What is a Risk Assessment Matrix? [Complete Guide]

Bonus Material: 5 Steps To Better Risk Management

What is a Risk Assessment Matrix: Introduction

Did you know that intangible assets such as goodwill, customer experience and reputation account for 87% of a company’s net worth? There’s no question that reputation matters to an organization’s success. In today’s world, with smart phones constantly in our hands, consumers learn about a company’s reputation online through social media. In fact, 9 out of 10 consumers say that they read online reviews before visiting a business. On average, 1 negative review can cost a business 30 customers.

what is a risk assessment matrix main image

We refer to this fast-paced age of transparency as the “See-Through Economy.” The See-Through Economy has empowered consumers, investors and regulators alike to influence the integrity of a company’s brand. This can be a scary thought, but it isn’t all doom and gloom: there’s a way to leverage our increased accessibility of information to better anticipate what’s ahead. It all starts with better risk assessments.

This guide will discuss an essential tool for improving risk assessments: a risk assessment matrix. We’ll explain what exactly a risk assessment matrix is, provide a template for what it should look like, offer some examples for how to use it and explain some best practices.

What is a Risk Assessment Matrix?

For context, risk assessments are a key component of any successful risk management program. No matter how basic or complex the framework, standardized assessment results serve as the foundation on which the rest of your risk management responsibilities, mitigation activities and monitoring controls are built. This is why it’s critical to standardize your risk assessments.

A risk assessment matrix is used during a risk assessment to determine and define the level and the implications of any particular risk. It should start by addressing a particular business area. Then, it includes a description of a risk that may be associated with that business area. It goes on to identify the source of the risk, what could go wrong, and the impact, likelihood and assurance of it occurring.

When assessing risk, a lot of organizations use a high-medium-low scale, but this actually isn’t best practice. High-medium-and low scales make it difficult and time-consuming to quantify, aggregate and objectively rank information. With only three options to choose from, they’ll likely feel conflicted about which one to choose. In reality, best practice favors a 1-10 scale, with 10 having the most unfavorable consequences to the organization.

Risk Assessment Matrix Template

Now that we’ve explained what exactly is included within a risk assessment matrix, we encourage you to take a look at a template. You can download a complimentary template here.

Risk Assessment Matrix Examples

Let’s examine what a few different line items on a risk assessment matrix would look like. In this particular matrix, we’ll examine a few different risks associated with returning to work amidst the pandemic.

Plan/Risk: Inadequate policies to prevent the spread of the virus to employees and/or visitors.

What Can Go Wrong?

  • Employees become uncomfortable wearing their mask for too long and decide to remove it while conversing with colleagues. Virus is then spread throughout the workforce.
  • Customer refuses to wear a mask out of principle and must be asked to leave the premises, causing a scene.
  • Employees and/or customers do not stay 6 feet apart from one another.
Impact Likelihood Assurance Inherent Index Residual Index
10 8 8 80 64.00


  • Enforcing strict consequences for employees who are caught not wearing their mask. Dedicating particular areas outside where employees can go to take a break from wearing their mask at lunch.
  • Hanging signs on the front door that refuse people entry without a mask. Stationing employees at the front door who do not let anyone in without a mask.
  • Placing dots six feet apart from one another to instruct people on where to stand in line and prevent crowding.

Plan/Risk: Interrupted supply chains and delayed deliveries.

What Can Go Wrong?

  • Customers can become extremely irritated when their orders do not ship to them during the window of time they were expecting. If they’re not home to retrieve a package, it could be stolen or damaged.
  • Customers can become angry when their package delivery is delayed, causing them to cancel the order altogether and take their business elsewhere.
Impact Likelihood Assurance Inherent Index Residual Index
5 2 3 10 3.00


  • Third party/vendor risk assessments to gain visibility into vendors’ capabilities and limitations.
  • Periodic inventory review and frequent customer email updates based on those findings to keep them informed.
  • Discounts issued to customers whose items were delayed, and full refund offerings for items that are stolen or broken.

Plan/Risk: Changes in domestic regulations, laws, statutes etc.

What Can Go Wrong?
Your business can be found guilty of negligence by not following the most up-to-date set of guidelines from the various jurisdictions you must adhere to.

Impact Likelihood Assurance Inherent Index Residual Index
7 6 6 42 25.20


  • Using ERM software with pre-built best practices that track and prove your compliance efforts.
  • Leveraging a trusted advisor who is doing their due diligence to stay on top of various regulatory changes (and completing a level of due diligence yourself).

How to Use a Risk Assessment Matrix

Utilizing a template and learning through examples are valuable steps towards improving your risk management plan, but it’s important to implement best practices when building out your risk assessment matrix. By adopting a standardized and objective methodology, you can start to identify the overlapping activities that crowd your program, prioritize actions and help your organization make more informed decisions. Here are some best practices to keep in mind:

  • Adopt a Root-Cause Approach
  • Standardize Assessment Scale and Criteria
  • Link Risks to Controls
  • Connect Risks to Strategic Goals
  • Embed ERM in Everyday Activities

To learn more about how to implement these best practices, we encourage you to download our complimentary eBook today.


To take your program to the next level, we encourage you to explore our all-in-one risk management software. With LogicManager’s software you can:

  • Continuously monitor the risks facing your organization while linking activities across departments
  • Automate the reporting process to inform better risk management decision making
  • Create alerts to update and track progress against your organization’s risk goals

Organizations everywhere can adapt to the growing of the See-Through Economy by prioritizing enterprise risk management.

Request a demo today and see exactly how LogicManager can help you build a better tomorrow for your brand and community.