Hi, something is calculated as a Medium Risk and has a risk score of 88 due to the applied risk magnifiers from the Liabilities, and some risks are rated as a High/Very High even though their score is 25. How does it work and why this is done this way?
Hello,
You haven’t provided much information here, but the formula is described in the Risk Calculation Method section.
The formula is as follows:
(multiplication of classifications) * (summation of asset liabilities)
Please keep in mind that if the summation of liabilities equals zero, the second part of the equation is ignored to avoid a risk score of zero.
In your case, I assume you’re referring to the summation of liabilities.
More info on our learning portal: Risk Management
I have configured the risk matrix in Eramba recently. What you seen is likely due to your risk matrix configuration. As Sam indicated, the risk score is determined based on your selection and the most common one is multiplication of likelihood and impact.
The key to get final risk rating in Eramba is to config the risk matrix. Unfortunately, it is not math base (e.g., if score <xx then rating is low, etc.). It is table matrix approach. Have your Eramba admin to check the configuration. That should help with your observations.
When I first build out the risk matrix, it took me several tries to get it right.
1 Like