Neem contact op met
  Neem contact op met

Risicoregister

We design, build, and maintain corporate risk registers on SharePoint en Power BI – fully automated, ERM-aligned, and appetite-driven. From a single list to a full board-level dashboard, delivered remotely within your existing Microsoft 365 environment.

Most risk registers aren’t working for you.

Many organisations still manage risk in spreadsheets or generic SharePoint lists – disconnected from their ERM framework, hard to maintain, and impossible to report from meaningfully. The result is a register that gets filled in because it has to be, not because it helps anyone make better decisions.

No automated scoring

Probability × impact is calculated manually, copied between sheets, and never version-controlled. When the methodology changes, someone has to update every row by hand.

No real-time dashboard

Risk appetite is invisible at board level. Reports take days to compile, are outdated before they land, and don’t show whether risks are within or out-with appetite.

No workflow

Mitigations are tracked in email threads and status meetings, not in the system where the risk lives. Overdue actions go unnoticed. Stakeholders don’t know they’re involved.

A risk register that actually works.

We build risk registers directly in your Microsoft 365 environment – no new licences, no new tools. SharePoint as the data backbone, Power BI for reporting, Power Apps for smart forms, and Power Automate for alerts and notifications. Everything stays in your tenant.

SharePoint Risk Register

A properly structured SharePoint list with all required fields – not just a generic list with a few columns added. Typical field coverage includes:

  • Risk type dropdown (Risk / Opportunity / Issue) with conditional response options
  • Risk appetite categories aligned to your ERM framework
  • Pre- and post-mitigation probability and impact scores (automatically calculated)
  • Risk velocity / timing (how quickly the risk could materialise)
  • Corporate objective alignment
  • Stakeholder tagging with automated notifications
  • Mitigation sub-items with control owner, target date, and status
  • Lesson learned field (Issue type only)
  • Financial value at risk

Power Apps Smart Form

The default SharePoint form can’t show or hide fields based on what the user selects. Our Power Apps replacement can. It adapts dynamically based on risk type – so a Risk shows Mitigate / Accept / Transfer / Avoid, while an Opportunity shows Exploit / Enhance / Transfer. Guided input, built-in validation, and no training needed.

Power BI Dashboard

A live, multi-page dashboard connected directly to your SharePoint risk register. Typical pages include:

  • Risk Matrix: heatmap of all open risks by probability and impact, colour-coded by appetite
  • Stats & Risk Detail: scores, ratings, velocity, and filter by function, category, and status
  • Mitigation Status: progress by function and appetite category – Not Started / In Progress / Completed / Overdue
  • Top 10 Risks: filterable by rating, appetite, function, and velocity

Power Automate Alerts

Automated email notifications that remove the need for manual chasing. Included flows typically cover:

  • Overdue mitigation alert – notifies the risk owner when a mitigation hasn’t been updated after one month
  • Stakeholder assignment notification – emails the stakeholder automatically when tagged on a risk
  • Status change alerts – notifies owners when a risk status changes in the register

How it works.

1. Kickoff & Walkthrough

We review your existing setup, requirements document, and open items together. Nothing gets built until scope is agreed. You get a written summary of what’s in scope, what’s out, and what we need from you before we start.

2. Build

SharePoint, Power Apps, Power Automate, and Power BI are configured directly in your Microsoft 365 tenant. We work in a staging area where available, promote to live only after your sign-off. Weekly written status updates every Friday.

3. UAT Management

We manage the full testing process – test case creation based on the agreed scope, test programme design, execution coordination, and defect tracking. Your nominated UAT contact reviews and confirms. We fix, you sign off.

4. Go-Live & Handover

Data migration from your existing register, final checks, and full handover with documentation. Includes 3 months of defect remediation after go-live at no extra cost.

What’s included.

Core engagement typically includes:

  • SharePoint list design with all required fields (typically 30–40 field-level configurations)
  • Power Apps custom form replacing the standard SharePoint form
  • Conditional logic: dynamic dropdowns, field visibility, type-dependent response options
  • Pre- and post-mitigation scoring (automatic calculation: probability × impact)
  • Risk appetite representation – automated within / out-with appetite indicator
  • Power Automate flows: overdue mitigation alerts, stakeholder notifications
  • Power BI dashboard (typically 3–5 pages: heatmap, stats, mitigation status, Top 10)
  • Full UAT management: test cases, execution, defect resolution
  • Data migration from existing register
  • 3 months defect remediation after go-live

Available as optional add-ons:

  • End-user training sessions and training materials
  • ERM framework consulting – risk appetite definition, category design, scoring methodology
  • Ongoing maintenance retainer after the warranty period

Transparent pricing.

We work on a Time & Material basis. You pay for days actually worked at a fixed day rate – no fixed-price guesswork, no hidden costs. If it takes fewer days than estimated, you pay less.

  • Day rate: from €800/day (net)
  • Typical engagement: 10–15 man-days
  • Typical budget: €7.500–€11.250 (net)
  • Delivery: 100% remote
  • Invoicing: after agreed milestones (typically 2 invoices)

Preferential rates available for existing clients and multi-year engagements.

Trusted by risk teams across Europe.

LeapLytics built and maintains our corporate risk register on SharePoint and Power BI. The setup covers 37 field-level configurations, a custom Power Apps form, automated alerts, and a full Power BI dashboard – all within our Microsoft 365 environment. Exactly what we needed.

— Risk & Compliance Team, Transportation, Germany

Excellent tool to visualise the full risk portfolio.

— Rail Baltica

Convinces us across the board.

— VELUX Commercial

Why LeapLytics?

Microsoft 365 specialists

We work exclusively within your existing M365 environment. No new tools, no new licences, no data leaving your tenant. Everything we build is yours and stays in your environment after handover.

We own the Risk Matrix visual

Our AppSource-certified Risk Matrix visual powers the heatmap in your Power BI dashboard. It’s used by risk teams across Europe – including Rail Baltica and Velux – and is available separately on Microsoft AppSource. When we build your dashboard, we bring platform-level expertise that goes beyond standard report development.

ERM experience, not just IT

We understand risk appetite, ERM frameworks, ISO 31000, and risk scoring methodology – not just how to configure SharePoint. That means the system we build reflects how your organisation actually thinks about risk, not just what the tool can do out of the box.

Frequently asked questions.

Do we need additional Microsoft licences?

No. Power Apps (standard SharePoint connector) and Power Automate are included in most Microsoft 365 plans including Business Standard, E3, and E5. No additional licences are required for a standard risk register engagement. We confirm your licence entitlement before starting.

Can you work with our existing SharePoint setup?

Yes. We work directly within your existing Microsoft 365 tenant and adapt to your current environment. We assess your setup during the kickoff and design the solution around what you already have.

How long does it take?

A typical risk register engagement runs 6–8 weeks end to end, covering build, UAT, data migration, and go-live. Timelines depend on scope, feedback cycles, and how quickly access can be provisioned.

Do you work on-site?

All work is delivered remotely as standard from Germany. On-site visits can be arranged by mutual agreement – for example for kickoff, UAT, or go-live. Travel costs are invoiced at cost with prior written approval.

What happens if requirements change mid-project?

Any changes beyond the agreed scope are handled via a formal change request process – assessed for timeline and cost impact, and agreed in writing before any additional work begins. Nothing is added to scope without your sign-off.

What if we don’t have an ERM framework yet?

We can help with that too. Our ERM Consulting service covers risk appetite definition, category design, and scoring methodology – and we implement it directly into the register as part of the same engagement.

Ready to build your risk register?

Tell us about your current setup and what you’re trying to achieve. We’ll come back with an indicative scope and estimate within 24 hours – no commitment required.

Get in touch

Or email us directly at info@leaplytics.de

Related services: SharePoint Development · Power Apps · Power Automate · Power BI Consulting · ERM Consulting