Risk assessment matrices are a popular tool to visualise risk. The most common matrix is a chart or table that intersects the likelihood versus severity. Depending on where the intersection occurs on the axes, an understanding of the risk level can be derived.
By categorising risks in this way, a business or organisation can understand how their activities correspond to their risk appetite. Risky activities may reap substantial reward, however, if something goes wrong, the cost may simply be too high for the organisation to bear.
This visual tool allows businesses to analyse their risks and prioritise those that need to be urgently mitigated and those that can be borne. It offers an opportunity to systematically establish the exposure derived from the risks being undertaken and a chance to reflect if these risks are in proportion to the potential reward expected if the endeavour is successful.
While popular, matrices are somewhat controversial. Many of the decisions made about levels of risk reflect little more than the view of the person doing the assessment. Therefore, they can be subjective, although there is always a danger risk level judgements are presented as fact.
Risk matrices are also a snapshot of the threat landscape at a specific time. To maintain accuracy, this methodological approach needs to be carried out repeatedly throughout an activity or project. This is known as a dynamic risk assessment and can be forgotten about.
The continuous process of identifying hazards, assessing risk, taking action to eliminate or reduce risk, monitoring and reviewing, in the rapidly changing circumstances of an operational incident is known as a dynamic risk assessment.
That is why consulting a subject matter expert / safety representative and having a formal review element to a risk assessment is highly recommended.
Other RiskPal articles on risk assessment basics :