GuardianERM.Net Help       Table of Contents


Risk Rating Configuration

When a risk is evaluated, GuardianERM.Net produces a risk rating according to the Consequence and Likelihood selected.  A residual risk and targeted residual risk are also calculated after applying the effectiveness of the implemented and proposed/agreed controls.

The risk rating is in a five-point scale (ie. from 1 to 5).  There is actually a sixth level which is Negligible when the risk rating falls below 1.

There are two things you can configure here:

  1. The risk rating scale, that is, what level do you consider as high risk or low risk.
  2. The definition or description of the risk level.

Risk Rating Scale:

This risk heat map is displayed with the current configuration.  If this is the first time the risk rating is configured, it will display the default values.  To change the risk rating scale, select a cell you want to change the risk level (the cell will turn white in colour):

Select a risk level from the Heat Map Risk Level dropdown list and click the Select button.

The risk level of selected cell on the risk heat map will be changed.

When all the cells have been configured, click the Save button.

Maximum Control Level

In risk evaluation, where there are more than one control attached to a risk, the system will aggregate the effectiveness of the controls to arrive at the residual risk.  When the effective control is over a certain threshold (default 90%), the system will consider the residual risk to be negligible, meaning there is no need to further improve the controls to reduce the inherent risk.  This threshold can be configured by entering a number between 90 and 99%.

Risk Level Definition

The Risk Level Definition table shows the long and short (up to 4 characters) descriptions of each risk level:

To change any of the description, click the cell and make the change.

When all changes have been made, click the Save button.

Note: Once the data is saved, the heat map and the dropdown list will reflect the changes instantly.  GuardianERM.Net will also recalculate all the risks in the system to reflect the changes.  It is highly recommended that no user is updating the system while this function is being performed.