The Risk Reporting Matrix is used to determine the level of risks identified within a program. The level of risk for each root cause is reported as low (green), moderate (yellow), or high (red).
Risk Reporting Matrix Goals
The overall goal of risk reporting is to provide the Program Manager and project personnel with a method for managing and communicating risk. The risk matrix provides a good and effective visual medium for communicating a program’s risks and severity.
Risk Reporting Matrix Steps
There are three (3) steps associated with the Risk Reporting Matrix: [1]
Step One
Determine the level of likelihood of a risk occurring by using established criteria. These criteria should be detailed in the Risk Management Plan. Example criteria are below. [1]
| Level | Likelihood | Probability of Occurrence |
| 1 | Not Likely | 10% |
| 2 | Low Likely | 30% |
| 3 | Likely | 50% |
| 4 | High Likely | 70% |
| 5 | Near Certain | 90% |
Step Two
Determine the level and types of consequences of each risk using established criteria; Risk Confidence & Probability. These criteria should be detailed in the Risk Management Plan. Example criteria are below. [1]
| Level | Technical Performance | Schedule | Cost |
| 1 | Minimal or no consequence to technical performance | Minimal or no impact | Minimal or no impact |
| 2 | Minor reduction in technical performance or Supportability can be tolerated with little or no impact on the program | Able to meet key dates. Slip < * month(s) |
Budget increase or unit production cost increases. < ** (1% of |
| 3 | A moderate reduction in technical performance or supportability with limited impact on program objectives |
Minor schedule slip. Able to meet key milestones with no schedule float. Slip < * month(s) Sub-system slip > * month(s) plus available |
Budget increase or unit production cost increase < ** (5% of Budget) |
| 4 | Significant degradation in technical performance or major shortfall in supportability; may jeopardize program success | Program critical path affected. Slip < * months |
Budget increase or unit production cost increase < ** (10% of Budget) |
| 5 | Severe degradation in technical performance; Cannot meet KPP or key technical/supportability threshold; will jeopardize program success | Cannot meet key program milestones. Slip > * months |
Exceeds APB threshold > ** (10% of Budget) |
Step Three
Plot the results for each risk in the corresponding single square (as pointed to by the arrow) on the Risk Reporting Matrix. [1]
Risk Prioritization
Once a risk matrix has been developed, the program manager and project team can determine which risk takes priority. Determining this Risk Prioritization should consider the following:
- What is the likelihood and maximum of the cost, schedule, and performance impacts
- What is the cost associated with the risk
- What is the cost for risk mitigation activities
- What is the impact of the risk on the program
- What is the time frame and frequency of occurrence, and
- Is there an impact on other risks
AcqLinks and References:
- DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisitions- Jan 2017
- (Old) DoD Risk Issue and Opportunity Management Guidance for Defense Acquisition Programs – June 2015
- [1] DoD Risk Management Guidebook – Section 4.0 – Aug 06 (Outdated)
- Risk Assessment Checklist
- Risk Assessment Worksheet and Management Plan
Updated: 12/14/2022
Rank: G1
