Risk Assessments

Risk assessments evaluate the likelihood and impact of identified risks.

What is a Risk Assessment?

A risk assessment is a structured evaluation that determines:

How likely is the risk to occur?
What would be the impact if it occurred?
What is the overall risk score?
What risk level does this represent?

Assessment Types

Inherent Risk Assessment

Evaluates risk before any controls are applied.

Represents the "raw" risk level
Baseline for measuring control effectiveness

Residual Risk Assessment

Evaluates risk after controls are applied.

Shows current risk exposure
Guides further treatment decisions

Performing an Assessment

Open a risk
Go to Assessments tab
Click New Assessment
Select assessment type (Inherent/Residual)
Complete the assessment form
Save

Assessment Fields

Gover uses customizable assessment fields:

Default Fields

Field	Description	Scale
Likelihood	Probability of occurrence	1-5
Impact	Severity if it occurs	1-5

Custom Fields

Add custom fields for your methodology:

Financial impact
Reputational impact
Operational impact
Recovery time
Detection capability

Risk Score Calculation

Risk scores are calculated using formulas:

Simple Formula

Risk Score = Likelihood × Impact

Custom Formulas

Create complex formulas using:

Multiple fields
Weighted calculations
Custom operators

Example:

Score = (Likelihood × 0.4) + (Impact × 0.6)

Risk Levels

Scores map to risk levels:

Score Range	Level	Color
20-25	Critical	🔴 Red
15-19	High	🟠 Orange
10-14	Medium	🟡 Yellow
5-9	Low	🟢 Green
1-4	Very Low	🔵 Blue

info

Risk level mappings are configurable in Risks → Settings → Formulas.

Assessment History

Track assessments over time:

View all past assessments
See score trends
Compare inherent vs residual
Identify improving/worsening risks

Bulk Assessments

Assess multiple risks at once:

Select risks in the list view
Click Bulk Actions → Assess
Complete assessment form
Apply to all selected

Best Practices

Be consistent — Use the same criteria across assessments
Document rationale — Explain your scoring decisions
Reassess regularly — Risk levels change over time
Compare inherent/residual — Measure control effectiveness
Involve stakeholders — Get input from risk owners

Next Steps

Risk Treatment — Address assessed risks
Heatmap — Visualize risk distribution
Formulas — Configure scoring formulas

What is a Risk Assessment?​

Assessment Types​

Inherent Risk Assessment​

Residual Risk Assessment​

Performing an Assessment​

Assessment Fields​

Default Fields​

Custom Fields​

Risk Score Calculation​

Simple Formula​

Custom Formulas​

Risk Levels​

Assessment History​

Bulk Assessments​

Best Practices​

Next Steps​