This guide will cover how to attach your controls from the governance section of SimpleRisk to the mitigations of your risks. This guide assumes you have already added the frameworks and controls you would like to use in your mitigations to SimpleRisk. If you have not already done this you can find a guide on doing so here: How to Manage Frameworks and Controls in SimpleRisk 

Adding a Control to a Mitigation

To begin adding a control to a risk already defined in the system we will need to take the following steps.

1) Navigate to “Risk Management” at the top followed by “Plan Mitigations” on the left.

2) Now in the list find the risk you wish to you add a control to and click the “No” in that row. If your risk has already had a mitigation planned you may use the search function at the top right and enter the ID of that risk and click the mitigation tab from the risk details page to update the mitigation. If you do not know the ID of the risk you may want to utilize the Dynamic Risk Report in the Reporting section to find the Risk ID.

3) On this page you will need to select the control you wish to apply at the bottom of the left column of fields. Once selected the control will be displayed on the page and saved with the mitigation. Any mitigation percent associated with the control will be applied to the inherent risk as long as a higher mitigation percent has not already been set in the “Mitigation Percent” field of the mitigation.

4) Click the “Save Mitigation” button toward the upper right hand side of the page and this will save the mitigation with your control and apply any mitigation percentages that have been added.


This short guide has outlined the steps required to add controls to risk mitigations in SimpleRisk. If anything was found to be unclear or requires more details please contact us at and we will be happy to assist you.