Risk matrix

Using a risk matrix, risk portfolio or risk map , the probability of the occurrence of an undesirable event (the risk ) is compared in a table in relation to its impact. In contrast to the risk inventory, there is a two-dimensional representation. This is used for the systematic assessment and evaluation of risks. The risk matrix is a method in connection with a risk analysis and exists in different variants.

construction

In the two-dimensional representation, the probability of occurrence is usually indicated on the abscissa axis and the extent of damage is indicated on the ordinate axis. In addition, more dimensions are possible, which represent further effects such as B. the amount of an image loss or the addition of the frequency (exposure factor) as in the Kinney method.

The row and column labeling can be done by index (1, 2, 3, ...) or by a descriptive information. The main identified risks are positioned in the matrix so that a comparative presentation and prioritization take place [8]. A possible coloring of the cells groups the risk areas. The colors are often based on traffic light colors. Alternatively, the matrix can be expanded to include a risk threshold. The positions of the risks in relation to the risk threshold or the grid in which the risks are mapped provides information on the importance assigned to the risk. The urgency of risk management measures can also be read from the position of the risks. Both individual risks and the risk situation in individual business areas can be represented in the risk matrix.

Use

The risk matrix is a measure of the risk assessment. It is therefore one of the standard risk management tools. Using the risk matrix, the expected damage value can be calculated by multiplying the probability of occurrence and the extent of the risk. It should be noted, however, that the two factors (probability of occurrence and extent of damage) can put each other into perspective, resulting in a wrong judgment about the risk. (see: criticism)

The risk matrix is also a basis for further risk categories. On this basis, a subdivision into further impact classes can take place. The risk matrix is also useful for risk reporting. The risk portfolios from different parts of the company are combined and processed into a risk portfolio for the company. This creates an overview of the main risks in the company. The risk matrix is a possible basis for risk control ; it should be revised and updated at least once a year.

Examples

Example of a risk matrix

There are numerous variants. Examples are given below.

According to Nohl

Risk matrix according to Nohl
Damage severity / probability	minor injury or illness	moderate injury or illness	serious injury or illness	possible death, disaster
very low	1	2	3	4th
low	2	3	4th	5
medium	3	4th	5	6th
high	4th	5	6th	7th

The Nohl risk matrix is usually used in occupational safety . Categories for the likelihood of occurrence or the likelihood of the hazard becoming effective :

very low
low
medium
high

The categories are "sensibly estimated" or statistically proven in the risk assessment. Categories for severity of damage :

minor injuries or illnesses , e.g. B. Bruises
moderate injuries or illnesses, e.g. B. Simple fractures
serious injuries or illnesses, e.g. B. Paraplegia
possible death , disaster , e.g. B. Serious injuries to numerous people

The fields of the matrix contain a risk figure from 1 to 7. This figure is divided into three categories:

1 to 2: low risk, no risk reduction necessary (between residual risk and limit risk )
3 to 4: significant risk, risk reduction necessary (close to the limit risk to slightly above)
5 to 7: high risk, risk reduction urgently necessary (above the limit risk)

ALARP

ALARP is a matrix from the English-speaking area.

criticism

The risk matrix is not very well recognized in terms of its informative value, as it is only a selective representation of individual risks. This means that interactions between the individual risks and the dynamics of the individual risks are ignored. In addition, it is implied in risk portfolios that the individual risks can be meaningfully described in terms of the extent of damage and the probability of occurrence. This assumption is only true if the risks are binomially distributed . However, risks in a company rarely correspond to this type of distribution.

Another point of criticism is the vertical and horizontal lines as a division of the risk matrix, because if two risks with the same expected value are on the same line, a hyperbolic, non-linear relationship arises. In addition, the matrix is based on the assumption that all risks can be changed equally easily. This does not correspond to reality, risks are changeable in different ways.

In addition, problems often arise with the assessment basis of the risks. An expected value indicates an average period exposure due to the risk under consideration. In risk matrices, the condition of a uniform evaluation basis is ignored. This leads to errors in the risk assessment .

A significantly better resolution of the wide range for the probability of occurrence from a few percentage points to multiple events per day is also of interest in resolving the impact of the event over a range from a few euros to the loss of a multiple of the company's annual profit. This is not possible in the representation given: the linear mapping is unsuitable for both the probability of occurrence and the impact. A mathematical transformation is used for a better graphical representation: instead of plotting the effect over the probability of occurrence, the logarithm is used in both cases. A = R / W (A = impact; R = risk; W = probability) becomes log⁡ (A) = log⁡ (R / W) = log⁡ (R) -log⁡ (W). This transformation initially helps to achieve a good spread of the two axes. In addition, the curve progression of the isokindunes (lines of equal risk) is straightened by taking the logarithm. If one uses this double logarithmic plot in the risk matrix, one obtains on the one hand a good resolution between extremely low and very high probabilities of occurrence or effects. On the other hand, the usual diagonal field markings in the traffic light colors are now mathematically correct. The previous problems with the valuation basis do not apply.

improvement

In order to improve the informative value of a risk matrix, there is a new approach to risk assessment. The risk is described on the basis of the maximum damage value with the " Value at Risk ". Based on the values, the company's overall scope of risk can be realistically assessed.

Individual evidence

↑ ^a ^b Standard DIN ISO / TR 14121-2: 2013-02 Safety of machinery - Risk assessment - Part 2: Practical guidelines and process examples . (ISO / TR 14121-2: 2012)

↑ ^a ^b Werner Gleißner: Fundamentals of risk management in companies . 2nd Edition. Vahlen Verlag, Munich 2011, p. 145 .

↑ ^a ^b Bruno Brühwiler / Frank Romeike: Practical Guide to Risk Management . Erich Schmidt Verlag, Berlin 2010, ISBN 978-3-503-12476-3 , p. 157 .

^ Th. Mössner: Risk assessment in mechanical engineering . 1st edition. Federal Institute for Occupational Safety and Health, Dortmund 2012, ISBN 978-3-88261-145-8 , p. 83-84 .

↑ ^a ^b Martin Werdlich (Ed.): FMEA - Introduction and Moderation . 2nd Edition. Springer, Vieweg, Wiesbaden 2012, ISBN 978-3-8348-2217-8 , pp. 147-148 .

↑ ^a ^b ^c ^d ^e Marc Diedrichs: Risk Management and Risk Controlling . 3. Edition. Vahlen Verlag, Munich 2012, p. 93-95 .

↑ ^a ^b ^c ^d W.Gleißner / F.Romeike: The greatest assumed stupidity in risk management . Risk, Compliance & Audit, 2011, p. 21-26 .

↑ Müller and Arenz: Safe storage of dangerous substances: from theory to practice . 6th edition. Hüthing Jehle Rehm, Heidelberg, Munich, Landsberg, Frechen, Hamburg 2011. p. 117

^ Bernhard Leidinger; Value-based maintenance ; Springer / Gabler Verlag; Wiesbaden; 2014; ISBN 978-3-658-04400-8 ; Page 28.

[ISO14121-2-1] Standard DIN ISO / TR 14121-2: 2013-02 Safety of machinery - Risk assessment - Part 2: Practical guidelines and process examples . (ISO / TR 14121-2: 2012)

[:2-2] Werner Gleißner: Fundamentals of risk management in companies . 2nd Edition. Vahlen Verlag, Munich 2011, p. 145 .

[:0-3] Bruno Brühwiler / Frank Romeike: Practical Guide to Risk Management . Erich Schmidt Verlag, Berlin 2010, ISBN 978-3-503-12476-3 , p. 157 .

[Moessner-4] Th. Mössner: Risk assessment in mechanical engineering . 1st edition. Federal Institute for Occupational Safety and Health, Dortmund 2012, ISBN 978-3-88261-145-8 , p. 83-84 .

[:1-5] Martin Werdlich (Ed.): FMEA - Introduction and Moderation . 2nd Edition. Springer, Vieweg, Wiesbaden 2012, ISBN 978-3-8348-2217-8 , pp. 147-148 .

[:3-6] Marc Diedrichs: Risk Management and Risk Controlling . 3. Edition. Vahlen Verlag, Munich 2012, p. 93-95 .

[:4-7] W.Gleißner / F.Romeike: The greatest assumed stupidity in risk management . Risk, Compliance & Audit, 2011, p. 21-26 .

[MuellerArenz-8] Müller and Arenz: Safe storage of dangerous substances: from theory to practice . 6th edition. Hüthing Jehle Rehm, Heidelberg, Munich, Landsberg, Frechen, Hamburg 2011. p. 117

[Leidinger2014-9] Bernhard Leidinger; Value-based maintenance ; Springer / Gabler Verlag; Wiesbaden; 2014; ISBN 978-3-658-04400-8 ; Page 28.