risk assessment matrix

A risk assessment matrix is a tool for assessing and prioritizing risks in risk management.

This blog post will discuss the risk assessment matrix, how to create a risk assessment matrix, and provide you with examples and a template that you can use to create your risk assessment matrix.

What Is a Risk Assessment Matrix?

A risk assessment matrix helps project managers assess and prioritize risks. Many experts refer to this matrix as a probability and severity risk matrix.

The matrix allows project managers to plot the severity of the consequences and the likelihood of the event occurring on a scale from low to high. This information helps rank the risk.

A risk assessment matrix can be created in different ways; the key points are that it should be clear, easy to understand, and tailored to the specific project condition.

Risk ranking helps project managers separate high and low-rank risks. They can develop a risk management plan for high-ranked risks and keep low-level risks on a watchlist. Prioritizing helps the project management team focus on high-priority risks and saves resources in investing in low-priority risks.

The higher the severity and likelihood of an event, the greater the risk. Many factors influence the decision of what is high-risk. For example, if the consequences of an event are not severe, it may be considered a low-ranking risk.

How Does a Risk Matrix Work?

Risk assessment is the probability of an event multiplied by its impact. Probability and impact levels can be broken up into verbal and numerical scales.

Severity in risk assessment
Probablity Frequency in risk assessment

Risks can be grouped into three zones:

  1. The High Risk (Red Color) – Unacceptable
  2. Moderate Risk (Yellow Color) – May or May Not Be Acceptable
  3. The Low Risk (Green Color) – Considered Acceptable

Determining whether a risk is acceptable often comes down to a cost/benefit calculation. For example, it is difficult to justify spending millions to prevent an ergonomic injury, whereas preventing a chemical explosion would be worth it.

Benefits of a Risk Assessment Matrix

The benefits of the risk assessment matrix include:

  1. It Helps Prioritize Risks: By assessing the probability and impact of risks, project managers can prioritize risks and focus on high-ranking risks.
  2. It Improves Communication: A risk assessment matrix improves communication between different departments and stakeholders by providing a common language for discussing risks.
  3. It Facilitates Decision Making: The matrix helps develop risk response plans.
  4. It Improves Risk Understanding: The risk assessment matrix creating process helps the project team understand the risks and their interrelationships.
  5. It Helps Develop Budgets: Project managers can calculate contingency reserves and plan the budget after identifying and assessing the risks.

How To Create A Risk Assessment Matrix

The steps to create a risk assessment matrix are as follows: 

Risk Identification

The first step in creating a risk assessment matrix is risk identification. To acquire a range of perspectives, identify as many risks as possible.

Some organizations have risk checklists based on past project experiences. These checklists help identify risks quickly for new projects. 

Afterward, project managers can find more risks by brainstorming with the team, reviewing project documents, and talking to stakeholders.

The different types of risks include:

  1. Internal Risks: These risks come from within the company, and the project team has some control over them. For example, an ineffective team member, unrealistic deadlines, or a lack of resources.
  2. External Risks: These risks come from outside the company, and the project team has no control over them. For example, natural disasters, supplier problems, or changes in the market.
  3. Strategic Risks: These risks come from the organization’s strategy. For example, a new product launch might fail, or a competitor might release a similar product.
  4. Operational Risks: These risks are caused by day-to-day operations. For example, equipment breakdown, sick leave, mistakes, process error, etc.
  5. Financial Risks: These risks come from the organization’s finances. For example, a decrease in sales, an increase in costs, or a change in interest rates.

Risk Analysis

After identifying project risks, the project team analyzes their probabilities. They need to assess their potential for risk to cause damage.

There are several ways to perform a risk analysis. One popular method is called SWOT, which stands for Strengths, Weaknesses, Opportunities, and Threats. Another common method is called PESTLE analysis, which stands for Political, Economic, Social, Technological, Legal, and Environmental factors.

Assessing Risk Impact

After analyzing the risks for their probabilities, the project management team will assess their impact severity and the potential loss incurred if the risk occurs.

There are many ways to estimate the severity of probability and impact. One common method is to use a scale of one to five, with one indicating the least probability and five indicating the highest probability.

The impact severity is also rated on a scale of one to five, with one indicating the lowest impact and five indicating the highest impact. After estimating the severity of probability and impact of the risk, team members will multiply them to get the risk ranking.

Risk Prioritization

The last step in creating a risk assessment matrix is prioritizing the risks. This is done by ranking them from highest to lowest.

Risks can be divided into four levels: high priority risks, major risks, moderate risks, and minor risks.

  1. High Priority Risks: These risks have a high probability of occurring and could significantly impact the project.
  2. Major Risks: These risks have a moderate probability of occurring and could impact the project.
  3. Moderate Risks: These risks have a low probability of occurring and could moderately impact the project.
  4. Minor Risks: These risks have a very low probability and impact and a minor effect on the project. These risks are mentioned in the watchlist for monitoring.

The project manager will develop risk response plans for all risks except those kept on the watchlist.

How To Use a Risk Assessment Matrix

Risk assessment matrixes can be used in different ways, but the most common is to simply plot risks on one axis and probabilities on the other.

This produces a four-quadrant matrix, with each quadrant representing a different level of risk. The top left quadrant risks have high probability and high severity and are considered the most serious.

The risks in the bottom right quadrant are both low probability and low severity and are considered the least serious.

Example Of a Risk Assessment Matrix

Here is an example of a simple risk assessment matrix to evaluate the risks.

In this matrix, the risk is associated with returning to work during the pandemic.

Risk: Flawed policies to prevent the spread of the virus to employees and visitors.

What Can Go Wrong?

  1. Employees feel uncomfortable wearing masks for a long period and remove them while talking with colleagues. The virus spreads throughout the team.
  2. The customer refuses to wear a mask and is asked to leave the premises.
  3. Employees and customers not staying six feet apart.


  1. Apply penalties for not wearing masks. 
  2. Assign places where employees can remove the masks, finish breakfast, lunch, etc.
  3. Keeping signs on the front door that refuse people entry without a mask. 
  4. Placing dots six feet apart to instruct people on where to stand in line and prevent crowding.

Risk Assessment Matrix Template

Let’s review risk assessment matrix templates.

The risk categories range from low to high, and probability ranges from highly likely to very unlikely. The risk rating can be seen by finding the intersection of both criteria.

The following example shows the risk assessment matrix template 4X4.

Risk Assessment Matrix Template


A risk assessment matrix is a critical tool in risk management. By creating a risk assessment matrix, the project management team can effectively analyze and prioritize the risks associated with the project.

A risk assessment matrix is a living document that should be regularly reviewed and updated as new risks arise or the likelihood or impact of existing risks changes.