Share via


Discovery and Risk Assessment Server 2013 - Risk Configuration

The following is an overview of Risk Configuration in Microsoft Discovery and Risk Assessment Server 2013 to help you understand how to define risk.

 

Risk is defined as a function of Materiality and Complexity.

  • Materiality – Sensitivity of the document.  Based on contents within the file or attributes of the file

 

 

  • Complexity – Statistics of the file as a function of the features of Excel / Access that are used

 

 

  • Risk Rule Designer
  • Point-scoring system for Materiality, Complexity, and Risk
  • Publishes a risk definition file (.rsk)
  • Accessed from the Tools menu

 

 

 

  • Parameters can be filtered to a specific sheet and/or range of cells, if needed.
  • Built-in and custom document properties leverage the “Sheet” property to define which property to analyze.
  • There are 3 categories of Materiality based on the score:
  1. Immaterial
  2. Material
  3. Critical

 

 

 

  • Complexity analyzes the contents of the spreadsheet to determine which features & functions are used and in what frequency.
  • Complexity rules can analyze and identify
  • Scoring methodology similar to materiality scoring.
  • There are 4 categories of Complexity based on the score:
  1. Rudimentary
  2. Light
  3. Intermediate
  4. Advanced

 

risk5a

 

  • Risk is a function of Materiality and Complexity
  • Using the configurable grid, you can adjust levels as needed. Material goes by rows, and Complexity goes by columns. You define the Risk level at each intersecting point.
  • Files that score high in Materiality and Complexity would normally by High risk files, and files that score low in Materiality and Complexity would be Low risk files.
  • There are 3 categories of Risk based on the Materiality and Complexity levels:
  1. Low
  2. Medium
  3. High

 

risk6a

 

After defining risk using the Risk Rule Designer, also called Spreadsheet Risk Calculator, you can run a Risk Assessment on your files to check file content and structure to determine the risk level of each file.