Risk is defined as probability multiplied by impact. Taking these two elements into account helps decide the most efficient way to allocate resources. For example, you wouldn’t spend a million dollars to prevent a blister, but you might do so to prevent a chemical explosion. Even though a blister might be more likely to occur, the impact is low, compared to a less likely chemical explosion that has potentially fatal impacts.
One common form of risk assessment is the risk matrix. The risk matrix plots severity and probability on separate axes, creating a region of high risk at one corner and low risk at the opposite corner.Based on where your company draws the line between acceptable and unacceptable risk, you can use the risk matrix to decide when a given hazard requires remedial action.
If you’ve ever used one, you know what a useful tool a risk matrix can be. The problem is, it’s not enough. Not on its own, at least.
