Reading Time: 3 minutes

How does your company manage risks? Are you able to successfully prioritize them?

If no, then the risk assessment matrix is a tool which can help you to understand and develop business strategies by correctly classifying those risks.

A risk assessment has three distinct components:
Identification : finding, recognizing and recording hazards
Analysis: understanding consequences, probabilities and existing controls
Evaluation: comparing levels of risk and considering additional controls


Risk Assessment MatrixA risk assessment matrix enables an entity to have a 360 degree view of the probable risks evaluated in terms of the likelihood or probability of the risk occurring & as per the severity of the consequences.

It  is made in the form of a simple table. The risks can be grouped based on their likelihood of occurrence and the extent of damages or the kind of consequences that the risks can result in. A sample risk assessment matrix can be downloaded for free from here.

Making a risk management matrix is the second step in the process of risk management, and it follows the first step of filling up a risk assessment form to determine the potential risks. It takes deliberations & involves understanding the business, knowing the risk areas, gathering data and so on. While classifying the risk it is important to understand the consequence if the risk materializes. A tool like VComply helps the user to classify the risk based on the inbuilt risk assessment tool.

How to Place Risks in the MatrixRisk Assessment Matrix

In a Risk assessment matrix, risks are placed on the matrix based on two criteria:

Likelihood: the probability of a risk

Consequences: the severity of the impact or the extent of damage caused by the risk.

Likelihood of Occurrence : Based on the likelihood of the occurrence of a risk the risks can be classified under one of the five categories:

Definite: A risk that is almost certain to show-up during project execution. If you’re looking at percentages a risk that is more than 80% likely to cause problems will fall under this category.
Likely: Risks that have 60-80% chances of occurrence can be grouped as likely.
Occasional: Risks which have a near 50/50 probability of occurrence.
Seldom: Risks that have a low probability of occurrence but still can not be ruled out completely.
Unlikely: Rare and exceptional risks which have a less than 10% chance of occurrence.



The consequences of a risk can again be ranked and classified into one of the five categories, based on how severe the damage can be.
Insignificant: Risks that will cause a near negligible amount of damage to the overall progress of the project.
Marginal: If a risk will result in some damage, but the extent of damage is not too significant and is not likely to make much of a difference to the overall progress of the project.
Moderate: Risks which do not impose a great threat, but yet a sizable damage can be classified as moderate.
Critical: Risks with significantly large consequences which can lead to a great amount of loss are classified as critical.
Catastrophic: These are the risks which can make the project completely unproductive and unfruitful, and must be a top priority during risk management.

Using the Risk Assessment Matrix

Once the risks have are in the matrix, in cells corresponding to the appropriate likelihood and consequences, the risk priority is visible. Each of the risks in the table will fall under one of the categories, which have different colors in the sample risk assessment. Following are the risk categories:
Extreme Risk :

The risks that fall in the cells with ‘E’ (red color), are the risks that are most critical. They are high priority. The project team should gear up for immediate action, so as to eliminate the risk completely.

High Risk:

Denoted with ‘H’ with a pink background in the risk assessment template. These call for immediate action or risk management strategies. Here in addition to thinking about eliminating the risk, substitution strategies may also work well. One should resolve these issues immediately with  strict timelines. This ensures that these clearance of these issues before the create hurdles in the progress.

Medium Risk:

If a risk falls in one of the orange cells marked as ‘M’.  It is best to take some reasonable steps and develop risk management strategies in time. Such risks do not require extensive resources. One can handle this with smart thinking and logical planning.

Low Risk:

The risks that fall in the green cells marked with ‘L’. The company can ignore them as they usually do not pose any significant problem. If some reasonable steps can help in fighting these risks, one should take steps to improve overall performance.

FavoriteLoadingAdd to favorites