Skip to main content

Risk estimation method

The Inherent risk is found by multiplying the Impact weighting by the Likelihood weighting. This number then determines where the risk places on your organization’s risk level scale.

The Impact and Likelihood are determined based on your organization’s risk level scale. Hyperproof offers default Likelihood and Impact risk mapping based on a 5-point scale where:

  • Point 1 is Very Low

  • Point 2 is Low

  • Point 3 is Moderate

  • Point 4 is High

  • Point 5 is Very High

The Inherent risk number falls into one of these levels. Administrators have the option to customize risk mapping, i.e. changing the point scale to better suit the organization.

Example

Imagine your organization's Likelihood scale is:

  • Rare (weighting: 1)

  • Possible (weighting: 3)

  • Certain (weighting: 5)

And your Impact scale is:

  • Low (weighting: 1)

  • Moderate (weighting: 3)

  • High (weighting: 5)

The risk scale can have 3-10 levels and the points are dependent on the maximum weights from Select scales multiplied together. For example, imagine your organization chose Low, Moderate, and High risk levels. The applicable scores to each level can be adjusted, as shown below with 0-3, 4-9, and 10-25 groupings.

If a risk were evaluated to have a Likelihood of Certain and an Impact of High, the risk would have a score of 25. The risk falls in the range of 10-25 so it is a High Inherent Risk. In the next section, we’ll see how mitigation can impact the Actual risk.

In this section: