The Problem This Article Addresses

The risk heat map is the dominant output of enterprise risk management. It is also, demonstrably, inadequate. Two risks with identical heat map positions may be moving in completely opposite directions — one improving, one accelerating toward crisis. Boards and risk committees are making escalation and resource allocation decisions on information that is systematically stripped of its most critical signal: momentum. This article introduces the Threat-Trajectory Score — a direct replacement for static scoring that adds the directional, dynamic information that risk decisions actually require.

The heat map has served enterprise risk management for thirty years. In that time, business environments have become faster, more interconnected, and more prone to non-linear disruption. The heat map has not kept pace. The Threat-Trajectory Score (TTS) — the mathematical engine of CORE© — is a direct replacement: a dynamic, multi-dimensional risk score that incorporates velocity, systemic amplification, information processing limits, and criticality proximity into a single auditable number.

1. The Problem with Static Risk Scoring

Failure Mode 1: The Stable-Looking Accelerating Risk

A risk that is deteriorating between review cycles — moving from background concern to operational threat — scores identically at consecutive risk committee meetings until someone manually upgrades it. By the time the score changes, the response window may have narrowed significantly. This is not a process failure; it is a structural limitation of a model with no velocity term.

Failure Mode 2: The False Equivalence

Two risks sitting in the same heat map cell may have completely different systemic profiles. One is an isolated operational risk with no cascade potential. The other is embedded in a network of interdependencies that will amplify it rapidly once it crosses a threshold. The heat map cannot distinguish them. The TTS can.

Failure Mode 3: The Crossed Threshold

All complex systems have phase-transition thresholds: points at which incremental deterioration produces sudden, qualitative change. The 2008 financial crisis, the COVID supply chain collapse, and virtually every major corporate failure exhibit this pattern. A scoring model without a criticality term cannot detect proximity to these thresholds. The TTS does.

2. The Threat-Trajectory Score Framework

2.1 The Formula

The TTS Formula

TTS(t) = { [L(t) × I(t) × V(t) × (1 + A × exp(α·t))] / √(1−(v/v_max)²) } × [1 + β × (ψ/ψ_c)^γ]

The formula has four multiplicative components, each capturing a distinct dimension of risk dynamics. It looks complicated. It's not. We already have all the information needed.

2.2 The Four Components

Base Risk Score: L(t) × I(t) × V(t)

The conventional Likelihood and Impact terms, now time-indexed, multiplied by Velocity V(t) — the rate of change of risk magnitude. Positive velocity means the risk is deteriorating. Negative velocity means it is improving. This single addition converts the score from a photograph into a trend. The data for velocity estimation comes from the same lead indicator monitoring that currently feeds the likelihood assessment.

Amplification: (1 + A × exp(α·t))

The amplification factor captures the self-reinforcing dynamics that characterise systemic risks — financial contagion, supply chain cascades, reputational spirals. Parameter A sets initial amplification magnitude; α is the rate of acceleration. Both are calibrated from sector incident data and the organisation's own historical record in a one-time workshop exercise.

Information Inertia: 1 / √(1−(v/v_max)²)

How resistant to change are we? How fast are decisions actually implemented? This term captures a phenomenon every senior manager recognises: when a crisis is moving very fast, the organisation's ability to process information and make decisions becomes the binding constraint. As risk velocity approaches the maximum rate at which the organisation can effectively respond, the TTS inflates to reflect this decision-making compression. It's a reflection of company culture, if you will.

Criticality: [1 + β × (ψ/ψ_c)^γ]

The criticality multiplier activates as a risk approaches the threshold ψ_c — the point at which the system transitions from recoverable deterioration to phase change (catastrophe, in a worst case). Below this threshold the multiplier is near unity; above it, it amplifies sharply, providing an automatic escalation signal grounded in system dynamics rather than management judgement.

3. What the TTS Provides That the Heat Map Cannot

An Escalation Signal with an Objective Trigger

In conventional ERM, escalation is a judgement call made by a committee. The TTS criticality multiplier provides an objective, formula-driven escalation trigger: when the multiplier exceeds a pre-agreed threshold, the risk automatically elevates to the next governance level. This removes a significant source of escalation latency from the risk management process.

A Directional Risk Register

A TTS-scored risk register carries directional information: each entry has a current score, a velocity indicator, and an amplification status. The CFO can read, at a glance, not just which risks are rated highest but which are deteriorating fastest and which are approaching systemic amplification.

Auditability

Every TTS calculation has a traceable parameter source, a calibration date, and a validation statistic. Regulatory bodies in financial services, energy, and critical infrastructure are moving toward quantitative requirements for risk methodologies. A TTS-scored risk register is auditable and defensible in a way that a heat map is not.

4. How to Initiate This in Your Organisation

The practical entry point is a parameter augmentation exercise applied to the existing risk register. The recommended initiation sequence:

First Step for the Risk Committee

At the next risk committee meeting, select the three risks currently rated High and ask: what is each one’s velocity — is it stable, deteriorating, or accelerating? Present the velocity-adjusted ranking alongside the conventional heat map. The divergences between the two rankings are exactly where the heat map is misleading you.

5. Conclusions

The heat map has reached the limit of what two dimensions and a colour palette can communicate. The TTS extends the existing model across four additional dimensions while remaining directly compatible with ISO 31000 and COSO risk assessment infrastructure. The transition is incremental and the improvement in decision quality is immediate.

Key Takeaways