Who is this article for?

Administrators who need to understand the Entity Risk Matrix.

Administrator access to the Universe module is required.

The Entity Risk Matrix provides a visual representation of risk assessments across your organisation, displaying both inherent and residual risk scores based on likelihood and impact ratings.

1. Understanding risk scoring

Each risk assessment allows you to rate the specific risk in respect of the likelihood of it occurring and the impact if it does occur. Both inherent and residual risk scores are automatically calculated, with the residual score taking into account the effect of any mitigating controls.

The resulting risk scores are then graded according to a heat map, whereby different score combinations give rise to different grades and colours.

2. Viewing risks in the Navigator

Selecting the Navigator displays the number of inherent and residual risks for all entities contained within that navigator level. The number of risks with each likelihood and impact score combination appear in each coloured cell.

3. Analysing specific risk scores

Clicking on a cell in one of the matrix displays a summary in the Data Grid of the risks that have that score. Hovering your mouse on a cell will show where those risks are on the other matrix.

4. Reviewing unassessed risks

Under the matrices is an unassessed field giving a count of the number of risks not assessed. Clicking on this will provide a summary list of those risks not assessed.