Finding Analysis

A finding can be assessed based on the impact and likelihood ratings provided by workflow stage stakeholders. These ratings have a corresponding threshold value defined in the Findings Configuration range that will derive the inherent risk and residual risk scores for a finding.

Assume that you have set up threshold values for the following findings configuration ranges:

Inherent Impact Score

 Threshold

 Label

Score < 2

Low

2 <= Score < 5

Medium

5 <= Score

High

Inherent Likelihood Score

 Threshold

 Label

Score < 1

Unlikely

1 <= Score < 3

Possible

3 <= Score < 5

Likely

5 <= Score < 8

Almost Certain

8 <= Score

Certain

Inherent Risk Score

 Threshold

 Label

Score < 30

Low

30 <= Score < 60

Medium

60 <= Score

High

An inherent risk score is calculated as follows:

Inherent impact rating X Inherent Likelihood rating

For a finding, if you have rated the inherent impact as 'Medium,' and the inherent likelihood as 'Almost Certain,' then the high value that constitutes the selected rating is applied in calculating the inherent risk score value. That is, the equivalent values for the inherent impact and inherent likelihood ratings are 4 and 7, and the Inherent Risk score is 4 * 7 = 28.

Likewise, the residual risk score is calculated as follows:

Residual Impact rating X Residual Likelihood rating