Risk assessment matrix – Complete your risk evaluation

Performing a risk evaluation, also known as a project risk assessment helps a company be prepared if things don't go to plan.

As a manager, getting a project completed puts you in a similar position to an orchestra maestro. You have to see the big picture, understand what parts must be present, and know where people could go wrong. Using a risk assessment matrix will help visualize this process and will assist in your project risk assessment.

You need to be able to coach and support your team so that you can all make something good happen.

With so many moving parts, it’s important for managers and team members alike to go through a project risk assessment. Once you complete a thorough assessment, you can begin structuring a workflow and assigning tasks.

Risk evaluation is at the core of a proactive workflow. Let’s start working through what “project risk assessment” really means and what to consider as a part of this process.

What is a project risk assessment?

Project risk assessment is a step-by-step process that allows managers to create a straightforward workflow that anticipates for human error.

By the time you’ve completed an analysis of each project, you’ll also have a series of backup plans in case something goes wrong.

These assessments look at the project as it functions and how each individual step plays into the bigger picture.

In order to properly evaluate a project and prepare your team to work efficiently, you’ll first have to go through the four stages of risk evaluation.

  1. Identification of risk
  2. Risk assessment
  3. Risk mitigation
  4. Contingency

Peter F. Drucker, who is often regarded as the father of modern business theory, placed a lot of importance on the concept of prioritizing key elements of a project and supporting the team. Creating a solid decision-making plan to manage overall risk is the best way to effectively complete a project.

Part of fulfilling these duties is – you’ve guessed it – going through a meticulous risk evaluation prior to beginning the project to ultimately create the best outcomes.

Let’s start discussing the individual parts of a complete project risk assessment. This will help you set up your own evaluation and strategically direct your team’s efforts.

Man on computer doing a project risk assessment

Identifying the risks to your project

The first step to completing a project risk assessment is actually identifying and understanding the project risks. It may seem obvious enough, but taking your time on this step is critical.

After all, you want to take the time now to understand the things that could jeopardize the success of your project.

There are tons of different ways you could identify potential risks, we recommend a combination of:

  1. Past project review
  2. Team brainstorming
  3. Analyze essential functions
  4. Area-by-area review

Each of these identification methods can give you valuable insight, both from your team and prior experience.

To help you fully understand what each point of identification means, we’ve broken them down below.

Past project review

There’s an old saying that goes “Those who fail to learn history are doomed to repeat it.”

Now, we don’t like looking at projects with a doom and gloom perspective, but it’s important to take the core of this saying to heart.

Reviewing the past can help you do better in the future.

Make sure to take the time to look back on old projects and identify weaknesses that gave your team trouble. In some cases, a lack of structure could have been a weak point of your project. Analyze old, or on-going projects that are similar to the one you are preparing for to avoid repeating mistakes.

If your team hasn’t tackled a project like yours before, call on your professional network for advice. Their insights in addition to researching common pitfalls of similar undertakings will prove useful to preventive planning.

For each risk you identify, add them to a list to analyze further as you go through this process.

Team brainstorming

Perhaps one of the best steps you can take to identify risks is to brainstorm with your team. This is best built into a pre-launch meeting after the project has been presented to the team.

Once everyone understands the goals, expected outcomes, and proposed structure of the project, they’ll be able to use their collective experience to throw out potential risks.

Soon, your team will be deep in a dialogue that could dredge up risks that you should be preparing for.

There’s no correct or incorrect number of risks to add to your evaluation list.

You should be making sure that your team members feel comfortable speaking up and that they are involved throughout the process.

Remember, during this step, questioning is key. Don’t shoot down any suggestions; investigate them. Once someone brings up a potential risk, have the team discuss details of this risk and possible solutions.

You may consider recording your brainstorming session to ensure that nothing gets lost in the shuffle. Similarly, appointing someone as the official note taker is a valuable step to track the project risks.

Woman and man sitting in front of computer brainstorming ideas for a risk evaluation

Analyze essential functions

This step will help you determine high-consequence risks that could affect the pillars of your project.

These are high-priority problems that you must handle effectively to keep your project on schedule and on budget.

So what does this step involve?

Singling out the major milestones that your project depends upon and determining the setbacks.

If you’re designing a website for a client, for example, it is essential to create solid content for that site.

A possible complication of this milestone could be a client ignoring your emails. Other risks to your website project include your hosting server going offline, in which case a backup would be a good solution.

Go through this process for every pillar of your project to better insulate it from complications.

Area-by-area review

The final part of risk identification is doing an area-by-area review.

To complete this, allow members of your individual department to explore the potential complications and risks that could happen to their scope of work.

Instruct department heads to work with their team to create a list of associated risks within their area.

Each risk they produce should be accompanied by:

  • Causes
  • Solutions
  • Complications
  • Impact on the other departments.

Getting these extra details will help you work through the second part of your project risk assessment.

Accurately assessing the importance of each risk

Now that you have a multifaceted list of risks associated with your project, it’s time to assess and prioritize.

This step focuses on breaking each risk down into two factors. We will use these to plot that specific risk onto the risk assessment matrix and walk you through creating later in the guide.

Risk impact

Understanding the impact that each risk would have on your project if it were to happen, is perhaps the most important factor you’ll use in prioritizing each risk.

Break each risk down into the following levels of impact:

  • High: your project or team may be shut down as a result of this risk. A high impact risk is the worst case scenario.
  • Medium: your project will be devastated by this risk happening, but it could recover and continue to completion given the right follow-up actions.
  • Low: your project will encounter and overcome the hurdles this risk will create. These risks include simple human error or any other easily-managed complication.

Take this time to really weigh the importance and consequences of each risk you’ve listed.

Some may eliminate a risk entirely, while others become more serious as you go through your evaluation.

Remember, we’ll be using the level of impact you assign to each risk as a way to help plot it on our risk assessment matrix.

This step focuses on breaking each risk down into two factors, both of which we will use to plot that specific risk onto the risk assessment matrix we’ll walk you through creating later in this guide.

Likelihood of each risk

Similarly to the impact of each risk, you must carefully consider the likelihood of that risk even happening.

Rank each risk as one of the following:

  • High probability: this risk is common, occurring at least once a year. However, this does not mean it’s necessarily a high-impact risk.
  • Medium probability: this risk could happen, but you should be able to prevent it from occurring or at least manage it easily with some training and foresight (like performing a project risk assessment.)
  • Low probability: this risk is highly unlikely, and would mean that a series of higher probability risks would have been mismanaged to allow this low probability risk to become a reality.

Perhaps one of your high-impact risks would be catastrophic, but it would only happen if your building were to burn down.

If you have great smoke and gas detection systems in place, a sprinkler system, and strict safety procedures implemented in your office, it’s very unlikely that this risk would become a reality.

Therefore, you could rate that high-impact risk as low probability.

Risk mitigation

This is the step where you can finally plan and outline how to manage each of the risks you’ve analyzed.

The goal of this step is to always have a plan of action in case a risk becomes reality. This simple act of planning ahead could prevent this risk, although unlikely, from a devastating consequence.

For example, you could mitigate the unlikely risks of projects getting shut down because you’ve run through the monthly budget by setting up a contingency fund.

Once you have created a solution for each potential risk, you will then move on to outlining the resources you’d need to execute on each task.

Make sure you are taking finances, human work hours, and whether or not it’s really a feasible solution into consideration before moving on to mitigating the next risk on your list.

Finally, you will want to revisit these backup plans frequently as the project progresses.

This is a good practice to get into in order to continually update adapt expectations and plans along the way.

Man sitting in front of his laptop doing a full risk mitigation of his project

Contingency assessment

Now that you’ve identified, analyzed, and mitigated each risk, it’s time to figure out the contingency that you should have if this risk were to come to fruition.

What’s your budget?

Having a contingency plan for each risk requires you to understand the budget you have available. This doesn’t mean knowing what your entire budget is – but how much it would take to control and move past each specific risk.

During this step, think about the funding available as well as the potential cost of fixing the consequences of each risk would entail.

What does it take to maintain project quality?

There’s a difference between getting something done and getting something done the right way. In some cases, a simple fix could immediately restore a high level of quality to your project.

In other cases, you may have to make extra room in your budget and timeline to raise your project back to the standard of quality you’ve set.

Think about the impact of each risk and how much it would set your project back. Talk to team members and different departments about what they’d need to accomplish to raise the bar on this project after each risk.

Project timeline

It’s always good practice to add extra weeks to your timeline to give some padding in case a setback occurs.

Assembling a proper timeline is key, and we always recommend that teams have access to a strong workflow program. This should allow for dependencies, triggers, team collaboration, and due dates to be set up easily.

In order to create a timeline that sets your team up for success, you will want to look at your risks, their impact levels, the budget, and QA needs. A project risk assessment is one of the best ways to get all of this information together.

How a risk assessment matrix can help you prioritize

Now that you have all the information you need, you can move on to the final step of this process: creating a matrix that will help you prioritize each risk.

To complete this step, create a table similar to the one below.

You will want to weigh the likelihood of a risk with its impact in order to find out what category each risk falls into: uncommon, routine, difficult, or critical.

Example of a risk assessment matrix and how to create


With each risk plotted on your matrix, you’ll be able to move forward with your project into a well-planned workflow.

From there, it’s smooth sailing to project completion thanks to all risks being identified and planned for ahead of time.

Make those workflows work for you with Cirkus

Detail the potential risks and use the risk assessment matrix to help prioritize what tasks to complete first. You can start inputting this project into your task manager.

With task management software like Cirkus, you’ll be able to create the digital architecture of your project.

You can assign team members to specific steps, set due dates, and create triggers and dependencies between tasks.

With a solid risk evaluation and a well-structured project plan, you will see the value that comes from using a tool that works for you.

By Stephanie Watkins

May 22, 2018


Real work gets done with Cirkus

Use Cirkus to reduce stress and keep your projects on track, files in order, and communications together in one place with your team. Progress starts now, and it’s free to signup and try.