Risk and assessment scoring configuration

As a System Admin, you can configure risk and assessment scoring in Risk Manager to align with your organization’s requirements.

Prerequisites

Before configuring the risk and assessment scores, you must set up the severity scale for the risk fields you plan to use, such as Likelihood and Impact.

For example: Configure a 3-point severity scale with Likelihood and Impact values such as, Low, Medium, and High. You can assign numerical scores (for example, Low = 1, Medium = 2, High = 3) to each level.

To set up the severity scale of the risk fields on the Configuration page:

  1. Open the Launchpad home page (www.diligentoneplatform.com).

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

    Note

    If your company uses more than one instance in Launchpad, make sure the appropriate instance is active.

  2. Select Platform Settings and then select Configuration.
  3. On the Configuration page, from the left navigation menu, select Attribute types.
  4. On the Attribute Types page, search for the attribute you want to configure (for example, Likelihood).
  5. From the search results, select the attribute name.

  6. On the Attribute name page, in the General information section, select Edit.

  7. In the Response type section, enter the severity scores. For example: Low = 1, Medium = 2, and High = 3.
  8. (Optional) Make any additional changes, such as:
    • Adding or removing options
    • Renaming or reordering values
    • Assigning colors for better visibility
  9. Select Save.
  10. Return to the Attribute Types page and repeat the steps to configure fields such as Impact.

Risk score configuration

The risk score configuration includes two key components:

  • Risk score formula Defines how the risk score is calculated.

  • Risk level output Maps calculated scores to qualitative levels (Low, Medium, High).

Configuring the Risk score formula

The risk score formula defines how values from specific fields (such as Likelihood and Impact) are mathematically combined to produce a score. You can define a custom formula using one or more risk factors, assign weight to each factor, and apply mathematical operators to fine tune the score.

For example,

(Likelihood x 100%) x (Impact x 100%)

Here, Likelihood and Impact are the risk factors and 100% is the weightage.

You can also provide a number at the end with a plus (+) or minus (-) operator to get a desired value.

For example: 

 (Likelihood x 100%) x (Impact x 100%) + 500

Here, Likelihood and Impact are the risk factors, 100 % is the weightage, and + 500 is an additional adjustment.

Configuring the risk score formula

You can customize the risk score formula by adding more fields and changing the logic of the formula.

Example

You are configuring the risk score formula for your organization using two predefined risk factors Likelihood and Impact each configured with a 3-point severity scale:

  • Low = 1

  • Medium = 2

  • High = 3

To set up the risk score formula:

  1. Open the Risk Manager app.

  2. From the left navigation panel, go to Settings and then select Scoring.

    The Risk score configuration page is displayed. You must include at least two fields (risk factors) to perform the calculation. These are typically attributes such as Likelihood, Impact, or other custom fields configured with severity scales.

  3. In the Risk Score Formula section, select Edit.
  4. In the Field drop-down, select Likelihood.

    Note

    Only dropdown and radio button fields appear in the list. You can view the severity scale for each field using the info icon (i).

  5. In the Weight field, enter weightage for the selected field.

    Note

    Weight represents the relative importance of a risk factor when calculating the risk score. It is expressed as a percentage and can range from 0 to any suitable number based on your scoring logic.

    For example, a weight of 200 indicates double the importance, and a weight of 50 indicates half the importance.

    The weight is always multiplied by the value of the selected risk factor.

    Assuming the Likelihood field uses a 3-point scale:

    • Low = 1

    • Medium = 2

    • High = 3

    Here’s how the calculation works:

    • If Low is assigned a weight of 200, the result is: 1 × 200% = 2.

    • If Low is assigned a weight of 50, the result is: 1 × 50% = 0.5.

  6. (Optional) In the Number field, enter a numeric adjustment, and select plus (+) or minus (-) as needed. The default value is 0.

    Note

    You can optionally add or subtract a fixed number from the score to adjust the final value. For example, if the risk factor is 1 and weight is 100, and you enter 100 in the Number field with a plus operator (+), the calculation will be:

    (1 x 100%) + 100 =101.

  7. Select Add Field to add Impact. You must include at least two fields (risk factors) to perform the calculation.
  8. Select the operator that defines how the values will be calculated, plus, minus, multiply, or divide (+, -, x, ÷). For example, (Likelihood) x (Impact).
  9. (Optional) Add a final adjustment by entering a number and selecting an operator at the end of the formula (+, -, x, ÷).
  10. Select Save Changes.

The risk score formula is saved.

Setting up the Risk Level Output

After configuring the Risk Score Formula, the next step is to define the Risk Level Output. This involves mapping score ranges to qualitative levels (for example, Low, Medium, High) based on the severity scale of the selected output field.

Example

After creating the Risk Score Formula, you need to map the calculated score to an appropriate Risk Level Output using a severity scale.

In this example, the Inherent Risk Score is configured with a 3-point severity scale, Low, Medium, and High.

  1. Open the Risk Manager app.

  2. From the left navigation panel, go to Settings and then select Scoring. The Risk score configuration page is displayed.

  3. In the Risk Level Output section, select Edit.
  4. From the Output field list, select Inherent Risk Score.

    Note

    Dropdown and radio button fields of the risk are displayed in the Output field.

    Based on the output field selected, the Severity Points field displays a predefined scale. In this example, for the output field, Inherent Risk Score, the scale is low, medium, and high.
    To make updates to the inherent risk score, go to the Configuration > Attribute Types page and make the required changes.

  5. Assuming the risk factors selected to calculate the risk score are Likelihood and Impact , and they are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.
    Based on the risk score formula of (Likelihood x 100%) x (Impact x 100%), the calculated scores will range from 1 to 9, as shown below:
    LikelihoodImpactValue
    Low (1)Low (1)(1 x 100%) x (1 x 100%) = 1
    Low (1)Medium (2)(1 x 100%) x (2 x 100%) = 2
    Low (1)High (3)(1 x 100%) x (3 x 100%) = 3
    Medium (2)Low (1)(2 x 100%) x (1 x 100%) = 2
    Medium (2)Medium (2)(2 x 100%) x (2 x 100%) = 4
    Medium (2)High (3)(2 x 100%) x (3 x 100%) = 6
    High (3)Low (1)(3 x 100%) x (1 x 100%) = 3
    High (3)Medium (2)(3 x 100%) x (2 x 100%) = 6
    High (3)High (3)(3 x 100%) x (3 x 100%) = 9

    The lowest is (1 x 1 = 1) and the highest is (3 x 3 = 9). You can now map score ranges to severity levels:

    • Low = 0 to 3
    • Medium = 4 to 6
    • High = 7 to 9

    Note

    Select the link icon to set up a continuous range without any gaps. For example, 

    • Low equals 0 to ≤ 3
    • Medium equals >3 to ≤ 6
    • High equals >6 to ≤ 9

    This ensures that the upper limit of the first field becomes the starting point of the second field. For example, if the low range is 0 to less than or equal to 3, the medium range begins at greater than 3. Similarly, if the medium range is 3 to less than or equal to 6, the high range starts at greater than 6.

  6. Select Save Changes.

The Risk Manager app saves the Risk Level Output.

How to calculate the risk score?

After you've configured the Risk Score Formula and Risk Level Output, follow these steps to calculate scores:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Use the checkboxes to select one or multiple risks for which you want to calculate the score.

    Tip

    Click the checkbox in the Name column header to select all risks on the page.

  3. Select Actions and select one of the following options:
    • Score empty output fieldsCalculates the risk score for the risk output fields that are empty. Existing scores will remain unchanged.
    • Score all output fields Calculates the risk score for all the output fields. It overrides the existing score.

Note

You can also use the default configuration to calculate the risk scores. For more information, see Using default configuration.

Risk scoring example

Here's an example of risk scoring.

Example

You want to score a risk in the Risk Manager app. The impact and likelihood are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

The risk where you want to calculate the risk score has the following risk factors:

  • Likelihood = High (3)
  • Impact = Medium (2)

Your scoring settings are defined as follows:

  • Risk Score Formula: (Likelihood x 100%) x (Impact x 100%)

  • Risk Level Output: Inherent Risk Score is the output field with a 3-point severity scale (low, medium, and high). The ranges are set as follows:

  • Low equals 0 to ≤ 3
  • Medium equals >3 to ≤ 6
  • High equals >6 to ≤ 9

The calculation according to the risk score formula is:

(Likelihood x 100%) x (Impact x 100%)

(3 x 100%) x (2 x 100%)

3 x 2 = 6

The risk score is 6. This fits into the medium range of the output field in the Risk Level Output scale.

Therefore, when you score this risk, the Inherent Risk Score is Medium.

Assessment score configuration

To configure the assessment score, you’ll need to configure two main components:

  • Assessment score formula

  • Assessment level output

Assessment Score Formula

This section lets you define a custom formula to calculate the assessment score based on selected risk factors.

For example, the assessment score formula can be:

(Likelihood x 100%) x (Impact x 100%)

Where, likelihood and impact are the risk factors, x is the multiplication sign, and 100% is the weightage.

You can also add or subtract a fixed number to tailor the outcome:

For example,

 (Likelihood x 100%) x (Impact x 100%) + 500

Setting up the Assessment Score Formula

You can customize the assessment score formula by adding more fields or changing the logic of the formula.

Example

You want to configure the risk assessment score for your organization. To create the assessment score formula, you decide to use the Likelihood and Impact fields, each configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

To set up the formula:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. In the left panel, select Settings and then select Scoring.
  3. On the Assessment score configuration page opens, in the Assessment Score Formula section, select Edit.
  4. From the Field list, select Likelihood.

    Note

    Only dropdown and radio button fields from the risk are displayed in the Field dropdown list. The info icon (i) displays the severity scale of the selected field.

  5. In the Weight field, enter a weightage for the selected field.

    Note

    Weight is the importance of a risk factor when calculating the risk score. Weight can be any numeric value, depending on how much influence you want the factor to carry.

    For example, if you want to assign double the importance for a risk factor, enter the weight as 200. Similarly, if you want to assign half the importance for a risk factor, enter the weight as 50.

    Weight is measured in terms of percentage and always multiplied by the risk factor's severity score. For example, Likelihood with the scale: Low = 1, Medium = 2, and High = 3.

    • If the weightage entered for low is 200, then the calculated value is (1 x 200% = 2).

    • If the weightage is 50, then the calculated value is (1 x 50% = 0.5).

  6. (Optional) In the Number field, enter a number with a plus (+) or minus (-) operator. Default is 0.

    Note

    You can add or subtract the number from the score to get a desired value. For example, If the risk factor is 1 and weight is 100, enter 100 in the Number field with a plus operator (+).

    The result will be: (1 x 100%) + 100 =101.

    Now, you have successfully added a field.

  7. Select Add Field to add Impact. You need a minimum of two fields (risk factors) to perform the calculation.
  8. Select the operator to perform calculation: plus, minus, multiply, or divide (+, -, x, ÷). For example, (Likelihood) x (Impact).
  9. (Optional) Add another number at the end with any operator (+, -, x, ÷).
  10. Select Save Changes.

The Assessment Score formula is saved.

Setting up the Assessment Level Output

After configuring the assessment score formula, the next step is to set up the assessment level output by providing a set of ranges, based on the severity scale of the output field.

Example

You’ve created an Assessment Score Formula and now need to configure the assessment level output. You decide to set the ranges based on the Inherent Risk Score output field.

The Inherent Risk Score is configured with a 3-point severity scale: Low, Medium, and High.

To configure the Assessment Level Output:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. In the left panel, select Settings and then select Scoring.
  3. On the Assessment score configuration page opens, in the Assessment Level Output section, select Edit.
  4. From the Output field list, select Inherent Risk Score.

    Note

    Dropdown and radio button fields of the risk are displayed in the Output field.

    Based on the output field selected, the Severity Points field displays a predefined scale. In this example, for the output field, Inherent Risk Score, the scale is low, medium, and high.
    To update the inherent risk score, go to the Configuration > Attribute Types page and make the required changes.

  5. Assuming the risk factors selected to calculate the assessment score are Likelihood and Impact , and they are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.
    Using the assessment score formula: (Likelihood x 100%) x (Impact x 100%), the scale can range in the following ways:
    LikelihoodImpactValue
    Low (1)Low (1)(1 x 100%) x (1 x 100%) = 1
    Low (1)Medium (2)(1 x 100%) x (2 x 100%) = 2
    Low (1)High (3)(1 x 100%) x (3 x 100%) = 3
    Medium (2)Low (1)(2 x 100%) x (1 x 100%) = 2
    Medium (2)Medium (2)(2 x 100%) x (2 x 100%) = 4
    Medium (2)High (3)(2 x 100%) x (3 x 100%) = 6
    High (3)Low (1)(3 x 100%) x (1 x 100%) = 3
    High (3)Medium (2)(3 x 100%) x (2 x 100%) = 6
    High (3)High (3)(3 x 100%) x (3 x 100%) = 9

    The lowest is (1 x 1 = 1) and the highest is (3 x 3 = 9). You can set up the severity points in the following ways:

    • Low = 0 to 3
    • Medium = 4 to 6
    • High = 7 to 9

    Note

    Select the link icon to set up a continuous range without any gaps. For example: 

    • Low equals 0 to ≤ 3
    • Medium equals >3 to ≤ 6
    • High equals >6 to ≤ 9

    This ensures that the upper limit of the first field becomes the starting point of the second field. For example, if the low range is 0 to less than or equal to 3, the medium range begins at greater than 3. Similarly, if the medium range is 3 to less than or equal to 6, the high range starts at greater than 6.

  6. Select Save Changes.

The assessment level output is saved.

How to calculate the assessment score?

After you configure the assessment score formula and the assessment level output, perform the following steps to calculate the assessment score:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the checkbox next to the specific risk.

  3. Select the checkboxes for the risk assessments you want to calculate the score for. You can select one or multiple risk assessments.

    Tip

    To select all risk assessments on the page, click the checkbox in the Name column header.

  4. Select Actions and select one of the following options:
    • Score empty output fields Calculates the assessment score for the assessment output fields that are empty. It does not override the existing score.
    • Score all output fields Calculates the assessment score for all the output fields that are empty. It overrides the existing score.

Note

You can also calculate the assessment scores using the default configuration. For more information, see Using default configuration.

Here's an example of assessment scoring.

Example

For example, you want to score a risk assessment in the Risk Manager app. The impact and likelihood are configured with a 3-point severity scale: Low = 1, Medium = 2, and High = 3.

The risk assessment has the following risk factors:

  • Likelihood = High (3)
  • Impact = Medium (2)

The assessment score formula and risk level output are configured as follows:

  • Assessment Score Formula: 

(Likelihood x 100%) x (Impact x 100%)

  • Assessment Level Output: Inherent Risk Score is the output field with a 3-point severity scale (low, medium, and high). The ranges are configured as:

    • Low = 0 to ≤ 3

    • Medium = >3 to ≤ 6

    • High = >6 to ≤ 9

The calculation according to the assessment score formula is:

(Likelihood x 100%) x (Impact x 100%)

(3 x 100%) x (2 x 100%)

3 x 2 = 6

The Assessment Score is 6. This fits into the medium range of the output field in the Risk Level Output scale.

Therefore, when you score this risk assessment, the Inherent Risk Score is Medium.

Viewing the scoring activity log

Scoring configuration is used to set up a scoring logic that applies to your organization. Scoring configuration enables you to apply the scores using a bulk operation rather than applying the scores manually to each risk or assessment.

The scoring dashboard displays a log for all the scoring activities performed. In the log, you can view the details of scores that were applied successfully and those that failed. The failed records can be rerun. The dashboard helps you to identify the records that are pending and manage the score-application process more efficiently.

To view the scoring activity log:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. In the left panel, select Activity and then select Scoring Activity.

    In the Scoring Activity page, for every executed scoring run, you can view details such as date of execution, action, status (passed or failed), the risk or assessment records that were used for the execution, and the name of the user who executed the run.

  3. Select the Action name link of the scoring run that you want to view or access.

    The activity details pane is displayed. You can view the details such as date of execution, type of object, action on which scoring was performed, scoring logic, status and user details. You can also view the records that passed and failed. Select View details to access details of the records. Additionally, select Rerun action on failed objects to rerun failed records.

  4. Select View details to navigate to the scoring activity details page.

    The Scoring Activity details page displays the detailed error message for each record included in the scoring execution run. On the Scoring Activity details page:

    • View the details such as action on which scoring was performed, date of execution, status, type of object, user name, output field, scoring logic and the executed records.

    • Select View against each record to access details of the records. The object name, error message and status are displayed. Select the object name to view the Risk Event Assessment details page.

    • Select Rerun action on failed objects to rerun a failed scoring activity. When you initiate a rerun, a new scoring activity log entry is added in the Scoring Activity page list view with the new scoring execution details.

Note

When the scoring execution is in progress, you can view the number of records that have been completed and the number of records that are in progress. You can access the Rerun action on failed objects button after the execution is complete.