Risk Matrix
Prioritise risks by likelihood and impact with mitigations.
A risk matrix prioritises likelihood vs impact for identified risks, with mitigations and owners. It makes exposure discussable.
Founders either ignore risks or catastrophise. Structured prioritisation focuses mitigation spend.
Before scaling spend, fundraising, regulated launches, or major partnerships.
- Brainstorm risks across strategy, delivery, legal, market.
- Score likelihood and impact.
- Plot on matrix; tag red/amber/green.
- Define mitigations and triggers.
- Review monthly; link to validation report.
- Mitigations owned and dated.
- Top risks trace to SWOT threats.
- Triggers for escalation defined.
- Laundry list without scoring.
- Mitigations vague ("monitor").
- Matrix never updated post-incident.
Northvale Systems risks: supplier boycott (high impact), ERP API delay (medium), data residency breach (high) — mitigations in roadmap and legal review.
PulseWell top risk: HRIS vendor bundles feature — mitigation: deepen manager analytics partnership exclusives; owner: CEO.
Harbor Consulting top risk: downturn delays projects — mitigation: diagnostic product lower price entry; owner: partner group.
Clearwater Initiative risks: volunteer burnout, rainy-season access, donor exit — mitigations: stipends, motorbike fund, diversified grants.
/risks risk-matrix, IDs RSK-01. Feeds validation and critique phases.
Related techniques
Sources & further reading
- ISO 31000:2018 — Risk management guidelines.