Total Risks
—
Active in register
Critical & Severe
—
Residual score ≥ 15
Outside Appetite
—
Needs treatment uplift
KRIs Red/Amber
—
Of total KRIs tracked
Open Actions
—
0 overdue
Avg. Control Eff.
—
Out of 5.0
Group Risk Heat Map
Residual exposure · click a cell to filter
Low (1–4)
Moderate (5–9)
High (10–14)
Severe (15–19)
Critical (20–25)
Top 10 Risks
By residual score · velocity & appetite
Risks by Category
Residual Risk Exposure by SBU
Risk Velocity
Direction of change since last review
Watchlist · Risks needing action
0
Risk Heat Map · 5×5 Impact/Likelihood matrix
Inherent risk = before controls · Residual risk = after current controls
Risks in selected cell
Click a heat map cell to drill in.
| ID | Risk | SBU | Category | Owner | Inh. | Res. | Δ | Velocity | Appetite | Status |
|---|
0 risks shown · click a row to view detail
SBU Risk Profiles
Comparative risk exposure across all Strategic Business Units
Risk distribution across SBUs (stacked by level)
Risk Categories
10 standard ERM risk categories · drill in for each
Key Risk Indicators (KRIs)
Quantitative leading indicators · monitored against thresholds
Green
Amber
Red
Action Tracker
Mitigation actions · owners · deadlines
Not started
0
In progress
0
Completed
0
Overdue
0
| Action | Risk | SBU | Owner | Due | Status |
|---|
Acorn Group ERM Framework
ISO 31000 / COSO ERM aligned · how we identify, assess, and govern risk
1
Risk Scoring · 5×5
Each risk is scored on Likelihood (1 Rare → 5 Almost Certain) and Impact (1 Insignificant → 5 Catastrophic). The product is the Risk Score (1–25).
25 Crit
20
15
10
5
20
16
12
8
4
15
12
9
6
3
10
8
6
4
2
5
4
3
2
1
2
The 4T Treatment Strategy
TerminateExit the activity that generates the risk — used when residual risk is intolerable.
TreatReduce likelihood or impact through controls — preventive, detective, corrective.
TransferShift exposure to a third party — insurance, hedging, outsourcing, contractual.
TolerateAccept the residual risk — only when within appetite and economically justified.
3
Three Lines of Defence
1st line · Operational management
SBU leaders own risks they generate. Day-to-day controls embedded in business processes.
SBU leaders own risks they generate. Day-to-day controls embedded in business processes.
2nd line · Risk & Compliance functions
Group Risk, Compliance, Finance Control — set framework, monitor adherence, challenge.
Group Risk, Compliance, Finance Control — set framework, monitor adherence, challenge.
3rd line · Internal Audit
Independent assurance to the Audit Committee and Board on the effectiveness of the first two lines.
Independent assurance to the Audit Committee and Board on the effectiveness of the first two lines.
4
Governance Cadence
WeeklySBU Risk huddles · KRI breach review
MonthlySBU MD review of register · action progress
QuarterlyGroup Risk Committee · top-risk attestation
Bi-annuallyAudit Committee review of framework
AnnuallyBoard sign-off on risk appetite statement
Risk Appetite Statement (Group)
The Acorn Group accepts risk where it is necessary to deliver our strategy and we are confident in our ability to manage exposure within tolerance. We have low appetite for risks that could threaten guest safety, regulatory standing, financial solvency, or our reputation as a trusted Sri Lankan group. We have moderate appetite for risks taken in pursuit of growth — entering new markets, launching new services, or making bold capital allocation decisions — provided they are well-modelled, time-bound, and reversible. We have higher appetite for innovation risks at the Acornic Ventures level, where failure of individual bets is expected and instructive.
Settings & data
Data persists in your browser (localStorage). Export to share or back up.
Reset
Restore the built-in Acorn Group risk seed dataset. Your edits will be lost.
Collaboration · Google Sheets backend
Standalone mode stores data in this browser only. To collaborate across the Group, wire the dashboard to a Google Sheet using Apps Script — every save will sync to the Sheet and every load will pull the latest. Setup walkthrough lives in
SETUP.md.
—
About this dashboard
This is an interactive Enterprise Risk Management cockpit built for the Acorn Group. It implements a 5×5 likelihood-impact scoring model, inherent vs residual risk tracking, the 4T treatment strategy, Three Lines of Defence governance, KRI monitoring, and action tracking — across all Group SBUs. Seed data is illustrative; replace with the live risk register approved by the Group Risk Committee. Single-file HTML with optional Google Sheets backend.