact level from the list.
Navigate away or close the card, the record saves automatically.
Risk Score and Score Zone update automatically when you set Likelihood and Impact.
Risk status
Identified — the risk is identified and active. This is the default status for new risks.Mitigating — the risk has one or more active mitigation actions in progress.Closed — the risk has been resolved, accepted, or is no longer relevant.
Materialized risks
Use the Materialized field to flag a risk that has occurred. Materialized risks remain active in the system, they continue to appear on the Overdue Risk Reviews page until they are closed. This ensures that risks that have materialized are still reviewed and managed until fully resolved. You can continue working on a materialized risk by adding mitigation actions, but the focus shifts from proactive prevention to reactive response, addressing the impact now that the risk has occurred.
Risk scoring
The risk score is calculated automatically:
Risk Score = Likelihood Numeric Weight × Impact Numeric Weight
The score determines which Score Zone the risk falls into. Zone assignment updates whenever you change the likelihood or impact.
See Scoring Setup for how to define likelihood levels, impact levels, and their numeric weights.
Review fields
Each risk tracks its review schedule:
Score Zone — assigned automatically based on the current risk score.Next Review Date — the date by which the risk must next be reviewed, calculated from the zone’s review interval.Last Review Date — the date the risk was last marked as reviewed.
See Risk Reviews for how to mark a risk as reviewed.
Notes
The Notes FactBox is available on both the Risk Card and the Risk List. Use it to capture context, decisions, or observations that don’t fit in a structured field.
The Risk Card includes a mitigation actions subform where you can add the actions planned or taken to address the risk. For each line, you can either select a code from the predefined list or enter a free-text description directly. Each line also has the following fields:
Due Date — the deadline for completing the action.Owner — the person responsible for the action.Status — tracks whether the action is open or completed.Estimated Cost (LCY) — the estimated cost of the action.Completion Date — the date the action was completed. It changes automatically when the status is set to Closed.
2.2 - Risk Reviews
Learn how to review risks on schedule and mark them as reviewed.
Risk reviews keep assessments current. Each risk has a review schedule driven by its score zone. When a risk passes its review date without being reviewed, it appears on the Overdue Risk Reviews page until it is assessed and marked up to date.
When to use it
Review a risk when:
- The risk’s
Next Review Date has passed. - The risk’s circumstances have changed, for example, the likelihood or impact has increased.
- You are prompted by the My Overdue Risk Reviews cue on your role center.
To mark a risk as reviewed
- Choose the 🔎 icon, enter Risks, and then choose the related link.
- Open the risk you want to review.
- Assess the current situation, update
Likelihood, Impact, Status, or Materialized if anything has changed. - Choose Mark as Reviewed.
The system sets Last Review Date to today and calculates a new Next Review Date based on the score zone’s review interval.
Tip
If the risk’s likelihood or impact has changed, update those fields before choosing Mark as Reviewed. The score zone may change, which will affect the next review interval.Review schedule
The review interval for each risk is controlled by the Review Interval (Days) field on the risk’s Score Zone. A higher-risk zone typically has a shorter interval, for example, 30 days for Critical versus 180 days for Low.
See Risk Score Zones to adjust review intervals per zone.
2.3 - Overdue Risk Reviews
Work through risks that are past their scheduled review date.
The Overdue Risk Reviews page shows all risks that are past their Next Review Date and have not yet been reviewed. This includes materialized risks, unless they are closed.
When to use it
Open Overdue Risk Reviews when:
- Your role center shows a count in the My Overdue Risk Reviews cue.
- You own a risk whose
Next Review Date has passed and need to check its current status.
To work through overdue risks
Choose the 🔎 icon, enter Overdue Risk Reviews, and then choose the related link.
Or, choose the My Overdue Risk Reviews cue on your role center.
For each risk, open the risk card and assess the current situation.
Update Likelihood, Impact, Status, or Materialized if anything has changed.
Choose Mark as Reviewed.
After marking as reviewed, Next Review Date is recalculated and the risk is removed from the overdue list.
My Overdue Risk Reviews cue
The My Overdue Risk Reviews cue on your role center shows overdue risks where you are the Owner. Drilling down opens the Overdue Risk Reviews page filtered to your risks only.
Note
The cue only counts risks owned by the current user. To see all overdue risks regardless of owner, open Overdue Risk Reviews directly and remove the owner filter.Materialized risks
A risk marked as Materialized has already occurred. Materialized risks continue to appear on the overdue list unless they are closed, ensuring that active incidents are still monitored until the risk is fully resolved.
2.4 - Mitigation Actions
Learn how to create mitigation actions and track them to completion.
Mitigation actions are a predefined list of actions you can use when adding action lines to a risk. Mitigation action lines are the actual records connected to a risk — they track what is being done, by whom, and by when.
When to use it
Use mitigation actions to track the steps being taken to bring a risk under control. As actions are completed, you can see the risk becoming less serious over time, whether that means a lower likelihood, a reduced impact, or both. Each action represents progress toward a point where the risk is no longer a concern.
To set up mitigation actions
Mitigation actions serve as a reusable catalog. Each has only two fields:
- Choose the 🔎 icon, enter Mitigation Actions, and then choose the related link.
- Choose New.
- Fill in the fields:
Code — a short identifier for the action (for example, BACKUPVENDOR, CHECKAVL).Description — a plain-language description of the action.
To add mitigation action lines to a risk
Action lines are added directly on the Risk Card in the mitigation actions subform, or from the Mitigation Actions page on the Risk List.
For each line, fill in the following fields:
Code — optionally select from the predefined list. The action description will populate automatically.Description — describe the specific action. You can type this directly without selecting a code.Due Date — the deadline for completing the action.Owner — the person responsible for the action.Status — set to Open, In Progress, or Closed.Estimated Cost (LCY) — the estimated cost of the action.
Completion Date is set automatically when the line Status is changed to Closed. This field is read-only.
Tip
Use the Description field on each line to explain what “done” looks like and why the task is needed, not just the task name. The 2048-character limit gives you enough space for meaningful context.Action line status
Open — the task has been created but work has not started.In Progress — work on the task is underway.Closed — the task is complete. Completion Date is set automatically.
To open mitigation actions from the Risk List
On the Risk List, select a risk and choose Mitigation Actions. The page opens showing only mitigation actions for the selected risk.
2.5 - Risk Matrix
Visualize your risk portfolio on the interactive risk matrix.
The Risk Matrix gives you a visual overview of all active risks plotted by likelihood and impact. Risks are color-coded by score zone, making it easy to spot clusters in high-risk areas and track whether your portfolio is improving over time.
Open the Risk Matrix
Choose the 🔎 icon, enter Risk Matrix, and then choose the related link.
You can also choose Risk Matrix from the Risk Management navigation in your role center.
Filter the matrix
Use the Filters section at the top of the page to narrow which risks appear in the matrix:
Related Type — filter risks linked to a specific entity typeRelated No. — filter risks linked to a specific recordCategory Code — show only risks in a given categoryStatus Filter — defaults to Not Closed; change to view closed or all risksOwner — filter by the person responsible for the risksScore Zone — filter to show only risks in a specific score zone (e.g. high, medium, low)
The matrix updates immediately when you change a filter value.
Reading the matrix
The matrix is a grid with likelihood levels along the vertical axis and impact levels along the horizontal axis. The levels shown depend on what has been configured in your setup.
Each cell displays the number of risks in that likelihood and impact combination, and the score assigned to that position. Colors correspond to the score zones defined in setup:
- Green — Low zone
- Yellow — Medium zone
- Red — High zone
Zone colors and score thresholds are configurable in Risk Score Zones.
View risks from a cell
The Risks list at the bottom of the page shows the individual risks for the cell you select in the matrix. From here you can:
- Choose View to open a risk in read-only mode
- Choose Edit to open the risk card and make changes
- Choose New to create a new risk directly from the matrix
Tip
Use Open Risks in the action bar to open the full risk register list filtered to your current matrix filters.2.6 - Related Records
Open and create risks directly from projects, customers, vendors, resources, and items.
You can open risks and create new risks directly from the records they relate to, without navigating to the risk register first. This makes it faster to register risks in context and to check existing risks while you are working on a project, customer account, or other record.
Supported pages
Risk navigation actions are available on the following pages:
| Page | Related Type set on the risk |
|---|
| Project Card / Project List | Project |
| Customer Card / Customer List | Customer |
| Vendor Card / Vendor List | Vendor |
| Resource Card / Resource List | Resource |
| Item Card / Item List | Item |
On list pages, the actions apply to the currently selected record.
Available actions
Risks
Opens the Risks page filtered to show only risks related to the selected record.
- Open the relevant page, for example, a Customer Card or Project List.
- Select the record.
- Choose Risks from the actions.
The Risks page opens filtered to the selected record.
New Risk
Opens a new Risk Card with Related Type and Related No. pre-filled based on the selected record.
- Open the relevant page.
- Select the record.
- Choose New Risk from the actions. A new Risk Card opens with
Related Type and Related No. pre-filled. - Fill in
Description, Owner, Likelihood, and Impact. - Navigate away or close the card, the risk saves automatically.
Tip
Creating risks from related records is faster than opening the risk register and manually filling in the relation fields. Use it when you identify a risk while reviewing a project or customer.Progressus pages
The same Risks and New Risk actions are also available on the Progressus Project Card and Project List pages. They work identically, the risk is created with Related Type set to Project and Related No. set to the selected Progressus project number.
3 - Pryme Risk Management Release Notes
13.1 (June 2026)
First version of Pryme Risk Management.
4 -