The risk score term is applicable to an asset as well as to a standard.

For a given standard, the risk score of an asset is defined as the average of the adjusted base score of every failed check in the standard for the specific asset.

Risk score = (Total adjusted base score for all failed checks in the standard) / (Total number of failed checks)

See Adjusted base score calculation.

For example, consider an asset A and a standard S that contains five checks (C1, C2, C3, C4, and C5). When the asset A is evaluated against the standard S, only checks C4 and C5 are passed. The checks C1, C2, and C3 are failed.

To determine the risk score of asset A, calculate the adjusted base score of every failed check in the standard S with respect to asset A.

Assume that the following values are obtained:

Adjusted base score for check C1 with reference to asset A = 1

Adjusted base score for check C2 with reference to asset A = 2

Adjusted base score for check C3 with reference to asset A = 3

The average of the adjusted base score = (1 + 2 +3) / 3 = 2

This average adjusted base score value is the Risk score of the asset A with reference to a standard S.