Hence, the GIF Metric is the third component of the GIF Framework.
“Risk” significantly means “effect of uncertainty on objectives”. A risk is “a combination of the consequences of an event and the associated likelihood of occurrence” (ISO 31000).
Risk = likelihood x consequence
Unlike a traditional “compliance-non-compliance” binary metric, the GIF Metric adopts a quantitative approach typical of risk assessment. In other words, the GIF Metric does not follow traditional single choice (Yes/No/NA). Rather it adopts a scoring oriented methodology aiming to represent the exposure level to risks in each Area.