Calculating residual risk
Become familiar with the calculations associated with residual risk and view an example of calculating residual risk.
How it works
Once you assess inherent risk and define risk treatment, and define how much of the treatment reduces the inherent risk, Strategy automatically calculates residual risk.
| Term | How it is calculated |
|---|---|
| Residual Risk Score |
All risk scoring factors are multiplied together, with each risk scoring factor multiplied by its assigned weight. The scoring framework is based on your company's risk scoring settings. |
| Residual Risk | InherentRiskScore x (1-Treatment%) |
| Residual Risk Heat | The total Residual Risk Score is divided by the total possible Inherent Risk Score across all operating segments specified in your Strategy Map. |
Example
Example
Scenario
You want to assess the residual risk associated with a security risk for your company.
Risk scoring framework
You use the following risk scoring framework to assess inherent risk:
| Risk Scoring Factor | Weight | Severity Scale |
|---|---|---|
| Likelihood | 100% | 3 point scale (1 = Low, 2 = Medium, 3 = High) |
| Impact | 100% | 3 point scale (1 = Low, 2 = Medium, 3 = High) |
Strategy Map
There are 2 operating segments in your Strategy Map: Canada and USA.
Inherent risk calculations
You assess inherent risk as follows:
| Operating segment | Likelihood | Impact | Inherent Risk Score |
|---|---|---|---|
| Canada | 3 (High) | 3 (High) | 9 (3 x 3) |
| USA | 1 (Low) | 2 (Medium) | 2 (1 x 2) |
| Inherent Risk = 11 (9 + 2) | |||
Treatment
Your preliminary assessment, based on the expected effectiveness of treatment efforts in place, is as follows:
- Treatment 1 reduces the likelihood of the risk by 25% in Canada
- Treatment 2 reduces the likelihood of the risk by 15% in Canada
- Treatment 3 reduces the impact of the risk by 10% in the USA
- Treatment 4 reduces the likelihood of the risk by 5% in the USA
Residual risk calculations
| Operating segment and treatment | Likelihood | Impact | Residual Risk Score |
|---|---|---|---|
| Canada | 3 x (1-40%) = 1.8 (Residual Risk) | 3 x (1-0%) = 3 (Residual Risk) | 5.4 (1.8 x 3) |
|
Treatment = 25% | Treatment = 0% | |
|
Treatment = 15% | Treatment = 0% | |
| USA | 1 x (1-5%) = 0.95 (Residual Risk) | 2 x (1-10%) = 1.8 (Residual Risk) | 1.7 (0.95 x 1.8) |
|
Treatment = 0% | Treatment = 10% | |
|
Treatment = 5% | Treatment = 0% | |
|
Residual Risk Heat = 39.5%
Total Residual Risk Score (7.1) / total possible Inherent Risk Score (18) = Residual Risk Heat (39.5%). |
|||
