Risk
matrices are simple tools to rank and prioritize risk of (generally adverse)
events and to make decisions whether certain risks can be tolerated. A risk matrix
displays the basic properties, “consequence” and “likelihood”, of an adverse
event and the aggregate notion of risk by means of a graph. It uses discrete
categories of consequence, likelihood, and risk. Using categories rather than
numerical values appeal to both risk specialists and laymen as a means of
stressing the uncertainties in risk statements. The combinations of consequence
and likelihood are mapped on to a limited number of risk categories (often
visualized by different colors) and this mapping may include subjective
considerations. Risk matrices are widely used in risk management. They are a
regular feature in various risk management standards and guidelines and are
also used as formal corporate risk acceptance criteria. It is only recently, however,
that scientific publications have appeared that discuss the weaknesses, and
provide recommendations for the use and design of risk matrices.  Risk matrices have two main applications. The
application or aim of the risk matrix is relevant when discussing the
suitability of risk matrices. One application is decision-making about the
acceptance of risk; the other is to prioritize which risk needs to be addressed
first. Frequently, in risk acceptance, only three levels of risk are
distinguished: hazards or events with unacceptable risk (often indicated with a
red color); hazards or event sin which the risk is found to be “broadly
acceptable”, i.e. not requiring further risk reduction (often indicated with
green), and an intermediate level, where risk should be reduced “As Low As
Reasonably Practicable” (ALARP, often indicated with yellow). Given these
interpretations, there is not need to further prioritize hazards, at least not
in the red and green areas. In cases where the risk matrix is used for prioritizing
(which hazards require most attention in order to reduce the cumulative risk),
a larger number of risk levels may be necessary in order to obtain sufficient
resolution to rank events or hazards in order of priority. Even then, different
hazards may end up either in the same cell or with the same assigned risk. (Duijm,
N. J, 2015)

 

Risk
matrices are probably one of the most widespread tools for risk evaluation.
They are mainly used to determine the size of a risk and whether or not the
risk is sufficiently controlled. There is still confusion about how they are
supposed to be used. There are two dimensions of a risk matrix. It looks at how
severe and likely an unwanted event is. These two dimensions create a matrix.
The combinations of probability and severity will give any event a place on a
risk matrix (there are some events that are more difficult, but we’ll come to
that later).

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Most
matrices have at least three areas: the low probability, the high probability,
and the medium category. The low probability, low severity area (usually green)
that indicates the risk of an event is not high enough, or that is is
sufficiently controlled. No action is usually taken with this. If we talk about
the risk matrices in a bowtie however, usually bowties are done for major
hazards, so most events are high risk and don’t fall into this category. The
high probability, high severity (usually red), which indicates an event, needs
a lot or more control measures to bring the probability or severity down.
Bowties will have a lot of events that fall into this category. The medium
category (usually yellow) is in between these two areas. Any event that falls
in this area is usually judged to be an area that needs to be monitored, but is
controlled as low as reasonably practicable. Essentially if we keep the risk at
that level, we accept.

 

It’s
important to understand that a risk matrix by itself make a poor decision
making tool. It is best suited for ranking events. There is not enough
granularity in a risk matrix to use it for anything other than saying that some
events are really bad, and others are less so. Decisions need to be based on an
underlying analysis that will tell you what will cause the unwanted event and
what an organization is already doing to control it. This information will make
an informed decision possible. Another misconception is that a risk matric is a
quantitative tool. In theory, it can be, but in practice, it is not. The risk
matric is made up of two ordinal rating scales, with mostly qualitative descriptions
along its axes. This makes it very difficult to assign any real number to a
matrix and thus to do calculations with it. It can only give you a qualitative
score that indicates in which category an event falls. It won’t allow for any
sophisticated calculations.

 

Ranking
an event on a risk matrix can be done in three ways: worst case scenario,
current situation, and future situation. Worst case scenario is done by taking
the worst that could happen. For instance in the case of a car crash, there
will be multiple fatalities and it might be likely to occur. Essentially when
looking at the worst case scenario, all Barriers are ignored and only the
Hazard, Top even and Consequences are considered. These types of incidents
might occur in reality, but they will most likely be the exception, not the
rule. Current situation is the second strategy that tries to evaluate the
severity and probability of the average event. So the average severity of a car
crash might be a single fatality, and it’s unlikely to happen. This strategy
takes into account all the barriers that are currently implemented. Future
situation is the last strategy that tried to make an estimate of how risk might
go down after improvements to barriers, or implementation of new barriers. It
aims to estimate the future average of incidents. Even though the risk matrix
has a lot of drawbacks, it has endured the criticism and is still one of the
standard tools used in most risk assessments. If the risk matrix is used in the
correct way, it can add some understanding, although probably the greatest
challenge today is for people to understand its limitations. (Cgeadmin. “Risk
Matrices.”)

 

Supplier
positioning (also known as a Kraljic Matrix, after its author) classifies
purchasing to gain better insight into how each category should be managed by
the buying organization. Graphing the cost of purchasing relative to its total
risk creates the supplier positioning matrix, which is labeled with each of the
four classifications into which any purchasing category might fall.

 

Across
the horizontal ax is of the supplier positioning matrix, the annual expense of
purchasing measures the influence this purchasing has on the overall
profitability of the buying organization. This issue alone is used to
prioritize attention to purchasing in a simpler ranking scheme known as an ABC
policy. However, supplier positioning also recognizes the vulnerability of the
supply, determined by a variety of factors that can include limited
availability and shortages of the item being purchased, the reliability of
delivery, the number of potential suppliers, and even environmental concerns.
Purchases positioned in the bottom left-hand quadrant of the supplier
positioning matrix are described as tactical acquisitions, being of both low value
and risk. A minimum amount of time should be spent on purchasing in this
category, because there is little benefit to focusing energy on these items.
Items in the bottom right-hand quadrant, the tactical profit category, are
relatively high value but their low risk implies the presence of several
competitive suppliers, so the buying organization should focus on leveraging
its purchasing power when selecting a supplier. Purchases in the top left-hand
quadrant, described a strategic security, are of lower monetary value but do
represent a critical risk to the organization, so the objective here should be
to ensure continuity of supply, even at a premium price, and developing
relationships with potential suppliers. Finally, strategic critical purchases in
the top right-hand quadrant are both high in value and in risk to the
organization. These items are the natural focus of the organization, requiring
the most time and effort devoted to purchasing decisions, contingency planning,
and maintaining close supply chain partnerships. (Simpson, N. C., &
Hancock, P.G., 2012)