Risk Assessment and Risk Matrices

Risk assessment turns hazards into priorities

Risk combines the severity of potential harm with the likelihood that it occurs, modified by exposure frequency, exposure duration, the number of people exposed, control reliability, and uncertainty. A common conceptual model is Risk = Severity × Likelihood (some models add an Exposure factor). Risk assessment does not make hazards disappear — it decides which hazards need immediate action, what level of control is justified, and what residual risk remains.

A risk matrix compares severity and likelihood on a grid. Severity bands typically run from minor first aid to fatality or catastrophic loss; likelihood bands run from rare to frequent. The cell color (often green/yellow/red) signals priority. The non-negotiable rule: define scoring criteria before ranking so the assessment is driven by agreed definitions, not opinion or politics.

Reducing risk: ALARP and ALARA

Two principles govern how far to drive risk down. ALARP (as low as reasonably practicable) and ALARA (as low as reasonably achievable) hold that risk should be reduced until the cost, time, and effort of further reduction become grossly disproportionate to the benefit. Neither permits ignoring a feasible higher-level control simply because a matrix cell turned yellow. A high-severity hazard with weak controls usually needs action even when the likelihood estimate is debated.

Matrices are useful but imperfect

A color-coded box can oversimplify uncertainty. Two teams may score the same hazard differently if terms are vague. A matrix can hide rare catastrophic risk when likelihood is underestimated, and it can make a moderate recurring exposure look less urgent than a dramatic but unrealistic scenario. Treat the matrix as one input, then apply professional judgment and the hierarchy of controls.

Existing controls must be credited honestly. A written procedure that is not followed should not earn the same credit as an inspected, maintained engineered interlock. PPE that is unavailable, uncomfortable, or worn incorrectly may not reduce residual risk as assumed. Control verification is part of risk assessment because the rating depends on real-world performance.

Worked example: a team rates a chemical transfer as "low residual risk" because a procedure requires a closed system. A field check shows operators routinely use open containers because the closed fitting leaks. The residual-risk rating is invalid — the credited control is not in place. The team must downgrade the rating to reflect actual conditions and select a control that works, such as an engineered closed-transfer system, before re-scoring.

When to reassess

Risk assessments expire when conditions change. Triggers include new equipment, new chemicals, layout changes, staffing changes, contractor work, incident findings, near misses, audit results, process upsets, or new hazard information. A production-rate increase or a maintenance redesign can invalidate last year's assessment, which is why management of change routinely forces a fresh review.

A practical workflow:

1. Define severity, likelihood, exposure, and scoring criteria up front.
2. Identify the hazard and credible loss scenarios.
3. Score initial risk with current controls in place.
4. Choose additional controls using the hierarchy of controls.
5. Estimate residual risk (apply ALARP/ALARA).
6. Implement and verify controls in the field.
7. Reassess when work, equipment, people, or data change.

Common trap: answers that use the matrix to justify inaction without a control review. The defensible choice combines risk ranking, feasible higher-level controls, worker input, and follow-up verification.

Qualitative versus quantitative methods

Risk assessment runs on a spectrum. Qualitative methods use descriptive bands (low/medium/high) and are fast, transparent, and good for prioritizing many hazards — the typical risk matrix. Semi-quantitative methods assign numbers to the bands so risks can be ranked and compared, as in the Risk Priority Number used in failure analysis. Quantitative methods use actual probabilities and consequence data — for example, fault tree analysis with failure rates, or a quantitative risk assessment for a major-hazard facility.

The exam expects you to pick the lightest method that answers the question: a quantitative study is overkill for ranking routine maintenance tasks, while a color matrix is inadequate to defend a multimillion-dollar process-safety decision.

Risk perception, bias, and consistency

Scoring is only as good as the people doing it. Common biases the exam tests include optimism bias ("it hasn't happened, so likelihood is low"), anchoring on the first estimate, and availability bias, where a dramatic recent event inflates a rating while a chronic exposure is undercounted. Calibrating teams with defined, written criteria and worked examples reduces these errors and makes ratings reproducible — two assessors scoring the same hazard should land in the same cell.

Tying assessment to decisions and records

A risk assessment is a decision document, not a filing exercise. The output should drive a prioritized action list with owners and due dates, feed the management-of-change process, and become an input to management review. Worked example: a facility scores a fall-from-height task as high inherent risk, installs a guardrail (engineering control), and re-scores the residual risk as low. The assessment must record both the inherent and residual ratings, the control credited, and the verification that the guardrail was installed and inspected — otherwise an auditor cannot tell whether the low residual rating is real or assumed.

Linking the assessment to verified controls is what makes risk-based prioritization defensible on the exam and in practice.