Local authentication (username and password):

1. Open the Praeviso workstation URL (e.g. https://yourcompany.client.praeviso.app).
2. Enter your email address and password.
3. Click Sign In.
4. If your organisation has enabled two-factor authentication (2FA), you will be prompted to enter a 6-digit code from your authenticator app, or use a backup code.
5. If passkeys are available, you can choose Use passkey instead of entering a code — this uses your device's fingerprint or Face ID.

Microsoft SSO (if enabled by your organisation):

1. Click Sign in with Microsoft.
2. You will be redirected to Microsoft to sign in with your work account.
3. After authentication, you are returned to the workstation.

Enterprise SSO (OIDC):

1. Click Sign in with Enterprise SSO.
2. You will be redirected to your organisation's identity provider (e.g. Keycloak, ADFS).
3. Sign in with your corporate credentials.
4. You are provisioned automatically and returned to the workstation.

First-time setup (bootstrap):

If no users exist yet, the first person to access the workstation may see a Create Account form. Enter your full name, email, password, and confirm password. This creates the first administrator account.

Main menu (sidebar):

• Dashboard — Home page with entity overview and activity feed.
• Folders — Alternative folder-style view of entities.
• Manage Entities — Create and manage Portfolios, Programmes, Projects, and Contracts.
• Archive — View and restore archived entities and risks.
• Reports — Build and export risk reports.
• QCRA — Quantitative Cost & Risk Analysis; run Monte Carlo simulations.
• Profiling — Map risks to schedule activities for time-phased exposure.
• Data Quality — Check risk register completeness.
• Data Management — Import, export, and manage data.
• Settings — Organisation and account settings (admin only).
• Help — In-app help and documentation.
• Profile — Your account details (in the user dropdown, top-right).

Command palette (quick search and actions):

• Press Cmd+K (Mac) or Ctrl+K (Windows) to open the command palette.
• Type to search for risks, entities, actions, or owners.
• Select a result to navigate directly.
• Use Create Risk to add a new risk (you will choose the entity first).
• Use Create Entity to open the entity creation dialog.

Praeviso has three roles:

If you are the first user, you will go through the Setup wizard (6 steps):

Step 1 — Welcome: Choose your preferred language (English, French, German, Spanish, or Mandarin Chinese). This affects the entire interface.

Step 2 — Create Admin: Enter your full name, email, and password (or sign in with SSO if configured). This creates the administrator account.

Step 3 — Licence: Enter your Licence Key and click Activate, or Skip for now if you will add it later in Settings → Billing.

Step 4 — Organisation: Enter your Organisation Name and optionally upload a Company Logo (JPEG, PNG, GIF, or WebP).

Step 5 — Invite Team: Add users by entering Name, Email, and Role (Admin, User, or Viewer). Click Add User for each. You can copy temporary passwords for new users. Click Continue or Skip.

Step 6 — Complete: Click Go to Dashboard to finish.

The Risk Register is the main working view for managing risks within an entity (Portfolio, Programme, Project, or Contract).

How to open a Risk Register:

• Click an entity card on the Dashboard.
• Click an entity in the Folder Browser.
• Click an entity in Entity Management and select Open or click the card.

The risk table:

Each row is a risk. Columns include:

• Ref Code — Auto-generated identifier (e.g. R-0001, R-0002).
• Status — Draft, Open, or Closed.
• Type — Threat or Opportunity.
• Title — Short description of the risk.
• Description — Longer context.
• Cause — What could trigger the risk.
• Consequence — What happens if it occurs.
• Category — Entity-defined categories.
• Owner — Person responsible.
• No of actions — Number of mitigation actions.
• Likelihood (L) and Impact (I) — Qualitative scores.
• Inherent Score — Likelihood × Impact (pre-mitigation).
• Residual Score — Post-mitigation score.
• RBS L1, L2, L3 — Risk Breakdown Structure levels.
• % Prob, Min, Likely, Max, EMV — Quantitative fields.
• Next Review — Next review date.
• Custom fields — Entity-specific columns.

Use the Columns button to show or hide columns.

1. From a Risk Register, click Add Risk (or the + button).
2. You are taken to the Risk Detail page for a new risk.
3. Fill in the required and optional fields (see Risk Detail section).
4. Click Save.

You can also use the Command Palette (Cmd+K / Ctrl+K) → Create Risk → select the entity → then fill in the form.

• Search bar — Filter by title, ref code, or description.
• Status filter — Show only Draft, Open, or Closed.
• Category filter — Filter by entity categories.
• Owner filter — Filter by risk owner.

Click any column header to sort by that column. Click again to reverse the order. An arrow shows the current sort direction.

1. Select multiple risks using the checkboxes on the left.
2. Use Select All to select all visible risks.
3. Bulk action buttons appear: Apply Status, Apply Owner, Archive Selected, Clear Selection.
4. Choose the action and confirm.

• Export to Excel — Downloads all visible (filtered) risks as an Excel file.
• Export to PDF — Generates a PDF of the risk register.

The Risk Detail page is where you create, view, and edit individual risks. It contains all information about a single risk: assessments, mitigation actions, and classification.

Below the Mitigation Actions section, a collapsible Change History (last 6 months) section shows who changed the risk and when:

• Timeline — Each entry shows date/time, user who made the change, and change type (Created, Updated, Archived, Restored, Status Changed).
• Field-level changes — For updates, see which fields changed and the previous → new values (e.g. "Status: Open → Closed", "Likelihood: 4 → 2").
• Mitigation action changes — When actions are added, updated, or removed.
• Load more — Pagination to fetch older entries.
• Export History — Download full history as Excel (Admin and User only; Viewers can view but not export).

• Likelihood — Select a band from the entity's matrix (e.g. Rare, Unlikely, Possible, Likely, Almost Certain).
• Impact — Select a band (e.g. Negligible, Minor, Moderate, Major, Severe).
• Inherent Score — Automatically calculated as Likelihood × Impact.

• Residual Likelihood — Likelihood after mitigation.
• Residual Impact — Impact after mitigation.
• Residual Score — Automatically calculated.

The risk matrix is configured per entity in Entity Settings → Matrix. It defines:

• Likelihood bands — How many levels (e.g. 3 or 5) and their labels.
• Impact bands — Same for impact.
• Threshold colours — Green, amber, red zones indicating severity.

The score (Likelihood × Impact) maps to a cell on the matrix. The colour shows the severity band.

• Inherent Score = Likelihood × Impact (before mitigation).
• Residual Score = Residual Likelihood × Residual Impact (after mitigation).
• Scores are used for ranking, heatmaps, and filtering.

For risks with numerical data:

• Probability (%) — Estimated likelihood of occurrence (e.g. 35%).
• Cost Impact — Three-point estimate:
• Minimum — Best-case cost impact.
• Most Likely — Expected cost impact.
• Maximum — Worst-case cost impact.
• Schedule Impact (optional) — Three-point estimate in days.
• Distribution Type — Triangular, PERT, Normal, Lognormal, or Uniform (for QCRA).

For Opportunities, cost impact values are negative (representing savings).

Auto-assignment: When you enter quantitative data and save, Praeviso can automatically assign qualitative scores (likelihood and impact bands) based on the entity's matrix banding. A notification confirms this. You can override manually if needed.

Entities can define impact types (e.g. Cost, Schedule, Reputation). Each type can have its own inherent and residual impact assessment. Configure impact types in Entity Settings → Impact Types.

1. Scroll to the Mitigation Actions section on the Risk Detail page.
2. Click Add Action.
3. Fill in:
4. Description — What the action is.
5. Responsible Person — Who is accountable.
6. Due Date — When it should be completed.
7. Status — Not Started, In Progress, or Complete.
8. Click Save.

• Not Started — Action has not begun.
• In Progress — Work is underway.
• Complete — Action is finished.

Update the status as work progresses. Overdue actions (past due date, not complete) appear in Data Quality.

The responsible person is selected from entity users (Entity Settings → Entity Users). Ensure users are assigned to the entity before adding them as action owners.

Set a due date for each action. The Data Quality page flags Overdue Mitigations — actions past their due date that are not yet complete.

QCRA runs Monte Carlo or Latin Hypercube simulations to calculate the probability distribution of total cost (or schedule) risk. It produces S-curves, percentile values (P50, P80, P90), and sensitivity analysis. Use it when you need numerical risk exposure for budgeting or contingency planning.

For each risk in scope, configure:

• Min — Best-case cost.
• Most Likely — Expected cost.
• Max — Worst-case cost.

These can come from the Risk Detail quantitative fields or be overridden in the QCRA wizard.

• Probability (%) — Chance the risk occurs (0–100%).
• Occurrence — Binomial (occurs or not) or Bernoulli (single trial).
• Distribution types:
• Triangular — Uses Min, Most Likely, Max. Simple.
• PERT — Uses Min, Most Likely, Max; weights toward Most Likely. Smoother curves.
• Normal — Uses Mean and Standard Deviation. Symmetric.
• Lognormal — Uses Mean and Std Dev on log scale. Right-skewed.
• Uniform — Uses Min and Max. Equal probability across range.

1. Go to Quantitative Analysis.
2. Step 1 — Scope & Filter: Select entity, include child entities, filter by RBS/category.
3. Step 2 — Distribution Parameters: For each risk, set Exclude (if any), Probability, Distribution, and parameters.
4. Step 3 — Run & Results: Set iterations (100–100,000), sampling (Monte Carlo or Latin Hypercube), seed (random or fixed). Click Run Simulation.
5. Wait for the progress bar to complete.

• S-Curve — Cumulative probability distribution. X-axis = cost, Y-axis = probability that actual cost is at or below that value.
• P50 — Median (50% confidence).
• P80 — 80% confidence (common for budgeting).
• P90 — 90% confidence (contingency planning).
• Statistics Table — Mean, min, max, percentiles.
• Sensitivity Analysis — Which risks contribute most to uncertainty.
• Bell Curve — Probability density (frequency histogram).

Dependency groups model correlated risks (e.g. multiple risks affected by steel prices). When risks are grouped:

• The simulation applies Iman-Conover correlation.
• Each group has a name, description, correlation coefficient (ρ), and colour.
• Assign risks to groups in Risk Detail or the QCRA Dependency Groups manager.

Click Save after a run. Enter a title (e.g. "Q1 2026 Pre-Mitigation Baseline"). Saved results can be:

• Viewed later from the QCRA page.
• Used in Reports.
• Used in Risk Profiling for P-value proration.
• Managed in Data Management → QCRA Results.

The Risk Breakdown Structure is a hierarchical categorisation of risks with up to 3 levels. It helps organise and filter risks by type.

• Level 1 — Broad categories (e.g. Technical, External, Organisational).
• Level 2 — Sub-categories within Level 1.
• Level 3 — Specific items within Level 2.

When creating or editing a risk, select RBS levels in order: Level 1 first, then Level 2 (filtered by Level 1), then Level 3 (filtered by Level 2). Configure the RBS in Entity Settings → RBS tab.

1. Go to Reports.
2. Configure the report (see sections below).
3. Click Export PDF.
4. The report is generated and downloaded.

Report sections (toggle on/off):

• Heatmap — Risk matrix with threat and opportunity distributions.
• Top Risks — Risks flagged for reporting (Include in top risks checkbox), ranked by score.
• Top Risk Movers — Risks that have worsened or improved over the period (requires historical data; shows placeholder if insufficient).
• Mitigation Progress — Status of mitigation actions.
• Breakdown by Category — Risk counts by category.
• Breakdown by Status — Risk counts by status.
• Breakdown by RBS — Risk counts by RBS level.
• Trend Charts — Open and Closed risk counts over time.
• QCRA Results — S-curves and percentiles from a saved simulation.
• Profiling Charts — Time-phased exposure from saved profiling outputs.
• Commentary — Custom text.

• Date range — From and to dates.
• Entity selection — One or more entities; include child entities.
• Report title, subtitle, prepared by, date generated — Branding.
• Exposure source — EMV or QCRA; P-value (P50, P80, P90); run mode (Pre/Post/Both).

• Risk Register — Export to Excel or PDF from the Risk Register page.
• QCRA — Export from the QCRA results view.
• Reports — Export PDF from the Reports page.

• Click Save Template to save the current configuration.
• Click Load Template to restore a saved configuration.
• Templates: Executive Summary, Heatmap + Top Risks, Detailed Summary, Mitigation Progress, QCRA Analysis, Risk Register Extract, Full Report, Custom.

The Activity Feed on the Dashboard shows a live feed of recent activity across the system:

• Entity created, archived, restored, deleted.
• Risk created, changed, archived, deleted.
• User created, deleted, role changed.
• QCRA completed.
• Schedule uploaded.
• Configuration updated.

Click the arrow to expand or collapse the panel. Activity entries show who did what and when.

Go to Settings from the sidebar. Settings are organised in tabs.

• Company Name — Organisation name (used in reports and branding).
• Company Logo — Upload or remove. JPEG, PNG, GIF, or WebP.
• Risk Appetite Statement — Optional text describing your risk appetite.
• Language — Organisation default (English, French, German, Spanish, Mandarin Chinese).
• MFA Policy (Admin only) — Off, Optional, or Required. When Required, all users must set up 2FA.

• Add User — Invite users with Name, Email, and Role (Admin, User, Viewer).
• User table — Name, Email, Role. Admins can change roles.
• Reset password — Generate a temporary password for a user.
• Remove — Remove a user from the organisation.
• Search — Filter by name or email.

• Licence Key — Enter your licence key and click Activate.
• Status — Active, Expired, or No Licence.
• Tier — Licence tier.
• Expiry — When the licence expires.
• Seats — Number of users allowed.

• Microsoft SSO — Enable or disable.
• Approved domains — Domain names allowed (e.g. acmecorp.com). Users with matching email domains can sign in with Microsoft.
• Approved emails — Specific emails allowed (e.g. jane@partner.com).

• Enable 2FA — Set up TOTP (authenticator app). Scan QR code, enter code, save backup codes.
• Register Passkey — Add a passkey (fingerprint, Face ID) as an alternative to TOTP.
• Disable 2FA — Requires current TOTP code or backup code. Removes TOTP and all passkeys.
• Passkey list — Rename or delete registered passkeys.

Tip: Passkeys are faster for daily use — no need to type a code. TOTP works on any device with an authenticator app.

Paginated table of system events: Timestamp, Action, Performed by, Resource. Use for compliance and troubleshooting.

• Display name — Your display name.
• Email — Your email (read-only for SSO users). For local auth, you can change it with current password confirmation.
• Save changes — Save profile updates.
• Change password — Link to change password page (local auth only).
• Active sessions — View and revoke sessions. Revoke all other sessions logs out all other devices.

1. Go to Settings → Security.
2. Click Enable 2FA.
3. Scan the QR code with your authenticator app (e.g. Google Authenticator, Authy).
4. Enter the 6-digit code.
5. Save your backup codes in a secure place.

1. Go to Settings → Security.
2. Click Register Passkey.
3. Enter a label (e.g. "MacBook Pro").
4. Follow the browser prompt to use your device's fingerprint or Face ID.
5. Save your backup codes in a secure place.

1. Go to Profile → Change password (or Settings → Security when required).
2. Enter your current (or temporary) password.
3. Enter your new password and confirm.
4. Password must be at least 8 characters with upper, lower, and number.
5. Click Change Password. You are logged out and must sign in again with the new password.

• Hierarchy counts — Number of active Portfolios, Programmes, Projects, Contracts.
• Entity Summary — Entity counts by status (Active, Draft, On Hold, Completed, Archived).
• Entity cards — Click to open a Risk Register.

The Dashboard does not show separate "overdue reviews" or "high severity risks" tables. Use:

• Data Quality — For overdue mitigations, unassigned ownership, and other issues.
• Risk Register — Filter by status, category, owner, or sort by score to find high-severity risks.
• Review Mode — For structured risk reviews.

The collapsible panel on the right shows recent activity. Expand to see details.

1. Go to Manage Entities.
2. Click Create.
3. Select type: Portfolio, Programme, Project, or Contract.
4. Fill in:
5. Name — Descriptive name.
6. Description — Optional context.
7. Status — Draft, Active, On Hold, Completed, or Archived.
8. Parent — For Programmes, Projects, Contracts: select the parent entity.
9. Click Create.

• Portfolio — Top level (collection of programmes).
• Programme — Group of projects (within a portfolio).
• Project — Specific project (within a programme).
• Contract — Contract package (within a project).

Each card shows: name, type badge, status, risk count, children count, parent. Click to open the Risk Register; click the settings icon for Entity Settings.

Shows a visual tree of the entity hierarchy. Select an entity to see its position.

• Entity name — Display name.
• Status — Draft, Active, On Hold, Completed, Archived.
• Description — Context.
• Currency — For cost values (e.g. GBP, USD).
• Timezone — For date/time display.
• Parent — For Programmes, Projects, Contracts.
• Archive, Restore, Permanent Delete — Lifecycle actions.

Add or remove category names. Categories appear when creating/editing risks.

• Likelihood bands — Number (1–10) and labels.
• Impact bands — Number (1–10) and labels.
• Threshold colour bands — Define severity zones (green, amber, red).

• Level 1, 2, 3 — Add/remove nodes.
• Tree builder — Add nodes at each level; for L2 and L3, select parent.

Add or remove impact types (e.g. Cost, Schedule, Reputation). Each type can have inherent and residual impact assessment.

Add fields (Text, Number, or Date) for entity-specific risk data.

Assign users to this entity. Users must exist in the organisation. Each user has Name, Email, and Role (for this entity).

The Data Quality page analyses your risk register for completeness and consistency. Use it before running QCRA or generating reports.

Use the entity selector at the top. Metrics apply to all open risks in that entity.

A circular score shows: (risks with no issues ÷ total open risks) × 100. Colour indicates: Green (≥80%), Amber (60–79%), Orange (40–59%), Red (<40%).

Click any metric card to see the detail table of affected risks:

Click a metric to see affected risks. Each row shows Risk ID, Title, Owner, Folder, Issue Detail. Click a row to navigate to that risk.

Data Management has four tabs: Risk Register, QCRA Results, Profiling Data, Schedules.

Select an entity at the top. Toggle Include child entities to work across the hierarchy.

• Download Template — Entity-specific Excel template for bulk risk entry (includes categories, RBS, impact types).
• Download Risk Register — Export all risks for the selected entity as Excel.
• Upload — Upload a completed template. Validation runs; errors are reported. Preview the changes, then confirm to bulk-create or update risks.
• Import History — List of past imports with file name, date, imported/updated counts. View details or delete (admin only).

Lists saved QCRA simulations. View, rename, or delete. Shows title, date, iterations, run mode.

• Mapping Data — Saved risk-to-activity mapping profiles. Load or delete.
• Mapping Outputs — Saved exposure charts from Risk Profiling. Use in Reports.

• Download Template — Excel template for schedule upload.
• Upload — Upload a schedule (.xlsx or .xer). Activities are parsed and stored.
• Schedule list — View, rename, or delete uploaded schedules. Schedules are used in Risk Profiling.

• Archived entities tab — Entities with status Archived.
• Restore — Returns to previous status.
• Permanent Delete — Removes permanently (requires verification). Cannot be undone.

• Archived risks tab — Same restore and permanent delete options.

• Search by name.
• Filter by type (portfolio, programme, project, contract).
• Filter by date range.

• Command palette — Cmd+K / Ctrl+K.
• Search page — /search?q=... (min 2 characters).

Results are grouped by type:

• Risks — Title, description, ref code.
• Portfolios, Programmes, Projects, Contracts — Entity names.
• Risk Owners — User names.
• Mitigation Actions — Action descriptions.

Click any result to navigate.

Review Mode provides a structured workflow for periodic risk reviews. Access it from a Risk Register via the Review button.

Risks are presented one at a time. For each risk:

• Review details, scores, mitigation actions.
• Update likelihood, impact, or status.
• Update mitigation action statuses and due dates.
• Add review notes.
• Navigate Next/Previous.

All risks in a spreadsheet-like table. Edit inline. Faster for bulk reviews.

• Save — Save current risk.
• Save All — Save all changes.
• Exit — Leave review mode.

Alternative navigation to entities. Displays all entities as folder-like cards in a grid.

• Search by name.
• Filter by type (Portfolio, Programme, Project, Contract).
• Sort by name, created, modified, type.

Each card shows: name, type badge, status, children count, risks count, last modified. Click to open the Risk Register.

Risk Profiling maps risks to schedule activities to create a time-phased view of risk exposure. It shows when risk costs are likely to be incurred over the project timeline.

• Entity — Select entity.
• Schedule — Upload Excel schedule (.xlsx) with Activity ID, Name, Start Date, End Date, Duration, Status.
• QCRA Source — Saved QCRA result for P-value proration.
• P-Value Level — P50, P80, or P90.
• Run Mode — Pre-Mitigated, Post-Mitigated, or Both.

• Activity → Risks mode — Select activity, select risks, click Link.
• Risk → Activities mode — Select risk, select activities, click Link. Weight distributed equally.
• Unlink — Remove mappings.

1. Download template.
2. Place "X" in cells where risk maps to activity.
3. Upload.
4. Choose Replace or Add to existing mapping.

• Unmapped risks — Open risks with no activity mapping.
• Orphaned mappings — Mappings to deleted activities.
• Timeline conflicts — Mappings to completed activities.
• Closed risk links — Mappings to closed risks.

• Exposure chart — Time-phased risk cost.
• Burn-down — Linear (risk reduces as activity progresses) or Step (stays at 100% until complete).
• Time scale — Monthly, Weekly, Quarterly.
• Save Charts — Save as profiling output for Reports.

Q: Why don't my risks appear on the risk matrix?

A: Risks need qualitative scores (likelihood and impact bands). If you entered only quantitative data, the system should auto-assign on save. If scores are still missing, open the risk and save again.

Q: Why are some risks excluded from QCRA?

A: Only risks with quantitative assessments (probability and cost/schedule impact) are included. Check Data Quality for "Missing Assessment" issues.

Q: What's the difference between Pre-Mitigated and Post-Mitigated?

A: Pre-Mitigated uses original values. Post-Mitigated uses reduced values after mitigation. "Both" runs and compares both.

Q: How do I add a risk to the Top Risks section in reports?

A: Open the risk in Risk Detail and tick "Include in top risks for reporting".

Q: Can I undo a deletion?

A: Archived items can be restored from the Archive page. Permanently deleted items cannot be recovered.

Q: What happens when I upload a mapping template that conflicts with existing mappings?

A: You choose whether to replace the existing mapping or create it as new alongside.

Q: How are qualitative scores auto-assigned from quantitative data?

A: The system uses the entity's probability and impact bandings to map the quantitative values to likelihood and impact bands. A notification confirms.

Q: What matrix sizes are supported?

A: Any combination from 1×1 up to 10×10. Configure in Entity Settings → Matrix.

Q: How do I view who changed a risk and when?

A: Open the risk in Risk Detail, scroll to the Change History (last 6 months) section below Mitigation Actions, and expand it. You'll see a timeline of changes with who made them and what changed. Admin and User can export to Excel.

*This Knowledge Base was generated from the Praeviso workstation codebase. All features and workflows described here are derived from the actual implementation.*