Understanding risk rating bands
Risks use a 5-level likelihood (rare → almost certain) and a 5-level impact (negligible → severe). The combination is mapped to a 4-level band: low / medium / high / critical. The Risk Register MVP does not store or display a numeric 1–25 score — bands only.
On the form, pick the named likelihood and impact that best fit the risk. The inherent rating band is shown read-only on the detail page after save. Residual rating is a band you set after thinking about the treatment; it defaults to the inherent rating on create.
Bands instead of unitless integers avoid implying more rigour than the inputs justify. A residual band that is lower than the inherent band represents the operator's judgement about treatment effectiveness; it does not auto-derive from any control mapping yet.
When the Control Library expansion ships, residual ratings may be inferred from linked control effectiveness. Until then, residual is operator-set.
