AUDIGYD

How Scoring Works

The full scoring process from individual questions to the final assessment score, including strategies, thresholds, and overrides

8 min readArticle 8 of 9 in Templates

How Scoring Works

Understanding how AUDIGYD calculates scores helps you build better templates and interpret assessment results with confidence. This guide walks through every step, from how a single question is scored all the way up to the final assessment verdict.

1. Question Scoring

Every question in an assessment receives a score based on the respondent's answer and the question type.

Auto-scored question types are evaluated automatically:

  • Yes/No, Single Select, Dropdown — You define which answers count as correct (the "pass options"). A matching answer scores 1 (pass); a non-matching answer scores 0 (fail).
  • Checkbox (multi-select) — Scoring depends on your strategy:
  • In Pass/Fail mode, you select which options count as correct and set a minimum number of required selections. Meeting the minimum = pass.
  • In Point-Based or Weighted % mode, two scoring modes are available: Per-option points (each selected option adds its configured point value, compared against a max score) or Coverage ratio (score = selected options / total options × max score).
  • Number / Scale — You set an operator (≥, ≤, =, etc.) and a threshold. If the respondent's value meets the condition, the question passes.
  • Rating — You set a minimum rating to pass (e.g., 3 out of 5). Ratings at or above the minimum pass.
  • Date — You set a recency window (e.g., "within 12 months of today"). Dates inside the window pass.
  • Evidence (file upload) — In binary mode, uploading at least the required number of files is a pass. In count mode, partial credit is possible.

Human-scored question types (Text, Long Text in manual-review mode) require a reviewer to assign a verdict and optional score.

AI-scored questions (AI Open, AI Risk, AI Guided, or Text/Long Text in AI mode) are evaluated automatically by AI against criteria you provide.

In all cases, a question's final result is one of: Pass (score 1), Fail (score 0), Partial (score between 0 and 1), or N/A.

2. Control Area Roll-Up

Once every question in a control area has a score, AUDIGYD combines them into a single control area score. The method depends on which scoring strategy is set for that control area.

AUDIGYD offers six scoring strategies. You'll see these options when configuring a domain or control area in the template builder:

Pass/Fail

Every question is simply pass or fail. The control area score equals the percentage of questions that passed. When using Pass/Fail, you'll see pass-option selectors on each question instead of point values.

Point-Based

Each question is worth a fixed number of points (default 10). The control area score is the total points earned divided by the total possible, expressed as a percentage. You'll see point-value fields on each question.

Weighted %

Each question carries a configurable weight (e.g., 1, 2, 3, or 5). Higher-weight questions have more influence on the control area score. The score is calculated as the weighted average of all question scores, expressed as a percentage. When using Weighted %, you'll see a weight field on each question.

Maturity

Available for structuring your template around maturity levels. Maturity does not produce a numeric score yet — control areas using this strategy will show as "Unscored" in results. It is useful for organizing questions by maturity tiers while you plan future scoring enhancements.

Rubric

Custom rubric-based evaluation using named scoring levels. When you select Rubric, you define a set of levels — each with a label, color, and numeric value (0–100). The default levels are Red (0%), Amber (50%), and Green (100%), commonly known as RAG scoring. During scoring, each section's pass-rate percentage is mapped to the nearest rubric level, and results are displayed as colored badges instead of raw percentages. You can customize levels in the template builder's scoring panel — for example, adding a 5-level scale like Critical / High / Medium / Low / None.

Unscored

Questions are collected for informational purposes only. No numeric score is calculated.

Strategy inheritance: If a control area doesn't have its own strategy, it inherits from its parent domain. If the domain doesn't have one either, it inherits from the template-level strategy. This means you can set a strategy once at the template level and override it only where needed.

3. Domain Roll-Up

Domain scores are calculated from their control area scores. The method again depends on the domain's scoring strategy:

  • Weighted % — Each control area's score is multiplied by its weight, and the weighted average produces the domain score.
  • Point-Based — The domain score is the simple average of its control area scores.
  • Pass/Fail — The domain passes only if every control area meets the pass tolerance (by default, 100%). If any control area falls below the tolerance, the domain fails (score 0).
  • Rubric — Each control area's pass-rate is mapped to the nearest rubric level. The domain score is the average of its control-area rubric scores, re-mapped to the nearest level. Results show as colored badges.
  • Maturity / Unscored — No numeric domain score is produced.

4. Overall (Template) Roll-Up

The final assessment score is calculated from domain scores using the template-level strategy:

  • Weighted % — Each domain's score is multiplied by its weight, and the weighted average is the overall score.
  • Point-Based — Totals all question scores across the entire assessment, then divides by total possible points, expressed as a percentage.
  • Pass/Fail — The assessment passes only if every scoreable domain meets the pass tolerance.
  • Rubric — Each domain's rubric score is averaged and mapped to the nearest rubric level. The overall result shows as a colored badge with the level label.
  • Maturity / Unscored — No overall numeric score is produced.

5. Critical Gates

A critical gate is a domain or control area that must be compliant for the assessment to pass, regardless of the overall score.

When you mark a domain or control area as a critical gate in the template builder:

  • If that node's verdict is "Non-Compliant," the entire assessment is immediately marked Non-Compliant — even if the overall score exceeds the compliance threshold.
  • The assessment report will list exactly which critical gates failed and their scores.
  • Use critical gates sparingly for truly non-negotiable requirements (e.g., encryption, incident response).

Compliance and Warning Thresholds

Every template, domain, and control area has two thresholds that determine verdicts:

ThresholdDefaultMeaning
Compliance threshold75%Scores at or above this level are Compliant
Warning threshold60%Scores between the warning and compliance thresholds receive a Warning verdict

Scores below the warning threshold are Non-Compliant.

You can customize both thresholds at the template, domain, or control area level. For example, you might set a strict 90% compliance threshold for security domains while keeping 75% for administrative domains.

N/A Handling

When a respondent marks a question as "Not Applicable":

  • The question is excluded from all score calculations — it does not count as a pass or a fail.
  • N/A questions do not affect the control area, domain, or overall score.
  • If every question in a control area is marked N/A, that control area receives no score and is excluded from the domain roll-up.

Reviewer Overrides

Reviewers can manually adjust scores and verdicts after an assessment is submitted:

  • A reviewer can change a question's verdict (pass, fail, or partial) and optionally set a specific numeric score.
  • When a question is overridden, the reviewer's verdict and score replace the auto-computed values in all roll-up calculations.
  • The original auto-computed result is preserved for audit purposes — the report shows both the original and overridden values.

Worked Example

Here's a simple template scored with the Weighted % strategy to show how everything rolls up.

Template: "Security Review" (compliance threshold: 75%, warning threshold: 60%)

Domain: Access Control (weight: 60%)

  • Control Area: Password Policy (weight: 50%)
  • Q1 "Minimum 12 characters?" — Yes/No → Answer: Yes → Pass (1.0), weight 2
  • Q2 "Complexity enforced?" — Yes/No → Answer: No → Fail (0.0), weight 1
  • CA score = (1.0 × 2 + 0.0 × 1) / (2 + 1) = 66.7%
  • Control Area: MFA (weight: 50%)
  • Q3 "MFA enabled for admins?" — Yes/No → Answer: Yes → Pass (1.0), weight 1
  • CA score = 1.0 / 1 = 100%
  • Domain score = (66.7% × 50 + 100% × 50) / (50 + 50) = 83.3%

Domain: Data Protection (weight: 40%)

  • Control Area: Encryption (weight: 100%)
  • Q4 "Data encrypted at rest?" — Yes/No → Answer: Yes → Pass (1.0), weight 1
  • Q5 "TLS in transit?" — Yes/No → Answer: Yes → Pass (1.0), weight 1
  • CA score = (1.0 × 1 + 1.0 × 1) / (1 + 1) = 100%
  • Domain score = 100%

Overall score = (83.3% × 60 + 100% × 40) / (60 + 40) = 90.0%

90.0% ≥ 75% compliance threshold → Verdict: Compliant

If the "Encryption" control area were marked as a critical gate and had failed, the verdict would have been Non-Compliant even with a 90% score.

Previous

Publishing & Versioning Templates

Next

Template Settings & Metadata