top of page
  • Julian Talbot

A Light-Hearted Guide to Incorrectly Use a Risk Matrix (Pro Tip: Do the opposite)

Are you tired of using a risk matrix the right way?

Want to make your life more exciting by adding more risk to your risk management process? Look no further! The risk matrix is your best friend!

In this guide, I'll show you how to misuse a risk matrix and produce the most ineffective but fun risk assessment ever.

Example of a bad risk matrix design
A Bad Risk Matrix

Why Use a Risk Matrix?

A risk matrix is a tool used to assess and prioritize risks based on their likelihood and impact.

  • But used (in)correctly, it can add some chaos to our risk management process!

  • Pro Tip: If you must use a risk matrix, give the job to your toddler to create one with crayons.

What is a Risk Matrix?

A risk matrix (can sometimes) visually represent risk ratings based on their likelihood and impact. For the most fun factor, however...

  • Grab some random numbers to plot on the X and Y axis, and hope for the best!

  • Pro Tip: Practice saying: "Good idea, boss."

Step 1: Never Define The Risks

The first step in using a risk matrix is to rely on one or two-word risk statements such as terrorism, cost-overrun, project delay, or ransomware.

  • Each of these looks like a risk to the uninitiated but you already recognise them for what they are; risk categories that contain dozens of risks hiding in plain sight.

  • Pro Tip: Never use the CASE methodology if you can possibly avoid it. It makes life too easy for your stakeholders.

Step 2: Invent Random Likelihood and Consequence Criteria

The next step is to make up likelihood and consequence criteria. Why bother defining criteria specific to the organization and considering the unique risks and operating environment?

  • Go with the first numbers that come to mind, and you'll be fine!

  • Pro Tip: Go with your gut feeling; it's always right!

Step 3: Don't Assign Likelihood and Impact Scores

Don't assign likelihood and impact scores once you've invented your criteria. Ignore the threat assessment and hazard analysis step. It's too much work!

  • Put the risks in random cells and hope for the best.

  • Pro Tip: Practice saying, "It was like that when I found it."

Step 4: Don't Plot Risks on the Matrix

Who needs to plot risks on the matrix? Don't be fooled by their widespread use.

  • Throw them all in there and see what happens. Maybe some risks will magically disappear; who knows?

  • Pro Tip: If you want to save time, use dice instead of the risk matrix.

Step 5: Don't Analyze or Prioritize Risks

Analyzing and prioritizing risks is a waste of time.

  • Ignore them all and hope for the best. That's the beauty of risk management!

  • Pro Tip: If (when) things go badly wrong, blame it all on a Black Swan that walked up out of the lake!

Step 6: Don't Review or Update the Matrix

Finally, don't bother reviewing or updating the matrix. It's too much work!

  • I advise grabbing your random number generator and hoping for the best.

  • Pro Tip: To ask and answer whether you want to accept each risk, download the SRMBOK Moral Compass App - it has 400 synonyms for YES!


Misusing a risk matrix can lead to all manner of interesting results. And they will usually be far more exciting than a spreadsheet, especially when paired with the SRMBOK Moral Compass App.

So why bother with a structured approach to using a risk matrix when you can add some randomness to your risk management process?

The more chaos, the more fun you will have!

Pro Tip: Practice saying: "Here's my resignation letter, boss."


Last But Not Least

If, after all this, you'd like to create and use a risk matrix, here is a free trial of some software to design and customize a risk matrix. You can then download it into MS Word and MS Excel to take away and use to your heart's content.

Recent Posts

See All


bottom of page