Risk Control Strength and Implementation Ratings
Introduction
Risk Sub-Controls each have a Strength Rating and an Implementation Rating. Both contribute to the overall effectiveness of a Risk Control Category.
Strength Rating - Maximum percentage that a Control will reduce the likelihood of a risk occurring
Implementation Rating - Percentage representing how well a Control is implemented across the whole Organization
The total effectiveness is equal to the Strength Rating multiplied by the Implementation Rating
Effectiveness = Strength * Implementation
Each Rating can be edited on Risk Sub-Controls, which will in turn affect a Category’s total effectiveness. This can be seen in the details of each Category:
