The wonderful risk matrix

### What is a Risk Matrix, and how do we use it?

A Risk Matrix is a tool used to rate a risk according to likelihood and consequence/impact. Your organisation have to identify what the specific impact means to them and when a risk is likely to happen. This tool is used in association with a Scenario Analysis and usually you make to different Risk Matrices; one before mitigative measures and one after mitigative measures.

A likelihood scale will most times look like this: 1) highly unlikely, 2) Unlikely, 3) Possible, 4) Likely and 5) Very likely. With this likelihood scale your organisation must define, according to your operational standards, what each step means. It is often measured and defined by frequency in which an accident or emergency is present but, it can also be defined by chance or quantitatively by percentages e.g., probability.

A Consequence/Impact scale is very similar to the likelihood scale, except it is measured in impact. Impact in this case, once again, have to be defined by the individual organisation. Some of the impact or consequence descriptors could be: People, Information, Reputation, Economic etc. Each descriptor then has 5 different levels of severity as given in the example below. But you can, and should, of course define you own according to the specific risk scenario.

An example will be given:

The risk matrix is divided into colours REDYELLOW and GREEN which depicts the level of seriousness the threat poses. A red risk is clearly bad and should never be allowed to remain. A yellow risk is a bit more nuanced; this can be divided into top yellow, middle yellow and bottom yellow.

-- The top part of the yellow area (consequence 4) needs a more detailed assessment of other factors such as; people and their skills. Have they worked on this type of project before, are there any new guys? Then conditions such as weather. Are there optimal conditions to perform these tasks if not, then maybe you should wait. Try doing a more detailed Scenario Analysis at this point, maybe do multiple, whit different factors turned up or down.

-- The middle part of the yellow (consequence 3) is not as serious but still needs assessments. These are still serious threats to whatever descriptor you decide to put there, and therefore still needs significant work in order to reduce.

-- The bottom part of the yellow (consequence 1 & 2) is somewhat safe to have further along in the project but beware of the high likelihood! The consequence of these risks is rated as fairly low and therefore don’t necessarily need significant work.

All of this is to say that: RED boxes is very bad and should be handled immediately! But YELLOW boxes are also bad and should in most cases be where the bulk of the mitigative measures are placed. But it can, with the right assessments, be acceptable. GREEN should be the main goal for every risk scenario, but that is often not a realistic accomplishment. And again, beware of top green.

#### Sources

1. Risk manager Julian Talbot has a great article about using a risk matrix.
2. He also has an article stating what is right with Risk Matrices.
3. The Danish Emergency Management Agency also did some great work on risk matrices in their Handbook for Risk Based Dimensioning in Danish municipalities (Danish only!).
4. Furthermore CGE Risk has a great Wiki-like page on Risk Matrices.

Mikkel K. Nyegaard

mn@rocconsult.eu

Aspiring risk manager studying Disaster & Risk management at University College Copenhagen. Currently at an intern position at RoC Consult ApS.

Other articles:

What is risk management strategies?
Risk management strategies. This post explains the concept risk management, and introduces the five different strategies to mitigate risk..
Sendai Framework
This article describes the disasters page, how The Sendai Framework on Disaster Risk Reduction reduces disaster risks in people's economic, physical, social, cultural and environmental assets, community economics and business.    Introduction A project manager encounters problems, without notice. No matter what you plan, those questions will occur. Therefore, Sendai Framework methods are an important tool to use, …
Risk Assessment, step 1
How to work with the risk. Before you deal with the risk, you need to identify what hazards exist in your workplace, and how likely they are to become a risk....

# GET IN TOUCH

+45 28 60 49 50

contact@rocconsult.eu