How do risk rating methods work?

When we rate a risk we are faced with the subjectivity that it represents for each user to put a level to that risk.

Now, with Pirani you will be able to rate your risks under the direct method or by variables, to help you reduce the subjectivity in risk rating.

→ You will be able to see this update from the Basic plan.

What is the difference between the direct method and the variable method?

Direct method: it is the global way of rating the risk, where you have the current list composed of the impact and frequency variables, this method does not allow you to know from which perspective or elements that risk is being evaluated, becoming a subjective rating.


The method by variables establishes a pattern for the qualification, avoiding the user's subjectivity in front of the risk. It will be evaluated according to the specifications given by the organization to each of the variables. 

How to parameterize the risk rating?

In the "Parameterization" module, click on the "Risk Rating" section, here you must choose the type of calculation that the rating will have: "By average" or "By highest rating". 

By average: where a weighted average is made between the variables that have been assigned a value.
By highest rating: where the variable with the highest value in both the rating and the weight of the variable is chosen. 
You can then define the type of rating by impact and frequency. 


If you choose "By variables": you will have the option to parameterize the variables as well as the weight they will have. 

To do this, click on the pencil icon on the variable you wish to modify, and a pop-up window will appear with the following fields: name, weight, description, and rating options.

In the "rating options" field you will be able to give a description, preferably quantitative, to each of the variables to determine what your criteria will be.

Important: when you assign the weight to your variables make sure that they add up to 100%, otherwise it will appear as an error.

If you choose "Direct": you will not be able to parameterize anything as the calculation will be based directly from your risk matrix.

After choosing the type of rating, click on "Save".

How to set the rating method when creating a risk?

When creating a risk, the "Impact" and "Frequency" fields will appear in the pop-up window, which can be defined individually by variables or directly.

If it is by variables: the list of all the variables that have been configured in the tool will be displayed, allowing to have a qualitative and quantitative qualification as well as a description that will help to have an objective evaluation.

If it is direct: the list of all the variables determined by the organization will be displayed, without having more detail on each one of them.

Rating by causes

Now in Pirani we have a new method of risk qualification, the qualification "By Causes", this method allows to qualify only the frequency of the risk by means of the causes of the risk. 

Important: This configuration only impacts the frequency of new risks or risks that are edited. Previously created risks will retain the rating - - Only available for ORM and compliance management systems.

How to configure the rating by cause?

To configure the rating by cause, you must click on the gear icon in the "Parameterization" section in the top bar, then choose the management system and then click on the "Risk rating" section.

Captura de Pantalla 2023-07-11 a la(s) 11.44.47 a. m.

Here you should go to the frequency variables and drop down the "rating type" options and choose "Rating causes". 

Captura de Pantalla 2023-07-11 a la(s) 11.45.04 a. m.
In this section you will be able to create the probability of occurrence levels for the causes. Click on the create range button and create the levels you consider appropriate by choosing a percentage between 0- 100.

Captura de Pantalla 2023-07-11 a la(s) 11.46.20 a. m.

Important: You can edit the created ranges, however if you are going to delete an existing level or range that has been used you must replace it with another existing one within the variable, because the frequency cannot be left unqualified. 

Captura de Pantalla 2023-07-11 a la(s) 11.46.33 a. m.

For the cause rating you must also choose the type of calculation, by average or by highest rating. Finally to make the setting effective you must click on the green "Save" button.

Captura de Pantalla 2023-07-11 a la(s) 11.47.28 a. m.
After saving the settings go to the risks section to create a new risk or edit an existing one. In this process, in the step of choosing the frequency you will find the option of qualification by causes, here you will be able to associate causes to your risk and see the causes already associated previously.

Captura de Pantalla 2023-07-11 a la(s) 11.48.05 a. m.

After associating the corresponding causes you must give a rating to each of the associated causes, the rating options are those created previously in the parameterization section of your organization. 

Captura de Pantalla 2023-07-11 a la(s) 11.48.23 a. m.

After scoring each of the causes click save and now you can see your risk in the heat map. 

Captura de Pantalla 2023-07-11 a la(s) 11.48.38 a. m.