Use the Residual Assessment form in the Advanced Risk application to assess the residual risks in your organization.

See the following table for a description of the field values.

Table 1. Residual Assessment form
Field Description
Risk assessment methodology Name of the RAM. This field is automatically set based on the selected RAM.
Calculate based on Options for calculating the assessment score:
  • Inherent risk and control effectiveness: Makes the assessment qualitative. The comparison between inherent and control effectiveness is always qualitative.
  • Factor responses: Bases the residual factors' calculation on responses to manual factors.
Assessment contribution Type of factor contribution:
  • Quantitative
  • Qualitative
  • Both

If Inherent risk and control effectiveness is selected in the Calculate based on field, then this field is automatically set to Qualitative. The field can't be modified.
Factors same as inherent Option to automatically copy the assessment contribution, qualitative scoring logic, factors, and qualitative rating criteria from the inherent assessment.
Note: This option appears only when the Calculate based on field field has the Factor responses value.
Enable heatmap Option to enable you to view the heatmap report on the Advanced Risk dashboard.
Note: This option can be selected only if a minimum of two factors are added to the assessment type.
Qualitative score
Qualitative scoring logic Scoring logic to be used. The options for this field change based on the option that is selected in the Calculate based on field.
When the Calculate based on field has Inherent risk and control effectiveness, the options are as follows:
  • Lookup matrix between inherent assessment and control effectiveness: Generates a matrix between the inherent assessment and control effectiveness assessment. It performs a Cartesian product to generate scores. You can view the matrix in the Matrix related list. For example, if the inherent risk is high and the control effectiveness is low, then the residual risk is also high.
  • Inherent score-control effectiveness score: Provides the difference between the inherent score and the control effectiveness score.
  • Inherent score/control effectiveness score: Provides the value that is derived by dividing the inherent score by the control effectiveness score.
  • Script: Use a custom script to calculate the qualitative score. The Script option enables you to create a customized calculation method that aligns with your organization's unique requirements and risk assessment approach.
    Note: You can write or modify scripts only for assessment types that aren’t published.
When the Calculate based on field has Factor responses, the options are as follows:
  • Sum: Sum of the factor responses.
  • Minimum: Minimum value of the factor responses.
  • Maximum: Maximum value of the factor responses.
  • Average: Average value of the factor responses.
  • Product: Value derived by multiplying the factor responses.
  • Weighted average: Average value of the weighting of factors. This value is then classified as low, medium, or high.
  • Script: User-defined formula to calculate the score. This option is available only to users with the sn_grc.developer role.
Quantitative score
This section appears only when the value Quantitative is selected from the Factor contribution field.
Quantitative scoring logic Scoring logic to be used:
  • Sum: Sum of the factor responses.
  • Minimum: Minimum value of the factor responses.
  • Maximum: Maximum value of the factor responses.
  • Average: Average value of the factor responses.
  • Product: Value that is derived by multiplying the factor responses.
  • Script: User-defined formula to calculate the score. This option is available only to users with the sn_grc.developer role.
Section Labels

This section appears only when Configure section terminology is selected in the RAM form.

Note: Section label renaming applies only to the advanced risk assessment interface while leaving the terminology used in reports, dashboards, heatmaps, and other areas unchanged.
Title Option to rename the section title of the assessment type. For example, if you rename Residual assessment as Net assessment, the new title will be displayed in all sections where the Residual assessment was previously referred.
Score label Option to rename the qualitative score label in the Scoring section of the assessment form. For example, if you rename Residual risk as Net risk, the new score label will be displayed in the scoring section where Residual risk was previously referred.
Annual loss expectancy label Option to rename the quantitative score label in the Scoring section of the assessment form. For example, if you rename Residual ALE as Net ALE, the new score label will be displayed in the scoring section where Residual ALE was previously referred.
Heatmap Configuration
This section appears only when the Enable heatmap option is selected.
Factor for X-axis Factor that appears on the X-axis of the heatmap.
Note: Only the qualitative factors of type Choice or factors with the transformation criteria can be selected. For more information, see Transformation criteria.
Factor for Y-axis Factor that appears on the Y-axis of the heatmap.
Note: Only the qualitative factors of type Choice or with the transformation criteria can be selected. For more information, see Transformation criteria.