ELI5: What is a Risk Matrix / Heat Map?
Picture a chart with “how likely” on one side and “how bad” on the other. Risks in the red corner (likely and bad) need attention right now. Risks in the green corner (unlikely and mild) can wait. It’s a color-coded way to see your biggest dangers at a glance.
Definition
A risk matrix (or risk heat map) is a visual tool that plots identified risks along two axes — likelihood (probability of occurrence) and impact (severity of consequences) — to produce a relative risk ranking. Risks appearing in the high-likelihood/high-impact quadrant (typically colored red) require immediate attention, while low-likelihood/low-impact risks (typically green) may be accepted or monitored. The heat map format makes risk prioritization visually intuitive for both technical and executive audiences.
Key Details
- Axes typically use qualitative scales (Low/Medium/High or 1–5) for both likelihood and impact
- Combined score (likelihood × impact) determines the cell color: red (high risk), yellow (medium), green (low)
- Heat maps are ideal for communicating risk posture to executives and boards who need a high-level view
- Risk heat maps are a qualitative tool — the numerical scores are relative, not absolute dollar values
- Exam tip: risk matrix = qualitative tool for visualizing and prioritizing risks; often tested alongside SLE/ALE (quantitative tools)
Connections
- Parent: risk-assessment — risk matrices are a core output of qualitative risk assessment
- Parent: risk-management — heat maps are used across the risk management process for prioritization
- See also: qualitative-risk-assessment
- See also: risk-register