A risk or issue may have three different scores, depending on your configuration. These are:
- Original Score
- This is the score of the risk/issue when it was first identified. This should remain the same throughout the life of the risk/issue.
- Current Score
- This is the score at the last review of the risk/issue and should take account of the action progress and any controls which have been put in place or improved.
- Target Score
- This is the score at which the risk/issue exposure becomes acceptable.
For each type of score above, a risk/issue will be assessed for the level of impact, should it occur, and the likelihood of it occurring. Multiple types of impact may be defined and the impact score will then be the highest of these. Each of the two components (impact and likelihood) is scored on a 1 to 5 scale and the overall score determined by multiplying the two components together.
For example, if a risk has a financial impact score of 4, a reputation impact of 3 and a likelihood of 2, then it's overall score will be 8; the highest impact is 4.