The Score Settings tab within each Risk Assessment Template allows administrators to define how risk is calculated, displayed, and interpreted. These settings determine which factors (such as Severity, Likelihood, and Exposure) are included in the calculation, how risk levels are categorized, and what scoring thresholds define “Low,” “Medium,” “High,” or “Very High” risk.
Establishing clear and consistent scoring parameters is essential to producing meaningful, comparable risk assessments across your organization.
Accessing Score Settings
To configure score settings for a Risk Assessment Template:
Navigate to Risk Assessments → Assessment Templates.
Select the template you wish to configure.
Open the Score Settings tab.
You’ll see three main configuration areas: Risk Formula, Risk Criteria, and Risk Matrix (as shown in the screenshots above).
Configuring the Risk Formula
The Risk Formula determines how numerical risk scores are calculated for each hazard. Serenity provides several formula options to align with different organizational methodologies.
Common examples include:
Severity × Likelihood – The most widely used two-factor model, multiplying the impact and probability of a hazard.
Severity + Likelihood - 1 – Produces a more gradual range of scores, often preferred for qualitative risk assessments.
Severity × Likelihood × Exposure – Incorporates an additional factor to represent how often an individual is exposed to the hazard.
Severity × Likelihood + Exposure – Useful when exposure is treated as a weighted additive factor rather than a multiplier.
Select the formula that best reflects your organization’s approach to risk quantification.
The chosen formula will be applied automatically when assessors record their hazard ratings during a risk assessment.
.png?sv=2022-11-02&spr=https&st=2025-12-13T23%3A13%3A26Z&se=2025-12-13T23%3A29%3A26Z&sr=c&sp=r&sig=a9%2FRiJCNxBJNvtN6Uy40g%2BX7Easg%2BUYeut0IDccKPN4%3D)
💡 Tip: Use a single formula across all templates if your organization plans to analyze or benchmark risk results at a corporate level.
Defining Risk Criteria
The Risk Criteria section allows you to select the rating scales that assessors will use when assigning Severity, Likelihood, and (if applicable) Exposure values.
For each criterion, you can choose from pre-defined value sets that align with your organization’s terminology. Examples include:
Severity:
Insignificant, Minor, Moderate, Major, Catastrophic
or Insignificant, Minor, Critical, Severe
Likelihood:
Rare, Unlikely, Possible, Likely, Almost Certain
or Likely, Unlikely (simplified scale for qualitative reviews)
Exposure:
Infrequent, Occasional, Frequent (available when formulas include exposure as a factor)
The selected values will appear as dropdown options for users during risk assessments, ensuring consistent scoring language across all sites and teams.
.png?sv=2022-11-02&spr=https&st=2025-12-13T23%3A13%3A26Z&se=2025-12-13T23%3A29%3A26Z&sr=c&sp=r&sig=a9%2FRiJCNxBJNvtN6Uy40g%2BX7Easg%2BUYeut0IDccKPN4%3D)
💡 Tip: If your organization already uses defined rating criteria for safety, environmental, or process risk assessments, align these lists so all risk types are evaluated using common terminology.
Setting Up the Risk Matrix
The Risk Matrix defines how risk scores are translated into qualitative levels such as “Low,” “Medium,” “High,” or “Very High.”
This helps assessors and managers quickly interpret the overall risk significance.
Within this section, you can:
Choose how many risk levels to display (for example, three levels—High, Medium, Low—or four levels—Very High, High, Medium, Low).
Assign threshold values for each level. For example:
Low: greater than 0
Medium: greater than 3
High: greater than 5
Very High: greater than 7
Review the color-coded matrix visualization below the thresholds to confirm that each combination of Severity, Likelihood, and Exposure (if used) maps correctly to the intended risk levels.
This visual matrix gives an immediate, intuitive representation of how risk scores will appear to users in the field.
Example: Standard 5x5 Configuration
A common configuration for many EHS teams is a 5x5 matrix, using five levels each for Severity and Likelihood.
For instance:
Severity: 1 = Insignificant, 5 = Catastrophic
Likelihood: 1 = Rare, 5 = Almost Certain
If using the formula Severity × Likelihood, a high-severity, high-likelihood event (5 × 5 = 25) would typically map to “Very High” risk, while a low-severity, low-likelihood event (1 × 2 = 2) might map to “Low” risk.
This format provides a well-balanced scale that’s easily understood by most EHS practitioners and aligns with many regulatory and ISO-based risk frameworks.
Configuring Residual Risk Calculation
The Residual Risk section in the Score Settings tab defines how Serenity calculates the residual risk for each hazard after control measures have been applied. This setting determines whether assessors will manually assign post-control ratings or whether the system will automatically calculate the residual score based on the risk reduction value of controls.
Calculation Method Options
Under Residual risk calculation, two methods are available:
Manual: When the Manual option is selected, assessors are required to directly enter the residual Severity, Likelihood, and (if applicable) Exposure values for each hazard.
These values represent the anticipated risk after controls are in place and functioning effectively.
Serenity then applies the same scoring formula and risk matrix defined earlier in the template’s Score Settings to determine the Residual Risk Score and corresponding risk level (e.g., Low, Medium, High).
This method is best suited for assessments where subjective judgment or expert review is required to estimate post-control risk.
Calculated: When the Calculated option is selected, Serenity automatically determines the residual risk score by applying risk reduction factors associated with the implemented controls.
Each control in the system can have a risk reduction value (expressed as a percentage). For a given hazard, the total reduction is calculated by summing the values of all assigned controls.
The residual risk is then computed using the following approach:
Residual Risk Score = Inherent Risk Score × Total Risk Reduction %
For example:
If the Inherent Risk Score is 8 (High), and the total risk reduction from controls equals 50%, the Residual Risk Score will be 4 (Medium).
This method provides a consistent, quantitative approach to estimating post-control risk and is particularly useful for large-scale or data-driven risk programs where standardization is important.
Configuring Control Ratings
The Control Ratings section in the Score Settings tab allows template owners to define how assessors will evaluate the effectiveness of controls during a risk assessment. This configuration determines the rating options, required documentation, and follow-up actions that apply when controls are reviewed.
.png?sv=2022-11-02&spr=https&st=2025-12-13T23%3A13%3A26Z&se=2025-12-13T23%3A29%3A26Z&sr=c&sp=r&sig=a9%2FRiJCNxBJNvtN6Uy40g%2BX7Easg%2BUYeut0IDccKPN4%3D)
Control Rating Scales
Under Control ratings, choose the rating scale that will be available to users during control evaluation.
Options include:
Strong, Adequate, Poor — a qualitative measure of control effectiveness (default).
Implemented, Not Implemented — a simple binary evaluation often used for compliance-style assessments.
The selected rating scale defines the response options displayed to assessors when completing control assessments.
Additional Control Rating Options
You can also configure additional requirements based on specific rating outcomes:
Require notes – Enforces entry of explanatory notes when the selected rating meets defined conditions (e.g., Poor).
Require attachments – Ensures supporting evidence (such as inspection photos or control verification records) is uploaded when required.
Require task – Automatically triggers the creation of a follow-up task, such as a Corrective Action, when a specified rating is chosen.
When Require task is selected, you can further specify:
Required task type (e.g., Corrective Action, Preventive Action).
Required task priority, using your organization’s defined priority scale (e.g., Critical, High, Moderate, Low, Planning).
Best Practices
Standardize your model. Use the same formula, rating criteria, and thresholds across all templates whenever possible. Consistency allows for meaningful organization-wide risk comparison and reporting.
Choose intuitive language. Select severity and likelihood terms that align with your organization’s existing safety or operational vocabulary. Avoid overly technical language that might confuse end users.
Keep scales manageable. A 4–5 level scale for each criterion offers a good balance of detail and usability.
Validate your matrix. After setting up thresholds, review real or historical examples to confirm that the matrix produces reasonable classifications (e.g., incidents with serious injury potential should fall in the “High” or “Very High” category).
Document your logic. Record which formula, scales, and thresholds are in use, so they can be consistently applied in training, audits, and reporting.
By properly configuring Score Settings, organizations can ensure that every risk assessment in Serenity — from job-level analyses to complex process reviews — quantifies and categorizes risk in a clear, standardized, and defensible way. This consistency supports accurate risk trending, prioritization of controls, and data-driven safety improvements.