Risk Matrix


When developing a risk assessment, a simple way to evaluate risk is to visualize the various risk levels by creating a risk matrix.  A risk matrix is a graphical representation categorizing risk as negligible, low, moderate, or high — based on the criteria of consequences and likelihood of occurrence.  The more likely a risk is to occur, the higher the ranking.  Additionally, the greater the consequences on business operations, the higher the risk will rank.  The risk matrix will have anywhere from four to sixteen boxes depending on the ranking scale.  The result will be a prioritizing of risk, based on quantitative measures.  A risk matrix can also be color coded to add additional emphasis to certain levels of risk within the ranking.

A risk matrix can be easily created using a spreadsheet software program.  For each risk that is being evaluated, a detailed description of the risk is necessary.  Then, a careful discussion with your risk management team is necessary to rank the risk within the matrix.  Some organizations may want to include a monetary value from the financial impact of a risk. This will be included in the risk description and used to better quantify the consequences of the risk.

One critical issue when developing a risk matrix is the discussion of organizational tolerance for certain levels of risk.  Without this discussion, the risk matrix may indicate tolerability much different than what the organization as a whole desires.  This is where a good risk management team is crucial to discuss these issues in depth.  Having outside consultants or industry experts included in these discussions is a good idea to evaluate risk from multiple angles.

riskmatrix    Risk Matrix


Posted in Physical Security, Security by sonictemple at July 16th, 2013.
Smart Horizons The Smart Choice for Innovative Training Solutions
© 2011 Smart Horizons - All rights reserved. | Terms of Service | Privacy Policy