Scribd
Upload
79 views

Risk Assessment Matrix

The document discusses risk matrices and how they are used to assess and prioritize risks in project management. It provides an example risk matrix table that rates risks based on their likelihood of occurring and potential consequences. It also defines the scales used to determine likelihood (rare, unlikely, possible, likely, almost certain) and consequences (insignificant, minor, moderate, major, extreme). The matrix then sorts risks into categories (low, medium, high, extreme) based on their placement in the table cells corresponding to likelihood and consequence ratings to indicate which risks need to be addressed at different priority levels.

Uploaded by

katebrad27
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
79 views

Risk Assessment Matrix

The document discusses risk matrices and how they are used to assess and prioritize risks in project management. It provides an example risk matrix table that rates risks based on their likelihood of occurring and potential consequences. It also defines the scales used to determine likelihood (rare, unlikely, possible, likely, almost certain) and consequences (insignificant, minor, moderate, major, extreme). The matrix then sorts risks into categories (low, medium, high, extreme) based on their placement in the table cells corresponding to likelihood and consequence ratings to indicate which risks need to be addressed at different priority levels.

Uploaded by

katebrad27
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Risk Matrix, Consequence and Likelihood Tables

A risk assessment matrix is a project management tool that allows a single page – quick view of
the probable risks evaluated in terms of the likelihood or probability of the risk and the severity of
the consequences.
A risk assessment matrix is easier to make, since most of the information needed can be easily
extracted from the risk assessment forms. It is made in the form of a simple table where the risks
are grouped based on their likelihood and the extent of damages or the kind of consequences that
the risks can result in.

CONSEQUENCE
LIKELIHOOD Insignificant (1) Minor (2) Moderate (3) Major (4) Extreme (5)
Rare (1) Low Low Low Low Low
Unlikely (2) Low Low Low Medium Medium
Possible (3) Low Low Medium Medium Medium
Likely (4) Low Medium Medium High High
Almost certain (5) Low Medium Medium High Extreme

Sample Risk Assessment Matrix

Making a risk management matrix is the second step in the process of risk management, and it
follows the first step of filling up a risk assessment form to determine the potential risks.
The preparation of the assessment form is a more elaborate task and involves determining risks,
gathering risk data, determining the probability and the impact levels of the risks, understanding
consequences, assigning priorities and developing risk prevention strategies. On the other hand, a
risk assessment matrix just provides the project team with a quick view of the risks and the
priority with which each of these risks needs to be handled.
How to Place Risks in the Matrix
As mentioned above, in a risk assessment matrix, risks are placed on the matrix based on two
criteria:
1. Likelihood: the probability of a risk
2. Consequences: the severity of the impact or the extent of damage caused by the risk.
Likelihood of Occurrence
Based on the likelihood of the occurrence of a risk the risks can be classified under one of the five
categories:
1. Definite: A risk that is almost certain to show-up during project execution. If you’re looking
at percentages a risk that is more than 80% likely to cause problems will fall under this
category.
2. Likely: Risks that have 60-80% chances of occurrence can be grouped as likely.
3. Occasional: Risks which have a near 50/50 probability of occurrence.
4. Seldom: Risks that have a low probability of occurrence but still can not be ruled out
completely.
5. Unlikely: Rare and exceptional risks which have a less than 10% chance of occurrence.

The following can be used as a guide for determining likelihood. However this tool has limitations
as likelihood and frequency of events tend to vary between disciplines and functional areas.

Level Likelihood Expected or actual frequency experienced


1 Rare May only occur in exceptional circumstances; simple process; no previous incidence
of non-compliance
2 Unlikely Could occur at some time; less than 25% chance of occurring; non-complex process
&/or existence of checks and balances
3 Possible Might occur at some time; 25 – 50% chance of occurring; previous audits/reports
indicate non-compliance; complex process with extensive checks & balances;
impacting factors outside control of organisation
4 Likely Will probably occur in most circumstances; 50-75% chance of occurring; complex
process with some checks & balances; impacting factors outside control of
organisation
5 Almost certain Can be expected to occur in most circumstances; more than 75% chance of occurring;
complex process with minimal checks & balances; impacting factors outside control of
organisation

Likelihood table

Consequences
The consequences of a risk can again be ranked and classified into one of the five categories,
based on how severe the damage can be.
1. Insignificant: Risks that will cause a near negligible amount of damage to the overall
progress of the project.
2. Marginal: If a risk will result in some damage, but the extent of damage is not too
significant and is not likely to make much of a difference to the overall progress of the
project.
3. Moderate: Risks which do not impose a great threat, but yet a sizable damage can be
classified as moderate.
4. Critical: Risks with significantly large consequences which can lead to a great amount of
loss are classified as critical.
5. Catastrophic: These are the risks which can make the project completely unproductive and
unfruitful and must be a top priority during risk management.

Using the Risk Assessment Matrix


Once the risks have been placed in the matrix, in cells corresponding to the appropriate likelihood
and consequences, it becomes visibly clear as to which risks must be handled at what priority.
Each of the risks placed in the table will fall under one of the categories, for which different colors
have been used in the sample risk assessment template provided with this article. Here are some
details on each of the categories:

Extreme: The risks that fall in the cells marked with ‘E’ (red color), are the risks that are most
critical and that must be addressed on a high priority basis. The project team should gear up for
immediate action, so as to eliminate the risk completely.
High Risk: Denoted with ‘H’ with a pink background in the risk assessment template, also call for
immediate action or risk management strategies. Here in addition to thinking about eliminating
the risk, substitution strategies may also work well. If these issues cannot be resolved
immediately, strict timelines must be established to ensure that these issues get resolved before
the create hurdles in the progress.
Medium: If a risk falls in one of the orange cells marked as ‘M’ , it is best to take some reasonable
steps and develop risk management strategies in time, even though there is no hurry to have such
risks sorted out early. Such risks do not require extensive resources; rather they can be handled
with smart thinking and logical planning.
Low Risk: The risks that fall in the green cells marked with ‘L’, can be ignored as they usually do
not pose any significant problem. However still, if some reasonable steps can help in fighting these
risks, such steps should be taken to improve overall performance of the project.

The following is a guide to determining consequence. The applicability of the operational


definitions of each category of consequence will vary in different service organisations and
program areas and thus is recommended as a guide only.

Level & Health Critical Organizational Reputation and Non-compliance


descriptor Impacts services outcomes/ image per issue
interruption objectives
Insignificant First aid or No material Little impact Non-headline Innocent procedural breach;
(1) equivalent disruption exposure, not at evidence of good faith; little
only fault; no impact impact
Minor Routine Short term Inconvenient Non-headline Breach; objection/complaint
(2) medical temporary delays exposure, clear lodged; minor harm with
attention suspension – fault settled investigation
required (up to backlog quickly;
2 wks cleared < 1 day negligible impact
incapacity)
Moderate Increased level Medium term Material Repeated non- Negligent breach; lack of
(3) medical temporary delays; headline good faith evident;
attention (2 suspension – marginal exposure; slow performance review initiated
wks to 3 mths backlog under- resolution;
incapacity) cleared by achievement Ministerial
additional of target enquiry/briefing
resources performance
Major Severe health Prolonged Significant Headline profile; Deliberate breach or gross
(4) crisis suspension of delays; repeated negligence; formal
(incapacity work – performance exposure; at investigation; disciplinary
beyond 3 additional significantly fault or action; ministerial
mths) resources under target unresolved involvement
required; complexities;
performance ministerial
affected involvement
Catastrophic Multiple Indeterminate Non Maximum high Serious, wilful breach;
(5) severe health prolonged achievement level headline criminal negligence or act;
crises/injury or suspension of of objective/ exposure; prosecution; dismissal;
death work; non outcome; Ministerial ministerial censure
performance performance censure; loss of
failure credibility

Consequence Table

You might also like