risk analysis and risk management

What is risk matrix calibration?

Risk matrix calibration, or risk assessment matrix calibration, entails deciding on risk reference values against risk categories such as financial cost, delivery schedule and performance.

Risk categories are the classification of risks per a business’s activities and provide a defined overview of the underlying and potential risks faced by the company. The most commonly used risk category classifications include financial, schedule, performance, reputation, health, safety and environment.

What is a Risk Matrix?

A risk matrix (sometimes called a risk assessment matrix) is used during the risk management process’s risk assessment stage. It identifies and captures risk event likelihood (probability) and evaluates the potential impact (consequences) caused by those risk events.

Risk Evaluation

When the risk analysis is complete, it’s necessary to compare the estimated risks against the risk criteria of the organisation.

Risk criteria may include, for example, cost, health, safety, environmental standards, legal requirements, socioeconomic factors, and the concerns of stakeholders.

Risk evaluation supports decisions regarding the significance of a risk to the organisation; and if a specific risk should be accepted, controlled, or mitigated.

Risk Likelihood

The Risk Likelihood is the probability of a risk event occurrence. The likelihood of risk has five qualitative ranges [Ref: The Institute of Risk Management]:

  • Remote
  • Unlikely
  • Possible
  • Probable
  • Highly Probable

Risk Impact

The Risk Impact considers the consequence if the risk event occurred and has five levels [Ref: The Institute of Risk Management]:

  • Insignificant
  • Minor
  • Moderate
  • Major
  • Extreme

The risk event is then assigned a risk value, obtained as the function of Likelihood and Impact.

Examples of Risk Matrix Calibration

Likelihood

LikelihoodExample Criteria
RemoteNot known to have happened anywhere
UnlikelyIt has happened previously somewhere
PossibleIt has happened previously in the local country
ProbableIt has happened previously in the industry sector
Highly ProbableThis has happened previously in the business
Qualitative Likelihood/Probability

Impact

Financial

ImpactExample Criteria
InsignificantA financial loss of <$10k
MinorA financial loss of <$100k
ModerateA financial loss of <$1m
MajorA financial loss of <$10m
ExtremeA financial loss of <$100m
Financial Impact

Schedule

ImpactExample Criteria
InsignificantA schedule loss of 1 day
MinorA schedule loss of 4 days
ModerateA schedule loss of 1 week
MajorA schedule loss of 1 month
ExtremeA schedule loss of 1 year
Schedule Impact

Reputation

ImpactExample Criteria
InsignificantAttention within the business only. Insignificant business impact.
MinorLocal media attention. Minor business impact.
ModerateNational media attention and possible public inquiry. Moderate business impact.
MajorInternational media attention and public inquiry. Major business impact.
ExtremeInternational media attention and public inquiry. Business closes down.
Reputation Impact

Performance

ImpactExample Criteria
InsignificantRequires minor trade-offs to achieve the target. No impact on business.
MinorPerformance below target but acceptable.No changes. No business impact.
ModeratePerformance below target. Moderate changes are required. Limited business impact.
MajorPerformance is unacceptable. Major changes are required. Major business impact.
ExtremePerformance is unacceptable.
Performance Impact

Health

ImpactExample Criteria
InsignificantNo harm to people
MinorA few people suffer from diseases
ModerateSome people suffer from grave diseases
MajorPossible deaths, and many people suffer from grave diseases
ExtremeLikely deaths
Health Impact

Safety

ImpactExample Criteria
InsignificantMinor injury or no harm to people
MinorA few minor injuries
ModerateSome serious injuries
MajorPossible deaths and serious injuries
ExtremeLikely deaths
Safety Impact

Environmental

ImpactExample Criteria
InsignificantMinor release
MinorSmall release
ModerateSignificant release
MajorLarge release
ExtremeLarge uncontrolled release
Environmental Impact

Final Thoughts

Final thoughts on postit on keyboard
Final Thoughts

Before evaluating a risk event, the risk categories must be calibrated.

Each business and organisation is unique. Therefore, so are the risk reference values, i.e. the loss of $100k could be a minor impact for one company but become the final closure factor for another business.

Similar Posts