What Is a Risk Scoring Method?
A Risk Scoring Method is a formula used to calculate how serious a risk is based on two main components:
-
Probability – How likely the risk is to happen
-
Impact – How serious the consequences are if it does happen
In Humadroid, scoring methods can be configured to consider one or multiple types of effects (e.g. financial, legal, reputational) with different weightings.
Risk Scoring Methods play a key role in identifying and evaluating risks in compliance projects. With them, you can understand the level of exposure each risk creates, from financial, legal, operational, or any other risk you identify in your organization. They allow you to answer an essential question:
What would happen if this risk materialized?
Using these scoring models ensures that all risks are measured in a consistent, comparable way. Once the score is calculated, you can clearly decide which risks require action (treatment) and which can be monitored.
🧠 Why Use Risk Scoring Methods?
✅ Identify high-impact risks early in projects
✅ Evaluate risks across dimensions: financial, legal, reputational, or any other you identify.
✅ Standardize scoring to ensure fair prioritization
✅ Improve visibility on dashboards and reports
With structured scoring, decisions become more data-driven and defensible.
📊 Default Methods in Humadroid
Humadroid includes three built-in scoring methods:
1. Multi-Impact Assessment (Default)
-
Formula:
probability * SUM(impacts) -
Impacts: Financial (x1), Legal (x1), Reputational (x1)
-
Threshold: Score ≥ 9 requires treatment
This method evaluates risk by multiplying its probability by the sum of its individual impact types.
2. Simple 5x5 Risk Matrix
-
Formula:
probability * impact -
Impact: Single dimension, e.g., "Overall Impact"
-
Threshold: Score ≥ 15 requires treatment
Suitable for straightforward use cases without multiple dimensions.
3. Weighted Impact Assessment
-
Formula:
probability * SUM(impacts) -
Weights: Financial (x2), Legal (x1), Reputational (x1), Operational (x1)
-
Threshold: Score ≥ 12 requires treatment
This method places extra emphasis on the financial impact.
⚙️ How to Create or Edit a Scoring Method
💡 Remember: If you're not a Compliance Officer or did not work with Risk Scoring Methods before, we rocommend using default methods.
To create or customize a scoring method, go to: Settings > Compliance > Scoring Methods > New Scoring Method
Step 1: Define Basic Info
-
Name: Give your method a descriptive name
-
Description: (Optional) Clarify its intended use
-
Treatment Threshold: Minimum score that requires mitigation
Step 2: Set Formula
Formulas can use the following elements:
-
probability -
SUM(impacts) -
MAX(impacts) -
AVG(impacts) -
Specific impacts by identifier depending on what you added (e.g.,
financial)
Examples:
-
probability * MAX(impacts) -
probability * (financial * 2 + reputational) -
(probability + MAX(impacts)) / 2
Step 3: Add Impact Types
You define which kinds of impact matter for your organization. Each can be customized with its own:
-
Name (e.g., "Financial Impact")
-
Identifier used in formulas (e.g.,
financial) -
Weight (e.g., 1 or 2)
-
Impact Levels (you can create your own as you go, but we recommend using the default):
-
Label: Minimal, Minor, Moderate, Major, Severe
-
Value: Numeric scale (1–5)
-
Description: Define the scope of impact
-
Example: Financial Impact
-
Minimal (1): <$10,000
-
Minor (2): $10K–$100K
-
Moderate (3): $100K–$1M
-
Major (4): $1M–$10M
-
Severe (5): >$10M
Step 4: Set Probability Levels
These describe the likelihood of a risk occurring. Each level has a numeric value.
🔄 Tips and Best Practices
-
Use weights to emphasize certain risk types (e.g., financial impact in regulated industries)
-
Keep probability and impact levels consistent across methods for easier comparison
-
Test your formula with a few risks before going live
-
Set one scoring method as the default to apply it automatically to new risksf thi