Example risk calculation

Luna B. Technologies wants to determine the overall risk health of one of its mitigated risks. This risk has two controls linked to it: Control A and Control B. Because both controls play a particular part in preventing the risk from happening, Luna B.’s compliance manager mitigates 40% of the risk with Control A and 40% with Control B.

To understand how Hyperproof determines the overall health, we need to take a look at Luna B.’s risk mapping. In this scenario, we'll assume that Luna B. Technologies is using custom risk mapping based on the example in the previous section.

The calculation looks like:

However, if Control A testing failed and the control became At Risk, then the mitigation would reduce. The intended mitigation was 40%, so after discounting the mitigation by 50%, the resulting mitigation is 20%. The risk level increases beyond tolerance, so the risk becomes Critical.

Therefore, the overall risk health is Critical (the Inherent risk is Critical and the Actual risk (residual) is High).