What process involves systematically tracking and evaluating the performance of risk mitigation actions against established metrics throughout the lifecycle of an identified risk?

Tracking and evaluating how well risk mitigation actions perform against established metrics over the life of a risk is risk tracking. This approach continuously measures the effectiveness of the controls or actions you’ve put in place, using predefined metrics such as residual risk levels, control effectiveness scores, and milestone completion, and it updates the risk record as conditions change. It brings accountability by assigning owners and documenting progress, and it signals when adjustments are needed to keep the risk at an acceptable level. Risk assessment identifies and prioritizes risks upfront, but it doesn’t continuously measure mitigation performance. Risk monitoring is about watching risk status over time, whereas risk tracking specifically ties mitigation activities to quantitative outcomes throughout the risk’s lifecycle. Risk review focuses on governance and discussion of risk posture rather than ongoing measurement of how mitigations perform.