Introduction
Cox (2008) defines a risk matrix as a table that is divided into several categories of probability, likelihood, or frequency for its rows, and multiple categories of severity, impact, or consequences for its columns (P.497). According to Lozier (2011) the constituents of risk ordinarily attest themselves as a hazard; which refers to the likely origin of a harmful outcome and harms; which are the ensuing damages to the environment.
It incorporates generally accepted ratings of risk, urgency and priority, with every row-column pair. This is represented by distinct cells which are separately colored, using red, green and yellow colors. Each distinct cell has a different risk rating, for instance, cells colored in red will indicate risks that require an urgent attention, whereas those that are colored in green will indicate those risks that do not require to be dealt with urgently.
The yellow colored cells indicate those risks that fall in between the ratings of very urgent and less urgent risk events. Kailash (2007) explains that the qualitative rankings provided by risk analysis matrices, reflect a rudimental quantitative grading.
Advantages of Risk analysis matrix
According to Ho (2010), a risk analysis matrix is widely opted because of its simplicity as a tool for risk appraisal and management. Its convenience and efficacy in dissecting various alternatives with different risk degrees is plausible. As Cox (2008) notes, risk matrices allow advisers to train various organisational staff on risk, by presenting different hazards within a constructed matrix (p. 498).
Additionally, they provide for an organised and structured analysis of individual risks. They offer a conveniently documented record, of the various principles adopted by risk managers in ranking risks and setting the antecedent of when and how to address them. Proponents of the risk matrix approach have noted that, the design and development of risk matrices within an organisation do not require any specialised knowledge in quantitative risk assessment methodologies.
Anybody from any organisational department, be it finance, medicine, among others, can use the risk analysis matrix without much ado. It is a very concise and user-friendly technique for information gathering, used to prioritise, palliate and develop readiness, response, and rebound plans for any risk event within an organisation.
Talbot (n. d) notes that, a risk matrix provides some consistency to prioritising risks, and presents more complex risk data in a succinct manner (n. page). This is only conceivable in instances where the risk analysis matrix is able to rank various risk events into different risk classes. For instance, those risks that have been classified in a higher category in the risk analysis matrix cannot, at the same time be classified anywhere else.
Disadvantages of using the risk Matrix approach in Risk management
Cox (2008), has explained that, although most risk management consultants and professionals tend to believe that risk matrices are beneficial in differentiating, though qualitatively, between urgent and less urgent classes of risks, only a limited number of empirical or theoretical studies have been carried out to reiterate these notion.
Kailash (2007) identifies the following setbacks of risk matrix analysis:
First, there is the limitation of poor resolution; – this is where there is an impossibility to rank risks which fall within the same qualitative rating. A risk analysis matrix tends to append imprecision to risk analysis, since it basically classifies a wide range of risk cases into one class, making it inconceivable to further rank them within their own subcategory. This has the implication that such grouped risks will be treated equally, the level of urgency that will be assigned to them, and organisational impact will be taken to be similar, though in reality, it might not be the case.
Secondly, there are ranking errors. Cox (2008) explains that ranking errors occur where a risk analysis matrix assigns a higher qualitative ranking to a lower quantitative risk. This phenomenon arises, as Hubbard (2009) notes, in instances where verbal scales are interpreted differently by various people (n. page). As such, verbal scales tend to add inaccuracies, resulting in lack of uniformity and consistency in the results arrived at.
The terminologies used to describe the ratings such as; frequent, probable, occasional, remote and improbable among others are usually interpreted to convey varied meanings, for different people. As Carey & Burgman (2008), explain these variations in assigning different meanings to the same words, may lead to possible arbitrary disagreements and inconsistent results among users. Notably so, descriptive words for hazards may be differently construed leading to discrepant results, which are otherwise expected to be similar.
Further still, risk matrix analysis does not give the total risk level of a particular hazard, but can only be used to categorise the hazards into vaarious risk groupings. Thus, the risk analysis matrix, if used in isolation, might not be of adequate assistance.
Every person involved in ranking hazards, will usually exhibit personal opinions, character traits and attitudes in ranking various hazards. Majority of these individuals are prejudiced and will, in most instances pre-judge events instead of objectively analysing facts when faced with a particular set of information for decision making.
Proper and rational decision making can only be ocnceivable where judgements are adequately grounded on observable phenomena which is void of any emotional and personal perceptions. Cox (2008) notes that, the limitations of risk analysis matrices includes the fact that, scoring methods do not consider the very important aspect of correlation among various risk factors. The correlations that may be existing among different risk events, if ignored will adversely affect decision making.
This calls for risk managers to conduct an in-depth analysis of correlations among the risk factors, before deciding on the risk categorisations and ratings. However, correlation analysis is a specialised exercise that can only be carried out by individuals with adequate knowledge and proficiency in quantitative risk analysis methodologies. This therefore , means that risk analysis will only be the preserve of quantitative risk analysis experts and not any other person, as proponents of the risk analysis matrix think.
Other disadvantages that are associated with the risk analysis matrix emanate from Examples of linguistic uncertainties include ambiguity, vagueness, under-specifity and context dependence. Ambigity arises in cases where words bear multiple meanings, and it is not possible to precisely and accurately determine which one the person using such words means. Failure to recognise the distinctions of word meanings, will result in an ambiguous meaning and decision making.
Vagueness on the other hand, according to Carey & Burgman (2008), arises where words can be said to have borderline meanings. It is not possible to precisely and distinctly understand the precise meaning that they are intended to bring out. Underspecificity occurs where explanations of words includes generalisations and inductions that.
Finaly, Carey & Burgman (2008) explain that context dependence refers to cases where a person fails to specify the context within which he or she is using certain words. Some words will portray varied meanings under different contextual settings. Thus, one should settle conclusively such linguistic uncertainty issues so as to alleviate any disagreements that may result from them.
Conclusion
Analysing risks using a risk matrix usually fronts an acceptable basis for comparing, ranking and assessing hazards so that managers bestowed with the task of managing risks, can direct their efforts on the most severe risks. In order to enhance the effectiveness and usefulness of a risk matrix as an appropriate tool for risk management in any organisation, it is recommended that an appropriate risk matrix should exhibit the following attributes:
- It should be simple to use;
- Provide for outcomes that are consistent even when applied by persons within different organisational departments and professions;
- It should also be able to reasonably analyse a wide array of risks such as financial, health, safety, environmental and political risks;
- It should incorporate the capability to be transformed and adapted to suite the dynamic and unique risks facing a particular organisation.
To be most effective, a risk analysis matrix should be able to differentiate reasonably, between very high and very low risks, in order to make it an efficient screening tool for directing both human effort and financial resources to risk management. Cox (2008) points out that it is important to design risk matrices in such a way that, they conform to the weak consistency principle.
This ensures that optimality in resource allocation is achieved. Each organisation should attempt to ensure that the human effort and financial resources employed to manage risks are symmetrical to the risk itself, and are not excess or inadequate. Where the principle is ignored, those risks that are categorised as being comparatively small, may actually be greater than how the risk matrix rates and ranks them.
Carey & Burgman (2008) have noted that , it is important to minimise linguistic uncertainties by applying the repetitious reappraisal approach to risk ranking, which results in consistent risk ratings for the same event. It is also important to keep it in mind that, although risk analysis matrices may be an efficient tool for risk ranking, there is no empirical research findings to proof that it actually enhances decision making within those organisation using them.
Cox (2008) also advises users of the risk analysis matrix to adequately provide plenteous explanations to their underlying discernment and perceptions. Hubbard (2009) explains that no statistical information is collected for the analysis and consequent decision making, when using scoring methods such as risk analysis matrices. Because of this fact, he proposes that the scoring methods should be applied with the sole purpose of wanting to improve the decision making activities within organisations.
Risk management managers should ensure that the most grievous risks are accorded first priority during resource allocation. This is because, failure to do this, the impingement on an organisation may be inauspicious. According to Carey & Burgman (2008), qualitative risk analysis frequently entails immanent discernment of risk managers who are mostly susceptible to external factors such as personal biasness and perceptions.
References
Carey, J. M., & Burgman, M. A. (2008). Linguistic Uncertainty in Qualitative Risk. Annals of the New York Academy of Sciences, 13-17.
Cox, A. L. (2008). What’s wrong with Risk Matrices? Risk Analysis, 497-512.
Ho, V. (2012, June 14). The Risk of Using Risk Matrix in Assessing Safety Risk. Retrieved from www.hkarms.org
Hubbard, D. W. (2009). The Failure of Risk Management: Why it’s Broken and how to fix it. New Jersey: John Willy & Sons.
Kailash, A. (2009). Cox’s risk matrix theorem and its implications for project risk management. Retrieved from Eight to Late: https://eight2late.wordpress.com/
Lozier, T. (2011). Risk Assessment: Creating a Risk Matrix. Retrieved from the Enterprise Software Blog. https://blog.etq.com/
Talbot, J. (2012). What’s Right With Risk Matrices. Retrieved from Julian Talbot: Some Articles: https://www.juliantalbot.com/