Featured Product
This Week in Quality Digest Live
Management Features
Constance Noonan Hadley
The time has come to check whether the benefits of teamwork still outweigh the costs
Naresh Pandit
Enter the custom recovery plan
Anton Ovchinnikov
In competitive environments, operational innovation could well be the answer to inventory risk
Julie Winkle Giulioni
The old playbook probably won't work
Sarah Schiffling
But supply chains will get worse before they get better

More Features

Management News
Program inspires leaders to consider systems perspective for continuous improvement and innovation
Recent research finds organizations unprepared to manage more complex workforce
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
MIT Sloan study shows that target-independent compensation systems can be superior
Steps that will help you improve and enhance your employee recruitment, retention, and engagement
300 Talent acquisition leaders and HR executives from companies gather in Kansas City
FedEx demonstrates commitment to customer-focused continuous improvement

More News

Rachel Tracy


Creating a Risk Matrix: Three Examples

Manage risk thoughtfully

Published: Tuesday, June 7, 2016 - 12:18

Two things are true when it comes to making important decisions that affect your company: You need a way to quantify risk to make the best choice, and you need to be able to explain that choice. A risk matrix helps you do both.

Calculating risk across various outcomes can give you clear guidelines on whether the risk is acceptable or unacceptable. Let’s take a look at the process.

How a risk matrix works

In simple terms, risk is defined as the probability of an event multiplied by its impact. Levels of probability and impact can be broken up into verbal and numerical scales like so:

The risk matrix then plots these variables in a color-coded chart to show overall risk for different situations:

The quantified risk falls into one of three zones:
1. Low risk that’s considered acceptable (green)
2. High risk that’s considered unacceptable (red)
3. Moderate risk that may or may not be acceptable (yellow)

Deciding whether risk is acceptable or not often comes down to a cost/benefit calculation. For example, it would be difficult to justify spending $2 million to prevent an ergonomic injury, whereas it would be worth it to prevent a chemical explosion.

There’s a lot of variability in how to use a risk matrix, so here’s a quick look at three examples.

Environmental health and safety (EHS)
Let’s say your company is trying to determine whether it should install additional controls to prevent waste leaking during transport via pipeline to a storage location.

The pipeline has had multiple maintenance issues, and it’s located next to a regulated stream. You think it’s likely some leakage may occur, and if it leaked you could end up killing off a population of endangered salamanders that live there.

Automated risk-matrix tools in your environmental health and safety (EHS) management system tell you this borders on unacceptable risk, so you decide to move forward with additional controls.

Quality management
Let’s say a supplier failure recently caused a problem at your company, and you’ve been tasked with identifying high-risk suppliers that need improvement (or that need to go altogether).

Your quality management system calculates each supplier’s risk for you, showing that Supplier A has more incidents than Supplier B but actually poses less risk. This could be because Supplier B’s product plays a strategic role in your process or consumer safety, while Supplier A’s incidents have an overall negligible impact. You wisely decide to focus your efforts on Supplier B.

Food safety
Here we’ll use an example of a pathogenic hazard at a step where you’re trying to decide whether you need another critical control point (CCP).

In this case, you’ve set up your food safety management system (FSMS) to use a weighted scale rather than straight multiplication, with lower numbers representing a higher risk. Let’s say internal policies dictate that anything receiving a risk rating between 1 and 10 needs a CCP. Based on how the scales were plotted, you can see high risk at top left and low risk at bottom right.

Because serious illness could occur and the situation is rated an 8, you will need an extra CCP. Your FSMS automatically feeds the information into your hazard analysis so you can record your decision.

It’s important to remember that a risk matrix is just a tool, not a solution. For true effectiveness, you need people who can interpret the results, ask questions, and vet your risk matrix by testing it against historical data. With these pieces in place, the results are very powerful, helping standardize your decisions and providing quantitative justification for them.

Learn more about reducing risk in your company with the free guidebook, “Building a Compliant Risk Management Program.”


About The Author

Rachel Tracy’s picture

Rachel Tracy

Rachel Tracy has worked as an environmental consultant, researcher, and educator. Across every job was one common thread: writing. Her core service areas include newsletters, case studies, special reports, white papers, articles, press releases, online content, blog posts, and website reviews. Tracy has a master’s degree in earth and environmental science and a bachelor’s degree in natural resources.