Risk and assessment scoring configuration in Risk Manager

As a System Admin, you can configure risk and assessment scoring according to your requirements.

Prerequisites

Before you configure the risk and assessment scores, set up the severity scale of the risk fields

that you want to select.

For example: Likelihood and impact with a 3-point severity scale, namely low, medium, and high.

To set up the severity scale of the risk fields in the Configuration page, follow these steps:

  1. Open the Launchpad home page (www.highbond.com).

    Note

    If your company uses more than one instance in Launchpad, make sure the appropriate instance is active.

  2. Select Platform Settings and then select Configuration.
  3. On the Configuration page, from the left navigation, select Attribute types.
  4. On the Attribute Types page search for the attribute type for which you to configure the severity scale.
  5. From the search results, select the attribute name.

  6. On the attribute name page, in the General information section, select Edit.

  7. In the Response type section, enter the severity scores. For example: Low = 1, Medium = 2, and High = 3.
  8. (Optional) Make changes such as adding / removing options, renaming, reordering, and assigning colors.
  9. Select Save.
  10. Go back to the Attribute Types page and repeat the steps to update the Impact field.

Risk score configuration

The risk score configuration contains the Risk Score Formula and Risk Level Output sections.

Risk Score Formula

In this section, you can set up a formula to calculate the risk score.

For example, the risk score formula can be (Likelihood x 100%) x (Impact x 100%), where likelihood and impact are the risk factors, x is the multiplication sign, and 100% is the weightage.

You can also provide a number at the end with a plus (+) or minus (-) operator to get a desired value.

For example: You decide to add 500 to the value, the formula will now be: (Likelihood x 100%) x (Impact x 100%) + 500.

Setting up the Risk Score Formula

You can customize the risk score formula by adding more fields and changing the logic of the formula.

Example

Scenario

You are tasked with configuring the risk score for your organization. You begin by creating a new risk score formula. You decide to use two fields: Likelihood and Impact . These two fields are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

Process

Open the Risk Manager app, select Settings in the left panel, and select Scoring. The Risk score configuration page opens. You need a minimum of two fields (risk factors) to perform the calculation.

Here is how you can set up the formula:

  1. In the Risk Score Formula section, select Edit.
  2. In the Field dropdown, select Likelihood.

    Note

    • Only dropdown and radio button fields from the risk are displayed in the Field dropdown list.
    • The info icon (i) next to the Field displays the severity scale of the selected field.
  3. In the Weight field, enter weightage for the selected field.

    Note

    Weight is the importance of a risk factor when calculating the risk score. This can range from 0 to whatever number you find suitable. For example, double the importance for a risk factor can have a weight of 200, and half the importance can have a weight of 50.

    Weight is measured in terms of percentage and is always multiplied with the risk factor. For example, Likelihood has the following scale range: Low = 1, Medium = 2, and High = 3. If the weightage entered for low is 200, then the calculated value is (1 x 200% = 2). If the weightage is 50, then the calculated value is (1 x 50% = 0.5).

  4. (Optional) You can enter a number in the Number field with a plus (+) or minus (-) operator. Default is 0.

    Note

    You can either add or subtract the number from the score to get a value of your choice. For example, If the risk factor is 1 and weight is 100, you can enter 100 in the Number field with a plus operator (+). Then, the calculation will be (1 x 100%) + 100, which makes it 101.

  5. Select Add Field to add Impact. You need a minimum of two fields (risk factors) to perform the calculation.
  6. Select the operator to perform calculation, Plus, Minus, Multiply, or Divide (+, -, x, ÷). For example, (Likelihood) x (Impact).
  7. (Optional) You can add another number at the end with any operator (+, -, x, ÷).
  8. Select Save Changes.

Result

The Risk Manager app saves the Risk Score Formula.

Setting up the Risk Level Output

After configuring the risk score formula, you set up the risk level output by providing a set of ranges, based on the severity scale of the output field.

Example

Scenario

After creating the risk score formula, you set the ranges based on the Inherent Risk Score output field.

The Inherent Risk Score is configured with a 3-point severity scale, Low, Medium, and High.

Process

Open the Risk Manager app, click Settings in the left panel, and click Scoring. The Risk score configuration page opens.

  1. In the Risk Level Output section, click Edit.
  2. From the Output field list, select Inherent Risk Score.

    Note

    Dropdown and radio button fields of the risk are displayed in the Output field.

    Based on the output field selected, the Severity Points field displays a predefined scale. In our example, for the output field, Inherent Risk Score, the scale is low, medium, and high.
    To make any changes to the inherent risk score, you can go to the Configuration > Attribute Types page and make the required changes.

  3. Assuming the risk factors selected to calculate the risk score are Likelihood and Impact , and they are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.
    Based on the risk score formula of (Likelihood x 100%) x (Impact x 100%), the scale can range in the following ways:
    LikelihoodImpactValue
    Low (1)Low (1)(1 x 100%) x (1 x 100%) = 1
    Low (1)Medium (2)(1 x 100%) x (2 x 100%) = 2
    Low (1)High (3)(1 x 100%) x (3 x 100%) = 3
    Medium (2)Low (1)(2 x 100%) x (1 x 100%) = 2
    Medium (2)Medium (2)(2 x 100%) x (2 x 100%) = 4
    Medium (2)High (3)(2 x 100%) x (3 x 100%) = 6
    High (3)Low (1)(3 x 100%) x (1 x 100%) = 3
    High (3)Medium (2)(3 x 100%) x (2 x 100%) = 6
    High (3)High (3)(3 x 100%) x (3 x 100%) = 9

    The lowest is (1 x 1 = 1) and the highest is (3 x 3 = 9). You can set up the Severity points as follows:

    • Low = 0 to 3
    • Medium = 4 to 6
    • High = 7 to 9

    Note

    Select the link button to set up a continuous range without any gaps. For example, 

    • Low equals 0 to ≤ 3
    • Medium equals >3 to ≤ 6
    • High equals >6 to ≤ 9

    This ensures that the upper limit of the first field becomes the starting point of the second field. For example, if the low range is 0 to less than or equal to 3, the medium range begins at greater than 3. Similarly, if the medium range is 3 to less than or equal to 6, the high range starts at greater than 6.

  4. Select Save Changes.

Result

The Risk Manager app saves the Risk Level Output.

How to calculate the risk score?

After you configure the risk score formula and the risk level output, you can calculate the risk score by performing the following steps:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the checkboxes for the risks for which you want to calculate the score. You can select one or multiple risks.

    Tip

    You can select all the risks on the page by clicking the checkbox in the Name column header.

  3. Select Actions and select one of the following options:
    • Score empty output fieldsCalculates the risk score for the risk output fields that are empty. It does not override the existing score.
    • Score all output fields Calculates the risk score for all the output fields. It overrides the existing score.

Note

You can also calculate the risk scores using the default configuration. For more information, see Using default configuration.

Risk scoring example

Here's an example of risk scoring.

Example

Scenario

You want to score a risk in the Risk Manager app. The impact and likelihood are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

The risk where you want to calculate the risk score has the following risk factors:

  • Likelihood = High (3)
  • Impact = Medium (2)

The risk score formula and risk level output are configured as follows:

Risk Score Formula: (Likelihood x 100%) x (Impact x 100%)

Risk Level Output: Inherent Risk Score is the output field with a 3-point severity scale (low, medium, and high). The ranges are set as follows:

  • Low equals 0 to ≤ 3
  • Medium equals >3 to ≤ 6
  • High equals >6 to ≤ 9

Process

According to the risk score formula, the calculation is as follows:

(Likelihood x 100%) x (Impact x 100%)

(3 x 100%) x (2 x 100%)

3 x 2 = 6

Therefore, 6 is the Risk Score. This fits into the medium range of the output field in the Risk Level Output scale.

Result

When you score this risk, the Inherent Risk Score is Medium.

Assessment score configuration

To configure the assessment score, you have to set up an assessment score formula and the assessment level output.

Assessment Score Formula

In this section, you can set up a formula to calculate the assessment score.

For example, the assessment score formula can be (Likelihood x 100%) x (Impact x 100%), where likelihood and impact are the risk factors, x is the multiplication sign, and 100% is the weightage.

You can also provide a number at the end with a plus (+) or minus (-) operator to get the desired value.

For example, (Likelihood x 100%) x (Impact x 100%) + 500.

Setting up the Assessment Score Formula

You can customize the assessment score formula by adding more fields and/or changing the logic of the formula.

Example

Scenario

You want to configure the risk assessment score for your organization. To create the assessment score formula, you decide to use the Likelihood and Impact fields. These two fields are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

Process

Open the Risk Manager app and navigate to Scoring (Settings > Scoring). The Assessment score configuration page opens.

To set up the formula:

  1. In the Assessment Score Formula section, click Edit.
  2. From the Field list, select Likelihood.

    Note

    • Only dropdown and radio button fields from the risk are displayed in the Field dropdown list.
    • The info icon (i) next to the Field displays the severity scale of the selected field.
  3. In the Weight field, enter weightage for the selected field.

    Note

    Weight is the importance of a risk factor when calculating the risk score. This can range from 0 to any number. For example: If you want to give double the importance for a risk factor, you can enter the weight as 200. Likewise, it can be 50 if you want to give half the importance for a risk factor.

    Weight is measured in terms of percentage and is always multiplied with the risk factor. For example, Likelihood with the scale: Low = 1, Medium = 2, and High = 3. If the weightage entered for low is 200, then the calculated value is (1 x 200% = 2). If the weightage is 50, then the calculated value is (1 x 50% = 0.5).

  4. (Optional) Enter a number in the Number field with a plus (+) or minus (-) operator. Default is 0.

    Note

    You can either add or subtract the number from the score to get a value of your choice. For example, If the risk factor is 1 and weight is 100, you can enter 100 in the Number field with a plus operator (+). Then, the calculation will be (1 x 100%) + 100, which makes it 101.

    Now, you have successfully added a field.

  5. Select Add Field to add Impact. You need a minimum of two fields (risk factors) to perform the calculation.
  6. Select the operator to perform calculation: Plus, Minus, Multiply, or Divide (+, -, x, ÷). For exampl, (Likelihood) x (Impact).
  7. (Optional) Add another number at the end with any operator (+, -, x, ÷).
  8. Select Save Changes.

Result

The Risk Manager app saves the Assessment Score Formula.

Setting up the Assessment Level Output

After you have configured the assessment score formula, you can set up the assessment level output by providing a set of ranges, based on the severity scale of the output field.

Example

Scenario

After creating the assessment score formula, you must configure the assessment level output. You decide to set the ranges based on the Inherent Risk Score output field.

The Inherent Risk Score is configured with a 3-point severity scale: Low, Medium, and High.

Process

Open the Risk Manager app, and navigate to Scoring (Settings > Scoring). The Assessment score configuration page opens.

  1. In the Assessment Level Output section, select Edit.
  2. From the Output field list, select Inherent Risk Score.

    Note

    Dropdown and radio button fields of the risk are displayed in the Output field.

    Based on the output field selected, the Severity Points field displays a predefined scale. In our example, for the output field, Inherent Risk Score, the scale is low, medium, and high.
    To make any changes to the inherent risk score, you can go to the Configuration > Attribute Types page and make the required changes.

  3. Assuming the risk factors selected to calculate the assessment score are Likelihood and Impact , and they are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.
    Based on the assessment score formula of (Likelihood x 100%) x (Impact x 100%), the scale can range in the following ways:
    LikelihoodImpactValue
    Low (1)Low (1)(1 x 100%) x (1 x 100%) = 1
    Low (1)Medium (2)(1 x 100%) x (2 x 100%) = 2
    Low (1)High (3)(1 x 100%) x (3 x 100%) = 3
    Medium (2)Low (1)(2 x 100%) x (1 x 100%) = 2
    Medium (2)Medium (2)(2 x 100%) x (2 x 100%) = 4
    Medium (2)High (3)(2 x 100%) x (3 x 100%) = 6
    High (3)Low (1)(3 x 100%) x (1 x 100%) = 3
    High (3)Medium (2)(3 x 100%) x (2 x 100%) = 6
    High (3)High (3)(3 x 100%) x (3 x 100%) = 9

    The lowest is (1 x 1 = 1) and the highest is (3 x 3 = 9). You can set up the Severity points in the following ways:

    • Low = 0 to 3
    • Medium = 4 to 6
    • High = 7 to 9

    Note

    Click the link button to set up a continuous range without any gaps. For example: 

    • Low equals 0 to ≤ 3
    • Medium equals >3 to ≤ 6
    • High equals >6 to ≤ 9

    This ensures that the upper limit of the first field becomes the starting point of the second field. For example, if the low range is 0 to less than or equal to 3, the medium range begins at greater than 3. Similarly, if the medium range is 3 to less than or equal to 6, the high range starts at greater than 6.

  4. Select Save Changes.

Result

The Risk Manager app saves the assessment level output.

How to calculate the assessment score?

After you configure the assessment score formula and the assessment level output, you can calculate the assessment score by performing the following steps:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the checkbox of the risk of your choice.

  3. Select the checkboxes for the risk assessments you want to calculate the score for. You can select one or multiple risk assessments.

    Tip

    You can select all the risk assessments on the page by clicking the checkbox in the Name column header.

  4. Select Actions and select one of the following options:
    • Score empty output fields Calculates the assessment score for the assessment output fields that are empty. It does not override the existing score.
    • Score all output fields Calculates the assessment score for all the output fields that are empty. It overrides the existing score.

Note

You can also calculate the assessment scores using the default configuration. For more information, see Using default configuration.

Assessment scoring example

Here's an example of assessment scoring.

Example

Scenario

You want to score a risk assessment in the Risk Manager app. The impact and likelihood are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

The risk assessment where you want to calculate the score has the following risk factors:

  • Likelihood = High (3)
  • Impact = Medium (2)

The assessment score formula and risk level output are configured as follows:

Assessment Score Formula: (Likelihood x 100%) x (Impact x 100%)

Assessment Level Output: Inherent Risk Score is the output field with a 3-point severity scale (low, medium, and high). The ranges are set as follows:

  • Low equals 0 to ≤ 3
  • Medium equals >3 to ≤ 6
  • High equals >6 to ≤ 9

Process

According to the assessment score formula, the calculation is as follows:

(Likelihood x 100%) x (Impact x 100%)

(3 x 100%) x (2 x 100%)

3 x 2 = 6

Therefore, 6 is the Assessment Score. This fits into the medium range of the output field in the Risk Level Output scale.

Result

When you score this risk assessment, the Inherent Risk Score is Medium.

Viewing the scoring activity log

Scoring configuration is used to set up a scoring logic that applies to your organization. Scoring configuration enables you to apply the scores using a bulk operation rather than applying the scores manually to each risk or assessment.

The scoring dashboard displays a log for all the scoring activities performed. In the log, you can view the details of scores that were applied successfully and those that failed. The failed records can be rerun. The dashboard helps you to identify the records that are pending and manage the score-application process more efficiently.

Here is how you can view the scoring activity log:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. In the left panel, select Activity and then select Scoring Activity.

    In the Scoring Activity page, for every executed scoring run, you can view details such as date of execution, action, status (passed or failed), the risk or assessment records that were used for the execution, and the name of the user who executed the run.

  3. Select the Action name link of the scoring run that you want to view or access.

    The activity details pane is displayed. You can view the details such as date of execution, type of object, action on which scoring was performed, scoring logic, status and user details. You can also view the records that passed and failed. Select View details to access details of the records. Additionally, select Rerun action on failed objects to rerun failed records.

  4. Select View details to navigate to the scoring activity details page.

    The Scoring Activity details page displays the detailed error message for each record included in the scoring execution run. On the Scoring Activity details page:

    • View the details such as action on which scoring was performed, date of execution, status, type of object, user name, output field, scoring logic and the executed records.

    • Select View against each record to access details of the records. The object name, error message and status are displayed. Select the object name to view the Risk Event Assessment details page.

    • Select Rerun action on failed objects to rerun a failed scoring activity. When you initiate a rerun, a new scoring activity log entry is added in the Scoring Activity page list view with the new scoring execution details.

Note

When the scoring execution is in progress, you can view the number of records that have been completed and the number of records that are in progress. You can access the Rerun action on failed objects button after the execution is complete.