||This article needs additional citations for verification. (May 2009)|
A Risk is the amount of harm that can be expected to occur during a given time period due to specific harm event (e.g., an accident). Statistically, the level of risk can be calculated as the product of the probability that harm occurs (e.g., that an accident happens) multiplied by the severity of that harm (i.e., the average amount of harm or more conservatively the maximum credible amount of harm). In practice, the amount of risk is usually categorized into a small number of levels because neither the probability nor harm severity can typically be estimated with accuracy and precision.
A Risk Matrix is a matrix that is used during Risk Assessment to define the various levels of risk as the product of the harm probability categories and harm severity categories. This is a simple mechanism to increase visibility of risks and assist management decision making.
For example, the harm severity can be categorized as:
- Catastrophic - Multiple Deaths
- Critical - One Death or Multiple Severe Injuries
- Marginal - One Severe Injury or Multiple Minor Injuries
- Negligible - One Minor Injury
The probability of harm occurring might be categorized as 'Certain', 'Likely', 'Possible', 'Unlikely' and 'Rare'. However it must be considered that very low probabilities may not be very reliable.
The resulting Risk Matrix could be :
The company or organization then would calculate what levels of Risk they can take with different events. This would be done by weighing up the risk of an event occurring against the cost to implement safety and the benefit gained from it.
 An Example
The following is an example risk matrix with certain accidents allocated to appropriate cells within the matrix:
|Likely||Minor Car Accident|
|Possible||Major Car Accident|
 Problems with Risk Matrix
In his article 'What's Wrong with Risk Matrices?', Tony Cox argues that risk matrices experience several problematic mathematical features making it harder to assess risks. These are:
- Poor Resolution. Typical risk matrices can correctly and unambiguously compare only a small fraction (e.g., less than 10%) of randomly selected pairs of hazards. They can assign identical ratings to quantitatively very different risks ("range compression").
- Errors. Risk matrices can mistakenly assign higher qualitative ratings to quantitatively smaller risks. For risks with negatively correlated frequencies and severities, they can be "worse than useless," leading to worse-than-random decisions.
- Suboptimal Resource Allocation. Effective allocation of resources to risk-reducing countermeasures cannot be based on the categories provided by risk matrices.
- Ambiguous Inputs and Outputs. Categorizations of severity cannot be made objectively for uncertain consequences. Inputs to risk matrices (e.g., frequency and severity categorizations) and resulting outputs (i.e., risk ratings) require subjective interpretation, and different users may obtain opposite ratings of the same quantitative risks. These limitations suggest that risk matrices should be used with caution, and only with careful explanations of embedded judgments.
- United States Department of Defense, Risk Management Guide for DoD Acquisition, August 2006
- Goddard Space Flight Center, NASA, Risk Management Reporting, GSFC-STD-0002, 8 May 2009
- International Standards Organization, Space Systems Risk Management, ISO 17666,
- Cox, L.A. Jr., 'What's Wrong with Risk Matrices?', Risk Analysis, Vol. 28, No. 2, 2008, doi:10.1111/j.1539-6924.2008.01030.x
|Wikisource has the text of the 1911 Encyclopædia Britannica article Risk Matrix.|