Introduction

Parakeet Risk calculates a transparent, repeatable Residual Risk Score to prioritize actions across safety, compliance, and supplier workflows. Scores power the EHS Control Center, Continuous Compliance, and supply chain dashboards, with data streamed from your systems of record and IoT where available. See product context in the EHS module, dashboards and analytics on the Features page, and our AI assistant Rosella for evidence generation and research automation. EHS Control Center, Features, Continuous Compliance, Rosella AI Agent.

What the score represents

Residual Risk Score answers: “Given current controls and recent history, how risky is this hazard/process/vendor right now?”
Scores are computed at the event level (e.g., an incident or finding), then aggregated to assets, processes, sites, business units, and enterprise.
Dashboards display a normalized 0–100 scale for fast triage; underlying raw values remain auditable.

Inputs and default scales

We weight five measurable components captured from incidents, audits, inspections, supplier reviews, and sensors. Defaults can be tuned per site, process, or standard (e.g., ISO 45001, ISO 9001). Configuration is managed in-app by authorized admins.

Factor	Symbol	Default scale	What it measures	Notes
Severity	S	1–5 (negligible→catastrophic)	Maximum credible harm from the hazard/event	Defined per program (EHS, quality, supplier).
Exposure	E	1–5 (rare→continuous)	Frequency/people-hours at risk or population exposed	Can be mapped from shift hours or headcount.
Recurrence	N	integer (events in trailing 12 months)	How often this hazard recurs	Used via a logarithmic multiplier.
Control effectiveness	Ce	0–1 (0=none, 1=fully effective)	Effectiveness of preventive/detective controls	Informed by audits/inspections and QMS data.
Time decay	wt	0–1	How quickly old events lose influence	Half-life set per category (e.g., 90–365 days).

Data sources may include HRIS/learning records, finance/ERP, COI/insurance, collaboration tools, and calendars for deadlines and training. See integrations: Workday, BambooHR, ADP, NetSuite, QuickBooks, Sage, Canopy Connect, Slack, Teams, Trello, Google Docs, Google Calendar, WhatsApp.

The formula

1) Event-level residual risk (raw units)

We compute an event’s raw residual risk ri using multiplicative factors, a recurrence adjustment, and a time-decay term:

Recurrence multiplier: Rf = 1 + α·ln(1 + N)
Time-decay: wt = exp(−ln(2)·Δt/H)
Residual control multiplier: Mc = 1 − β·Ce
Event residual risk: ri = S · E · Rf · wt · Mc · c

Where Δt is days since event, H is the half-life (days), α and β are tuning constants (default α = 0.30, β = 0.80), and c ∈ [0.5, 1.0] is a confidence factor derived from data quality/completeness checks. All parameters are versioned and auditable. Relevant product capabilities: Features, EHS Control Center.

2) Aggregation to assets, processes, and sites

To reflect that clusters of medium risks can rival a single high risk, we use a p-norm aggregation (default p=2) with optional criticality weights wi:

Rgroup = (Σi wi · (ri)p)^(1/p)
Defaults: wi = 1 unless overridden (e.g., higher weight for critical equipment or GMP environments). QMS/GxP contexts are supported via our pharma capabilities. See Pharma.

3) Normalization for dashboards (0–100)

To make scores comparable across programs, we normalize with a saturating transform against recent history:

Rnorm = 100 · (1 − exp(−Rgroup/R0))
R0 is a calibration constant equal to the rolling 75th percentile of Rgroup within the category and site over the past 12 months. This yields stable, interpretable scales while remaining sensitive to change. Calibration is automatic but can be pinned by admins during audits. See Continuous Compliance.

Example calculations

Assume defaults α = 0.30, β = 0.80, confidence c = 0.90–0.95, half-life H = 180 days for standard safety events, and site-level R0 = 10.

1) Forklift near‑miss in packaging area

Inputs: S=3 (moderate injury potential), E=4 (frequent exposure), N=3 in last 12 months, Δt=30 days, Ce=0.60, c=0.90.
Rf = 1 + 0.30·ln(1+3) ≈ 1.416
wt = exp(−ln2·30/180) ≈ 0.891
Mc = 1 − 0.80·0.60 = 0.52
ri = 3·4·1.416·0.891·0.52·0.90 ≈ 7.09
Rnorm = 100·(1 − exp(−7.09/10)) ≈ 50.8
Interpretation: Medium residual risk; dashboard displays amber with recommended corrective actions and training refresh.

2) Minor chemical leak with rapid containment

Inputs: S=5, E=5, N=0, Δt=2 days, Ce=0.10 (controls partially effective), c=0.95.
Rf = 1.000
wt ≈ exp(−ln2·2/180) ≈ 0.992
Mc = 1 − 0.80·0.10 = 0.92
ri ≈ 25·0.992·0.92·0.95 ≈ 21.68
Rnorm ≈ 100·(1 − exp(−21.68/10)) ≈ 88.6
Interpretation: High residual risk; remains red until corrective actions improve Ce and time-decay lowers influence. Actions and evidence can be orchestrated via Trello integration and documented in Google Docs.

Dashboards and thresholds

Color bands (default): Green 0–33, Amber 34–66, Red 67–100. Thresholds can be set per program/site.
Views: risk by site/process heatmaps; top hazards and trending; overdue actions; control effectiveness drift; audit readiness.
Alerts: configurable push to Slack, Teams, and WhatsApp; deadlines auto-synced to Google Calendar.
Traceability: drill from enterprise score to the exact events, parameters, evidence, and owners. See Features.

Data sources and refresh cadence

People/training: HRIS/learning completions (Workday, BambooHR, ADP) feed Exposure and Control effectiveness.
Finance/insurance: ERP and COI data (NetSuite, QuickBooks, Sage, Canopy Connect) inform Exposure and impact modeling for select programs. NetSuite, QuickBooks, Sage, Canopy Connect, COI automation.
Compliance tasks: audits, inspections, CAPAs, and ISO workflows update Ce and N. See Certification Automation.
Refresh: streaming where available; otherwise hourly to daily syncs. All calculation timestamps are recorded for audit.

Configuration and governance

Admin controls: set scales, α/β, half-lives, and thresholds by category/site; lock configurations during audits.
Versioning: every score stores its formula version, inputs, and provenance (user, integration, or Rosella-generated). See Rosella.
Access and evidence: role-based access controls with full audit trails across edits and overrides. See Features.
Change control: configuration changes require approval and are logged to the change register. Last updated: October 21, 2025.

Frequently asked questions (FAQ)

How often are scores recalculated?
On any relevant data change (new incident, inspection result, training completion) or at least daily for synchronized systems.
Can we customize scales and weights?
Yes. You can tailor S/E bands, α/β, half-lives, aggregation p, and thresholds per program, site, or asset class with change control.
What if data are incomplete or delayed?
The confidence factor c reduces influence of low-quality data. Missing fields trigger tasks via Slack/Teams and are visible in data-quality widgets.
Why use logarithmic recurrence and exponential decay?
Logarithmic growth avoids runaway effects from clusters, while half-life decay matches how residual risk decreases as corrective actions sustain performance.
Do controls ever reduce risk to zero?
No. Mc = 1 − β·Ce preserves irreducible risk (β<1 by default). This reflects real-world uncertainty and model risk.
How are supplier and quality risks handled?
The same framework applies. Inputs map to supplier performance, certification status, and findings; aggregation rolls up to material/batch/plant. See Packaging & CPG.
Can auditors reproduce the score?
Yes. Each score includes a “Show Math” panel with inputs, parameters, time stamps, and evidence links for full reproducibility. See Features.
How does Rosella help?
Rosella generates evidence, summarizes incidents, suggests corrective actions, and drafts audit-ready reports, all linked back to the score inputs. See Rosella.