Skip to main content
All CollectionsESGUnderstanding Materiality Assessments
Decoding risk: Understanding your 5x5 risk matrix
Decoding risk: Understanding your 5x5 risk matrix
Andrew Lingley avatar
Written by Andrew Lingley
Updated over a week ago

What is a risk matrix?

A risk matrix is a structured framework displayed as a simple 5x5 grid, filled with colours that range from green to red – a traffic light system for risks.

The matrix categorises your risks based on their probability and impact, using a scale from low to high across both axes. On the X axis, you’ll see the likelihood of an event occurring; on the Y axis, you’ll see the impact this event would have if it did occur. The higher the likelihood or impact, the warmer the colour gets—moving from safe greens to caution yellows and through to warning-sign reds.

This matrix serves as a valuable tool during risk analysis, giving you oversight of your most critical risks at a glance.

What do you use a risk matrix for?

The primary focus of the 5×5 risk matrix in your ESG Financial Materiality Assessment is to identify and evaluate the likelihood and consequences of sustainability material risks.

Much more than pretty colours, your risk matrix is a strategic map, used to assess sustainability material risks within your organisation. By plotting risks on the matrix, you gain a clear picture of which ones need immediate attention (those in the red zone) and which can wait (those in the green zone). It helps you prioritise, plan, and allocate resources wisely.

By considering a broader range of risks related to environmental impact, resource depletion, supply chain disruptions, and regulatory compliance, your organisation can better understand and manage its overall risk exposure.

Most importantly for your ESG Financial Materiality Assessment, the risk matrix aids in assessing potential damages or disturbances caused by sustainability-related risks, contributing to more informed decision-making processes.

Benefits of using a risk matrix

  • Get a clear signal: Just like a traffic light, the risk matrix provides a clear signal of what lies ahead, helping you navigate risks with certainty and confidence.

  • Make informed decisions: The matrix serves as a guidepost for making decisions—know when to speed up, slow down, or halt completely.

  • Communicate effectively: Easily communicate different risk levels to your team and stakeholders using the universal language of colours, making it simple to grasp and interpret.

  • Take preventive measures: Anticipate potential risks and take preventive measures, just like how you anticipate a red light and slow down before stopping.

  • Maximise your resources: The matrix minimises the need for lengthy quantitative analyses, saving you time and resources during risk assessment processes.

Important elements of your risk matrix

Risk scores

Your risk score refers to the numerical value assigned to a specific risk based on its likelihood and impact.

The matrix ranges from 1 to 5 for both likelihood and severity, with 1 being the lowest and 5 being the highest. When multiplied together, these values give the risk score for each identified risk. For example, if a risk is rated as a 3 for likelihood and a 4 for impact, its risk score would be 3 x 4 = 12.

The risk score helps you prioritise risks by highlighting those with the highest potential consequences and likelihood of occurrence. Risks with higher scores are those that need to be addressed first and given significantly more attention in risk mitigation strategies.

Severity levels

  1. Insignificant (1): Minor non-compliance with no significant impact on the environment, society, or governance practices.

  2. Minor (2): Isolated incidents or non-compliance that have a limited impact and can be managed through normal operational procedures.

  3. Moderate (3): Issues that result in noticeable non-compliance with ESG standards, leading to moderate adverse effects that require management attention.

  4. Major (4): Significant non-compliance with ESG requirements causing serious environmental damage, social repercussions, or governance failures with potential legal and financial implications.

  5. Catastrophic (5): Severe breaches of ESG practices leading to widespread environmental catastrophe, major social unrest, or governance breakdown, possibly incurring major financial losses and irreparable reputational damage.

Likelihood levels

  1. Very likely: The event is expected to occur in most circumstances, possibly multiple times.

  2. Likely: The event will probably occur in many circumstances.

  3. Possible: The event might occur at some point in time.

  4. Unlikely: The event is not expected to occur, but it is still a possibility.

  5. Rare: The event is unlikely to occur

Risk ratings

Risk ratings refer to the categorisation of risks based on their calculated risk scores. These risk ratings help you prioritise and manage risks effectively.

Risk ratings are divided into five categories based on the calculated risk scores:

  • Minimal: Risks with low likelihood and low impact, usually falling in the lower range of the matrix (e.g., risk scores 1-4).

  • Informative risk: Risks with moderate likelihood and/or impact, falling in the mid-range of the matrix (e.g., risk scores 4-6).

  • Important risk: Risks with higher likelihood and impact, indicating a more significant potential impact on objectives (e.g., risk scores 8-12).

  • Significant risk: Risks with high likelihood and/or high impact, falling in the upper range of the matrix (e.g., risk scores 15).

  • Critical risk: Risks with extreme likelihood and impact, representing the most critical and urgent risks that require immediate attention and action (e.g., risk scores 20-25).

By assigning risk ratings based on the risk scores derived from the matrix, organisations can prioritise their risk management efforts, allocate resources appropriately, and develop targeted mitigation strategies for each category of risk.

Opportunity ratings

Opportunity ratings in your risk matrix refer to the assessment and categorisation of potential opportunities based on their potential positive impact on objectives. Just as risks are evaluated for their likelihood and impact, opportunities are evaluated using a similar framework.

Opportunity ratings are categorised as follows:

Very low opportunity: Opportunities with a very low potential positive impact on objectives, typically falling in the lower range of the matrix.

Low opportunity: Opportunities with low potential positive impact on objectives, typically falling in the lower range of the matrix.

Medium opportunity: Opportunities with moderate potential positive impact, falling in the mid-range of the matrix.

High opportunity: Opportunities with high potential positive impact, falling in the upper range of the matrix.

Similar to risk ratings, opportunity ratings help you prioritise your organisation’s efforts and resources towards capturing and leveraging opportunities that align with your strategic objectives. By categorising opportunities based on their potential impact , you’re able to focus on maximising your positive impact while minimising potential risks.

Did this answer your question?