Understanding risk mitigation
Mitigation is the action or actions your organization takes to reduce a risk from actually happening. If you choose to mitigate a risk, you need to provide a mitigation percentage for each control linked to the risk. Essentially, you’re stating that you want to mitigate “this much of the risk” by using the control.
For example, 30% mitigation on a control reduces the risk by 30%. The amount mitigated will be reduced when the control is At risk (by half) or Critical (completely; the applied mitigation will be 0% despite whatever percentage was entered until the risk is no longer in this state).
How mitigation works in Hyperproof
Hyperproof allows you to specify a likelihood mitigation percentage and an impact mitigation percentage. The mitigation percentage for each option can be a whole number or a number with up to two decimals, and must not exceed 100 percent. A control can be linked to multiple risks and have different mitigation factors for each.
Click the arrows below to learn more:
Likelihood mitigation
Likelihood mitigation
The percentage of the control that goes towards preventing a negative outcome from occurring.
Impact mitigation
Impact mitigation
The percentage of the control that goes towards reducing the impact of a negative outcome.
No mitigation
The mitigation percentage for a linked control can be 0%, which poses no effect on the overall risk score. If there’s no mitigation, then the inherent risk and the residual risk will be exactly the same.
Upgraded risk mitigation
This risk module has been updated in Hyperproof. You can now adjust risk map settings for each risk register you stand up. To do this, you'll now click into the risk register you'd like to change the risk map settings on, and in the details section, choose edit definition.
In this video tutorial, we'll walk through how to adjust your risk map settings on a specific risk register.
The tutorial below is shown in the administrator role with organizational permission as a manager in Hyperproof. If you are in another role in Hyperproof or have a different permission, you may not have access to some of these areas shown, or they may be greyed out.
Click the arrow below to learn more:
Customizing the risk register
Customizing the risk register
From the left menu, select Risk.
Select your Risk Register.
Select the Details tab.
Click Edit definition.
The Edit risk mapping window opens.
Do one or more of the following:
Add or remove points on the Likelihood scale. To add a point, scroll to the bottom and click Add likelihood level. To remove a point, mouse over the level and then click the Trash icon.
Add or remove points on the Impact scale. To add a point, scroll to the bottom and click Add impact level. To remove a point, mouse over the level and then click the Trash icon. Optionally, select the checkbox if you want to match the Impact scale to the Likelihood scale.
Adjust the numeric values for each level.
Rename the levels.
Change the color that represents a particular level.
Add descriptions to each level.
Click Next.
Do one or more of the following:
Add or remove risk levels. To add a level, scroll to the bottom and click Add risk level. To remove a level, mouse over the level and then click the Trash icon.
Rename the levels.
Change the color that represents a particular level.
Click Save.
Custom risk mapping
Administrators have the option to customize risk mapping, i.e. changing the point scale to better suit the organization.
The risk scale can have 3 to 10 levels with custom point values. For example, an organization might choose a 3-point likelihood scale and a 3-point impact scale. They might decide on the following values:
Low (1)
Fair (5)
Catastrophic (10)
The applicable values for each risk level can be adjusted, as shown below with 0 to 30, 31 to 50, and 51 to 100 groupings.
