Subscribe to Email Updates

Quality Creates...Perspective

Creating a Risk Matrix: 3 Examples

Rachel Beavins Tracy
by Rachel Beavins Tracy on Tue, Apr 12, 2016

Risk Management Methods

Two things are true when it comes to making important decisions that impact your company. One, you need a way to quantify risk to make the best choice, and two, you need to be able to explain that choice.

What is a Risk Matrix?

A risk matrix helps you do both, calculating risk across various outcomes to give you clear guidelines on whether risk is acceptable or unacceptable. Let’s take a look at the process.

How a Risk Matrix Works

In simple terms, risk assessment is defined as the probability of an event multiplied by its impact. Levels of probability and impact can be broken up into verbal and numerical scales like so:

how to create a risk matrix

how to create a risk matrix

The risk matrix then plots these variables in a color-coded chart to show overall risk for different situations:

how to create a risk matrix

The quantified risk falls into one of three zones:

  1. Low risk that’s considered acceptable (green)
  2. High risk that’s considered unacceptable (red)
  3. Moderate risk which may or may not be acceptable (yellow)

Deciding whether risk is acceptable or not often comes down to a cost/benefit calculation. For example, it would be difficult to justify spending $2 million to prevent an ergonomic injury, whereas it would be worth it to prevent a chemical explosion.

There’s a lot of variability in how to use a risk matrix, so here’s a quick look at some examples.

1. Environmental Health and Safety

Let’s say your company is trying to determine whether you need additional risk controls to prevent leakage of waste during transport via pipeline to a storage location.

The pipeline has had multiple maintenance issues, and it’s located next to a regulated stream. You think it’s likely some leakage may occur, and if it leaked you could end up killing off a population of endangered salamanders that live there.

riskimg-004-copy_2.jpg

Automated risk assessment tools in your compliance or EHS Management System tell you this borders on unacceptable risk, so you decide to move forward with additional controls.

2. Quality Management and Identifying Risk

Let’s say a supplier failure recently caused a problem at your company, and you’ve been tasked with identifying high-risk suppliers who need improvement (or who need to go altogether).

risk matrix process

Your Quality Management System calculates each supplier’s risk for you, showing that Supplier A has more incidents than Supplier B but actually poses less risk. This could be because Supplier B’s product plays a strategic role in your process or consumer safety, while Supplier A’s incidents have an overall negligible impact. You decide wisely to focus your efforts on Supplier B.

3. Food Safety

Here we’ll use an example of a pathogenic hazard at a step where you’re trying to decide whether you need another Critical Control Point (CCP) .

In this case, you’ve set up your Food Safety Management System (FSMS) to use a weighted scale rather than straight multiplication, with lower numbers representing a higher risk. Let’s say internal policies dictate that anything receiving a risk rating of 1-10 needs a CCP. Based on how the scales were plotted, you can see high risk at top left and low risk at bottom right.

risk matrix examples

Since serious illness could occur and the situation is rated an 8, you will need an extra CCP. Your FSMS automatically feeds the information into your hazard analysis so you can record your decision.

It’s important to remember the risk matrix is just a tool, not a solution. For true effectiveness, you need people on the other end interpreting the results, asking questions and vetting your risk matrix by testing it against historical data. With these pieces in place, the results are very powerful, helping standardize your decisions and providing quantitative justification for them.

Learn more about reducing risk in your company with our free guidebook on How to Define a Risk Management Strategy.

New call-to-action

Leave a comment

Rachel Beavins Tracy
Rachel Tracy is a writer for ETQ with expertise in environmental, healthcare and technology topics. She has a master’s degree from Vanderbilt University and has been writing for businesses since 2008.
Written by Author

Related posts

ETQ Reliance 2019 Now Available

We are excited to announce the release of ETQ Reliance 2019, a major upgrade to our flagship QMS SaaS product. The latest...

Morgan Palmer
By Morgan Palmer - January 29, 2019
ETQ: New Home, New C-Suite, Same Focus on Quality, EHS and Compliance Management

Since its founding in 1992, ETQ has set the standard for delivering best-in-class quality, EHS and compliance management...

Rob Gremley
By Rob Gremley - December 5, 2018
The Zen Guide to Quality Management

Getting caught up in the day-to-day problems of quality management is enough to drive anyone crazy. For many quality...

Rachel Beavins Tracy
By Rachel Beavins Tracy - September 6, 2016