Risk assessment is where AI governance stops being theoretical and starts being defensible. The IAPP AIGP Body of Knowledge (BoK v2.1) places quantitative risk scoring at the centre of every governance program — not as a bureaucratic formality, but as the primary tool for prioritisation, accountability, and regulatory proof-of-compliance. If you cannot move from a qualitative risk narrative to a scored, documented entry in a Risk Register, you are not prepared for the exam.

This article covers the complete methodology: the 5×5 matrix, the seven impact dimensions, the inherent-versus-residual distinction, threshold tiers, and the framework mapping you will need to cite under exam pressure. Every section maps directly to testable BoK v2.1 content.

The Core Formula: Risk Score = Likelihood × Impact

The standard AI risk quantification tool is the 5×5 Risk Matrix. Both axes are scored on a five-point scale, producing a numerical value between 1 and 25. That single number enables objective comparison across different business units, AI systems, and risk categories — which is the entire point. Governance without a consistent scoring baseline produces opinions, not decisions.

The Standard Formula
Risk Score = Likelihood × Impact
Likelihood
Scale: 1 (Rare) → 5 (Almost Certain)
Impact
Scale: 1 (Negligible) → 5 (Critical)
Output Range
1 (lowest) to 25 (highest)

The matrix below shows every possible combination. Memorise the tier boundaries — scores of 1–6, 7–12, 13–18, and 19–25 each trigger a different organisational response, and the exam will test your ability to identify the correct action for a given score.

The Complete 5×5 Matrix

Likelihood ↓ / Impact →
1
Negligible
2
Minor
3
Moderate
4
Major
5
Critical
5 — Almost Certain
>90% probability
5
10
15
20
25
4 — Likely
61–90% probability
4
8
12
16
20
3 — Possible
31–60% probability
3
6
9
12
15
2 — Unlikely
10–30% probability
2
4
6
8
10
1 — Rare
<10% probability
1
2
3
4
5
1–6 · Low
7–12 · Medium
13–18 · High
19–25 · Critical

Step 1: Quantifying Likelihood

Likelihood is scored using a percentage-based probability scale. The BoK provides specific ranges for each level, and exam questions will test whether you can correctly map a described scenario to the right probability band. Do not rely on intuition — use the defined intervals.

  • 1 — Rare: Probability below 10%. The event could theoretically occur but has no realistic basis to be expected.
  • 2 — Unlikely: 10–30% probability. Recognised but not anticipated in normal operations.
  • 3 — Possible: 31–60% probability. Could go either way; meaningful chance of occurring.
  • 4 — Likely: 61–90% probability. Expected to occur under normal conditions.
  • 5 — Almost Certain: Greater than 90% probability. Should be treated as a near-certainty for planning purposes.
Exam trap: scenarios will often describe a risk as "unlikely but possible" without giving a percentage. Read the contextual details carefully — prior incidents, model deployment scale, and regulatory environment are the clues that anchor a probability to the correct band.

Step 2: The 7 Dimensions of Impact — and the Highest-Score Rule

Impact in AI governance is not a single variable. Because AI systems can cause harm across multiple domains simultaneously, the BoK requires that evaluators assess each risk across seven distinct impact dimensions. The final Impact score used in the matrix is then determined by a specific aggregation rule — the highest-score rule — which is directly testable.

Financial
Fines, direct costs, or revenue loss.
Operational
Disruption to core business processes.
Reputational
Damage to brand equity and consumer trust.
Safety
Physical or psychological harm to individuals.
Ethical
Biased outcomes, discrimination, lack of fairness.
Legal
Regulatory violations, litigation, contractual breaches.
Fundamental Rights
Impacts on privacy, liberty, freedom of expression.
The Highest-Score Rule
Score all 7 dimensions separately. Use the single highest dimension score as the Impact value in the matrix. Ethical and rights-based harms must never be averaged down by lower financial or operational scores.

This rule exists for a governance reason, not a mathematical one. A facial recognition system might score 1 on Financial impact (cost is negligible) but 5 on Fundamental Rights (mass surveillance potential). Averaging those scores would produce a 3 — a Medium risk with a quarterly review. Applying the highest-score rule correctly produces a 5, which combined with a Likelihood of 4 (Likely) yields a score of 20 — a Critical risk requiring executive authority and continuous monitoring. The exam will construct exactly this kind of scenario.

Step 3: Inherent vs. Residual Risk — and the Canadian AIA Logic

The AIGP BoK draws a hard distinction between a risk's raw score and the score that remains after your organisation has done something about it.

  • Inherent Risk is the score calculated before any controls, mitigations, technical safeguards, or policy constraints are applied. It represents the organisation's raw exposure.
  • Residual Risk is the score remaining after mitigation measures have been implemented and verified. This is the number that goes in the Risk Register's final column and drives the review cadence.
Inherent Risk
Raw score
Before any controls or mitigations are applied
Mitigation Plan
≥ 80% effectiveness score
→ apply 15% reduction to raw impact score
(Canadian AIA threshold logic)
Residual Risk
Final score
Entered into the Risk Register

For the exam, the Canadian AIA threshold figures are not approximations — memorise them exactly as presented in the BoK: 80% mitigation effectiveness triggers a 15% reduction to the raw impact score. Questions will present mitigation plans with varying effectiveness scores and ask you to determine whether the reduction applies.

Step 4: The Four Tolerance Tiers — Required Actions and Review Cadences

A risk score is only useful if the organisation knows what to do with it. The BoK defines four tiers, each with a mandatory action-based response and a review cadence. For the exam, you must be able to correctly match a score to its tier and identify the appropriate response — both the action and the seniority level required.

Score
Tier
Required Response
Cadence
1–6
Low
Accept risk. Team-level monitoring only.
Semi-annual
7–12
Medium
Mitigation plan required. Management sign-off.
Quarterly
13–18
High
Enhanced controls. Senior oversight. FRIA required.
Monthly
19–25
Critical
Executive authority. Possible system halt or Disengage.
Continuous

Note the High tier carefully: a score of 13–18 triggers a requirement for a Fundamental Rights Impact Assessment (FRIA). Under EU AI Act Article 9(4), high-risk AI systems must document their impact on individuals' rights and freedoms before a treatment strategy is selected. Exam questions in Domain III will frequently test whether you know which tier triggers the FRIA obligation.

Critical Exam Distinction: Risk Assessment vs. Performance Testing

This is among the most reliable sources of lost points on the AIGP, because both concepts appear in the same modules and both involve evaluating AI systems. They are not the same thing, and the exam exploits that confusion deliberately.

Risk Assessment
5×5 Matrix Scoring
Uses probability and severity scoring to prioritise risks and allocate governance resources.
Answers: How significant is this risk and what do we do about it?
Performance Testing
Adversarial, Statistical & Decision Analysis
Evaluates how the AI system functions in practice under specific conditions — robustness, sampling, decision accuracy.
Answers: Does the model actually behave as intended?
Scoring tells you the governance priority. Testing tells you whether the model behaves as intended. A system can score Critical on the risk matrix and still pass every performance test — because the matrix scores potential harm, not current malfunction.

The 5-Step AI Risk Assessment Lifecycle

Risk management in the BoK is not a point-in-time exercise — it is a continuous cycle. The five steps are tested both in isolation (what does each step involve?) and in sequence (what comes before or after a given action?). Know the output of each step, not just its name.

Continuous Cycle — re-assessment triggered by data drift and regulatory change
1
Identify
Catalog technical, ethical, and legal risks. Map data provenance and system intent. Outputs a complete risk inventory before any scoring begins.
2
Analyze
Score likelihood and all seven impact dimensions using the 5×5 matrix. Document the rationale for each score for auditability. Apply the highest-score rule.
3
Evaluate
Compare results against organisational tolerance thresholds. Check against EU AI Act Article 5 (Prohibited Practices). For High-tier scores, conduct a Fundamental Rights Impact Assessment (FRIA).
4
Treat
Select a strategy: Mitigate (reduce), Transfer (insurance/contract), Avoid (cancel the use case), Accept (proceed — Low risk only), or Disengage (halt — Critical risk).
5
Monitor
Establish a review cadence based on the residual risk tier. Monitor for data drift and emergent behaviours. Critical risks require continuous monitoring.

The treatment step deserves careful attention. Disengage (halt the system entirely) is specifically associated with Critical-tier risks and is the most extreme response available. Accept (proceed without changes) is only defensible for Low-tier risks within tolerance. The exam tests whether you know when each strategy is appropriate, not just that five options exist.

Regulatory Framework Mapping: Where to Find Each Step

A significant portion of Domain II questions require you to locate risk assessment obligations within specific clauses of the major global frameworks. The table below maps each lifecycle step to the precise article, clause, or function you must cite. Note that BoK v2.1 now incorporates ISO 42005 as a core standard for AI system impact assessments.

Lifecycle Step ISO 23894 ISO 42001 NIST AI RMF EU AI Act
Identification Cl. 6.4.2 Cl. 8.2 MAP 5.1 Art. 9(2)(a)
Analysis Cl. 6.4.3 Cl. 8.2 MEASURE 1.1 Art. 9(2)(b)
Evaluation Cl. 6.4.4 Cl. 6.1.2 MEASURE 2.1 Art. 9(4)
Treatment Cl. 6.5 Cl. 8.3 MANAGE 2.1 Art. 9(4)
Monitoring Cl. 6.6–6.7 Cl. 9.1 MEASURE 2.6 Art. 9(1)

The Risk Register: Mandatory Fields and Auditability

The Risk Register is the documentary backbone of the entire methodology. A register entry must contain all seven fields below. An incomplete register — one that records the inherent score but omits the owner or review date — does not satisfy the BoK's accountability standard. Exam scenarios will present partial registers and ask you to identify what is missing.

Field Requirement
Risk ID Unique identifier for tracking and audit trail continuity.
Category Technical, Ethical, Legal, Operational, or Safety.
Inherent Score Raw Likelihood × Impact score before any mitigations.
Mitigation Plan Defined controls, named owners, and measurable success criteria.
Residual Score Score after mitigation logic, including Canadian AIA 15% reduction if applicable.
Owner Named individual accountable for the risk (e.g., ML Engineering Lead).
Review Date Next scheduled assessment date, derived from the residual risk tier cadence.

The review date is not arbitrary — it must be set according to the tier cadence rules. A risk with a residual score of 14 (High) must have a review date no more than one month out. A risk logged as Medium with a review date set six months away is a compliance failure. The exam tests this precision.

Conclusion: Governance Is Data-Driven or It Is Not Governance

The 5×5 matrix is not a compliance checkbox. Used correctly — with the highest-score rule applied to all seven impact dimensions, inherent and residual scores properly distinguished, and treatment strategies matched to their tiers — it is the primary instrument through which an organisation demonstrates that its AI governance program is both accountable and auditable.

For the AIGP exam, the most dangerous approach to this topic is surface-level familiarity. Knowing that a formula exists is not the same as knowing when the FRIA is triggered (score ≥ 13), which treatment strategy applies at a score of 22 (Disengage is on the table), or what the Canadian AIA mitigation threshold is (80%, producing a 15% impact reduction). Those specifics are where points are won or lost.

Build your study sessions around worked examples — take a described scenario, score likelihood and all seven impact dimensions, apply the highest-score rule, calculate the inherent score, apply a mitigation plan, and determine the residual score and mandatory review cadence. Do that ten times and the methodology becomes automatic.