Calculator Inputs
Enter risk details below. After submission, the result appears above this form and below the page header.
Example Data Table
| Risk | Probability | Impact | Raw Score | Mitigation % | Residual Priority |
|---|---|---|---|---|---|
| Vendor Delay | 4 | 5 | 20 | 35% | High |
| Scope Creep | 5 | 4 | 20 | 20% | High |
| Data Loss | 2 | 5 | 10 | 60% | Moderate |
| Approval Lag | 3 | 3 | 9 | 25% | Moderate |
| Low Adoption | 3 | 4 | 12 | 40% | High |
Formula Used
Raw Score = Probability × Impact
Weighted Score = Raw Score × Probability Weight × Impact Weight
Residual Score = Weighted Score × (1 − Mitigation Effectiveness ÷ 100)
Confidence Adjusted Score = Residual Score × (Confidence Level ÷ 100)
Annual Exposure = (Probability ÷ 5) × Financial Exposure × Occurrences Per Year × Residual Factor
Annual Schedule Risk = (Probability ÷ 5) × Delay Days × Occurrences Per Year × Residual Factor
The matrix score gives the inherent position. The residual score shows the remaining risk after current controls. Confidence adjustment helps when evidence quality varies.
How to Use This Calculator
- Enter a short risk name and assign an owner.
- Select the category that best matches the risk.
- Choose probability and impact values from 1 to 5.
- Adjust the weighting factors if one dimension matters more.
- Enter mitigation effectiveness, exposure, delay, and confidence.
- Set a risk appetite threshold for escalation decisions.
- Click Calculate Matrix to see results above the form.
- Use the chart, residual score, and recommendation to prioritize action.
- Download CSV or PDF for reporting or team reviews.
FAQs
1. What does an impact probability matrix show?
It places a risk on a grid using likelihood and consequence. This helps teams compare threats consistently and decide what deserves immediate attention.
2. Why would I use weighting factors?
Weights let you emphasize one side of the matrix. For example, a regulated project may treat impact as more important than probability.
3. What is the difference between inherent and residual risk?
Inherent risk is the untreated exposure. Residual risk is what remains after your current controls, mitigations, or process safeguards are applied.
4. Why is confidence level included?
Confidence reflects evidence quality. A lower value reminds you that the estimate may change as you collect better data, feedback, or monitoring results.
5. What does the appetite threshold do?
It marks the raw score where your team wants stronger attention. Risks above that line can be escalated, funded, or reviewed more frequently.
6. Can I use this for projects and operations?
Yes. It works for delivery, finance, compliance, staffing, technology, vendors, and quality risks. The same logic fits many productivity workflows.
7. Why estimate annual exposure and schedule delay?
Those values translate abstract risk into money and time. That makes prioritization easier for managers, sponsors, and cross functional teams.
8. When should I revisit a score?
Review scores after major changes, control updates, scope shifts, incidents, or new evidence. Risks should evolve with the real operating environment.