Journal of Risk Analysis and Crisis Response, Vol. 4, No.

1 (March 2014), 49-57

Review of the strengths and weaknesses of risk matrices

Mustafa Elmontsri
Department of Primary Care and Public Health, School of Public Health, Imperial College London
St Dunstan’s Road, London, W6 8RP, United Kingdom
E-mail: [email protected]
www.imperial.ac.uk

Received 5 July 2013

Accepted 29 January 2014

Abstract
Risk assessment and risk matrices are powered tools used in risk management and help guide in the process of
decision-making in organisations. Nevertheless, risk matrices have their own weaknesses and strengths. This paper
provides a critical overview of the development and use of risk matrices in different field with an example of the
risk matrix used by the National Health Service (NHS) in England. Risk matrices are helpful tools for risk
assessment as they use quantitative measures to ensure consistent method of determining risk but organisations
should adjust the design and size of risk matrices to suit their needs.

Keywords: Risk Assessment Matrix, Risk Matrices, NHS risk matrix, quantitative risk matrix

1. Introduction almost always does cost money and time (Glickman and
Gough, 1990).
All over the world, nations and organisations are To answer these questions, analytical tools and risk
attempting to reduce risks, to improve safety and to ranking schemes must be used to distinguish lower risk
extend lives. Indeed risk reduction has become a activities / incidents from higher risk activities /
principle goal of modern governments and almost in incidents. One of the risk ranking methodologies is
every organisation. It is obvious that people, including known as the risk assessment matrix.
government officials, often lack risk-related
information. They often know little about the nature and 2. Risk Management
magnitude of the risks at issue, and they often know
Risk management is the process of assessing risks and
little about the various consequences of risk reduction
taking steps to either eliminate or to reduce them (as far
(Sunstein, 2002).
as is reasonably practicable) by introducing control
Since risk cannot be eliminated, the main problems
measures. Risk management refers to the process of
people face, individually and collectively, are how
reducing the risks to a level deemed tolerable by society
much risk they should live with and how they should go
and to assure control, monitoring, and public
about managing the risk. If a set of strategies have been
communication (Morgan, 1990).
chosen that will allow the abatement of a particular risk,
There are more questions than answers when people talk
the question of what level of risk should be chosen
about risks. The career of the term ‘risk’ is a rather
arises. If abating the risk costs nothing, the obvious
recent phenomenon, however (Fischhoff et al., 1984),
answer is zero, get rid of the risk. But risk abatement
states that, “risk has always been part of human
1

Published by Atlantis Press

Copyright: the authors
49
Mustafa Elmontssri

existence andd the field of risk researchh started as eaarly exxactly what is being manageed it will not be possible too
as human beiings started to
o reflect the poossibility of thheir ideentify all of th
he sources of hazards
h (Boylle, 2002).
own deaths and conteemplated acttions to avoid Acccording to Boyle,
B one off the problem ms with hazardd
dangerous sittuations”. ideentification iss that a large number of haazards will bee
The Internatioonal Risk Gov vernance Couuncil (IRGC) has h ideentified, withh some obviiously more serious thann
developed a framework (Figure 1 below), wh hich othhers.
distinguishes between anaalysing and understanding
u g a Thhe mathemattical tools for f risk asseessment weree
risk – for which risk appraaisal is the esssential procedure deeveloped morre than a ceentury beforee actual riskk
– and deciding what to do d about a risk – where risk r annalyses were performed
p onn technical syystems (Renn n,
management is the key activity (IRG GC white pap per, 19998). Risk asssessment is the scientifiic process of
2005). deefining the componentss of risk in precisee,
preedominantly quantitative terms.t It is argued
a that inn
tecchnical risk assessments,
a this
t means sppecifying whaat
is at stake, calcculating the probabilities
p fo (un)wantedd
for
coonsequences, and aggregating both coomponents byy
muultiplying thee probabilitiess by the maggnitude of thee
eff
ffects (Kolluruu and Brooks, 1995).
Riisk assessmen nt techniques vary
v from pureely qualitativee
appproaches thro ough a regimee of semi-quaalitative to thee
moore traditionaal quantitativee. Altenbach (1995),
( arguess
thaat constraints such as time, money, mannpower, skillss,
maanagement peerceptions, rissk result com mmunication too
thee public, and political presssures all affeect the mannerr
Fig. 1.IRGC’s risk governance framework (IIRGC, 2005)
in which risk asssessment are carried out.
3. Definition
n of Risk Coox (2005), staates that wheen quantitative approach iss
appplied to riskk assessmentss, it can be considered too
There is no ccommonly acccepted definittion for the teerm prooduce subjecttive and very limited
l relativve sense of thee
risk – neitther in thee sciences nor in pubblic rissk only. He argues that qualitative
q juudgments mayy
understandingg. All risk co oncepts have one elementt in rannk the risk froom one scenarrio or group of o scenarios too
common, how wever: there iss a distinctionn between reallity bee greater thaan some othher scenario or group of
and possibilitty (Renn, 19988). sceenarios. Wheen all the sceenarios from a system aree
The definitioon of risk acccording to Thhe Royal Sociiety inccluded in the ranking, the ranking can only be donee
(1992) is “thee probability that
t a particullar adverse evvent suubjectively.
occurs duringg a stated perriod of time or o results fromma W
Whereas quanttitative risk assessment, according too
particular chhallenge. As a probabilityy in a sense of (C
Cox, 2005), th he risk from each scenarioo is estimatedd
statistical riskk obeys all th
he formal law ws of combining nuumerically, alllowing the an nalyst to determ mine not onlyy
probabilities”” rissk relative to all scenarios in the system m, but absolutee
Fischhoff et aal (1984), staates that the definition of riisk, rissk measured ono whatever sccale of units arre chosen.
like that of any other keey term in policy p issues,, is Thhese determin nations can be b made objeectively usingg
inherently coontroversial. The
T choice of o definition canc nuumerical scalles. Jeffery (2006) statees the semi-
affect the ouutcome of policy debates, tthe allocation n of quuantitative risk assessmentt may use soome numberss,
resources am mongst safety measures,
m andd the distribution maainly in the form of boarrd ranges of frequency orr
of political poower in societty. coonsequence lev vels.
In 2008, Ton ny Cox wrotte about serrious techno-
4. Risk Asseessment
maathematical problems
p assoociated with a widely usedd
All of the peeople, things,, activities annd places wh
hich rissk tool often referred
r to ass a consequennce probabilityy
have to be m managed can, in some circcumstance, bee a maatrix or, moree simply, a “riisk matrix. Geenerally, thesee
hazard. It foollows therefoore, that unleess it is kno
own deevices come in the form m of qualitattive or semi-

Published by Atlantis Press

Copyright: the authors
50
 Strengths and weaknesses of risk matrices

quantitative instruments in which hazards are first relative risk presented by events at a facility (Woodruff,
identified and then allocated to a box on a two- 2005).Three types of risk matrices are commonly used
dimensional grid for which one axis measures the for risk ranking. A purely qualitative risk matrix will
likelihood of a specific incident and the other the have its blocks defined in descriptive or qualitative
potential severity of consequences. terms. A purely quantitative risk matrix has its blocks
defined in measurable or quantitative terms. Relative or
The issues identified by Cox are certainly not confined absolute numerical scales are used on quantitative
to the United States, and indeed usage of risk matrices matrices, whereas scales on qualitative matrices are
has spread in the United Kingdom and Europe from relative but not numerical. The third type of risk matrix
industry to all manner of public and private agencies is a hybrid: a semi-quantitative matrix with one scale
ranging from hospitals to small- and medium-sized (usually frequency) expressed quantitatively, while the
enterprises, local and central government bodies, and other scale is expressed qualitatively (Emblemsvag and
professional institutions Kjølstad, 2006).iNTeg-Risk (2008) clearly states the
importance of using scoring systems in risk assessment
and management which generally requires the
4.1. Risk assessment matrix application of specific scores or scales. They highlight
A common method used for risk ranking utilises risk that in practical use, conventions such as using 5x5 risk
matrices; these are typically 4x4 or 5x5 matrices, having matrices and/or a colour-code can be beneficial
event consequences along one axis and event frequency
4.1.1.Qualitative risk matrix
along the other. Each block on the risk matrix represents
some level of risk, and blocks presenting similar risk are The qualitative risk matrix is basically task and or
often grouped together into one of four or five risk hazard analysis with some relative judgments made in
regions (Altenbach&Brereton, 1998) order to categorise the hazards. When the 3x3 matrix is
Risk matrix is defined as “a mechanism to characterise used, both the frequency and consequence of each
and rank process risks that are typically identified accident scenario are then estimated on simple relative
through one or more multifunctional reviews (e.g. scales, such as low, medium and high. The risk for each
process hazard analysis, audits, or incident scenarios is the product of the frequency rating and
investigation” (Markowski and Mannan, 2008), and is consequence rating, this indicates that the qualitative
also defined by Cox (2008) as “a table that has several risk in this case falls into nine distinct regions or
categories of “probability,” “likelihood,” or “frequency” frequency x consequence pairs: Low x Low, Low x
for its rows (or columns) and several categories of Medium, Low x High, Medium x Low, Medium x
“severity,” “impact,” or “consequences” for its columns Medium, Medium x High, High x Low, High x
(or rows, respectively)”. Medium, High x High. Clearly Low x Low region has
the lowest risk, while the High x High region has the
In most cases, the frequency axis of the matrix has highest risk. The intermediate regions are more difficult
numerical values associated with it, typically spanning to interpret because some regions are directly
several orders of magnitude. Often, the consequence comparable and others are not (Altenbach, 1995)
axis is based on a qualitative scale, where consequences In the Environmental Protection Agency in the USA
are judgment based. However, the consequence scale (EPA) technical guidance for hazards analysis adapted
generally has implicit quantitative values associated by DOE-STD-3009-94, the risk levels from the 3 by 3
with it, which may or may not be recognised. Risk matrix are grouped into three categories: High (Major
regions are often arbitrarily assigned (or assigned on the Concern), Medium (Concern) and Low (No Concern),
basis of symmetry). This presents a problem in that if as indicated in the Figure.1 below, and also Table 1
the blocks of the risk matrix are incorrectly grouped, shows the risk groupings from the EPA.
then incorrect conclusions can be drawn about the

Published by Atlantis Press

Copyright: the authors
51
Mustafa Elmontssri

Thhe EPA grouping presen nts two typees of logicaal

incconsistencies,, the first typpe of inconsiistency placess
reggions of diffeerent and direectly comparabble risk gradee
in the same group.
g Note the
t Major Concern groupp
eqquates risk grrade 4 and 5, 5 and No Concern
C groupp
eqquates risk graades 1, 2 and one region off grade 3. Thee
seccond type of logical incconsistency places
p regionss
whhich are not directly
d compparable in thee same group p.
Noote the Conccern group coontains two risk r grades 3
reggions which are not direcctly comparabble (US DOE E,
19994).
It is also argu ued by Cox (personal coommunication n,
Deecember 15, 2008), that risk r matrices have limitedd
Fig. 2.Qualitattive risk matrixx: risk levels are
a relative to the abbility to ran nk quantitative risks correctly
c andd
regions conneccted by arrows (Altenbach,
( 19995) caategorising thee two axes off the matrix (ee.g. frequencyy
annd severity or probability annd consequennce) often leadd
It is notable in the figuree above, thatt the arrows are to inherently am
mbiguous risk classification.
designing dirrections from lower risk reegions to highher
risk regions. The relative risk
r of each reegion is given by 4.11.2.SEMI-qua
antitative matrrix
a numerical grade, with 1 being the loowest and 5 the Feew serious riisk assessmennts actually use a purelyy
highest. Somme regions with the same numerical
n graade quualitative apprroach, due to its
i limited useefulness. In ann
are denoted by prime (’’) and doublle-prime (’’) to eff
ffort to enhannce the usefuulness of thee comparativee
indicate that while
w they have the same relative risk leevel ressults, many semi-quantitaative schemees have beenn
t nearby regiions connecteed by arrows, the
with respect to tried. There are often referredd to as qualitaative methodss,
risk of these regions is noot necessarilyy equivalent, and
a evven though theere is a quantittative foundattion applied too
may in fact bbe significantlly different. The
T risk gradee is thee frequency axis, consequuences axis, or even bothh
only relativee when applied to those regions direcctly (C
Cox, Babayev and Huber, 20005).
connected byy the arrows. For
F example, Medium x Low L It is argued because of the limitations inn making riskk
is risk grade 2 and is higheer risk than Loow x Low wh hich coomparison, quualitative and semi-quantitaative matricess
is grade 1, annd lower riskk than High x Low (grade 3). haave very limitted value, it makes
m no sennse to attempt
And it is noteed that High x Low and Meedium x Mediuum rissk groupings of the blockss (Cox, 2008: Brereton andd
have risk graade 3 and 3’ respectively, but there is no Alltenbach, 19988).
implied equuivalence between
b themm. The onnly
information ccommon to bothb is that thhey have greaater 4.11.3.Quantitatiive risk matrixx
risk than Meedium x Low and lower riisk than High h x
Noot all hazardoous situations need to be annalysed with a
Medium.
quualitative event tree/fault analysis. Byy making thee
Table 1. Risk ggrouping from EPA (US Depaartment of Enerrgy,
coonsequences sccale quantitative, even if only in relativee
1994)
dimmensionless units,
u relativee risk can be calculated forr
alll regions inn the matriix. A basicc consistencyy
reqquirement foor qualitativve and quanntitative riskk
assessments is soundness, which statess that higherr
quuantitative riskks should receive higher qualitative
q riskk
labbels, or at leaast, should noot receive low wer ones (Cox x,
Baabayev and Huber, 20055).Simmons et e al (2005)),
arggues that by using
u a quantittative risk maatrix approach
h,
eaach accident scenario
s will have a relatiive risk valuee
associated with h it, then all scenarios
s can be comparedd
annd ranked. Coox (2008), also states thatt, for the riskk

Published by Atlantis Press

Copyright: the authors
52
 Strength
hs and weaknessees of risk matricees

matrix to bee most usefuul it should, at a minimu um, Coonsidering thaat groupings consisting off regions from m
discriminate rreliability bettween very higgh and very lowl diffferent risk ratings are no ot logically coonsistent, andd
risks, so that it can be usedd as an effectivve screening tool thaat groupings consisting
c of regions from the same riskk
to focus risk mmanagement attention
a and resources.
r ratting are not logically con nsistent, one conclusion iss
cleear, in geneeral, logical groupings of o regions of
5. NHS Rissk Assessmen
nt eqquivalent risk from the quaalitative risk matrix cannot
bee found. To obtain
o the besst use of riskk matrix, eachh
The Nationaal Health Serrvice (NHS) in the Uniited
inccident scenarrio is evaluaated for the system beingg
Kingdom reccognises the use
u of risk asssessment matrrix,
and it is a ttool used forr making deccisions on what w annalysed and placed on the risk matrix m in thee
apppropriate reegion withouut any preedefined riskk
control measuures to be putt in place accoording to the risk
r
grade or raanking that is calculatedd by the risk r acceptance leveels or judgmeents. Then thee analysts cann
assessment m matrix. An essential paart of the risk r deefine the risk acceptance leevels by makiing subjectivee
juddgments baseed on the sccenarios that fall in eachh
management process is to be able to measure
m the leevel
reggion. On thhe other han nd this process leaves thee
of risk associated with a work
w activityy or a workplaace
incident. Figgure 3 beloww shows the risk assessm ment annalyst open to o criticism foor adjusting thhe acceptancee
levvels to suit somme hidden ageenda.
matrix that is widely used by
b the NHS.
It is argued thatt the concept of probabilityy is difficult too
graasp and comm municate, evenn though we are a surroundedd
byy examples off probability, such as lotteery picks, thee
miisunderstandinng and misusee of the princiiples provide a
waall which bloccks the jump from f the fuzzzy comfortablee
quualitative reaalm to thee precise yet y uncertainn
quuantitative reallm.
In my experiencce within the NHS sector, Table 2 and 3
in Appendix A& & B, shows the t possible ddescriptors forr
thee consequennces and th he likelihoodd that, thesee
claassifications assist
a all NHS S staff to be abble to allocatee
nuumerical estim mates of the risk, while avoiding anyy
Fig. 3.NHS riskk matrix availaable at (www.nppsa.nhs.uk)
hiddden agendass that the stafff member/deppartment mayy
According too the NHS risk r managemment strategy,, If haave. The riskk matrix in the t risk assessment formss
staandardise the process of grrading the rissk, as all stafff
possible, the score of the liikelihood willl be by assigning
a predicted frequency off occurrence of the adveerse aree involved in n the assessing g of risks, haaving a simplee
outcome. If tthis is not po ossible, a proobability will be rissk matrix mak kes it easier for
f them to unnderstand andd
loccate the risk grading withhout any com mplexity whichh
assigned to the adverse outcome occcurring withinn a
given time frrame, such as the lifetime of o a project or
o a miight put them off completinng the risk assessment form m.
patient care eepisode. If it is
i not possible to determin ne a Thhe NHS risk matrix
m also asssists the risk managers, thee
booard and all risk-owners to t decide onn the level of
numerical prrobability then n the use off the probabillity
descriptions wwill determinne the most appropriate
a score action that shouuld be taken deepending on thhe score.
(www.npsa.nnhs.uk) Allso, the quanttitative approach can addrress numericaal
esttimates of risk instead of o some feeeling like thee
6. Discussioon sceenario is saafe. It can be used to analyse thee
coost/benefit traadeoffs of a risk reductiion plan andd
Organisationss are recomm mended to addopt a standaard, adddress the perrplexing quesstion of “how w safe is safee
defensible rannking system to allow for decision
d making, ennough?” The increased utiility of quanttitative resultss
based on commpany’s defined safety goaals. The basic for wiill easily justiffy the extra boother in many applications.
risk ranking iis the risk maatrix that has consequence
c a
and Acccording to CoxC (2008), Many M decisioon-makers andd
frequency axxis. The prroduct of coonsequence and a coonsultants believe that, wh hile risk mattrices may bee
frequency proovides a measure of risk. onnly rough apprroximate tools for risk anaalysis, they aree

Published by Atlantis Press

Copyright: the authors
53
Mustafa Elmontsri

very useful for distinguishing qualitatively between the reduction measure and what safety standards to aim for.
most urgent and least urgent risks in many settings and The need for mechanisms to help policy makers set
are certainly much better than doing nothing, for priorities has been increasingly felt, and during the last
example, than purely random decision making. few decades techniques of risk assessment and
Donoghue (2001) also supports the idea that, the risk philosophies of optimisation have been developed.
assessment matrices are effective tools in making Risk matrices are very effective and widely used tool in
decisions in regard to the control of occupational health making and improving risk management decisions,
risks. He states that, the control measures can be applied however the question of how ideally risk matrices
in an iterative fashion until the risk has been reduced to should be constructed to improve risk management
an acceptable residual. decisions is ongoing. It is not easy to answer, because
risk matrices are typically used as only one component
The imagery of risk matrices is powerful, which may, in informing eventual risk management decisions and
along with their alleged and apparent simplicity, explain also because their performance depends on the joint
their popularity among agencies that are responsible for distribution of the two attributes probability and
mainly lesser hazards,1 and therefore are likely less consequence.
qualified in risk, but who nonetheless feel the need to be A risk matrix can be a useful tool to present the results
seen to be proactive in managing risk. Inter alia, and as of simplified risk analysis, helping one to gain insight
observed, though not sanctioned, in the new into the relative risk of various scenarios that might be
international guidance on risk assessment (ISO 31010), encountered in a given system. When developed
it is said that matrices are also widely used to determine quantitatively with axes constructed to be relevant to the
if a risk posed by a given hazard is or is not acceptable. facility and operations being studied, risk evolutions can
Ball and Watt (2013) also concur with Cox (2008) that be defined logically. Logic based risk evaluations can
one of the leading arguments in support of risk matrices, facilitate management decisions such as the
which is that they are simple to use and transparent, is authorisation of operations. It can also help optimise
false. As determined here, all positionings of hazards on resources by showing where to concentrate efforts for
the matrix are subject to innumerable considerations, more detailed analysis or for risk reduction activities.
some of which even the rater may not be wholly aware. Using 3x3, 4x4 or 5x5 matrix, will be useful to some
Yet, and it is another serious matter, requisite organisations and might not be for others i.e. when 5x5
explanations and justifications are seldom, if ever, matrix is used, the matrix will have 25 blocks (risk
attempted. grades), the more blocks for representation, the more
likelihood of the risk matrix producing different levels
It is this latter issue, of the consistency of use of risk which would produce more risk ranking grades.
matrices as applied to what are normally seen as Therefore, organisations would be able to allocate the
beyond-the-workplace hazards. A growing number of low, moderate, high and extreme risk groups to the
authors, highly experienced in risk assessment, have appropriate levels of responsibilities within the
questioned or had cause to investigate alleged organisations. The wider options for the probability and
shortcomings of risk matrices, mainly on technical consequence scores on a risk matrix should give more
grounds. In addition, standards-setting institutions have scope to differentiate within the risk group the
warned of the potential for subjectivity and probability of a certain risk occurring and the
inconsistencyas have researchers in occupational safety consequence of the risk occurring within the low,
(Ball and Watt, 2013). moderate, high and extreme groups for the different
levels of responsibility. whereas by having 3x3 matrix,
7. Conclusion there will be only 9 blocks for the risk grades, which in
Risk assessment and risk management techniques are some cases might not be useful when making decisions
being developed in many fields as an aid to safety or allocating resources.
investment decision making. Expanding responsibilities However, if the descriptions of the consequence and
and limited resources compel policy makers to make likelihood scores are difficult to classify then the scores
difficult choices about the prioritisation of risk cannot always be well interpreted. For example, Table 1

Published by Atlantis Press

Copyright: the authors
54
 Strengths and weaknesses of risk matrices

(appendix 1 NHS Risk Matrix), where it shows the 5. Cox, L. A. Jr., Babayev, D., &Huber,W. (2005). Some
consequence scores, by looking at the column where it limitations of qualitative risk rating systems. Risk
says; Service Business Interruption; the difference Analysis, 25(3), 651–662.
between Major and Catastrophic scores; Catastrophic 6. Cox, L. A. Jr. (2008). What is wrong with risk
score leads the Business to a permanent loss of the matrices?, Risk Analysis, Vol. 28, No. 2,
business while Major score can only cause the business 7. Donoghue, A, M. (2001). The design of hazard risk
to be interrupted for one week. In such a case, the assessment matrices for ranking occupational health risk
extreme description should be more than one week and and their application in mining and minerals processing.
permanent loss. Society of occupational medicine. Vol. 51 No. 2, pp
Cox (2009) argues that risk priority scoring systems, 118-123
although widely used (and even required in many 8. Dietz, T., Scott Frey, R. and Rosa, E. (1996) Risk,
current regulations and standards), ignore essential Technology, and Society, in: R.E. Dunlapand W.
information about correlations among risks. This Michelson (eds) Handbook of Environmental Sociology,
information typically consists of noting common Westport: Greenwood Press.
elements across multiple targets (e.g., common 9. Emblemsvag, J. &Kjølstad, L.E. (2006), qualitative risk
vulnerabilities).These common features induce analysis: some problems and remedies. Management
common, or strongly positively correlated, uncertainties Decision, Vol. 44 No. 3
about the effectiveness of different risk-reducing 10. Fischhoff, B., Watson, S.R. and Hope, C. (1984)
measures. It is easy to use this information, in Defining risk, Policy Sciences 17, 123–29.
conjunction with well-known decision analysis and 11. Glickman, T, S & Gough, M. (1990). Readings in risk.
optimization techniques, to develop more valuable risk USA: Resources For the Future
reduction strategies, for any given risk management 12. Kolluru, R.V & Brooks, D.G. (1995) Integrated Risk
budget, than can be expressed by a priority list. Thus, Assessment and Strategic Management, in: R. Kolluru,
there appears to be abundant opportunity to improve the S. Bartell, R. Pitblade and S. Stricoff (eds) Risk
productivity of current risk-reducing efforts in many Assessment and Management Handbook. For
important applications using already well-understood Environmental, Health, and Safety Professionals, pp.
optimization methods.To sum up, risk matrices are a 2.1–2.23, New York: McGraw-Hill.
useful way of ranking risks, but organisations should 13. Morgan, M.G. (1990) Choosing and Managing
adjust the design and size of risk matrices to suit their Technology-Induced Risks, in: T.S. Glickman and M.
needs. Gough (eds) Readings in Risk, pp. 5–15, Washington:
Resources for the Future.
References 14. Markowski, A, S. &Mannan, M, S. (2008). Fuzzy risk
matrix. Journal of hazardous materials. pp 152-157
1. Altenbach, T (1995). “A comparison of risk assessment
15. Mcilwain, J, C. (2006). A review : a decade of clinical
Techniques from qualitative to quantitative”,
risk management and risk tools. Journal of Clinician in
proceedings of the joint ASMEIJSME pressure vessels
Management, Volume 14, No 4, pp. 189-199(11)
and piping conference, Honolulu HI.
16. Renn, O. (1998) Three decades of risk research:
2. Altenbach, T & Brereton S. (1998). “Risk Ranking
accomplishments and new challenges, Journal of Risk
Methodology for Chemical Release Events. Probabilistic
Research 1 (1), 49–71
Safety Assessment and Management. 4, International
17. Simmons, J.Dwyer, S &Pfitzer, T. (2005). The RAC
Conference on Probabilistic Safety Assessment and
matrix: a universal tool or a toolkit. Journal of system
Management New York City, NY
safety. Vol. 41 No. 2. pp 14-19
3. Boyle, T. (2002). Health and safety: risk management.
18. Sunstein, C, R. (2000). Risk and reason: safety, law
England: IOSH Services Limited
and the environment. England: Cambridge University
4. Cox, L. A. Jr., & Huber, W. (2008). Optimal design of
Press
qualitative risk matrices to classify binary quantitative
19. The Royal Society. (1992). Risk: analysis, perception
risks [abstract]. In: Proceedings of the Annual Meeting
and management. England: The Royal Society
of the Society of Risk Analysis; 2008 December 7-10,
Boston

Published by Atlantis Press

Copyright: the authors
55
Mustafa Elmontsri

20. The National Patient Safety Agency (www.npsa.nhs.uk)

accessed on 26th August 2013 at 17:40hrs
21. The International Risk Governance Council. (2005).
White paper on Risk Governance: towards an Integrative
Approach, can be downloaded from www.irgc.org
22. US Department of Energy. (1994). DOE Standard
preparation guide for US Department of Energy
Nonreactor Nuclear Facility Safety Analysis Reports,
Washington, DC, DOE-STD-3009-94
23. Woodruff, J, M. (2005). Consequence and likelihood in
risk estimation: A matter of balance in UK health and
safety risk assessment practice. Safety Science. 43,
345–353
24. Ball, D. J. and Watt, J. (2013), Further Thoughts on the
Utility of Risk Matrices. Risk Analysis, 33: 2068–2078
25. Cox, Jr., L. A. (2009), What's Wrong with Hazard-
Ranking Systems? An Expository Note. Risk Analysis,
29: 940–948
26. ISO (International Standards Organisation). Risk
Management:Risk Assessment Techniques, 2009.
ISO/IEC 31010.Geneva: ISO.
27. iNTeg-Risk (2013). iNTeg-Risk-Early Recognition,
Mointoring and Integrated Management of Emerging,
New Technology Related Risks (2007-2013),
www.integrisk.eu-vri.eu

Published by Atlantis Press

Copyright: the authors
56
 Strengths and weaknesses of risk matrices

Table 2. The Consequence scores used by the (National Patient Safety Agency in England)

1 2 3 4 5

Descriptor Insignificant Minor Moderate Major Catastrophic

Insignificant cost <5% over 5-10% over 10-25% over >25% over
increase/schedule budget/schedule budge/schedule budget/schedule budget/schedule
Objectives /
slippage. Barely slippage. Minor slippage. Reduction slippage. Does not slippage. Does not
Projects
noticeable reduction in reduction in in scope or quality meet secondary meet primary
scope or quality quality/scope objectives objectives
Minor injury not Minor injury or RIDDOR/Agency Major injuries or Death or major
requiring first aid illness, first aid reportable long permanent
Injury
treatment needed incapacity/disability incapacity
(loss of limb)
Unsatisfactory patient Unsatisfactory Mismanagement of Serious Totally
Patient experience not directly patient experience – patient care. mismanagement of unsatisfactory
experience related to patient care readily resolvable patient care patient outcome or
experience
Locally resolved Justified complaint Below excess claim. Claim above excess Multiple claims or
Complaint/Cla peripheral to clinical Justified complaint level. Multiple single major claim
ims care involving lack of justified complaints
appropriate care
Service Loss/interruption > 1 Loss/interruption >8 Loss/interruption >1 Loss/interruption >1 Permanent loss of
business hour hours day week service of facility
interruption
Short-term low staffing Ongoing low Late delivery of key Uncertain delivery Non-delivery of key
level temporarily reduces staffing level objective/service of key objective/service
service quality (< 1 day) reduces service due to lack of staff. objective/service due to lack of staff.
Staffing &
quality Minor error due to due to lack of staff. Loss of key staff.
competence
poor training. Serious error due to Critical error due to
Ongoing unsafe poor training insufficient training
staffing level.
Small loss Loss >0.1% of Loss >0.25% of Loss>0.5 of budget Loss >1% of budget
Financial
budget budget
Minor recommendations Recommendations Reducing rating. Enforcement Prosecution. Zero
Minor Non-compliance given. Non- Challenging Action. Low rating. rating. Severely
Inspection/aud with standards compliance with recommendations. Critical report. critical report
it standards Non-compliance Major non-
with core standards compliance with
core standards
Rumours Local media – short Local media – long National media <3 National Media >3
Adverse
term. Minor effect term. Significant days days. MP concern
publicity/reput
on staff morale effect on staff (question in House
ation
morale of parliament)
Table 3. The Likelihood scores
1 2 3 4 5
Descriptor Rare Unlikely Possible Likely Almost certain

Frequency Not expected to Expected to occur at Expected to occur at Expected to occur at Expected to occur at
occur for years. least annually. least monthly. least weekly. least daily.

<1% 1-5% 6-20% 21-50% >50%

Probability Will occur in Unlikely to occur. Reasonable chance Likely to occur. More likely to occur
exceptional of occurring. than not.
circumstances.

Published by Atlantis Press

Copyright: the authors
57