Customizing risk matrix scoring in risk management module enables automated workflow routing

We implemented a custom risk matrix scoring system in Trackwise 9.1 that automatically routes risk assessments based on calculated severity scores. Previously, our team manually reviewed every risk assessment to determine approval paths, which created bottlenecks during high-volume periods.

The solution involved customizing the risk matrix calculation logic with JavaScript to compute real-time risk scores as users complete the assessment form. Based on the calculated score (severity × probability), the system now automatically determines whether the risk requires executive review, department manager approval, or standard processing. This has reduced our average review cycle time from 5 days to under 2 days for low and medium risks.

The implementation integrates the dynamic scoring with Trackwise’s workflow engine, so routing decisions happen automatically when the assessment is submitted. High-risk items (score ≥ 15) route to executive review, medium risks (8-14) go to department managers, and low risks (< 8) follow expedited approval. Anyone else automated their risk routing based on calculated scores?

This sounds like exactly what we need. How did you handle the integration between the JavaScript calculation and the workflow routing rules? Did you store the calculated score in a hidden field that the workflow engine reads, or is there a direct API to trigger routing decisions from client-side code?

How granular did you make your routing rules? We have different departments with varying risk tolerances, so a score of 12 might need executive approval in manufacturing but only manager approval in admin functions. Can you configure department-specific thresholds, or is it a global scoring system?

Good point on the security concern. We added server-side validation that recalculates the score when the record is saved and compares it to the submitted value. If there’s a mismatch, the system flags it for manual review and logs the discrepancy. We also locked down field-level permissions so the score field is read-only for standard users. The calculation runs on both client-side for real-time feedback and server-side for validation.