This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Pryme Risk Management

Learn how to identify, score, monitor, and mitigate business risks in Business Central.

Pryme Risk Management lets you register, score, and track risks directly in Business Central. Risks are scored by likelihood and impact, assigned to owners, and linked to the projects, customers, vendors, resources, or items they relate to. Score zones and review rules ensure risk assessments stay current, and mitigation actions track the steps taken to reduce each risk to an acceptable level.

What you can do

  • Register risks and score them by likelihood and impact
  • Assign risks to owners and link them to projects, customers, vendors, resources, and items
  • Define score zones and review schedules to keep assessments up to date
  • Track mitigation actions and their completion
  • Visualize your risk portfolio on the interactive risk matrix
  • Monitor overdue risk reviews from your role center

1 - Setup and Configuration

Learn about the setup required before you start using Risk Management.

Before you start registering risks, configure the scoring model and review settings that drive the app. Setup is a one-time task, though you can adjust it as your risk framework evolves.

This section covers:

When the setup is complete, you can move on to creating risks and managing your risk portfolio.

1.1 - Risk Management Setup

Configure the core settings for Pryme Risk Management.

The Risk Management Setup page holds the core configuration for Pryme Risk Management. Open this page and complete the required settings before you register your first risk.

Open Risk Management Setup

Choose the 🔎 icon, enter Risk Management Setup, and then choose the related link.

Settings

Configure the fields on the setup page:

  • Risk No. Series — the number series used to generate risk numbers automatically when a new risk is created.

1.2 - Scoring Setup

Define the likelihood levels, impact levels, and risk categories used to score risks.

Before you can score risks, set up the scales you will use to rate likelihood and impact, and the categories that classify your risks. The risk score is calculated by multiplying the numeric weight of the selected likelihood level by the numeric weight of the selected impact level.

Likelihood levels

Likelihood levels define how probable a risk is to occur. Each level has a numeric weight that feeds into the risk score calculation.

To set up likelihood levels

  1. On the Risk Management Setup page, choose Likelihood Levels. Alternatively, choose the 🔎 icon, enter Likelihood Levels, and then choose the related link.
  2. For each level, fill in the following fields:
    • Code — a short identifier for the level (for example, L1, L2, L3, or RARE, POSSIBLE, LIKELY).
    • Description — the label shown when scoring a risk (for example, Rare, Possible, Likely).
    • Numeric Weight — the value used in the score calculation. Higher weights indicate higher likelihood.
  3. Close the page when done.

Levels are displayed in ascending Numeric Weight order on list pages and lookups.

Impact levels

Impact levels define how severe the consequences would be if a risk occurs.

To set up impact levels

  1. On the Risk Management Setup page, choose Impact Levels. Alternatively, choose the 🔎 icon, enter Impact Levels, and then choose the related link.
  2. For each level, fill in the following fields:
    • Code — a short identifier (for example, I1, I2, I3, or MINOR, MODERATE, MAJOR).
    • Description — the label shown when scoring a risk (for example, Minor, Moderate, Major).
    • Numeric Weight — the value used in the score calculation. Higher weights indicate greater impact.
  3. Close the page when done.

Impact levels are also displayed in ascending Numeric Weight order.

Risk categories

Risk categories classify risks by type. Assigning a category makes it easier to filter and report across the risk register.

To set up risk categories

  1. On the Risk Management Setup page, choose Risk Categories. Alternatively, choose the 🔎 icon, enter Risk Categories, and then choose the related link.
  2. For each category, enter a Code and a Description.
  3. Close the page when done.

1.3 - Risk Score Zones

Define score thresholds, zone labels, and review frequencies for risk monitoring.

Risk score zones group risks by score range and determine how often risks in each zone must be reviewed. When a risk’s likelihood and impact are set, the app assigns it to a zone automatically based on the calculated score.

How zones work

The risk score is the product of the likelihood numeric weight and the impact numeric weight. Zones define the score ranges that correspond to each risk level, for example, scores 1–6 map to Low, 7–14 to Medium, 15–25 to High.

Each zone has a review interval. Risks in a higher zone are typically reviewed more frequently than risks in a lower zone.

To set up risk score zones

  1. On the Risk Management Setup page, choose Risk Score Zones. Alternatively, choose the 🔎 icon, enter Risk Score Zones, and then choose the related link.
  2. For each zone, fill in the following fields:
    • Code — a short identifier (for example, LOW, MED, HIGH).
    • Description — the label shown on the risk and matrix (for example, Low, Medium, High).
    • Min. Score — the lowest score that falls into this zone.
    • Max. Score — the highest score that falls into this zone.
    • Review Interval (Days) — the number of days between required reviews for risks in this zone.
    • Color — the color used to display this zone on the risk matrix.

How zone assignment works

When you set the Likelihood and Impact fields on a risk, the app calculates the score and assigns the risk to the matching zone. The zone updates automatically whenever likelihood or impact changes. The zone’s review interval is also used to calculate the Next Review Date on the risk.

1.4 - Permission Sets

Manage user access to Pryme Risk Management using the included permission sets.

Pryme Risk Management includes dedicated permission sets that control what users can see and do in the app. Assign the appropriate permission set to each user based on their role.

Available permission sets

Permission setDescription
RISK ADMIN RMYMEFull access to all Risk Management pages, setup, and configuration.
RISK BASIC RMYMECreate and edit risks and mitigation actions. No access to setup pages.
RISK READ RMYMERead-only access to the risk register and mitigation actions.

To assign a permission set to a user

  1. Choose the 🔎 icon, enter Users, and then choose the related link.
  2. Select the user you want to update.
  3. Choose Permission Sets.
  4. Add the relevant Risk Management permission set.

2 - Risk Register

Create and manage risks, track mitigation actions, and monitor your risk portfolio.

The risk register is the central record of all business risks in your organization. This section covers the full workflow — from creating and scoring risks, to tracking mitigation actions, reviewing overdue risks, and visualizing the risk portfolio.

This section covers:

  • Risks — create and manage risks, set likelihood and impact, assign owners
  • Risk Reviews — mark risks as reviewed and manage review schedules
  • Overdue Risk Reviews — work through risks that are past their review date
  • Mitigation Actions — create mitigation actions and track them to completion
  • Risk Matrix — visualize your risk portfolio on the interactive matrix
  • Related Records — open and create risks from projects, customers, vendors, resources, and items

2.1 - Risks

Learn how to create and manage risks in the risk register.

The Risks page is the central list of all registered risks. From here you can create new risks, review scoring, track status, and navigate to related mitigation actions.

When to use it

Register a risk whenever you identify a potential event or condition that could affect a project, relationship, resource, or item, even if the probability is low. Registering it early lets you score it, assign an owner, and decide whether mitigation is needed.

To create a risk

  1. From the role center, choose Risks in the menu. Alternatively, choose the 🔎 icon, enter Risks, and then choose the related link.

  2. Choose New.

  3. Fill in the Risk Card:

    • No. — assigned automatically.
    • Description — describe the risk in plain language.
    • Related Type — select the type of record this risk relates to: Project, Customer, Vendor, Resource, or Item.
    • Related No. — select the specific record.
    • Category — classify the risk by choosing from the available categories.
    • Owner — assign the person responsible for monitoring and managing this risk.
    • Likelihood — select a likelihood level from the list.
    • Impact — select an impact level from the list.
  4. Navigate away or close the card, the record saves automatically.

Risk Score and Score Zone update automatically when you set Likelihood and Impact.

Risk status

  • Identified — the risk is identified and active. This is the default status for new risks.
  • Mitigating — the risk has one or more active mitigation actions in progress.
  • Closed — the risk has been resolved, accepted, or is no longer relevant.

Materialized risks

Use the Materialized field to flag a risk that has occurred. Materialized risks remain active in the system, they continue to appear on the Overdue Risk Reviews page until they are closed. This ensures that risks that have materialized are still reviewed and managed until fully resolved. You can continue working on a materialized risk by adding mitigation actions, but the focus shifts from proactive prevention to reactive response, addressing the impact now that the risk has occurred.

Risk scoring

The risk score is calculated automatically:

Risk Score = Likelihood Numeric Weight × Impact Numeric Weight

The score determines which Score Zone the risk falls into. Zone assignment updates whenever you change the likelihood or impact.

See Scoring Setup for how to define likelihood levels, impact levels, and their numeric weights.

Review fields

Each risk tracks its review schedule:

  • Score Zone — assigned automatically based on the current risk score.
  • Next Review Date — the date by which the risk must next be reviewed, calculated from the zone’s review interval.
  • Last Review Date — the date the risk was last marked as reviewed.

See Risk Reviews for how to mark a risk as reviewed.

Notes

The Notes FactBox is available on both the Risk Card and the Risk List. Use it to capture context, decisions, or observations that don’t fit in a structured field.

Mitigation actions subform

The Risk Card includes a mitigation actions subform where you can add the actions planned or taken to address the risk. For each line, you can either select a code from the predefined list or enter a free-text description directly. Each line also has the following fields:

  • Due Date — the deadline for completing the action.
  • Owner — the person responsible for the action.
  • Status — tracks whether the action is open or completed.
  • Estimated Cost (LCY) — the estimated cost of the action.
  • Completion Date — the date the action was completed. It changes automatically when the status is set to Closed.

2.2 - Risk Reviews

Learn how to review risks on schedule and mark them as reviewed.

Risk reviews keep assessments current. Each risk has a review schedule driven by its score zone. When a risk passes its review date without being reviewed, it appears on the Overdue Risk Reviews page until it is assessed and marked up to date.

When to use it

Review a risk when:

  • The risk’s Next Review Date has passed.
  • The risk’s circumstances have changed, for example, the likelihood or impact has increased.
  • You are prompted by the My Overdue Risk Reviews cue on your role center.

To mark a risk as reviewed

  1. Choose the 🔎 icon, enter Risks, and then choose the related link.
  2. Open the risk you want to review.
  3. Assess the current situation, update Likelihood, Impact, Status, or Materialized if anything has changed.
  4. Choose Mark as Reviewed.

The system sets Last Review Date to today and calculates a new Next Review Date based on the score zone’s review interval.

Review schedule

The review interval for each risk is controlled by the Review Interval (Days) field on the risk’s Score Zone. A higher-risk zone typically has a shorter interval, for example, 30 days for Critical versus 180 days for Low.

See Risk Score Zones to adjust review intervals per zone.

2.3 - Overdue Risk Reviews

Work through risks that are past their scheduled review date.

The Overdue Risk Reviews page shows all risks that are past their Next Review Date and have not yet been reviewed. This includes materialized risks, unless they are closed.

When to use it

Open Overdue Risk Reviews when:

  • Your role center shows a count in the My Overdue Risk Reviews cue.
  • You own a risk whose Next Review Date has passed and need to check its current status.

To work through overdue risks

  1. Choose the 🔎 icon, enter Overdue Risk Reviews, and then choose the related link.

    Or, choose the My Overdue Risk Reviews cue on your role center.

  2. For each risk, open the risk card and assess the current situation.

  3. Update Likelihood, Impact, Status, or Materialized if anything has changed.

  4. Choose Mark as Reviewed.

After marking as reviewed, Next Review Date is recalculated and the risk is removed from the overdue list.

My Overdue Risk Reviews cue

The My Overdue Risk Reviews cue on your role center shows overdue risks where you are the Owner. Drilling down opens the Overdue Risk Reviews page filtered to your risks only.

Materialized risks

A risk marked as Materialized has already occurred. Materialized risks continue to appear on the overdue list unless they are closed, ensuring that active incidents are still monitored until the risk is fully resolved.

2.4 - Mitigation Actions

Learn how to create mitigation actions and track them to completion.

Mitigation actions are a predefined list of actions you can use when adding action lines to a risk. Mitigation action lines are the actual records connected to a risk — they track what is being done, by whom, and by when.

When to use it

Use mitigation actions to track the steps being taken to bring a risk under control. As actions are completed, you can see the risk becoming less serious over time, whether that means a lower likelihood, a reduced impact, or both. Each action represents progress toward a point where the risk is no longer a concern.

To set up mitigation actions

Mitigation actions serve as a reusable catalog. Each has only two fields:

  1. Choose the 🔎 icon, enter Mitigation Actions, and then choose the related link.
  2. Choose New.
  3. Fill in the fields:
    • Code — a short identifier for the action (for example, BACKUPVENDOR, CHECKAVL).
    • Description — a plain-language description of the action.

To add mitigation action lines to a risk

Action lines are added directly on the Risk Card in the mitigation actions subform, or from the Mitigation Actions page on the Risk List.

For each line, fill in the following fields:

  • Code — optionally select from the predefined list. The action description will populate automatically.
  • Description — describe the specific action. You can type this directly without selecting a code.
  • Due Date — the deadline for completing the action.
  • Owner — the person responsible for the action.
  • Status — set to Open, In Progress, or Closed.
  • Estimated Cost (LCY) — the estimated cost of the action.

Completion Date is set automatically when the line Status is changed to Closed. This field is read-only.

Action line status

  • Open — the task has been created but work has not started.
  • In Progress — work on the task is underway.
  • Closed — the task is complete. Completion Date is set automatically.

To open mitigation actions from the Risk List

On the Risk List, select a risk and choose Mitigation Actions. The page opens showing only mitigation actions for the selected risk.

2.5 - Risk Matrix

Visualize your risk portfolio on the interactive risk matrix.

The Risk Matrix gives you a visual overview of all active risks plotted by likelihood and impact. Risks are color-coded by score zone, making it easy to spot clusters in high-risk areas and track whether your portfolio is improving over time.

Open the Risk Matrix

Choose the 🔎 icon, enter Risk Matrix, and then choose the related link.

You can also choose Risk Matrix from the Risk Management navigation in your role center.

Filter the matrix

Use the Filters section at the top of the page to narrow which risks appear in the matrix:

  • Related Type — filter risks linked to a specific entity type
  • Related No. — filter risks linked to a specific record
  • Category Code — show only risks in a given category
  • Status Filter — defaults to Not Closed; change to view closed or all risks
  • Owner — filter by the person responsible for the risks
  • Score Zone — filter to show only risks in a specific score zone (e.g. high, medium, low)

The matrix updates immediately when you change a filter value.

Reading the matrix

The matrix is a grid with likelihood levels along the vertical axis and impact levels along the horizontal axis. The levels shown depend on what has been configured in your setup.

Each cell displays the number of risks in that likelihood and impact combination, and the score assigned to that position. Colors correspond to the score zones defined in setup:

  • Green — Low zone
  • Yellow — Medium zone
  • Red — High zone

Zone colors and score thresholds are configurable in Risk Score Zones.

View risks from a cell

The Risks list at the bottom of the page shows the individual risks for the cell you select in the matrix. From here you can:

  • Choose View to open a risk in read-only mode
  • Choose Edit to open the risk card and make changes
  • Choose New to create a new risk directly from the matrix

2.6 - Related Records

Open and create risks directly from projects, customers, vendors, resources, and items.

You can open risks and create new risks directly from the records they relate to, without navigating to the risk register first. This makes it faster to register risks in context and to check existing risks while you are working on a project, customer account, or other record.

Supported pages

Risk navigation actions are available on the following pages:

PageRelated Type set on the risk
Project Card / Project ListProject
Customer Card / Customer ListCustomer
Vendor Card / Vendor ListVendor
Resource Card / Resource ListResource
Item Card / Item ListItem

On list pages, the actions apply to the currently selected record.

Available actions

Risks

Opens the Risks page filtered to show only risks related to the selected record.

  1. Open the relevant page, for example, a Customer Card or Project List.
  2. Select the record.
  3. Choose Risks from the actions.

The Risks page opens filtered to the selected record.

New Risk

Opens a new Risk Card with Related Type and Related No. pre-filled based on the selected record.

  1. Open the relevant page.
  2. Select the record.
  3. Choose New Risk from the actions. A new Risk Card opens with Related Type and Related No. pre-filled.
  4. Fill in Description, Owner, Likelihood, and Impact.
  5. Navigate away or close the card, the risk saves automatically.

Progressus pages

The same Risks and New Risk actions are also available on the Progressus Project Card and Project List pages. They work identically, the risk is created with Related Type set to Project and Related No. set to the selected Progressus project number.

3 - Pryme Risk Management Release Notes

13.1 (June 2026)

First version of Pryme Risk Management.

4 -