FAQ for Admins
      Back to home
      1. Knowledge Center
      2. Additional Resources
      3. FAQ for Admins

      Risk Score & Level Definitions

      A definitive guide on risk scores and the meaning of each risk level.

      Risk Score:

      • Unweighted initial risk score: This is the score that takes into account the risk impact and its likelihood at the beginning when the risk is created
      • Weighted initial risk score: This is the score that takes into account the risk impact, its likelihood and its weight at the beginning when the risk is created
      • Unweighted current risk score: This is the score that takes into account the risk impact and its likelihood during the risk’s journey from the beginning to the target
      • Weighted current risk score: This is the score that takes into account the risk impact, its likelihood and its weight during the risk’s journey from the beginning to the target
      • Weighted and responded current risk score: This is the score that takes into account the risk impact, its likelihood, weight and the mitigation applied to it during the risk’s journey from the beginning to the target
      • Unweighted target risk score: This is the target score that takes into account the target risk impact and its target likelihood
      • Weighted target risk score: This is the target score that takes into account the target risk impact, its target likelihood and its weight

      Risk Level:

      Risk level is a qualitative explanation of the risk scores.

      Mapping between unweighted risk scores and risk levels:

      • If the unweighted risk score is higher than 1 and lower or equal to 4, the unweighted risk level is Low
      • If the unweighted risk score is higher than 4 and lower or equal to 11, the unweighted risk level is Medium
      • If the unweighted risk score is higher than 11 and lower or equal to 19, the unweighted risk level is High
      • If the unweighted risk score is higher than 19 and lower or equal to 29, the unweighted risk level is Severe
      • If the unweighted risk score is higher than 29 and lower or equal to 36, the unweighted risk level is Extreme

      Mapping between weighted risk scores and risk levels:

      • If the weighted risk score is higher than 1 and lower or equal to 36, the unweighted risk level is Low
      • If the weighted risk score is higher than 36 and lower or equal to 108, the unweighted risk level is Medium
      • If the weighted risk score is higher than 108 and lower or equal to 198, the unweighted risk level is High
      • If the weighted risk score is higher than 198 and lower or equal to 288, the unweighted risk level is Severe
      • If the weighted risk score is higher than 288 and lower or equal to 360, the unweighted risk level is Extreme

      Risk Likelihood:

      Risk likelihood is displayed as a ranking between 1 (Remote) - 6 (Almost Certain)

      • Almost Certain: Virtual certainty the event will occur at some time, under normal business conditions, that can be quantified as greater than a 99% chance of occurrence
      • Likely: Likely to expect the event to occur at some time, under normal business conditions, that can be quantified as between a 70%-99% chance of occurrence
      • Possible: Reasonable to expect the event could occur at some time, under normal business conditions, that can be quantified as between a 25%-70% chance of occurrence
      • Unlikely: Unlikely to expect the event to occur at some time, under normal business conditions, that can be quantified as between a 10%-25% chance of occurrence
      • Highly Unlikely: Highly-unlikely event that can be quantified as between a 1%-10% chance of occurrence
      • Remote: Theoretically possible. The likelihood of occurring can be quantified as less than a 1% chance of occurrence

      Risk Impact:

      Risk impact is displayed as a ranking between 1 (Insignificant) - 6 (Catastrophic)

      • Catastrophic: Critical, long-term damage or service impact. Financial and reputational damage could be enough to ruin the business
      • Critical: Critical, short-term damage or service impact. Financial and reputational damage could create noticeable loss of market share
      • Major: Major damage or service impact. Extensive reputational and financial impact, but not enough to ruin the business
      • Moderate: Noticeable damage or service impact. Harmful reputational and financial impact, but not enough to ruin the business
      • Minor: Localized or minimal damage or service impact. Minor reputational and financial impact
      • Insignificant: Little to no damage or service impact. No reputational or financial impact

      Risk Weight:

      Risk weight is a number between 1 (Lowest) - 10 (Highest) to emphasize the importance of the risk