Search
  • Duncan

Questions you should ask the next time you see a risk heatmap

Risks are often assessed using matrices, typically with 1-5 scores for likelihood and impact, multiplied together, and assigned a colour. While this makes risk assessment quick, it is actually an extremely weak practice which does nothing to add value, and can even be dangerous. It needs to be replaced with other readily-available techniques as a matter of urgency. This post is one of a series relating to the use of effective risk management techniques.


The next time you see a heatmap like the one below you should ask yourself:

  • What information is this picture trying to tell me?

  • Can I make decisions and assign resources appropriately based on the information?

  • What do the colours mean?

  • What do the numbers mean? Is a '12' twice as bad as a '6'?

  • How have complex risks been reduced to two single-digits?

  • What other ways to assess risk could have been used?

  • Why has this approach been chosen rather than any others?

  • How do I know that what's presented is complete and accurate?

  • How do I know risks haven't been missed out or covered up?

  • How does this approach take into account individual and collective bias?

  • Why aren't we using Monte Carlo simulation?


If your risk managers and teams are still producing pictures like the one below then ask them these questions. Don't be surprised if they get defensive and try and hide behind 'best practice', 'how it's always done', 'not mature enough', 'not enough data', or 'not in our sector'. They're covering up their own lack of knowledge, experience, or competence, and means the organisation is taking a poor approach to risk management. There are better ways to deal with risk - get in touch and we'd be delighted to tell you more.



208 views0 comments

Recent Posts

See All

Risk management horror stories

There are plenty of horror stories from the world of risk management out there. I’m not talking about bad decisions, poor strategies, mistakes or accidents, but rather cases where people have not thou

What risk management software?

While helping organisations strengthen their risk management arrangements we’re often asked what software do we recommend for risk management. The unfortunate fact is that there are many products out

© 2020 Risk Management Ltd 

Registered in Scotland SC618911

Registered office 43 Millside Road, Peterculter, AB14 0WG