Risk Assessment Matrix

A risk assessment matrix provides consistent criteria for rating risks by defining scales for probability (e.g., rare to almost certain) and consequence (e.g., insignificant to catastrophic) dimensions. Matrix cells combine likelihood and impact to produce overall risk ratings like low, moderate, high, or critical. Organizations customize matrices with definitions appropriate to their context, such as defining 'high impact' as revenue loss exceeding $5 million or reputational damage requiring CEO response. A standardized matrix enables comparison of diverse risks from cyber incidents to regulatory violations to supply chain disruptions. Matrix design involves calibrating scales to organizational risk appetite and ensuring rating criteria produce actionable risk prioritization for resource allocation decisions.