What is a risk assessment matrix?
A risk assessment matrix is a visualization of risk likelihood versus risk severity. It is similar to an FMEA — Failure Modes Effect Analysis, which can be more comprehensive.
If you want a quick and dirty approach to showing risks within a project, a risk assessment matrix is better and easier to use to communicate to upper management at a high level. You can use this document then as a drill down to additional details. It’s also perfect for putting together a quick presentation, and with the right intuition, you can put something together in just a 30 minutes. The idea is to generate meaningful discussions before drilling down to the nitty gritty details in an FMEA.
To make the risk-assessment matrix easy to digest at the management level, it’s recommended to use the Priority Matrix 4-quadrant templates as the basis for communicating risks. Adding too many dimensions or layers will increase complexity unnecessarily.
Risk assessment report template
The recommended four dimensions of the risk assessment form is the following:
Quadrant 1: High Probability / High Severity – Focus all your attention here. Do not work on anything else until this quadrant is cleared.
Quadrant 2: Low Probability / High Severity – Generally, half your time should be spent here and half on quadrant 3. The decisions depend on mission criticality of the risks.
Quadrant 3: High Probability / Low Severity – Generally, high probability low severity risks should be addressed on a continuous basis to ensure long-term risks mitigation.
Quadrant 4: Low Probability / Low Severity – These risks should be tracked, reviewed periodically but should not be focused on until all other risks are addressed. Use a cost / benefit template to further evaluate.
Two things should be clear: Focus on Quadrant 1, track but ignore Quadrant 4 (for now) until resources clear up. However, whether to spend time on high probability / low severity versus low probability / high severity depends on the type of problems you’re dealing up — how mission critical the failures would be, etc. In general, it’s better to address high severity problems over low severity problems.
A common mistake among many people who practice this is to ignore Quadrant 4 and not track risks that have low probability / low severity. While these can be deprioritized when you are addressing them, it is imperative that they are tracked! Today’s low severity risks can easily become tomorrow’s high severity risks!
You can also change the quadrant names to “Occurrence Rate” vs “Probability” assuming these failures happen on a periodic basis.
Risk assessment template blank
You can get a blank form with the risk assessment matrix by using the Priority Matrix app. You can launch and use this Priority Matrix for high level management presentations as well as tracking of the risks to ensure completion. The template can generally be exported as PDF, CSV, email, or screenshots for presentations.