Setting Up Contract Risk Scoring on SpotDraft
Last updated: April 26, 2026
Overview
SpotDraft lets you define automated risk scores directly on contracts — no manual spreadsheets or offline tracking required. Risk scoring works by combining two capabilities built into the platform:
Metadata fields — structured data attached to a contract (e.g., liability cap, vendor type, annual spend)
Computations — formulas that read those metadata values and produce a derived result, such as a risk level
Together, these allow you to express rules like:
"If liability is above $10M, mark this contract High Risk; between $1M and $10M, Medium Risk; below $1M, Low Risk."
And then go further:
"If more than five individual risk indicators are flagged as High, set the overall Net Risk Level to High."
Step 1: Define Your Risk Criteria as Metadata Fields
Before you can score a contract, you need to capture the raw data that feeds the scoring logic. This is done using metadata fields on your contract template.
Examples of source metadata you might configure:
Field | Type | Purpose |
Liability Cap | Currency / Text | Input for financial risk tier |
Annual Spend | Currency / Dropdown | Scales inherent risk contribution |
Vendor handles PII? | Yes/No | Adds to privacy risk score |
Vendor has data breach history? | Yes/No | Adds to security risk score |
HIPAA-compliant? | Yes/No | Reduces compliance risk score |
Metadata fields can be:
Filled in by a user during the contract creation flow (intake questions)
Extracted automatically from the contract document using Smart Data Capture (SDC) — SpotDraft's AI-powered clause extraction feature
SDC works on both new contracts and historical ones via a bulk re-extraction run. This can be used to calculate risks for historical contracts as well.
Step 2: Set Up Individual Risk Level Fields Using Computations
Once source data is available, our implementation team can help configure a Computation for each risk dimension you want to score. A computation is a formula that evaluates metadata values and writes a result — such as "High", "Medium", or "Low" — into a separate metadata field.
How the logic works (plain English):
For a field like Liability Risk Level, your formula would say:
If the liability cap is above $10M → output
"High"If between $1M and $10M → output
"Medium"If below $1M → output
"Low"
Note: They can depend on each other — SpotDraft resolves nested dependencies automatically in the correct order
Step 3: Set Up a Net (Aggregate) Risk Score
Once individual risk level fields exist, our implementation team can create a Net Risk Level computation that rolls them all up.
Example rule: "If 5 or more of the individual risk fields are High, the Net Risk Level is High; if 2 or more are High, it is Medium; otherwise, it is Low."
Net Risk Level could be computed by adding a value for every 'High' individual risk, and a net score decides contract level aggregated risk.
This means:
You can have as many scoring layers as you need
Each layer can reference any combination of upstream fields
The final Net Risk Level field is always re-evaluated whenever an upstream value changes (see note below on re-evaluation)
Step 4: How Values Update Over Time
A common question is: "If I update a source metadata field after the contract is saved, does the risk score update automatically?"
The answer depends on the trigger:
Scenario | Does the score update? |
User edits a metadata field manually in the contract | Yes — the computation re-evaluates when the contract is saved/updated |
Smart Data Capture re-runs on the contract (bulk or single) | Yes — extraction writes new values, which triggers re-evaluation |
For historical contracts, SpotDraft supports bulk Smart Data Capture — a single action that runs AI extraction across a large set of existing contracts and populates metadata at scale. Once extraction completes, computations can be re-evaluated across that same set.
Step 5: Surface Risk Scores in Reports and Dashboards
Once the risk fields are computed and stored as metadata, they become first-class searchable and reportable fields across SpotDraft:
Repository search and filters — filter contracts by risk tier (e.g., show all "High" liability risk)
Custom Dashboards — build a dashboard that shows how many contracts fall into each risk category, with drill-down by contract type, department, or workflow
Exports — download a CSV of all contracts with their risk levels for offline analysis or leadership reporting
The risk score field behaves exactly like any other metadata field — it can be included in custom views, exported in bulk, and used as a filter in saved searches.
Summary of Capabilities
Capability | Supported? | Notes |
Rule-based risk levels from a single field (e.g., liability cap) | ✅ | Configured as a computation formula |
Weighted scoring across multiple questions/fields | ✅ | Sum individual weighted scores; threshold determines tier |
Net/aggregate risk level from multiple risk fields | ✅ | Computation can reference other computations |
Auto-update when underlying values change | ✅ | Re-evaluates on each save/extraction |
Bulk extraction for historical contracts | ✅ | Via Bulk Smart Data Capture |
AI extraction of risk-relevant clauses from documents | ✅ | Smart Data Capture (SDC) |
Reportable risk metadata at scale (dashboards, exports) | ✅ | Via Custom Dashboards and metadata filters |
Frequently Asked Questions
Can I score both new contracts and old ones?
Yes. Smart Data Capture can run on historical contracts in bulk, extracting the fields needed to compute risk scores retroactively.Can a risk score trigger a workflow or approval step?
Risk metadata fields cannot be used as conditions in approval workflows. This capability is slated to come soon.What happens if a source field is left blank?
Formulas can account for null/empty values. You can configure a default treatment (e.g., a missing compliance certificate defaults to a penalty score) so blank fields don't silently produce incorrect results.