The Risk Analysis Matrix helps you assess and prioritize risks based on their probability (likelihood of occurring) and impact (severity of consequences). By plotting risks on a 2×2 matrix, you can identify which risks need immediate attention and which can be accepted.
This tool is essential for project management, business planning, and decision-making where understanding and managing risk is critical.
The Four Quadrants
Critical (High Probability & High Impact)
Description: Risks that are both likely to occur and would have severe consequences if they did.
Examples: Data breach, server failure, key personnel departure, budget overrun
Action: Immediate mitigation required. Develop contingency plans and allocate resources to prevent or minimize these risks.
Monitor (Low Probability & High Impact)
Description: Unlikely risks that would have serious impact if they occurred.
Examples: Natural disasters, regulatory changes, major market shifts, pandemic
Action: Monitor closely and prepare response plans. Keep early warning systems in place.
Mitigate (High Probability & Low Impact)
Description: Likely risks with manageable consequences.
Examples: Minor delays, small budget variances, routine equipment maintenance, staff absences
Action: Implement preventive measures to reduce likelihood. Build in buffers and backup plans.
Accept (Low Probability & Low Impact)
Description: Unlikely risks with minimal impact.
Examples: Minor process inefficiencies, cosmetic issues, low-priority feature requests
Action: Accept and document. No immediate action needed, but keep aware.
How to Use
Identify Risks: Enter a risk description in the input field
Rate Probability: Select likelihood from 1 (Very Low) to 5 (Very High)
Rate Impact: Select severity from 1 (Very Low) to 5 (Very High)
Add Risk: Press Enter to add the risk to the matrix
Review Placement: Risks automatically appear in the appropriate quadrant based on ratings
Adjust as Needed: Drag risks, use the dropdown, or focus a risk and use arrow keys to move it
Take Action: Focus on mitigating Critical risks first
Rating Scale Guide
Probability (Likelihood)
1 - Very Low: Rare (< 10% chance)
2 - Low: Unlikely (10-30% chance)
3 - Medium: Possible (30-50% chance)
4 - High: Likely (50-80% chance)
5 - Very High: Almost certain (> 80% chance)
Impact (Severity)
1 - Very Low: Negligible effect
2 - Low: Minor inconvenience
3 - Medium: Moderate effect on operations
4 - High: Significant disruption
5 - Very High: Catastrophic consequences
Quadrant Classification
Risks are assigned to quadrants based on threshold values, not the combined score. A value of 4 or higher is considered "High":
Quadrant
Probability
Impact
Example
Critical
4-5 (High)
4-5 (High)
P=4, I=5 (Score: 20)
Monitor
1-3 (Low)
4-5 (High)
P=3, I=5 (Score: 15)
Mitigate
4-5 (High)
1-3 (Low)
P=4, I=2 (Score: 8)
Accept
1-3 (Low)
1-3 (Low)
P=3, I=3 (Score: 9)
Note: The Risk Score (P x I) is shown for reference, but quadrant placement is determined by where each dimension falls relative to the threshold. For example, a risk with P=3, I=3 (Score: 9) goes to Accept because both values are below 4, while P=4, I=2 (Score: 8) goes to Mitigate because probability is high.
Keyboard Shortcuts
Ctrl + I
Focus risk input
Ctrl + 1-5
Set probability level
Alt + 1-5
Set impact level
Arrow Keys
Move focused risk between quadrants
?
Toggle this help dialog
Esc
Close help dialog
Best Practices
Be Realistic: Use objective data when available, not just gut feelings
Involve Stakeholders: Get input from team members and experts
Review Regularly: Risk profiles change over time, reassess periodically
Document Mitigation: Record what actions you're taking for each risk
Focus Resources: Prioritize Critical risks, don't waste time on Accept risks
Learn from Reality: Update ratings when risks occur or are avoided