Risk scores are not normalized, but you are always able to use the current risk score to compare across entities.
For example, if entity A has a score of 150 and entity B has a score of 300, that means that entity B is twice as risky as entity A. Converting the numbers to percentages would not help in terms of comparison across entities, because the numbers are simply relative to each other whether it is a percentage or not.
Do not confuse the simple risk score (sometimes called just "risk score") with the total inherent or total risk score; the total scores may be different from the simple risk score.
