Risk Assessment Questionnaire Calculation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2018 06:31 PM
Hi there,
I have implemented some risk assessment questionnaires based on my client requirements. However, once the questionnaire is filled and submitted, the score dis not affected in the scoring tab within the risk record.
Is the scoring automated based on the assessment questions response or it is meant to be manually entered?
PS: this is not vendor risk management but just risk management
Thanks for your help
Fed
- Labels:
-
Risk Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2018 08:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2018 08:54 PM
thanks for your reply.
two questions:
Are you saying that is predefined and manually enter in risk statement?
Risk can be assessed separately depending on risk profile linked and so the score can be different. I believe the assessment questionnaire is to define the score? otherwise What is the risk assessment there for then?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2018 10:29 PM
Hi,
you Have to enter data manually in risk statement..
check risk critiria table..
1.go to navigator
2.type risk critiria
and check
Thanks

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2018 05:04 AM
Currently, the risk scores are not adjusted based on the answers to the risk assessment. I'm pretty sure that is in the backlog of enhancements. I think it is difficult because customers can change those questions - it is just a survey.
Preethi is right that the SLE and ARO are inherited from the Risk Statement, however it is intended that they should be modified on the registered risk - because as you state the values could be different for each profile.
On the registered risk, in addition to the SLE and ARO you also have the ALE and Score. These are calculated. For Inherent and Residual, the ALE is SLE x ARO. The score is a look up on the Risk Criteria table that Preethi referenced.
The Calculated ALE and thus score are adjusted based on Controls and Indicators. On the Registered Risk there is a tab called Monitoring. there you find the Calculated risk factor. This value is the average of the Control failure factor and the Indicator failure factor.
The control failure factor is driven by control compliancy and their weight.
Indicator failure factor is driven by the result of the indicator. Pass/Fail
Then this formula is used to determine the Calculated ALE
Then the value that is returned is used to look up a risk score on the Risk Rating scale and that is updated in the Calculated Score field.