change management process change management plan
What is a Risk Assessment Matrix?
A risk assessment matrix is, as the name suggests, a matrix, table or for, that allows you to map risks out for analysis. The key parameters you are looking for in a risk are the probability of the risk happening and the impact on the project.
The risk assessment matrix is laid out in such a way as to provide a clear graphic view of each risk in terms of its probable occurrence and impact. Most organisations and project managers will give probability and impact a high/medium/low rating, or a 1,2,3 rating option so that they are easy to colour code for visual impact.
The technique used here to build a risk assessment matrix is common and can be applied to very many instances where you need to be able to "grade" or prioritise a group of risks or other elements in a process.
Why would we need a Risk Assessment Matrix?
Because:
Using a risk assessment matrix is considered industry best practice - you will lose credibility as a project manager if you don't use one.Your boss or client will expect you to use a risk assessment matrixIt's common sense to use a tool like this for managing risk assessment - how else would you do it?All good project methodologies will recommend that you use a risk assessment matrix of one form or otherIt's the right thing to do. Try it.How do we use a Risk Assessment Matrix?
Using a risk assessment matrix is very easy - it's just a tool like any other spreadsheet or form. The value is in the quality of data that is entered in the first place and the process that surrounds the analysis and use of the data and results from the matrix. Crap-in Crap-out as they say!
A really good Spreadsheet set up as a simple risk assessment matrix provides an invaluable tool for logging, assessing and reporting on risks. Further, the data will enable at least a first cut, from a logical perspective, of the prioritization of each risk based on a combination o f probability weighting and impact weighting.
Confused yet? Don't be, this is the easy part. The hard part comes when you present the analysed data to a steering committee or project board and "people" get involved. If you've been following my other articles, you'll know that the most challenging elements of any project are the people, not the technical aspects of the project, whatever the discipline or industry.
Back to how we use the risk assessment matrix; ok, for each risk that is logged you need to provide an adequate description of the risk. Remember, other people will be consuming this information so assume that you are writing for people that don't have the knowledge and intimate understanding of the project that you do.
I like to target my content at an audience of 5 year old children, or investment bankers (same thing really:-P ) that don't have the first idea about my project world. If I can get a point across clearly to non-technical people then I'm wining already.
You may need more than one column in your risk assessment matrix for this, a description of the risk, a description of the cause or causes and I sometimes include a risk-mitigation column where I can jot down ideas how the risks can be avoided for later discussion. This moves into the realms of what I call risk planning - for another article.
The core of the risk assessment matrix is the information you now add against each risk: what is the impact of the risk on the project or specific key elements of the project, and annotate them if they are not obvious. Then, what is the probability of this risk occurring?
Don't get confused here - there is no magic formula how you decide the risk assessment matrix entries. You are not a prophet. You can't see the future, so the probability factor high, medium or low will be an educated guess on your part. The same goes for the potential impact to a lesser degree.
It will likely be modified by others that will have a different view, more experience, or are just plain bloody minded and want to make their mark. The people factor should never be under-estimated, the root cause of change, risk and failure every time.
Now comes the clever part - in the risk assessment matrix you need to be able to join together the probability rating and the impact rating in such a way that you can summarise the overall "value" of the risk. This is a relative value and is used as a comparison against all your other risks in order to gain an understanding of priorities.
At this point, some organisations all add a monetary value against the risk in order to try and grasp an understanding of the commercial or financial impact the risk carries. Every organisation is different and will have different needs or techniques for valuing risks. Ask, ask, ask. Don't do what I used to do and try and second guess a client only to waste many hours developing a spreadsheet and then find t hey had their own template they wanted me to use.
Examples of Risk Assessment Matrix forms can be found on the internet and a few examples are shown here: http://www.itprojectmanagementsingapore.com/risk-assessment-matrix/. It's easy to build your own in a spreadsheet or grab one of the many templates floating about on line. Alternatively you can contact me and I'll supply you one of my own templates for free.
I hope you got some value out of this article on the project Risk Assessment Matrix. Please do subscribe to our newsletter. Leave your comments and help us improve the content and quality.