**Source URL:** https://quality.veevavault.help/en/lr/54469201/ # Risk Builder (QMS) The QMS Risk Builder tool allows you to easily and quickly enter data for _Assessment Risks_ in a specialized section on an _Assessment_ object details page. The Risk Builder tool must be [enabled by an Admin](/en/lr/62748/). ## Adding Assessment Risks to a Risk Assessment {#add-risks} You can add _Assessment Risks_ by following the steps below, or by running the [_Create Risks from Existing Assessment_ action][1]. 1. Navigate to **Business Admin > Objects > Assessment**, or to a custom object tab, and click into an _Assessment_ record. 2. Ensure the _Assessment_ record has at least one _Process Step_ record defined. 3. In the _Assessment Risks_ section, click **Risk Builder**. The _Assessment Risks_ section may appear only in certain _Assessment_ lifecycle states, depending on the configuration of your Vault. 4. Select a **Process Step**. This selection filters your view to only those existing _Assessment Risks_ associated with the selected step. 5. Click the edit icon . 6. Using the navigation and editing tools, add data to existing risks or create new ones. 7. Once satisfied with your changes, click **Save** to keep your changes or click **Cancel** to leave editing mode. If you left any fields blank that are required on the _Assessment Risk_ object, or the data you entered does satisfy any of the validation rules defined for the _Assessment Risk_ object, Vault will mark the problem fields and prompt you to fix the issues. 8. Repeat steps 3-6 for your other _Process Steps_ as needed. 9. Click **Close** to return to the _Assessment_ record detail page. ### Creating Risks from an Existing Assessment {#create-risk-from-existing} If available, you can run the _Create Risks from Assessment_ action from an _Assessment_ record or from the Risk Builder to create up to 1,000 _Assessment Risks_ at once by copying key information from existing _Assessment Risks_ associated with a different _Assessment_. To run the action, select it from the **Actions** menu of the Risk Builder while in view mode. This action is available for _Assessments_ of all custom and standard object types, excluding the _Risk Factor_ object type. The object types of the source and target _Assessments_ must match exactly. The object type must also match between the source and target _Assessment Risk_ and the source _Assessment_. When you create _Assessment Risks_ this way, Vault: * Associates the created _Assessment Risks_ with existing _FMEA Process Steps_ in the target _Assessment_ that have the same _Step Short Name_ or _Name_ field values as the _FMEA Process Step_ associated with the source _Assessment Risk_. If no matching _FMEA Process Step_ exists, Vault creates a _FMEA Process Step_ and copies key information from the _FMEA Process Step_ associated with the source _Assessment Risk_. Depending on your Admin's configuration, Vault may create _Assessment Risks_ without associating them to _FMEA Process Steps_. * Associates the created _Assessment Risks_ with _Hazards_ in the target _Assessment_ using the same logic as for _FMEA Process Steps_. * Populates all existing or configured default values for standard and custom fields from the source _Assessment Risk_ to the target _Assessment Risk_, unless these fields have the _Do not copy this field in Copy Record_ attribute enabled. * Sets the _Assessment Order_ of created _Assessment Risks_ as the last risk in a _FMEA Process Step_, or, if the risk does not have _FMEA Process Steps_, to the last risk in the _Assessment_. * Populates the _Source Assessment_ and _Source Risk_ fields on the created _Assessment Risk_. The _Source Risk_ value must be unique among _Assessment Risks_ within an _Assessment_. * Populates the _Risk Matrix_ field of the created _Assessment Risks_ with the same risk matrix used by the target _Assessment_. Vault does not copy the following information when creating _Assessment Risks_: * Any risk scores and _Risk Matrix_-related fields, because the source and target _Assessments_ do not need to use the same _Risk Matrix_ * Required fields without configured default values * Documents associated with the _Assessment Risk_ * _Mitigations_ ### Adding Documents to an Assessment Risk {#add-risk-docs} You can view documents associated with an _Assessment Risk_ and associate documents to an _Assessment Risk_ from the Risk Builder. The _Assessment Risk Documents_ column may be available by default, or you can add it while in view mode by selecting **Edit Columns** from the Risk Builder's **Actions** menu. When the Risk Builder is in view mode, if an _Assessment Risk_ has associated documents, you can click **View Assessment Risk Documents** in a cell in the _Assessment Risk Documents_ column to open a dialog that displays a list of all documents associated with an _Assessment Risk_. Click on a document in the dialog to open it in a new window. When the Risk Builder is in edit mode, you can click the (**+**) icon to add documents, or, if associated documents already exist, you can click **Edit Assessment Risk Documents** in a cell in the _Assessment Risk Documents_ column to open a dialog that lets you search for documents to add to or remove from the _Assessment Risk_. You can associate up to ten documents to a single _Assessment Risk_. The _Assessment Risk Documents_ column is not available in reorder mode. If your Vault uses the [Periodic Risk Review](/en/lr/65904704/) feature to automatically create _Assessment Risk History_ records for each risk when an _Assessment_ is approved, Vault now captures the specific version of each risk's linked documents when Vault generates the _Assessment's_ history in the _Assessment Risk History_ records. ## About the Risk Builder Interface The Risk Builder is a flexible interface that allows for multiple methods of data entry while creating and editing _Assessment Risks_. Each cell in the Risk Builder represents a piece of field data on an _Assessment Risk_ record. ### View Mode Clicking **Risk Builder** in an _Assessment_ record opens the Risk Builder in view mode, from which you select a **Process Step** to filter the view. You can click the binoculars icon to quickly search for a _Process Step_. After selecting a step, the Risk Builder's edit mode becomes available. The Search box allows you to search Vault for _Assessment Risks_ by field data. Hovering over fields that represent object records displays the record's hovercard. From the Risk Builder's **Actions** menu in view mode, you can update the columns that display and initiate any available actions. From the **Actions** menu of an _Assessment Risk_ record in view mode, you can initiate a user action or view the record's audit trail. ### Reorder Mode Clicking the **Reorder** button from the view mode takes you to the Reorder Mode page, where you can reorganize individual risks using drag-and-drop functionality and save your changes.  _Assessment Risks_ are ordered by _Name_ if they are not associated with a _Process Step_. _Assessment Risks_ associated with a _Process Step_ are grouped by that step and ordered within it by the _Risk Order_ field. As you change the risk order of an _Assessment Risk_ so that it is associated with a new _Process Step_, Vault automatically adjusts the numbering, changing the _Risk Order_ field of the moved _Assessment Risk_ to a new _Risk Order_ of zero (0). This ensures that the risk is easy to locate after reorganization. Users can view the first four columns set in the Risk Builder view in Reorder mode. ### Edit Mode Click the edit icon to enter the Risk Builder in edit mode. In this mode, you can add new risks and update information for existing risks. #### Adding & Removing Rows You can add new risks by clicking **+ Row** or by pressing the **Ctrl + Enter** keys while editing the last row in the list. To update the table rows, click the **Actions** menu next to an _Assessment Risk_ and perform one of the following actions: * **Insert Row Above:** Inserts a blank row above the selected row. * **Insert Row Below:** Inserts a blank row below the selected row. * **Clone Row:** Copies the selected row, and pastes it into a new row just below the selected row. _Clone Row_ is equivalent to performing a _Copy Row_, followed by _Insert Row_, and then _Paste Row_ into the newly inserted row. * **Copy Row:** Copies the selected row so it can be pasted into another row. * **Paste Row**: Pastes the data from the copied row into the selected row. * **Delete Row**: Deletes the selected row if it has not yet been saved, or if you have permission to delete the _Assessment Risk_ record. When deleting rows, Vault respects the configured permissions to delete the row. This means inbound related records such as _Assessment Risk_ _Mitigation Action_ (`assessment_risk_mitigation__vr`) or _Quality Team_ assignments may prohibit deletion if cascade delete for those relationships is not configured. In these cases, we recommend moving the _Assessment Risk_ records to the _Cancelled_ state via the record details page of the _Assessment Risk_ record. #### Flagging for Review You can mark a risk row for review by opening the **Actions** menu next to an _Assessment Risk_ and selecting the **Flag for review** action. The total number of rows marked for review is displayed at the top of the builder. You can remove the flag with the **Remove flag** action. #### Risk Builder Keyboard Shortcuts After clicking on a cell, you can use the following keyboard shortcuts to navigate and edit the grid: | **Shortcut** | **Function** | | --- | --- | | **Ctrl + Enter** | If not editing a result, puts the cell in editing mode. If currently editing a cell, navigates down a row while remaining in editing mode. If currently editing a cell in the last row, creates a new row and navigates to the first editable cell in the new row.| | **Tab** | Navigates to the right across editable cells. Navigates to the next row down if pressed in the last editable cell in a row. | | **Shift + Tab** | Navigates to the left across editable cells. | | **Arrow Keys** | Navigates between cells while not editing a cell. | | **Esc** | When pressed while editing a cell, returns the cell to view mode. | | **Ctrl + C** | Copies the content of a cell, or copies the selected portion of a cell while in editing mode | | **Ctrl + X** | Cuts the content of a cell, or cuts the selected portion of a cell while in editing mode | | **Ctrl + V** | Overwrites the content of a cell, or pastes into the selected portion of a cell while in editing mode | ### Filtering Click the filter icon to add more advanced filters to your view. You can add filters for _Assessment Risk_ metadata such as _Created By_, _Initial Severity_, _Initial Detectability_, _Initial Occurrence_, _Risk Event Type_, _Assessment Risk Documents_, or other columns displayed in Risk Builder. Click the plus (**+**) icon to the right of the filter row to add additional filters. When you add multiple filters, the Risk Builder only displays the _Assessment Risk_ records that match all filters. Click **Apply** to view the filtered assignments. Click **Clear** to remove all filters. ## Managing Assessment Risk Mitigations in the Risk Builder If allowed by your configuration, the Risk Builder allows you to manage mitigations for each Risk via the Assessment Risk Mitigations column. ### Adding a Mitigation to a Risk To add a mitigation to a _Risk_ in the Risk Builder: 1. Click the plus (**+**) icon in the **Assessment Risk Mitigations** column. 2. Select a mitigation type. Depending on your organization's processes, options may include the _Mitigation Action_, _Change Control_, _Continuous Improvements_, _CAPA Action_, _MedTech CAPA_, or _Quality Event_ object. 3. In the selection dialog, select one or more records of the chosen type. If a user is allowed to create the selected object, they can also click the **Create** button in the dialog to create a new one. 4. Click **Close** to return to the Risk Builder. 5. Click the **X** icon on a mitigation to remove it from the column. ## Heat Map The Risk Builder includes a risk visualization tool to allow you to view your _Assessment_ in a heat map format. Click **Generate Heat Map** to build and view the visualization. The heatmap organizes risks based on the assessment's two-dimensional (_Severity_ and _Occurrence_) or three-dimensional (_Severity_, _Occurrence_, and _Detectability_) _Risk Matrix_. Each cell in a two-dimensional heat map represents a particular combination of _Severity_ and _Occurrence_. Cells in a three-dimensional heat map represent a particular combination of _Severity_, _Occurrence_, and _Detectability_. Cells are color-coded to reflect the various _Risk Levels_ defined in the assessment's _Risk Matrix_. The count inside a cell identifies the number of _Risks_ within the assessment corresponding to the cell's _Risk Score_. You can click a cell to display a list of all the associated _Risks_ with that combination of attributes. The heat map displays risks in descending order along the Y-axis, with the most critical risks with the highest _Occurrence_ and _Severity_ scores displayed at the top of the heat map. ### Action Filters The top bar of the heat map lists clickable built-in filters. Click on one of these filters to navigate to a list of all applicable _Risk_ records: * **Total Risks**: All _Risks_ associated with the _Assessment_. * **To Mitigate**: _Risks_ that do not have _Mitigation Actions_. * **To Respond**: _Risks_ that do not have a _Risk Response_ assigned (not shown in screenshot). * **Flagged**: _Risks_ that are flagged for review in the record's _Assessment Risk Flag_ field . * **Risk Levels**: _Risks_ in each _Risk Level_, such as _Low_, _Medium_, _High_, or _Extreme_. ### Two-Dimensional & Three-Dimensional Heat Maps For a heat map visualization for two-dimensional _Risks_, with only _Severity_ and _Occurrence_ values, Vault displays the _Severity_ as columns and _Occurrence_ as rows. For three-dimensional _Risks_, with _Severity_, _Occurrence_, and _Detectability_ values, Vault displays _Detectability_ as columns, and the intermediate _Criticality_ values as rows. Click on the **Criticality** header to expand it to show the contributing _Severity_ and _Occurrence_ values for a given row. ### Heat Map Limitations The Heat Map visualization has the following limitations: * The _Generate Heap Map_ button is disabled for an Assessment with more than four (4) _Risk Levels_ associated with its _Risks_. * _Assessments_ containing greater than 3,000 _Risk_ records display only the 3,000 records with the highest-calculated risk levels. * The _Generate Heap Map_ button is disabled for _Risk Matrices_ that have incomplete _Risk Matrix Setup_ records (_Risk Level_ or _Criticality Levels_ are not assigned). * The _Generate Heap Map_ button is disabled for _Risk Matrices_ that use _Occurrence_ and _Detectability_ only, or only one dimension. ## Related Permissions To utilize the reorder mode in the Risk Builder, a user requires _Edit_ permission on the _Assessment Risk_ object records that will be affected by the reorganization.  The ability to edit _Assessment Risks_ objects in the _Assessment_ lifecycle state also depends on the lifecycle's [Atomic Security on Relationships](/en/lr/47850/) configuration. To use the _Create Risks from Existing Assessment_ action, users require the following permissions: * _Create_ permission on the _Assessment Risk_ and _FMEA Process Step_ objects * _View_ permission for the _Create Risks from Existing Assessment_ action * _Edit_ permission for the self-referencing relationship on the _Assessment Risk_ object To manage documents for _Assessment Risks_ from the Risk Builder, users require the following permissions: * _Edit_ permission for the _Assessment Risk Document_ object * _Edit_ permission for the _Document_ field on the _Assessment Risk Document_ object * All relevant permissions for the applicable document types [1]: #create-risk-from-existing