Introducing Risk Categories
As part of setting up the system, a list of key Risk Categories is defined that are specific to your organisation. Every risk captured will be linked to a single Risk Category from this list, representing the key risk classification. Typical Risk Categories might be Health and Safety, Reputation, Financial, Regulatory etc.
Risk Categories have the following impact in the system:
- Risk appetite parameters are set at Risk Category level, such as appetite threshold values controlling the calculation of the Risk Appetite status of the risk (i.e. within appetite, within tolerance, beyond tolerance)
- Risk score thresholds are set at Risk Category level, used to calculate the RAG (Red-Amber-Green) status related to the risk assessment Rating score
- Risk Categories are used to group, filter and report risks
Viewing Defined Risk Categories
In order to maintain Risk Categories use the Solution Area navigation in the bottom left corner to change areas to Admin.
Click on 'Risk Categories' in the menu to view existing categories. Add or edit risk categories from here.
Risk Category Fields Explanations
| Field | Comment |
| Name | Name of the Risk Category |
| Appetite Controls | |
| Risk Appetite Statement | Describe the appetite your organisation has for risks in this category. This is shown on reports as context for risk appetite analytics. |
| Aggregate Risk Appetite |
This is the upper threshold value for the Aggregate Risk RAG of this Risk Category to show Green (see 'Aggregate Rating Status' explanation below). |
| Aggregate Risk Tolerance | This is the upper threshold value for the Aggregate Risk RAG of this Risk Category to show Amber (see 'Aggregate Rating Status' explanation below). |
| Individual Risk Appetite | Enter the maximum risk severity score that is within appetite for risks in this category. Used to calculate the Appetite RAG, any Risk Rating score below or equal this number will result in a Green status. |
| Individual Risk Tolerance | Enter the maximum risk severity score that is within tolerance for risks in this category. Used to calculate the Appetite RAG, a Risk Rating score above the Individual Risk Appetite value and below or equal this number will result in an Amber status, a higher score will result in a Red status. |
| Management Approach | |
| Low to Extreme | Select the appropriate management approach relating to the Risk Rating score (Low to Extreme) for risks within this category. Used to report risks across different Risk Categories grouped by management approach. |
Aggregate Rating Status
This section shows the calculate Aggregate Risk Appetite RAG, which is calculated based on the Total Aggregate Rating (the total of all Risk Rating scores of active risks within this Risk Category). The Red-Amber-Green value is calculated using the Aggregate Risk Appetite/Tolerance values entered in the form.
The Total Aggregate Rating can be refreshed manually by clicking the calculator icon.
Risk Score RAG Values
Click on the 'Values' tab to reveal this 5 by 5 matrix of Likelihood vs Consequence values.
Define the RAG status value for each Likelihood/Consequence combination, which will be used to calculate the Risk RAG for risks of this Risk Category (based on scores of the most recent risk assessment).
Please note: we recommend that you make this matrix the same for all Risk Categories so that risk can be reported consistently using 5 by 5 matrix analytics.