The Risk Reporting Matrix is used to determine the level of risks identified within a program. The level of risk for each root cause is reported as low (green), moderate (yellow), or high (red).


The Goal of the Risk Reporting Matrix

The overall goal of risk reporting is to provide the Program Manager and project personnel a method for managing and communicating risk. The risk matrix provides a good and effective visual medium for communicating a program’s risks and their severity. 


There are three (3) steps associated with the Risk Reporting Matrix: [1]


Step One
Determine the level of likelihood of a risk occurring by using established criteria.  These criteria should be detailed in the Risk Management Plan. Example criteria are below. [1]


Level Likelihood Probability of Occurrence
1 Not Likely 10%
2 Low Likely 30%
3 Likely 50%
4 High Likely 70%
5 Near Certain 90%


Step Two
Determine the level and types of consequences of each risk using established criteria; Risk Confidence & Probability. These criteria should be detailed in the Risk Management Plan.  Example criteria are below. [1]


Level Technical Performance Schedule Cost
1 Minimal or no consequence to technical performance Minimal or no impact Minimal or no impact
2 Minor reduction in technical performance or Supportability can be tolerated with little or no impact on the program Able to meet key dates.
Slip < * month(s)
Budget increase or
unit production cost
< ** (1% of
3 A moderate reduction in technical performance or
supportability with limited impact on program objectives
Minor schedule slip. Able to meet key milestones with no schedule float.
Slip < * month(s)
Sub-system slip > *
month(s) plus available
Budget increase or
unit production cost
< ** (5% of
4 Significant degradation in technical performance or major shortfall in supportability; may jeopardize program success Program critical path
Slip < * months
Budget increase or
unit production cost
< ** (10% of
5 Severe degradation in technical performance; Cannot meet KPP or key technical/supportability threshold; will jeopardize program success Cannot meet key program milestones.
Slip > * months
Exceeds APB
> ** (10% of


Step Three
Plot the results for each risk in the corresponding single square (as pointed to by the arrow) on the Risk Reporting Matrix. [1]


Risk Matrix Plot


Risk Prioritization

Once a risk matrix has been developed, the program manager and project team can determine which risk takes priority. Determining this Risk Prioritization should consider the following:

  • What is the likelihood and maximum of the cost, schedule, and performance impacts
  • What is the cost associated with the risk
  • What is the cost for risk mitigation activities
  • What is the impact of the risk on the program 
  • What is the time frame and frequency of occurrence, and
  • Is there an impact on other risks


AcqLinks and References:

Updated: 4/29/2021

Rank: G1

Print Friendly, PDF & Email