HomeGuidesAPI ReferenceChangelog
Guides

Setup Risk Model

Risk Configuration allows administrators to define custom risk and opportunity models, configure scoring logic, and tailor assessment criteria based on organizational standards.

Suggest Edits

Risk Model Configuration Guide

This guide describes how to create and configure a custom Risk Model within the RegScale platform to support standardized and repeatable organizational risk assessments.

What Is It?

A Risk Model in RegScale defines how risk is calculated, categorized, and displayed. This includes:

  • The probability × consequence scoring matrix
  • Default numeric scoring
  • Color ranges for severity visualization
  • Business impact areas used across risk assessments

Risk Models ensure that assessors use a consistent and objective method for identifying and evaluating risk.

Why Would You Use It?

Organizations use custom Risk Models in RegScale to:

  • Align risk scoring with internal governance, regulatory frameworks, or industry standards
  • Tailor risk matrices (3×3, 4×4, or 5×5) to fit their methodology
  • Define clear scoring guidance for probability and consequence
  • Customize severity color thresholds (e.g., green, yellow, red)
  • Maintain consistent impact areas (e.g., financial, compliance, operational)
  • Apply a reusable model across Risks, Issues, Findings, Assessments, Projects, and more

Benefits

  • Standardization — Ensures all teams score risk the same way
  • Clarity — Improves communication to stakeholders through uniform color-coding and guidance
  • Scalability — One model can be used across systems, vendors, and programs
  • Auditability — Establishes clear documentation of how risk is assessed
  • Consistency — Prevents subjective scoring or assessment drift between assessors

How to Use

Follow the steps below to create, edit, and publish a custom Risk Model in RegScale.

1. Navigate to Risk Configuration

  1. Click your User Icon in the top-right corner of RegScale
  2. Select Setup
  3. In the left navigation panel, click Risk Config

2. Create a New Risk Model

  1. Click Create New in the upper-right corner
  2. Enter a Title for your model
  3. Set Model Type → Risk
  4. Select a matrix size (3×3, 4×4, or 5×5)
  5. Click Save

3. Edit the Risk Matrix

Click Edit to customize matrix cells:

  • Override the display title
  • Update the numeric score
  • Add guidance or descriptive text
  • Adjust color or severity where needed

4. Risk Categorization Options

Here you can update:

  • Labels (Very Low, Low, Medium, High, Very High)
  • Probability/Consequence assignment
  • Numeric score association
  • Guidance text

5. Default Risk Color Ranges

For each color band:

  • Set minimum score
  • Set maximum score
  • Optionally adjust the severity color

6. Business Impact Areas

Common impact areas include:

  • Compliance
  • Cybersecurity
  • Environmental
  • Financial
  • Legal
  • Operational
  • Reputational
  • Safety

Add, rename, or delete impact areas as needed.

7. Publish the Configuration

  1. Scroll to the bottom
  2. Click Publish Configuration

Best Practices

  • Standardize across your organization
  • Provide clear guidance
  • Align with governance frameworks
  • Revisit periodically
  • Document changes

Additional Resources

Updated 2 days ago