Describing Risk Exposure Calculation Models

This model attempts to predict the supplier's risk exposure level based on the number and type of risk incidents associated with the supplier.

1. Each incident type is assigned a realm-specific probability equal to the number of times such an incident has occurred in a realm divided by the total number of incidents that have occurred in the realm in the incident category.
2. Each incident type is assigned an impact multiplier based on the severity of that incident type.
3. The product of probability times impact generates a raw exposure value.
4. This raw exposure value is increased by 10% for incidents that are mentioned in more than one media source.
5. This adjusted exposure value is added to a supplier's exposure for each occurrence of that incident type that they have.
6. Because this calculation does not guarantee that risk exposures for each risk category are based on the same scale, SAP Ariba normalizes each category's risk exposure into a 1-100 scale using linear interpolation.

This model describes the supplier’s current risk exposure level based on contributing data received directly from providers.

1. For each contributing factor in a risk domain, the provider furnishes raw data (number of lawsuits, for example, or years since bankruptcy, etc.)
2. This raw data is compared to the High, Medium, and Low thresholds to determine the intensity of risk for that contributing factor.
3. The factors most important to the customer are assigned a customer priority value.
4. For each factor in the risk domain, the risk value is multiplied by the customer priority.
5. The raw risk exposure value for each risk domain is calculated by multiplying together the scores for each contributing factor in that domain.
6. This will result in a number that is probably not between 1 and 100. Linear interpolation is used to generate a risk exposure value between 1 and 100 for the risk domain.