Assessing risks and calculating risk scores
Once you have added and linked your risk to its associated entities, you are ready to assess your risk and calculate the risk scores.
You assess your risk to evaluate the potential threat level of the risk towards the organization. You can do this by considering the impact and likelihood of the risk and calculating the risk score.
Assess the risk
You can assess the risk by triggering assessments. You can do this by moving the risk to the Assessment status.
Example
Scenario
Your virus threat risk is added and associated to both an asset and a control:
- Asset - Laptop
- Control - Anti-virus Software
You now want to trigger assessments for your risk.
Process
Help topicWorking with risks
In this example, you trigger the risk and control assessments.
Result
The risk and control assessments are successfully generated.
Calculate the risk scores
After triggering assessments, you are now ready to calculate the risk scores. You can calculate the inherent risk score in both risk and risk event assessment records.
You can do this by moving the risk event assessment to Score status.
Example
Scenario
To calculate the inherent risk score, you will need to know the Impact and Likelihood of a risk. You can refer to the table below.
Impact | ||||
---|---|---|---|---|
High | Medium | Low | ||
Likelihood | High |
High |
High | Medium |
Medium |
High |
Medium | Low | |
Low |
Medium |
Low | Low |
Process
Help topicWorking with risks
You open the risk assessment record, fill in the Impact and Likelihood fields, and trigger risk scores.
Result
The inherent risk score is successfully calculated.
What's next?
After you have assessed the risk, you can assess the controls associated with the risk to determine the effectiveness of the control. For more information, see Assessing controls.