Hi @chitra1 

After the risk assessment questionnaire is completed, the scoring for inherent and residual risk is completed manually based on the results of the questionnaire. Please note; if default inherent and residual scoring is defined at the risk statement level, all corresponding risks will inherit the scoring.

Both qualitative and quantitative scoring methods for measuring impact and likelihood are supported which are configured and maintained in the risk criteria table found in the risk administration area. This is where quantitative and qualitative values are cross-referenced to support the calculations described below.

Risks must be measured using a single methodology, either qualitatively or quantitatively. This can be set by the GRC Administrator in the properties area (by default the scoring method is set to quantitative).

The Annualized Loss Expectancy (ALE) is automatically calculated by the system as SLE x ARO or Impact x Likelihood. Where qualitative methodology has been used, the relevant values are taken from the risk criteria table. The Inherent and Residual scores are translations of the ALE which will depend on the values configured in the risk criteria table. 

The Calculated ALE is automatically populated based off all calculations:

Residual ALE + ((Inherent ALE - Residual ALE) * (Calculated Risk Factor / 100))

The calculated risk factor is also automatically calculated:

(Indicator failure factor + Control failure factor) / 2 *100

The control failure factor is the impact of control failures on the calculated score of risks and the indicator failure factor is the impact of risk indicator failures on the calculated score of risks. These values can be found on the ‘Monitor’ tab.

……………………………………………………………………………………………………

Please Mark it helpful 👍and Accept Solution✔️!! If this helps you to understand.