Skip to main content
All CollectionsGeneral Drata Application Information
Custom Formulas for Risks
Custom Formulas for Risks

Create custom formulas based on custom fields and Data fields within Risk Management.

Updated over a week ago

There can be multiple methods to measure risk. Therefore, we offer a flexible and configurable approach to risk measurement and management. Whether you are calculating your risk appetite, adding a risk modifier, or measuring financial risk, Drata allows you to configure inputs to match your specific workflow.

Prerequisite

  • You must have the Advanced or Foundation package.

  • You must have an Admin, Information Security Lead, or Workspace Manager role.

    • Even if you are a Risk Manager, you must be assigned one of the previously mentioned roles.

  • Only currency and numerical fields can be used.

  • You can create a maximum of 50 custom formulas within each account.

  • The following field types within Risk Assessment or Risk Management can be used in the expression builder:

    • Number

    • Currency

    • Dropdown (number)

Common use cases

The following examples utilize Custom Formulas for risks to solve business needs. Here are a few examples of how custom formulas can be used to serve your organization’s specific workflows when assessing and evaluating risks.

Financial Impact

Here's how to measure the potential financial impact for each risk event.

  1. Create a custom field that equates to the Likelihood field or use Drata’s own Inherent Likelihood field in regard to the probability of your the Risk event occurring.

  2. Create another custom field that equates to the Financial Loss for the Risk, utilizing a Currency field type.

  3. Finally, create a Custom Formula with the following expression:

    • Note: The Risk Probability field is divided it by 100 in case you want to measure the percentage as an input of the formula.

You can view your formula in the Risk Drawer:

Operational Risk Tolerance

Calculate the potential Operational Risk Tolerance related to a risk surrounding Business Continuity, in the event of your systems going down temporarily.

You can use the following formula:

Risk Appetite

Calculate the amount of risk an organization is prepared to accept while pursuing its goals. While this can an aggregated number of all your risks, you can calculate the individual (financial) Risk Appetite by using the following formula:

Create Custom Formulas

Navigate to the Company Settings page. There, you will find a card displaying Custom Fields and Formulas, where the previously mentioned roles can configure the custom fields and formulas to evaluate risks.

On the Custom Fields and Formulas page, configure the custom formulas. Select Create formula.

Follow the 3-part wizard to create a custom formula, starting with the Details section.

In Step 2, select the placement of the formula within a specific section of the Risk Drawer. The default location is Risks, as Custom Formulas are only available within Risk Management and Risk Assessment.

  • Note: Risk Management is only available in the Advanced package.

In the final step, build your expression using operators and applicable custom fields and risk fields. Only currency and numerical field types can be used.

The expression builder provides real-time feedback on whether your expression is valid. The builder allows a maximum of 35 terms. In addition to numerical or currency field types, you can manually input numerical values as terms within the expression.

  • Note: Only valid expressions can be saved.

The result of your custom formula displays inside the Risk drawer and updates in real-time as you modify applicable inputs and fields used in the formula.

View the Custom Formula and calculation within a Risk

To view the custom formula and its result, select the Risk to open the drawer and locate the field where you configured the Placement step during the initial creation.

The result updates in real-time, allowing you to adjust inputs and view the output instantly. Additionally, you can see the formula beneath the field name (and description if available), as well as the values used when hovering over the individual terms

Modifications to a Custom Field

Note: Modifications to a custom field used in a formula are limited.

When a field is used in a formula, it cannot be deleted, and the Risk placement cannot be updated.

Any custom field actively used within a custom formula is limited to updating the name and description cannot be deleted. A banner displays above the custom field indicating which custom formula uses that field.

Did this answer your question?