Professional Documents
Culture Documents
Assess
likelihood
category Apply
corporate
rules for
Describe risk treatment of
scenario risk of the
level indicated
(What can by the matrix
go wrong?)
Assess
consequence
category
INTECSEA 4
Assessing the consequence and likelihood categories (1 of 2)
A risk matrix is normally accompanied by “valuation scales” defining the consequence and likelihood
categories. Here’s an example for definition of consequence categories, taken from MIL-STD-882E,
used by the US Department of Defense for assessing risks in the development, test, production, use
and disposal of defense systems:
INTECSEA 6
Assessing the consequence and likelihood categories (2 of 2)
Here’s an example for likelihood categories, taken from MIL-STD-882E (we can’t fit the whole table
on the slide):
INTECSEA 7
Risk matrix scales can be cardinal or ordinal
INTECSEA 8
How NOT to construct a risk matrix (1 of 2)
INTECSEA 11
Recommended construction procedure (Step 2 of 3)
INTECSEA 14
The finished matrix
INTECSEA 15
Check on NASA’s risk matrix
? -
-
?
-
( )
INTECSEA 16
Check on ExxonMobil risk matrix
With risk thresholds at $1m, $100k and $10k, we can nearly reproduce the EM matrix. Two cells in
EM’s matrix are found to be inconsistently colored with respect to the underlying scales. And 11 out of 20
cells straddle risk thresholds and are of ambiguous risk level – too many colors for a small matrix?
INTECSEA 17
Redesign of UK healthcare risk matrix considered earlier
This is speculative since we have no idea what risk thresholds the organization may
have had in mind. Our construction (below right) assumes risk thresholds at £10,000,
£1,000 and £100. Several cells in the original matrix (below left) appear to have
inconsistent color. Also, columns 4 and 5 could be merged according to our
construction since they have identical coloring.
? ?
)
?
(
?
- - - - -
·
INTECSEA 18
Demo of risk matrix construction software
Points to note:
Changing the cardinal scales or the risk thresholds of interest may change the required
risk matrix coloring.
Most companies have a “standard” risk matrix and use it in conjunction with disparate
scales. It is highly unlikely that the same coloring will be consistent with all these
scales.
INTECSEA 19
Risk matrix construction software – screen capture
INTECSEA 20