Risk and assessment scoring configuration in Risk Manager

In the Risk Manager app, you can configure risk and assessment scoring according to your requirements.

How it works?

In the Risk Manager app, you can go to Settings > Scoring and set up the configuration for risk and assessment scoring.

After the scoring is configured, you can go to the Risks and Risk Event Assessment pages and begin scoring the risk and the risk assessments respectively.

Permissions

Only System Admins can access and manage risk and assessment scoring configuration.

Prerequisites

Before you configure the risk and assessment scores, you must know the severity scale of the risk fields you want to select when configuring the risk and assessment scores.

For example: Likelihood and impact with a 3-point severity scale, namely low, medium, and high.

You can set up the severity scale of the risk fields in the Configuration page, as follows:

  1. Open Launchpad.

    Note

    If your company uses more than one instance in Launchpad, make sure the appropriate instance is active.

  2. Select Options > Configuration .
  3. Click Attribute Types from either the side panel or the tile.

    The Attribute Types page opens.

  4. In the search box, enter the attribute name and click on the name. For example: Likelihood.

    If you have multiple attributes with the same display name, check the field name to choose one.

    The General information panel opens.

  5. Click Edit.
  6. Under the Response type section, enter the scores for the options. For example: Low = 1, Medium = 2, and High = 3.
  7. Optional. You can also make other changes such as adding / removing options, renaming, reordering, and assigning colors.
  8. After making all the changes, click Save.

    Your changes get saved.

  9. Go back to the Attribute Types page and repeat the same steps to update the Impact field.

Risk score configuration

The risk score configuration contains two sections: Risk Score Formula and Risk Level Output.

Risk Score Formula

In this section, you can set up a formula to calculate the risk score.

For example, the risk score formula can be (Likelihood x 100%) x (Impact x 100%), where likelihood and impact are the risk factors, x is the multiplication sign, and 100% is the weightage.

You can also provide a number at the end with a plus (+) or minus (-) operator to get a desired value.

For example: You decide to add 500 to the value, the formula will now look like this: (Likelihood x 100%) x (Impact x 100%) + 500.

Setting up the Risk Score Formula

You can customize the risk score formula by adding more fields and/or changing the logic of the formula.

Example

Scenario

You are tasked with configuring the risk score for your organization. You begin by creating a new risk score formula. You decide to use two fields: Likelihood and Impact. These two fields are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

Process

You open the Risk Manager app, click Settings in the left panel, and click Scoring. The Risk score configuration page opens.

To set up the formula, you perform the following steps:

  1. In the Risk Score Formula section, click Edit.
  2. In the Field dropdown, select Likelihood.

    Note

    • Only dropdown and radio button fields from the risk are displayed in the Field dropdown list.
    • The info icon (i) next to the Field displays the severity scale of the selected field.
  3. In the Weight field, enter weightage for the selected field.

    Note

    In simple terms, weight is the importance of a risk factor when calculating the risk score. This can range from 0 to whatever number you find suitable. For example: If you want to give double the importance for a risk factor, you can enter the weight as 200. Likewise, it can be 50 if you want to give half the importance for a risk factor.

    Weight is measured in terms of percentage and is always multiplied with the risk factor. For example: Likelihood has the following scale range: Low = 1, Medium = 2, and High = 3. If the weightage entered for low is 200, then the calculated value is (1 x 200% = 2). If the weightage is 50, then the calculated value is (1 x 50% = 0.5).

  4. Optional. You can enter a number in the Number field with a plus (+) or minus (-) operator. Default is 0.

    Note

    You can either add or subtract the number from the score to get a value of your choice. For example: If the risk factor is 1 and weight is 100, you can enter 100 in the Number field with a plus operator (+). Then, the calculation will be (1 x 100%) + 100, which makes it 101.

    Now, you have successfully added a field.

  5. Click Add Field and repeat the same steps to add another field: Impact. You need a minimum of two fields (risk factors) to perform the calculation.
  6. Select the operator to perform calculation: Plus, Minus, Multiply, or Divide (+, -, x, ÷). For example: (Likelihood) x (Impact).
  7. Optional. You can add another number at the end with any operator (+, -, x, ÷). This also serves the same purpose as the other Number field mentioned above.
  8. After making all the changes, you click Save Changes.

Result

The Risk Manager app saves the Risk Score Formula.

Setting up the Risk Level Output

After you have configured the risk score formula, you can set up the risk level output by providing a set of ranges, based on the severity scale of the output field.

Example

Scenario

After creating the risk score formula, you must configure the risk level output. You decide to set the ranges based on the output field: Inherent Risk Score.

The Inherent Risk Score is configured with a 3-point severity scale: Low, Medium, and High.

Process

You open the Risk Manager app, click Settings in the left panel, and click Scoring. The Risk score configuration page opens.

  • In the Risk Level Output section, click Edit.
  • In the Output field dropdown, select Inherent Risk Score.

    Note

    Dropdown and radio button fields of the risk are displayed in the Output field.

    Based on the output field selected, the Severity Points field displays a predefined scale. In our example, for the output field, Inherent Risk Score, the scale is low, medium, and high.
    To make any changes to the inherent risk score, you can go to the Configuration > Attribute Types page and make the required changes.

  • Assuming the risk factors selected to calculate the risk score are Likelihood and Impact, and they are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.
    Based on the risk score formula of (Likelihood x 100%) x (Impact x 100%), the scale can range as follows :
    LikelihoodImpactValue
    Low (1)Low (1)(1 x 100%) x (1 x 100%) = 1
    Low (1)Medium (2)(1 x 100%) x (2 x 100%) = 2
    Low (1)High (3)(1 x 100%) x (3 x 100%) = 3
    Medium (2)Low (1)(2 x 100%) x (1 x 100%) = 2
    Medium (2)Medium (2)(2 x 100%) x (2 x 100%) = 4
    Medium (2)High (3)(2 x 100%) x (3 x 100%) = 6
    High (3)Low (1)(3 x 100%) x (1 x 100%) = 3
    High (3)Medium (2)(3 x 100%) x (2 x 100%) = 6
    High (3)High (3)(3 x 100%) x (3 x 100%) = 9

    The lowest is (1 x 1 = 1) and the highest is (3 x 3 = 9). Now, you can set up the Severity points as follows:

    • Low = 0 to 3
    • Medium = 4 to 6
    • High = 7 to 9

    Note

    Click the link button to set up a continuous range without any gaps. For example: 

    • Low equals 0 to ≤ 3
    • Medium equals >3 to ≤ 6
    • High equals >6 to ≤ 9

    This ensures that the high-ranged number of the first field is the starting point of the second field. In the above example, the low range scale is 0 to less than 3, so the medium range begins from greater than 3. Likewise, the medium range scale is greater than 3 to less than 6, therefore the high range begins from greater than 6.

  • After making all the changes, click Save Changes.

Result

The Risk Manager app saves the Risk Level Output.

How to calculate the risk score?

Once the risk score formula and the risk level output are configured, you can calculate the risk score by performing the following steps:

  1. Open the Risk Manager app.

    The Risk Manager homepage opens with the Risks tab.

  2. Select the checkbox of the risks you want to calculate the score, you can select one or multiple risks.

    Tip

    You can select all the risks on the page by clicking the checkbox in the Name column header.

  3. Click Actions and select one of the following options:
    • Score empty output fields To calculate the risk score, where the risk output field (for example: Inherent Risk Score) is empty. This option will not override the existing score.
    • Score all output fields To calculate the risk score for all the output fields, even when they are filled in. This option will override the existing score.

Note

You can also calculate the risk scores using default configuration. For more information, see Using default configuration.

Risk Scoring example

Let's take a look at an example of risk scoring.

Example

Scenario

You want to score a risk in the Risk Manager app. The impact and likelihood are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

The risk where you want to calculate the risk score has the following risk factors:

  • Likelihood = High (3)
  • Impact = Medium (2)

The risk score formula and risk level output are configured as follows:

Risk Score Formula: (Likelihood x 100%) x (Impact x 100%)

Risk Level Output: Inherent Risk Score is the output field with a 3-point severity scale (low, medium, and high). The ranges are set as follows:

  • Low equals 0 to ≤ 3
  • Medium equals >3 to ≤ 6
  • High equals >6 to ≤ 9

Process

According to the risk score formula, the calculation is as follows:

(Likelihood x 100%) x (Impact x 100%)

(3 x 100%) x (2 x 100%)

3 x 2 = 6

Therefore, 6 is the Risk Score. This fits into the medium range of the output field in the Risk Level Output scale.

Result

Now, when you score this risk, the Inherent Risk Score is Medium.

Assessment score configuration

The assessment score configuration is similar to the risk score configuration. This also contains two sections: Assessment Score Formula and Assessment Level Output.

Assessment Score Formula

In this section, you can set up a formula to calculate the assessment score.

For example, the assessment score formula can be (Likelihood x 100%) x (Impact x 100%), where likelihood and impact are the risk factors, x is the multiplication sign, and 100% is the weightage.

You can also provide a number at the end with a plus (+) or minus (-) operator to get a desired value.

For example: You decide to add 500 to the value, the formula will now look like this: (Likelihood x 100%) x (Impact x 100%) + 500.

Setting up the Assessment Score Formula

You can customize the assessment score formula by adding more fields and/or changing the logic of the formula.

Example

Scenario

You are tasked with configuring the risk assessment score for your organization. You begin by creating a new assessment score formula. You decide to use two fields: Likelihood and Impact. These two fields are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

Process

You open the Risk Manager app, click Settings in the left panel, and click Scoring. The Assessment score configuration page opens.

To set up the formula, you perform the following steps:

  1. In the Assessment Score Formula section, click Edit.
  2. In the Field dropdown, select Likelihood.

    Note

    • Only dropdown and radio button fields from the risk are displayed in the Field dropdown list.
    • The info icon (i) next to the Field displays the severity scale of the selected field.
  3. In the Weight field, enter weightage for the selected field.

    Note

    In simple terms, weight is the importance of a risk factor when calculating the risk score. This can range from 0 to whatever number you find suitable. For example: If you want to give double the importance for a risk factor, you can enter the weight as 200. Likewise, it can be 50 if you want to give half the importance for a risk factor.

    Weight is measured in terms of percentage and is always multiplied with the risk factor. For example: Likelihood with the scale: Low = 1, Medium = 2, and High = 3. If the weightage entered for low is 200, then the calculated value is (1 x 200% = 2). If the weightage is 50, then the calculated value is (1 x 50% = 0.5).

  4. Optional. You can enter a number in the Number field with a plus (+) or minus (-) operator. Default is 0.

    Note

    You can either add or subtract the number from the score to get a value of your choice. For example: If the risk factor is 1 and weight is 100, you can enter 100 in the Number field with a plus operator (+). Then, the calculation will be (1 x 100%) + 100, which makes it 101.

    Now, you have successfully added a field.

  5. Click Add Field and repeat the same steps to add another field: Impact. You need a minimum of two fields (risk factors) to perform the calculation.
  6. Select the operator to perform calculation: Plus, Minus, Multiply, or Divide (+, -, x, ÷). For example: (Likelihood) x (Impact).
  7. Optional. You can add another number at the end with any operator (+, -, x, ÷). This also serves the same purpose as the other Number field mentioned above.
  8. After making all the changes, you click Save Changes.

Result

The Risk Manager app saves the Assessment Score Formula.

Setting up the Assessment Level Output

After you have configured the assessment score formula, you can set up the assessment level output by providing a set of ranges, based on the severity scale of the output field.

Example

Scenario

After creating the assessment score formula, you must configure the assessment level output. You decide to set the ranges based on the output field: Inherent Risk Score.

The Inherent Risk Score is configured with a 3-point severity scale: Low, Medium, and High.

Process

You open the Risk Manager app, click Settings in the left panel, and click Scoring. The Assessment score configuration page opens.

  • In the Assessment Level Output section, click Edit.
  • In the Output field dropdown, select Inherent Risk Score.

    Note

    Dropdown and radio button fields of the risk are displayed in the Output field.

    Based on the output field selected, the Severity Points field displays a predefined scale. In our example, for the output field, Inherent Risk Score, the scale is low, medium, and high.
    To make any changes to the inherent risk score, you can go to the Configuration > Attribute Types page and make the required changes.

  • Assuming the risk factors selected to calculate the assessment score are Likelihood and Impact, and they are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.
    Based on the assessment score formula of (Likelihood x 100%) x (Impact x 100%), the scale can range as follows :
    LikelihoodImpactValue
    Low (1)Low (1)(1 x 100%) x (1 x 100%) = 1
    Low (1)Medium (2)(1 x 100%) x (2 x 100%) = 2
    Low (1)High (3)(1 x 100%) x (3 x 100%) = 3
    Medium (2)Low (1)(2 x 100%) x (1 x 100%) = 2
    Medium (2)Medium (2)(2 x 100%) x (2 x 100%) = 4
    Medium (2)High (3)(2 x 100%) x (3 x 100%) = 6
    High (3)Low (1)(3 x 100%) x (1 x 100%) = 3
    High (3)Medium (2)(3 x 100%) x (2 x 100%) = 6
    High (3)High (3)(3 x 100%) x (3 x 100%) = 9

    The lowest is (1 x 1 = 1) and the highest is (3 x 3 = 9). Now, you can set up the Severity points as follows:

    • Low = 0 to 3
    • Medium = 4 to 6
    • High = 7 to 9

    Note

    Click the link button to set up a continuous range without any gaps. For example: 

    • Low equals 0 to ≤ 3
    • Medium equals >3 to ≤ 6
    • High equals >6 to ≤ 9

    This ensures that the high-ranged number of the first field is the starting point of the second field. In the above example, the low range scale is 0 to less than 3, so the medium range begins from greater than 3. Likewise, the medium range scale is greater than 3 to less than 6, therefore the high range begins from greater than 6.

  • After making all the changes, click Save Changes.

Result

The Risk Manager app saves the assessment level output.

How to calculate the assessment score?

Once the assessment score formula and the assessment level output are configured, you can calculate the assessment score by performing the following steps:

  1. Open the Risk Manager app.

    The Risk Manager homepage opens with the Risks tab.

  2. Select the checkbox of the risk of your choice.

  3. Select the checkbox of the risk assessments where you want to calculate the score, you can select one or multiple risk assessments.

    Tip

    You can select all the risk assessments on the page by clicking the checkbox in the Name column header.

  4. Click Actions and select one of the following options:
    • Score empty output fields To calculate the assessment score, where the assessment output field (for example: Inherent Risk Score) is empty. This option will not override the existing score.
    • Score all output fields To calculate the assessment score for all the output fields, even when they are filled in. This option will override the existing score.

Note

You can also calculate the assessment scores using default configuration. For more information, see Using default configuration.

Assessment Scoring example

Let's take a look at an example of assessment scoring.

Example

Scenario

You want to score a risk assessment in the Risk Manager app. The impact and likelihood are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

The risk assessment where you want to calculate the score has the following risk factors:

  • Likelihood = High (3)
  • Impact = Medium (2)

The assessment score formula and risk level output are configured as follows:

Assessment Score Formula: (Likelihood x 100%) x (Impact x 100%)

Assessment Level Output: Inherent Risk Score is the output field with a 3-point severity scale (low, medium, and high). The ranges are set as follows:

  • Low equals 0 to ≤ 3
  • Medium equals >3 to ≤ 6
  • High equals >6 to ≤ 9

Process

According to the assessment score formula, the calculation is as follows:

(Likelihood x 100%) x (Impact x 100%)

(3 x 100%) x (2 x 100%)

3 x 2 = 6

Therefore, 6 is the Assessment Score. This fits into the medium range of the output field in the Risk Level Output scale.

Result

Now, when you score this risk assessment, the Inherent Risk Score is Medium.