A Risk Matrix, a 2D matrix that calculates a risk score for a given threat, is called a Risk Matrix. A risk is an unpredicted event that could have a negative impact on the project. Project managers strive to reduce negative risks or threats and increase opportunities.
The risk matrix is an important tool to help project teams establish common definitions of risk severity and probability.
A risk’s Risk Score is the sum of its severity and probability. This formula is used in the Qualitative Risk Analysis process. It determines whether a risk has a High, Medium, or Lower priority. Only high-priority risks will be moved onto the Quantitative risk Analysis process, where the project teams will evaluate the amount of contingency reserves that can be set aside.
Risk Score = Probability * Severity
This free Excel template will help you create your Risk Matrix.
Components of Risk Matrix
1. External Risks: Risques from third-party vendors, service providers and alliances. These include risks from external market, political social, cultural, or environmental factors.
2. Technological Risks: The risks arising from instable technology
3. Stakeholder risks: Management failure, lack of support, organizational structure
4. Regulatory Risks: Noncompliance with rules and regulations, policies
5. Project Execution Risques: These risks can arise from a lack of resources, poorly managed scope, or non-commitment to management
6. Legal Risks: Noncompliance with applicable laws and ethical standards
7. Release Risks: The risks arising from the failure to deliver products or services
8. Reputation Risks – Risks from negative customer experiences, feedback, and perceptions to the company’s reputation in the marketplace
Provide specific risk elements that are associated with a particular risk classification
You can choose to give the severity of the impact from 1-5, with 5 being the most severe and 1 being the least.
1. Very little or no impact
2. Minor impact
3. Moderate impact
4. Significantly affected
5. Highest impact
Notice: Risk severity categories can change depending on the organization. To find examples of risk matrix from past projects, you can consult your PMO. Some projects instead use ‘Negligible, ‘Marginal, ‘Critical, and ‘Catastrophic as their risk severity.
Probability of Risk
Calculate the likelihood that the risk will occur. Give the probability of the risk.
1. <= 10% 2. >= 10%
3. > 25%
4. > 50%
5. > 75%
The risk probability categories, just like the risk severity, can change depending upon your organization’s rules and project circumstances.
Risk score equals impact times Probability
Based on the risk score, plan risk response. Base plan can include Correction Plans, Prevention Plans, and Warning Plans.
Person responsible for implementing the response program
Timeline for implementation of the response plan
Your team should meet to agree on common definitions of severity and probability levels. Make sure that everyone on your project team is aware and contributing to the Risk Matrix.
Different project risks will be managed by different team members. If there are no common definitions, one member of the team might rate a risk as High priority while another might rate a similar threat as Low priority.
The definitions may be included in the same document with the Risk Matrix, or in a separate file.
Fill in your Risk Scores. A High priority risk score will be given to high-priority risks that have high probability and high severity. A Low priority score will be given to those with low severity and low probability.
Each cell must be completed by you and your team. Each cell represents the risk score for the intersectional risk severity and probability.
Here’s an example of Risk Matrix
Problems with R