Example risk calculation
Example one: Inherent
In the calculation below, a risk is linked to two controls (Control A and Control B). Each control has a mitigation percentage of 40 percent. Both controls are healthy.
Using Hyperproof's default risk mapping, the calculation looks like:
![inherent-risk-example1.png](../../image/uuid-b623c3cc-e82a-7595-68ea-141e174bd18d.png)
The overall risk is Low because the residual risk is less than the tolerance. Refer to Calculating the overall risk for more information.
Example two: Inherent
Using the example calculation above, both controls failed testing and became at risk, thus reducing the controls' mitigation percentages. The intended mitigation was 40% for each control, so after discounting the mitigation by 50%, the resulting mitigation is 20% for each control. The residual risk increases beyond the tolerance, so the risk becomes Critical.
![inherent-risk-example2.png](../../image/uuid-baf46791-ef24-5ca9-32db-ede40912b2ee.png)
Example three: Residual
In the calculation below, a risk is linked to two controls (Control C and Control D). Control C has a likelihood mitigation of 30% and Control D has a likelihood mitigation of 20 percent. Control C has an impact mitigation of 10% and Control D has an impact mitigation of 10 percent. Both controls are healthy.
![residual-risk-example2.png](../../image/uuid-ff9b6bd1-e120-2697-96b3-4803511e6a1e.png)
Example four: Residual
Using the example calculation above, both controls failed testing and became at risk, thus reducing the controls' mitigation percentages.
The intended likelihood mitigation was 50%, so after discounting the mitigation by 50%, the resulting likelihood mitigation is 25 percent. The intended impact mitigation was 20%, so after discounting the mitigation by 50%, the resulting impact mitigation is 10 percent. The residual risk increases beyond the tolerance, so the risk becomes Critical.
![residual-risk-example1.png](../../image/uuid-d3429325-aff7-abf2-821e-f50b9b6e6e97.png)