Risk Matrix Calculations – Severity, Probability, and Risk Assessment

What Is a Risk Assessment Matrix?

Safety Professionals use a risk matrix to assess the various risks of hazards (and the incidents they could potentially result in). Understanding the components of a risk matrix will allow you and your organization to manage hazards more effectively by uncovering “hidden risks” embedded in day-to-day tasks, reduce costly workplace illnesses and injuries by dealing with hazards before they can develop into bigger issues, and increase productivity through proactive prevention of incidents that can grind operations to a halt and result in lost time.

Beyond the financial savings, safety managers also can make more informed decisions based on quantitative risk data, rather than relying on guesswork or a “gut feeling.” By conducting risk assessments using a risk matrix, organizations demonstrate a commitment to safe and responsible operations and better protect their hard-earned reputations, making it easier to attract and retain talent.

Components of a Risk Matrix

The risk assessment matrix works by presenting various risks in a color-coded chart with high risks represented in red, moderate risks in orange or yellow, and low risks in green. Risk matrices can come in many shapes and sizes, but every matrix has two axes: one that measures the likelihood of a risk, and another that measures its severity. In other words, the impact the risk would have on operations.

Using a risk matrix allows you to identify and focus your attention and resources on the highest risks, since these have the biggest impact and can result in significant losses.

1. Severity

Severity is first axis of a risk assessment and it measures the amount of damage or harm a hazard could create. Severity it is often ranked on a four-point scale within a risk matrix as follows:

• Catastrophic – 4:  Operating conditions are such that human error, environment, design deficiencies, element, subsystem or component failure, or procedural deficiencies may commonly cause death or major system loss, thereby requiring immediate cessation of the unsafe activity or operation.
• Critical – 3:  Operating conditions are such that human error, environment, design deficiencies, element, subsystem or component failure, or procedural deficiencies may commonly cause severe injury or illness or major system damage thereby requiring immediate corrective action.
•  Marginal – 2:  Operating conditions may commonly cause minor injury or illness or minor systems damage such that human error, environment, design deficiencies, subsystem or component failure, or procedural deficiencies can be counteracted or controlled without severe injury, illness, or major system damage.
•  Negligible – 1 : Operating conditions are such that personnel error, environment, design deficiencies, subsystem or component failure, or procedural deficiencies will result in no, or less than minor, illness, injury, or system damage.

2. Probability

Probability is the second axis of a matrix and it measures the likelihood of the hazard occurring. Probability is often tanked on a five-point scale:

• Frequent – 5:  Likely to occur often in the life of an item.
• Probable – 4:  Will occur several times in the life of an item.
• Occasional – 3:  Likely to occur sometime in the life of an item.
• Remote – 2:  Unlikely but possible to occur in the life of an item.
• Improbable – 1:  So unlikely, it can be assumed an occurrence may not be experienced.

How to Use the Safety Risk Assessment Matrix

You can calculate a hazard’s overall level of risk by multiplying the two scores you’ve selected for its Probability and Severity values together on your risk matrix.

As an example, consider that a worker is tasked with picking up heavy casters from a box on the floor and carrying them over to a wheel for grinding. The worker typically grinds 20-30 castings per hour.

As part of your risk evaluation, you’ve determined that the worker has a reasonable chance of dropping the heavy item on their foot. Repetitively reaching, twisting, and lifting 15-pound castings could also result in a muscle strain to the worker’s lower back. Using your risk matrix, you’d select a probability value of “Occasional” – or 3 points.

The next step is to consider the consequences the risk could result in. If the worker strains a muscle or breaks a bone in their foot, they could miss at least one shift of work and be put on restricted duty, meaning you’d need to find another employee to fill in for them while they are unable to work. The consequences would be fairly severe, so you select a value of “Critical” – or 3 points on your matrix. By multiplying those values together (3×3), you reach an overall risk level of 9, putting the hazard into the severe (and red) category.

You can then outline and implement controls, like placing the boxes the castings are kept in closer to the grinding wheel — reducing the time the worker would need to carry them. You can also provide them with steel-toed boots to better protect their feet in case they should drop the item. With those controls in place, you can now repeat the exercise of selecting a severity and probability level for the hazard using the risk matrix. The consequences of the hazards would not have changed and would remain at a “Critical” level – 3 points.

This time, however, with controls in place to reduce the likeliness that the hazard would occur, you would select a lower probability level, such as “Remote” – 2 points. By multiplying your severity and probability scores together, you now reach a lower, and more acceptable residual risk level for the hazard in the Medium range (3×2=6). At this point, you might decide that this is an acceptable level of risk for the task, or decide to brainstorm and implement additional controls to bring the hazard’s risk to even lower levels.

Best Practices for EHS Risk Management

Besides using a risk matrix for your risk assessments, there are other best practices that organizations can follow. These include:

• Regularly reviewing and updating your risk matrix. Your organization’s risks may change over time, so you should periodically review and determine whether you need to revise your risk matrix to better account for a changing risk landscape.
• Monitoring operations. EHS managers should monitor day-to-day operations to confirm that safety protocols and control measures are being followed and that risks have been mitigated to an appropriate level.
• Investigating incidents. Organizations should investigate incidents to determine their root causes and develop strategies to prevent similar incidents from occurring in the future. Root cause analysis can help you to uncover whether the controls that you’ve implemented to mitigate a hazard are falling short and need to be adjusted.

Risk management technology can also save EHS professionals valuable time and resources. Risks pose real-time threats, and you must be able to make informed decisions to mitigate them quickly. Trying to manage assessments using paper and spreadsheets can be unwieldy and time-consuming.

Using safety risk management software, you can continually update and easily modify your risk matrix to meet your specific operational needs. By using a web-based matrix and assessment tool, it also becomes easier to share risk assessments and communicate hazard information across your organization’s locations.

With the help of technology, you can easily revise and add as many levels to your risk matrix as you like and set probability and severity values and their scores. Adding or archiving risk matrix values can be accomplished with a simple click of the mouse. Web-based risk matrices can also automatically calculate a hazard’s risk after you choose its probability and severity, saving you time. Safety software can even help you take your risk assessments a step further by allowing you to calculate a hazard’s residual risk after controls are set.

Beyond streamlining risk assessment steps and calculations, risk management software also allows you to get a clearer picture of risks throughout your organization. You can roll-up your data to get a wholistic perspective or zero in on just a single facility or department, examining each significant hazard along with identified controls.

With safety management software, there’s also less chance that your risk assessments will grow old and out of date. When assessing a new risk, you can determine the period in which the hazard will need to be re-evaluated and ensure that this is completed in a timely fashion.

Vector Solutions has partnered with thousands of organizations who have leveraged our hazard and risk management software to save valuable time and effort in recording, tracking, and analyzing operational risks.

Contact us today to learn more about how Vector EHS Management software can support and simplify your risk mitigation efforts.