diff --git a/risks/views.py b/risks/views.py
index 3bc720c..89f1632 100644
--- a/risks/views.py
+++ b/risks/views.py
@@ -195,6 +195,21 @@ def show_risk(request, id):
     logs = LogEntry.objects.filter(content_type=ct, object_id=risk.pk).order_by("-action_time")
     return render(request, "risks/item_risk.html", {"risk": risk, "logs": logs})
 
+@login_required
+def mark_risk_reviewed(request, pk):
+    """Mark a risk as reviewed and close if all controls are completed."""
+    risk = get_object_or_404(Risk, pk=pk)
+    all_done = all(c.status in ("completed", "verified") for c in risk.controls.all())
+
+    if all_done:
+        risk.status = "closed"
+        risk._changed_by = request.user
+        risk.save(update_fields=["status", "updated_at"])
+        messages.success(request, _("Risk has been marked as reviewed and closed."))
+    else:
+        messages.error(request, _("Not all controls are completed. Risk cannot be closed yet."))
+
+    return redirect("risks:show_risk", id=risk.pk)
 
 # ---------------------------------------------------------------------------
 # Web Views: Controls