Thursday, August 18, 2016

The Risk Management Matrix - A Primer

Last week we discussed the basics of the Risk Management Process, and I promised an exploration into the Risk Management Matrix. Well, TA-DAH:

Sorry for the X-Large Size, it was the only option in Blogger to make it readable. When will they let you drag corners to adjust size?

In case you are wondering, this is what a basic Risk Management Matrix looks like. There are varying degrees of Risk, from Green to Yellow to Red. When talking about Risks that are negative (some people would say there are positive Risks, others call them Opportunities) then you want to move the risk as close to Green as possible through the different Risk Management Approaches of dealing with Risk (mentioned last week: Accept, Avoid, Mitigate,  or Transfer). We'll go into more detail as we explore the Risk Management Matrix.

The version I've selected is perhaps the most common and basic. It breaks down the Risk into Impact and then Probability. Most organizations will devise their own standards, but here is a recommended starting point:

Catastrophic - Typically identified as death, or high financial impact to the point of bankruptcy, loss of project, or significant impact to outside stakeholders / environment
Critical - Potential for significant injury or significant material / finance losses to the project
Moderate - Potential for injury requiring medical attention and / or loss to material / finanaces of company / project
Marginal - Potential for injury (most likely not significant, requiring onsite first aid) and some material / finances loss
Negligible - Potential for minor injury and minor loss of material / finances

Almost Certain - This will happen, you will have to deal with it (95%+ chance)
Likely - This has a high probability to happen, but might not (60% - 94.9% chance)
Possible - This has a medium probability to happen (40% - 59.9% chance)
Unlikely - This has a low chance of happening (15% - 39.9% chance)
Rare - Almost certainly won't happen (0% - 14.9% chance)

Requisite Level of Risk is based on the combination of Impact / Probability:
Minimum - Dark Green
Low - Green
Medium - Yellow
High - Orange
Extreme - Red

Typically during the Risk Management Process, the intention is to move project risks to the left of the Matrix via the different Risk Management Approaches. In most cases companies will not allow a Risk to remain Orange / Red, and shouldn't remain Yellow if at all possible. If it is not possible to move all the risks into a Green area (or at least Yellow) then a decision has to be made on whether or not to proceed (most often not!).

In the next post, we'll discuss how to use the Risk Management Register to list the risks of a project, identify the courses of action necessary to move from Red to Green, and distribute the register to the various team members for comments / updates.

In the meantime, at the beginning of the post we identified that you would want to move items toward the Green if they were negative risks. What about positive risks (or opportunities)? What changes would you recommend to make the Risk Matrix into an Opportunity Matrix?


  1. Informative post! I really like and appreciate your work, thank you for sharing such a useful information about Risk management strategies, keep updating the information, hear i prefer some more information about jobs for your career hr jobs in hyderabad .

  2. This is a fantastic website , thanks for sharing. Jobs in Durban

  3. At the point when an individual has taken the test it is then evaluated. There is just a pass/bomb score demonstrated by the quantity of right answers.ExcelR PMP Certification

  4. The next time I read a blog, I hope that it doesnt disappoint me as much as this one. I mean, I know it was my choice to read, but I actually thought you have something interesting to say. All I hear is a bunch of whining about something that you could fix if you werent too busy looking for attention.ExcelR digital marketing course in sydney

  5. You there, this is really good post here. Thanks for taking the time to post such valuable information. Quality content is what always gets the visitors coming. newtown game

  6. They take on the job of aggressive and skeptical people and ask them to identify and, where possible, exploit weaknesses. Some IT Risk Management experts are former programmers who have decided to join CallCall after seeing first hand how powerless organizations are facing security threats.

  7. Its smooth, PC produced embellishments 123movies are increasingly wonderful to see - if to some degree less instinctive - than Dark City's coarse, film noir climate of fate and entanglement.

  8. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.
    Best quoting software

  9. Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. agile roles

  10. Thanks for the blog loaded with so many information. Stopping by your blog helped me to get what I was looking for. Milchprodukte

  11. I'm impressed, I must say. Very rarely do I come across a blog thats both informative and entertaining, and let me tell you, you ve hit the nail on the head. Your blog is important.. Aegean College