Ranking Risks: Rare to Certain, Negligible to Catastrophic
- Translate the tolerability criteria into the matrix The design of the matrix should be able to show clearly which of the blocks are intolerable or tolerable. For example, a Possible (Rank 3 Likelihood) intersecting with a Catastrophic (Rank 4 Consequence) would be intolerable for any business, given the description and values you have previously assigned. This block is a clear subject of risk mitigation efforts in the organization compared to a block (risk) pertaining to a Negligible (Rank 1 Consequence) intersecting with a Certain (Rank 2 Likelihood) which could be addressed, say, with a simple change or adjustment in organizational policy.
The Probability axis describes the likelihood of the risk happening and can be assigned either Frequent, Probable, Occasional, Remote, or Improbable, or simply Certain, Likely, Possible, Unlikely, or Rare. Again, it would be helpful to state the likelihood criteria in numeric terms (example, “Possible” means the risk will occur several times in a lifetime but not less than 10 times nor over 100 times in that lifetime) and to assign logical rankings.
| Rank | Range | Probability (over the life of a business) | Description |
| 5 | Certain | Once in 2 years | Continually experienced |
| 4 | Likely | Once in 4 years | Will occur frequently |
| 3 | Possible | Once in 6 years | Will occur several times |
| 2 | Unlikely | Once in 12 years | Unlikely, but can be reasonably expected to occur |
| Rare | Once in 24 years | Unlikely to occur, but possible |
Table 3 – Sample Probability Ranking
Once the criteria for consequence and likelihood has been laid down, proceed to determine specific incidents, events or conditions that pose risk for the business and assign them along the blocks in the matrix. Example of an incident in the office would be ‘burst pipes and leaks” – this could be assigned in the block Rare (Rank 5 Likelihood) and Negligible (Rank 1 Consequence).
Table 4 – Determining Tolerance Points in the Matrix
Care in assigning values
Risk matrices are fairly easy to construct and understand. However, one has to be careful in assigning values, taking care not to be overly quantitative and not affording to include what is called a ‘layer of protection’ approach—a means of including protective measures, which, when applied, brings down the risk a level lower. As in all planning and risk management efforts, it is recommended that the risk planner or analyst, even the manager, exercise conservatism in its design as well as point out areas of alarm. Decision makers are recommended to use this tool in policy formulation and include budgetary allocations to address not only persistent risks but also be ready for potentially catastrophic ones.
Email This Article
Print This Article
