Risk score calculation mismatch between API and UI for risk register entries

james_boss · December 25, 2024, 9:07pm

We’re experiencing inconsistent risk score calculations when creating risk register entries through the API versus the Qualio UI. The same probability and severity values produce different final risk scores depending on the entry method.

When we create a risk entry via the UI with probability=3 and severity=4, the system calculates a risk score of 12 (which makes sense as 3×4). However, when we submit the same values through the API, we get a risk score of 7.


POST /api/v1/risks
{
  "probability": 3,
  "severity": 4,
  "description": "Supply chain disruption"
}
Response: {"risk_score": 7}

This is causing audit confusion because our automated risk assessments don’t match manual entries. We need the API and UI to use the same calculation logic. Has anyone encountered this enum versus integer mapping issue?

lucasarch · December 27, 2024, 7:45am

I checked the API docs and they show probability and severity as integer fields with ranges 1-5. There’s no mention of string enums. But your point about enum indices is interesting - maybe the API is interpreting our values differently than the UI does?

donald_673 · December 30, 2024, 6:11am

I’ve seen this before. The risk management module in qual-2022.2 has two different calculation modes: standard matrix (multiplication) and weighted scoring. If your organization configured weighted scoring in the UI settings, that won’t automatically apply to API submissions unless you explicitly trigger the calculation endpoint after creating the risk entry.

sqlcode · December 30, 2024, 1:39am

We had a similar issue in qual-2022.1. The problem was that the UI uses a lookup table for risk score calculation that includes weighted factors, while the API was doing simple multiplication. Check if your Qualio instance has custom risk matrices configured - those might only apply to UI entries.

patelarchitect · December 30, 2024, 9:02am

The mismatch you’re seeing is definitely related to how the API handles the risk scoring fields. In qual-2022.2, there’s a known inconsistency in the field mapping between API and UI that wasn’t fully documented until the 2023.1 release notes.

builder_solver · January 2, 2025, 2:16am

The issue you’re experiencing is a documented inconsistency in qual-2022.2’s risk management API that was addressed in later versions. Here’s the complete explanation:

Risk Score Calculation Logic: The UI and API use different calculation engines in qual-2022.2. The UI applies a risk matrix configuration that may include weighted factors, impact categories, and custom multipliers. The API, however, uses a simplified calculation engine that was designed for backward compatibility with earlier API versions.

Enum vs Integer Mapping: This is the critical issue. When you send integer values through the API:

The UI interprets probability=3 as the third level in your configured risk matrix (which might have a weight of 3)
The API interprets probability=3 as an enum index, where: 1=Very Low(1), 2=Low(2), 3=Medium(3), 4=High(4), 5=Very High(5)

But here’s the catch - if your risk matrix has custom probability labels or non-linear scoring, the API doesn’t access that configuration. It uses hardcoded enum-to-score mappings.

API/UI Formula Alignment: To achieve consistent scoring, you need to:

Use the risk matrix configuration endpoint to retrieve your organization’s actual scoring rules:


GET /api/v1/risk-management/matrix-config

Apply the returned calculation formula in your API integration before submitting:


POST /api/v1/risks
{
  "probability_level": "MEDIUM",
  "severity_level": "HIGH",
  "calculate_score": true
}

Alternatively, submit with raw values and trigger recalculation:


POST /api/v1/risks/{risk_id}/recalculate-score

The reason you’re getting 7 instead of 12 is likely because your organization’s risk matrix uses a lookup table rather than simple multiplication. For example:

Probability 3 (Medium) + Severity 4 (High) = Risk Score 7 (per your custom matrix)
But the UI shows this as 12 because it’s displaying the raw calculation before applying matrix rules

In qual-2023.1 and later, the API was updated to automatically apply the configured risk matrix, making this alignment issue obsolete. If you’re stuck on qual-2022.2, the workaround is to always use the /recalculate-score endpoint after creating risks via API, or upgrade to qual-2023.1+ where the calculation engines are unified.

For immediate resolution: retrieve your risk matrix configuration, identify the actual score mappings, and either use string enum values (“MEDIUM”, “HIGH”) instead of integers, or implement the matrix lookup logic in your integration layer before calling the API.

dananalyst · December 25, 2024, 10:16pm

This sounds like a data type conversion issue. The API might be treating your numeric values as enum indices rather than actual scores. Check if the API documentation specifies whether probability and severity should be sent as integers or as string enum values like “low”, “medium”, “high”.

Topic		Views
Risk management API returns inconsistent risk matrix calculations between API and UI ETQ Reliance question , data-integrity , api-development , rest-api , risk-management , assessment , etq-2021 , calculation-inconsistency , risk-matrix	4	March 3, 2025
Risk register API update fails with validation error on invalid risk score ETQ Reliance question , rest-api , risk-management , etq-2023 , json , data-validation , integration-frameworks , risk-score-validation , api-error-handling	5	January 13, 2026
Risk assessment probability calculation loses precision when converting decimal values Veeva Vault QMS question , data-modeling , java , risk-management , batch-processing , vvq-24r1 , calculation-accuracy , decimal-precision , risk-calculation-engine	4	October 26, 2025
Audit findings API integration fails due to status enum mismatch Qualio question , audit-mgmt , rest-api , external-audit , audit-trail , json , integration-frameworks , qual-2023-2 , enum-mismatch	7	August 18, 2025
Risk matrix not updating after configuration change, blocking approvals Qualio question , configuration , risk-management , approval-blocked , risk-matrix , qual-2022-2 , workflow-dependencies , cache-issues , matrix-versioning	6	February 26, 2025
Risk assessment scores calculated differently across defect modules Micro Focus ALM / Quality Center question , defect-mgmt , quality-mgmt , workflow-automation , prioritization , risk-scoring , mf-25-4 , inconsistent-calculation	6	December 15, 2025
Risk management register integration fails when syncing large datasets via REST API Qualio question , rest-api , risk-management , json , pagination , integration-frameworks , payload-size-limit , qual-2023-1 , risk-reporting	5	August 13, 2025
Comparing UI-based vs API-based customization for change requests Qualio discussion , api-integration , change-control , workflow-design , audit-trail , client-side-customization , qual-2022-2 , ui-api , customization-comparison	4	January 14, 2025
Bulk non-conformance record import via API fails with validation errors Qualio question , data-migration , api-development , rest-api , json , bulk-import , non-conformance , qual-2022-2 , qualio-api	4	April 24, 2025

Risk score calculation mismatch between API and UI for risk register entries

Related topics