Overview
Action Plans in Risk Legion track mitigation activities for identified risks. Actions can be created manually or automatically generated when risks exceed appetite or controls are found to be ineffective.Action Plan Lifecycle
Action Statuses
| Status | Description |
|---|---|
| Created | Action has been defined but work hasn’t started |
| In Progress | Action is being actively worked on |
| Completed | Action has been finished |
Creating Actions
Manual Creation
Create actions directly from the Action Plans page:- Navigate to Mitigation → Action Plans
- Click Create Action
- Fill in the action details:
| Field | Description | Required |
|---|---|---|
| Action | Description of what needs to be done | Yes |
| Owner | Person responsible for the action | Yes |
| Due Date | Target completion date | Yes |
| Priority | Low, Medium, High, or Critical | Yes |
| Action Type | Category of action (e.g., Process, Technology) | Yes |
| BRA | Link to related BRA (optional) | No |
| Risk Scenario | Link to specific scenario (optional) | No |
Automatic Creation
Risk Legion can automatically create actions when:Risk Above Appetite
When residual risk exceeds the defined risk appetite threshold, a mitigation action is suggested
Ineffective Control
When a control is rated “Not Effective” or “Less Effective”, a remediation action is created
- Link to source BRA and scenario
- Suggested action description based on context
- Default priority based on risk level
- Clear indicator that action was auto-generated
From BRA Workspace
Create actions while reviewing a BRA:- In the BRA workspace, go to Review & Finalize
- View the Mitigation Summary section
- Click Create Action next to any risk above appetite
- Action is automatically linked to the BRA and scenario
Managing Actions
Unified Action List
The Action Plans page provides a unified view of all actions: Statistics Bar:- Total actions
- Created (not started)
- In Progress
- Completed
- Overdue
| Filter | Options |
|---|---|
| Status | Created, In Progress, Completed |
| Priority | Low, Medium, High, Critical |
| Owner | Text search |
| Due Date | Date range picker |
| Overdue Only | Toggle |
| Entity | Legal Entity / Business Unit |
Updating Actions
To update an action:- Click on the action row to open details
- Modify any editable field
- Click Save Changes
- Action description
- Owner
- Due date
- Priority
- Status
Source links (BRA, Risk Scenario) cannot be modified after creation.
Bulk Operations
Perform bulk updates on multiple actions:- Select multiple actions using checkboxes
- Click Bulk Update
- Choose the field to update (Status, Owner)
- Apply changes
Due Dates and Overdue Actions
Setting Due Dates
Due dates should be:- Realistic based on action complexity
- Aligned with risk urgency
- Coordinated with resource availability
Overdue Detection
Actions are automatically flagged as overdue when:- Highlighted in the action list
- Counted in dashboard metrics
- Shown in the “Overdue Actions” KPI card
Extending Due Dates
To extend a due date:- Open the action details
- Select a new due date
- Provide a reason (recommended)
- Save changes
Action Priorities
| Priority | When to Use | SLA Guidance |
|---|---|---|
| Critical | Immediate risk to business, regulatory deadline | 1-2 weeks |
| High | Significant risk exposure, important deadline | 2-4 weeks |
| Medium | Moderate risk, standard operations | 4-8 weeks |
| Low | Minor risk, improvement opportunity | 8+ weeks |
Action Types
Categorize actions by type for better tracking:| Type | Description |
|---|---|
| Process | Changes to business processes or procedures |
| Technology | System changes, automation, tools |
| Training | Staff training and awareness |
| Policy | Policy updates or new policies |
| Control | New or enhanced controls |
| Monitoring | Enhanced monitoring or reporting |
| Other | Actions not fitting other categories |
Dashboard Integration
Action metrics appear on the main dashboard:KPI Cards
- Overdue Actions - Count with trend indicator
- Actions This Month - Recently created actions
Operational Overview
- Actions by status breakdown
- Actions by priority distribution
Drill-Down
Click on any metric to navigate to filtered action list.Archiving Actions
Soft delete actions that are no longer relevant:- Click the archive icon on an action
- Confirm the archive
- Action is removed from active list
- Toggle Show Archived in filters
- Find the archived action
- Click the restore icon
- Action returns to active list
Archived actions are retained for audit purposes and can be restored at any time.
Best Practices
Clear Action Descriptions
Clear Action Descriptions
Write actions that are:
Bad: “Improve security”
- Specific and measurable
- Actionable (start with a verb)
- Time-bound (via due date)
- Clearly assigned (single owner)
Bad: “Improve security”
Appropriate Prioritization
Appropriate Prioritization
- Align priority with risk severity
- Consider regulatory deadlines
- Balance with resource capacity
- Review priorities regularly
Owner Accountability
Owner Accountability
- Assign to individuals, not teams
- Ensure owner has authority to act
- Communicate expectations clearly
- Follow up on progress
Regular Reviews
Regular Reviews
- Review action status weekly
- Escalate overdue actions
- Adjust due dates proactively
- Close completed actions promptly
API Reference
| Endpoint | Method | Description |
|---|---|---|
/api/v1/mitigation-actions | GET | List actions with filters |
/api/v1/mitigation-actions | POST | Create new action |
/api/v1/mitigation-actions/{id} | GET | Get action details |
/api/v1/mitigation-actions/{id} | PATCH | Update action |
/api/v1/mitigation-actions/{id}/archive | POST | Archive action |
/api/v1/mitigation-actions/bulk-update | POST | Bulk update actions |