How residual risk is calculated
Residual risk = Residual likelihood × Residual impact
Residual likelihood and impact are typically calculated based on:
Linked controls
Defined mitigation percentages
Control health status
You can manually override:
"Residual likelihood and impact" - Hyperproof will recalculate residual risk.
"Residual risk" - Hyperproof will not recalculate likelihood or impact.
Why the visuals might differ
Residual heatmap: Residual likelihood × Residual impact (plotted values)
Donut chart: Final residual risk count (calculated or manually overridden)
When values match
If residual likelihood and/or impact are changed (manually or via controls mitigation), the heatmap and donut chart stay in sync.
When values differ
If you manually override the residual risk (but not likelihood/impact), the donut chart reflects the override, while the heatmap still uses the original plotted values. This causes a mismatch between charts.
Example
Imagine a risk with:
Residual likelihood: Medium
Residual impact: High
Residual risk (calculated): High
Scenario 1: No manual changes
Both the heatmap and donut chart show the risk as High. Everything is in sync.
Scenario 2: You change the residual likelihood to Low
Hyperproof recalculates: Low × High = Medium
Both visuals now show the risk as Medium
Scenario 3: You manually override the residual risk to Very High
Residual likelihood and impact remain Medium and High
Heatmap still plots the risk as High (based on Medium × High)
Donut chart reflects the manually overridden Very High risk value
Result: The heatmap and donut chart now show different values
Note:
To keep the heatmap and donut chart aligned, adjust the residual likelihood and impact instead of directly overriding the residual risk.
If you have to adjust the residual risk more often, check the residual risk heatmap configuration and correct it as needed.
REF 000001569