Quantifying Risks, my scale, how to track them on SharePoint

Everybody has a favorite way to quantify risk. I’m a SharePoint person.  Especially with large, remote ERP teams, I prefer a risk register that is visible, and a single copy, so everyone is able to synchronized on risk mitigation activities.

Most common scales I’ve seen have a range value for the probability of a risk occurring, and a separate range value for the impact should the risk occur.  Multiplying these two values together to come up with some sort of a quantifiable “this is a big risk”, “this is a small risk” indicator.

I use a 1 -5 scale for both probability and impact, creating a risk exposure value.  Note I’m not trying to build a cost value into the rating, I find that many team members get hung up on the dollar value in a rating.  I prefer to calculate potential costs separately and provide those values in the risk description.

I then create an “Exposure” calculated field that classifies a risk as “Critical”, “High”, “Medium”, or “Low” dependent upon its sum of Impact * Exposure.  I sort on the “Exposure” value to organize my list views and reports to focus on the risks that need attention.


Here are my favorite SharePoint settings:

Field Name

Field Type




1 – 5



1 – 5

Exposure Value





=IF([Exposure   Value]>19,”Critical”,IF(AND([Exposure Value]>11,[Exposure   Value]<20),”High”,IF(AND([Exposure Value]>8,[Exposure   Value]<12),”Medium”,”Low”)))

 Then I setup views to use the Exposure field. All this does is help to order the risks  into Critical, High, Medium, and Low, so that your team knows where to spend the energy to mitigate or avoid the risk.