12 views


Description


The calculations in Risk Management scoring is explained below

Risk Scoring Calculations


 
The inherent and residual scores for a risk are calculated using the risk criteria, likelihood, and impact. 
Use the following calculations to score risks. 
 
• Qualitative Inherent ALE = Inherent ARO x Inherent SLE 
• Qualitative Inherent Score = Inherent Likelihood x Inherent impact 
• Quantitative Residual ALE = Residual ARO x Residual SLE 
• Qualitative Residual Score = Residual SLE 
 
When scoring is set to qualitative, the quantitative values are updated in the background. 
 
The Calculated Score for a risk is a read-only field designed to quickly assess a risk affecting the organization, and identify threats and areas of non-compliance. 
 
If controls are implemented to mitigate risk, then 
 
Calculated ALE = Residual ALE + ((Inherent ALE - Residual ALE) * (Calculated Risk Factor / 100)). 
 
Thus Calculated Score = Residual Score only if Compliance with the controls is 100%. 
 
If the Calculated Score > Residual Score, the organization is not 100% compliant with the controls used to mitigate a risk. 
 
Meaning that the Calculated Score can never be less than the Residual Score or greater than the Inherent Score. 
 
If controls are not implemented to mitigate risk, then Calculated Score = Residual Score. 
 
If the Residual Score is not set, then Calculated Score = Inherent Score. 
 
The calculated risk factor value is calculated as 
Calculated Risk Factor = (Indicator failure factor + Control failure factor) / 2 
 
Control failure factor -> Sum of failed controls weighting divided by total controls weighting. 
 
Indicator failure factor -> Uses the last result of each associated indicator. Number of last results failed divided by total number of indicators associated. 
 
 

Applicable Versions


J and above

Additional Information


I found the above information from this documentation, 
https://docs.servicenow.com/bundle/helsinki-governance-risk-compliance/page/product/grc-risk/concept/c_ScoreRisks.html 

Article Information

Last Updated:2018-08-15 10:21:28
Published:2018-08-15