Discovery and Risk Assessment Sever 2013 - Risk Criteria Overview for Access databases
The Risk criteria for Access databases in Discovery and Risk Assessment Server 2013 are listed in the table below. These settings are fixed and cannot be changed, unlike the settings for workbooks which can be modified. These Risk settings are based on Complexity only. By default, all Access database files will be classified as “material” for the Materiality rating, so the Risk category is calculated from the Complexity.
Complexity Scoring
Criteria | Operator | Value | Score |
Tables | > | 5 | 5 |
Tables | > | 10 | 5 |
Tables | > | 15 | 5 |
Queries | > | 5 | 5 |
Queries | > | 10 | 5 |
Queries | > | 15 | 5 |
Forms | > | 5 | 5 |
Forms | > | 10 | 5 |
Forms | > | 15 | 5 |
Modules | > | 0 | 10 |
Modules | > | 5 | 10 |
Modules | > | 10 | 10 |
So, for example, if an Access database has greater than 5 tables, it will get 5 points. If it also has greater than 10 tables, it will get an additional 5 points toward complexity.
Here is the scoring system used to determine Risk based on the total Complexity score of the Access database:
Risk Definition
Operator | Complexity Score | Complexity | Risk |
< | 5 | Rudimentary | Low |
<= | 10 | Light | Low |
<= | 20 | Intermediate | Medium |
> | 20 | Advanced | High |