How to use this risk assessment matrix:
- Objective – State the relevant objective the risk relates to (e.g. strategic, business, project, clinical – refer to Pesto’s business plan and the scenario to identify objectives)
- Context – List internal and external factors that influence this risk in relation to objectives
- Risk Source – Identify where the risk originates (e.g. regulatory requirements, political changes, organisational capabilities)
- Risk Description – Describe risk in as “Something might occur which {Cause(s)} the {Event} that leads to an {Impact/Consequence(s)}”.
- Control/ Contingency Measure(s) –Identify a process, policy, or practice which will reduce the likelihood of risk or which can be used as a corrective action in the event of risk occurring.
- Effectiveness of Measure –Assign a rating to contingency/ control measure identified from High, Medium, or Low, based on how effective it will be at avoiding/ addressing risk.
- Risk Rating –
- Likelihood – Based on effectiveness of control/ contingency measure, rate likelihood of risk from 1 – 4 as follows:
1 – highly unlikely; 2 – unlikely; 3 – likely; 4 – highly likely
The more effective control/ contingency measures are, the lower the likelihood of risk will be.
- Consequence – Rate the level of impact each risk may have on your business, using the following scale:
1 – low; 2 – medium; 3 – high
- Multiply likelihood and consequence ratings to identify risk rating as follows:
Likelihood (L) x Consequence (C) = Risk rating (
