Obtaining the net risk

This article explains the terms gross risk and mitigation rating, and how the two combine to generate the net risk.

Understanding the concepts

 

Gross risk

When a risk is created, the following is assessed in the risk form:

  • gross impact;

  • probability.

DLD Anti-corruption converts these two assessments into a gross risk as follows:

  • Each assessment (ProbabilityImpact) is converted into a number from 1 to 4: Minor = 1/4; Moderate = 2/4; Significant = 3/4; High = 4/4.

  • Then the two assessments are multiplied, resulting in a gross risk from 1 to 16. Based on this number, the gross risk is qualified as Minor, Moderate, Significant, or High.

Mitigation rating

It's up to you to assess the mitigation rating based on the measures, actions and controls implemented (see Mitigating a risk).

You will choose one of the 4 mitigation ratings. Each rating has a number equivalent from 1 to 4: Weak = 1/4; Moderate = 2/4; Significant = 3/4; Strong = 4/4.

Net risk

Once you have assessed the mitigation rating, DLD Anti-corruption automatically calculates the Net risk based on the gross risk and the mitigation rating.

Obtaining the net risk:

To obtain the net risk:

  1. In the sidebar, click Risk mapping.

  2. Click the line of the risk to open it (to search for a risk, see Monitoring your risks).
  3. On the "Manage risk" page, the Gross risk, Mitigation rating and Net risk are displayed. By default, the mitigation rating is 4/4 = Strong. To assess the mitigation for this risk, click the Assess risk mitigation button.

 

4. Answer each of the 5 questions, according to the measures, actions and controls implemented.

5. Based on your answers, select a Mitigation ratingWeakModerateSignificant or Strong (a short explanation of each rating is displayed underneath). Then justify your rating.

6. Click Confirm.

  • The Mitigation rating you selected is displayed, along with its numeric equivalent from 1 to 4.
  • The Net risk is recomputed based on your mitigation rating. It is displayed as a number from 0.25 to 16. This number is given a descriptive equivalent: Minute, Minor, Moderate, Significant, and High.

 

When new risk mitigation steps are added, the mitigation rating can be reassessed.

You can view and monitor your risks globally on the Risk mapping page. See Monitoring your risks.