Skip to main content

Assessment risk for supply chain management

Prerequisites

To use this feature, you need to be configured to use supplier risk management. If your use case is different, see Assessment risk.

This topic covers risk management for a company's supply chain use case.

With Maxsight's Risk module, you can determine the risk that an entity poses to your company's supply chain. For an overview of your entire risk portfolio, see Portfolio risk overview dashboard.

How risk is determined

When an entity starts a new assessment, the risk model for that assessment is applied to the entity.

Every risk model includes two things:

  • Risk factors: A risk factor is some detail about the entity that can influence the risk to your organization, for example, a company's country of incorporation or liability. Each risk factor is assigned a score that shows how significant that factor is to the overall risk; the higher the score, the greater the risk. Any risk factor can be required or optional.

  • Risk levels: A risk level indicates the overall risk the assessment poses to your company: Low, Medium, or High. Each risk level has a range, for example, 0-49. If an assessment's total risk score falls within this range, it is assigned this risk level.

When a risk model is applied to an assessment, the risk factors are evaluated, and a risk level is assigned.

An assessment's risk level can change throughout the course of onboarding and monitoring. The risk model is re-applied any time entity details used in the risk model change, for example, when a company changes the country in which it operates.

Risk models are specific to the entity type, either individual or company. One assessment may have one risk model for individuals and another for companies. When a risk model is re-applied to an assessment, all risk factors in the model are re-evaluated. Learn more About risk factors.

Risk models and assessments

An assessment's risk level is displayed:

  • In the Risk level column on the Entity management page.

  • On an entity's Assessment overview page.

  • On an entity's Assessment risk scores page.

  • On the Portfolio risk overview dashboard.

If the risk score can't be calculated, the risk level is undetermined. If the risk level is displayed as Calculating risk, the risk model is still being applied. It may take some time to calculate the risk score, especially in the case of companies that have many associates.

On an entity's Assessment risk scores page, every assessment that has a risk model is displayed along with its risk level.

If two assessments are using the same risk model, each assessment is listed separately.

Select an assessment to see the breakdown of the risk level.

Risk_scores_page_supply_chain.png

The breakdown includes the overall risk score, which is the cumulative score from every risk factor and determines which risk level is used for the assessment.

The risk level thresholds are also displayed, so you can see exactly which threshold the overall risk score falls into and which risk level is applied.

In the example shown in the screenshot, the overall risk score is 44, meaning the assessment falls into the 0-63 threshold of Low risk.

If a risk factor must be evaluated before the risk score can be determined, it's marked Required. Otherwise, the risk factor is optional and only used for the overall risk score if the relevant information is in the entity details.

If your risk model uses custom fields as risk factors, you can expand the row of each custom field risk factor to view its description, if entered when configuring the custom field, and its data source.

In the example shown in the screenshot, the Financial health sentiment risk value source is Manually entered, which means the value came from an API response, a form, or a user manually entering the data. The value source of Geopolitical risk is Automatically entered because the value came from the data provider. You can edit values that were automatically populated, however the field retains the manually entered value even if new provider data is returned from a check.

The Value shows what information the entity has for that risk factor. The value is displayed as -- if the entity has no information. Risk factor groups always display --.

The Score displays the risk score for that risk factor or risk factor group. This score is added to the assessment's overall risk score. If there is no value for a risk factor, the default score is applied. If no default value is specified in the policy configuration, the score for risk factors with no value is Undetermined. Risk factors with an Undetermined score are not included when calculating the overall or group risk score.

The Impact displays how much each risk factor is contributing towards the overall score, and is represented as a percentage.

Edit enables you to edit the value for that risk factor. To edit the information, select the Edit Pencil icon_no border button. If the result of a check determines the value for the factor, for example, PEPs matches, you can't directly edit the information, and -- is displayed in the Edit column. Risk factor groups always display --.

Associate risk scores are calculated differently from assessment risk scores. For associate risk factor calculations, see Associate risk score calculation.

Undetermined risk

If the risk level is Undetermined, the risk score can't be calculated because at least one required risk factor doesn't have a value.

To learn which risk factor values are missing, go to the entity's Assessment risk scores and select the assessment with Undetermined risk.

Application risk score missing required value

Each time a value is added for a risk factor, the risk score is recalculated.

Additional information

In this section: