Risks are created from the proposal RISK tab, from the RISK tab in your project or estimate, or from the RISK application search list by clicking on the "add risk" or + toolbar button.

At a minimum all you have to do to create a new risk is to provide a short description (1), assign your risk to a proposal or project (2), and enter an owner for the risk (bubble #4 in the lower screen-shot, below).

1. Describe your risk briefly. There is no limit to the length of this field however there are long text boxes below for the description of the risk so keep the risk title here short
2. Assign your risk either to a project (for operational project risks during delivery phase) or to the proposal (for proposal risks). If you create the risk from a proposal or from a project this is done automatically
3. Optionally select a WBS for the risk. Assigning a WBS makes risk profiling on your project more accurate, defines where the risks are occurring in your program with more granularity and helps to inform you of when this risk is likely to be triggered
4. Optionally categorize your risk from the list of values here. Some customers have their own categorization rules so the values may change according to what customer your project is for
5. Check these boxes if you want you risk to be visible to clients (for reporting purposes only) or if you think the impact of the risk is actually shared between your company and your client
6. When you create a risk the system will assume it is a 'risk'. You can optionally click the radio-button to enter an issue, an opportunity or in some cases even a benefit

Opportunities are the opposite of risks in that they reduce rather than increase costs. Enhancements are planned for opportunities to increase revenue as opposed to reduce costs (and for risks which reduce revenues)

Issues are risks that have occurred, just as benefits are opportunities that have occurred. Some of these options may not be visible depending on how your system is configured.

There are many good online sources (for example here) describing best practice for documenting risks. Your company's internal policy should be used as the primary reference. This application provides three places to describe your risk, all optional:

1. Describe the event or nature of the risk itself in the description field, i.e. what happens when/if the risk is triggered. Try to avoid describing the cause or the consequence of the risk in this box
2. Outline what may cause the risk to occur in the next box, the events which lead up to or make the risk more likely
3. Describe what the consequence is should the risk occur, what happens to downstream activities and what other risks might be triggered as a result
4. Finally enter or select an owner for the risk. The risk owner is responsible for assessing and responding to the risk. People search is triggered automatically after you type in 4 or more letters of any of their names.