No one can ever truly eliminate risks; be it in relationships, businesses or even politics. We often think we’re in control…until we’re not, why? Because Murphy’s Law doesn’t abide by anyone’s parameters. Now, what we CAN do, however, is manage risks by defining, assessing and assigning them.

What's in here:

  • What are these risk management terms: risk register, risk matrix, and RACI chart?
  • Once you’ve assessed your risks, you can use the risk assessment matrix to understand your risk environment, and manage things before they hit you in the face.
  • Save time, resources and money by knowing how to assign risks with a RACI chart.

What is risk assessment?

We use the term risk assessment (or hazard identification) to explain the process of identifying risk factors that can possibly cause harm. Once you’ve identified the risks, you can then analyze them (risk analysis) and evaluate (risk evaluation). Only then will you be able to get insight into the severity of the risk and how to go about fighting it. The process of risk elimination must be done quickly to make sure your risks don’t spread further.

What is a risk register?

A project risk register is a tool that project managers use to track and monitor risks that may have an impact on their projects. The purpose of a project management risk register is to identify, log and track potential risks. Any risk that you identify as having an impact on your project should be looked at by the team and logged into the risk register. For more on risk registers and how to go about creating them, here’s a good article!

What is a risk matrix?

The risk matrix, also known as the risk assessment matrix, is a visual tool that can show you the possible risks affecting your project. This risk matrix in project management is based on two components: the likelihood of your risk happening (or probability) and the potential impact it might have.

To put it simply, the risk matrix is a tool that allows you to visualize the possibility vs. severity of a potential risk. Risks are therefore categorized as either low, moderate or high, depending on their likelihood, as well as their impact. Keep in mind that this would apply to the most basic form of the risk matrix.

The 3 colors of the risk matrix - low, moderate, high risk
Risk matrix colors

What is the risk matrix used for?

Risks come in many shapes and forms, but the 3x3 risk assessment matrix presents these risks in a simple, green-yellow-red chart. Red represents the high risks, yellow, the moderate ones, and green represents the low risks. All risk matrices have two axes; one for probability (or likelihood) and one for impact (or effect). When dealing with a slightly bigger risk matrix, we add orange to the mix!

The 4 colors of the risk matrix: low, moderate, high, very high risk
Risk matrix colors

Regardless of the parameters you choose in order to measure the likelihood and impact of your risks, one of the fastest ways to go about estimating risks in your project is the risk assessment matrix.

Why are there different sizes for the risk matrix?

It’s all about precision. Risk matrix sizing/complexity is based on how you choose to define the Probability and Impact ranges in your risk matrix; but more importantly, it’s about how accurate you are at ranking those risks.

Probability and Impact in the risk matrix 4x4
4x4 risk matrix

As long as you’re able to rank a risk accurately enough, then there’s not much difference between, say, a 4x4 risk matrix and a 5x5 risk matrix. Avoid using risk matrices that are too small, because then your range of uncertainty is way too vague; or matrices that are too big, because you end up constrained.

Impact and likelihood in the risk matrix 3x3
3x3 risk matrix

With a 3x3 matrix, you’ll find it difficult to visualize the difference between acceptable and unacceptable risk. With a 6x6 matrix on the other hand, the risk impact of Extreme vs. Severe, for example, becomes insignificant.

How to create a risk matrix in risk management?

Creating a risk assessment matrix may sound complicated at first, but in reality, it’s a fairly simple process. There are actually four steps to creating a risk assessment matrix.

1. Identify your risk landscape

This is represented as a full-scale visual of your overall risk. How do you come up with it? Well, you go through a brainstorming session with the team to discuss potential risks, then you rank those risks according to the level of threat they bring about.

2. Find out the risk criteria

Once you’re done brainstorming, you then decide on the criteria you’re going to be using to evaluate your risks. As I mentioned above, the risk assessment matrix uses probability (i.e. likelihood of that particular risk happening) and its impact. This is where you’ll see how to go about mitigating your risks.

3. Assess the risk

In order to assess your risks, use the risk criteria decided upon in Step 2. We usually use a qualitative scale like “Low, Moderate and High” to assess the severity of the risks.

Levels of risk assessment in the risk matrix
Risk assessment - low to high

4. Prioritize the risks

When you’ve finished assessing the risks, the next step is to prioritize them. How do you do that? By comparing them based on severity. Is it a high, moderate or low risk? How likely is it? What’s the impact? You then multiply probability by impact to get a score for that risk, which you will then use to prioritize your risks. The risk with the highest probability and highest impact would then be a top priority, and so on and so forth. That’s when you come up with a plan to eliminate your risks based on how they score.

Keep in mind that the risk assessment matrix will change throughout the year, based on various factors; if you fail to update it, you’ll end up missing out on a new risk that could bring about some great threat!

Advantages and disadvantages of the risk assessment matrix

Just like with everything else in life, there are advantages and disadvantages to using the risk assessment matrix.

What are the advantages of using the risk matrix?

There are many advantages to using the risk matrix; I’ll name a few here:

  1. The risk matrix creates awareness about risks
  2. Helps in coming up with a program to control risks
  3. Allows identification of the most probable risks
  4. Allows visualization of the risk situation
  5. Simplifies the risk situation for everyone
  6. Does not require prior knowledge to understand

What are the limitations of the risk matrix?

It’s important to remember a few things when dealing with a risk matrix:

  1. The risk matrix is qualitative, not quantitative
  2. It may sometimes oversimplify the complexity of the risks
  3. It could fail in keeping up with the changes in risks
  4. There isn’t always enough time to carry out a proper investigation
  5. The evaluation of risks is always subjective
  6. There is no real differentiation between the risk categories

What is RACI in project management?

The RACI chart, also called a RACI matrix, is a type of responsibility assignment matrix in project management. It’s made of spreadsheets (or tables) that showcase the responsibilities of different stakeholders over a specific task, with a set of 4 letters: R A C I. Each responsibility level is usually color-coded and put into a simple table layout.

RACI chart in risk management
RACI matrix for risk assignment

What does RACI stand for?

The acronym RACI stands for Responsible, Accountable, Consulted, and Informed.

  1. Responsible
    Manager/team member directly responsible for the task
  2. Accountable
    Anyone with final authority over the completion of a task
  3. Consulted
    Someone with unique insights that the team can consult
  4. Informed
    Client/executive who should be kept in the loop; not directly involved

RACI is the basis for all responsibility matrices; each version, however, will have its own style.

SCRUM example in the RACI chart
RACI matrix example

Why do you need a RACI matrix?

The RACI matrix brings structure and clarity to the roles stakeholders play within a project or task; it also makes people more confident. Keep in mind that, generally speaking, no one should have more than one responsibility level for every deliverable in the RACI chart.

When to use the RACI matrix?

  • Large companies with very specific deadlines
  • Organizations where responsibilities are unchanging
  • When many stakeholders are involved in various aspects
  • Inter-departmental projects
  • Highly regulated industries like finance, insurance and manufacturing

When not to use the RACI matrix?

  • Small projects within one department
  • Teams that use Agile frameworks like Scrum 😁 Why? Because task responsibility depends on personal initiative and self-organizing, rather than top-down.

Who uses a RACI matrix?

The RACI chart is a tool project managers use to deal with stakeholders, but who will end up using it depends on the scale of a project, the corporate structure, and so on.

How to assess and assign risks in Jira?

As you know, we build simple plug&play apps for Jira; and we're picky about how we manage our risks - which is why I have to mention this here!

If you're interested in how to go about using the risk matrix and RACI chart when managing projects and risks in Jira, we've got the perfect tool for you: Hedge.

Create risk register in Jira and customize
Hedge risk register

Hedge will allow you to create risks like you would any regular Jira issue, set a template for your risk registers, assign risk owners and view overall scores in a risk matrix, with probability and impact being metrics you can choose from a simple dropdown.

Customize risk matrix in Jira
Hedge risk matrix

You can even customize the formula you choose to score your risks! Not to mention the amazing reports you’ll get for every risk register you create.

👉 Start your 30-day FREE trial of Hedge - today!