State the relevant objective the risk relates to (e.g. strategic, business, project, clinical – refer to Pesto’s business plan and the scenario to identify objectives)

How to use this risk assessment matrix:

  1. Objective – State the relevant objective the risk relates to (e.g. strategic, business, project, clinical – refer to Pesto’s business plan and the scenario to identify objectives)
  2. Context – List internal and external factors that influence this risk in relation to objectives
  3. Risk Source – Identify where the risk originates (e.g. regulatory requirements, political changes, organisational capabilities)
  4. Risk Description – Describe risk in as “Something might occur which {Cause(s)} the {Event} that leads to an {Impact/Consequence(s)}”.
  5. Control/ Contingency Measure(s) –Identify a process, policy, or practice which will reduce the likelihood of risk or which can be used as a corrective action in the event of risk occurring.
  6. Effectiveness of Measure –Assign a rating to contingency/ control measure identified from High, Medium, or Low, based on how effective it will be at avoiding/ addressing risk.
  7. Risk Rating 
    1. Likelihood – Based on effectiveness of control/ contingency measure, rate likelihood of risk from 1 – 4 as follows:

1 – highly unlikely; 2 – unlikely; 3 – likely; 4 – highly likely
The more effective control/ contingency measures are, the lower the likelihood of risk will be.

  1. Consequence – Rate the level of impact each risk may have on your business, using the following scale:

1 – low; 2 – medium; 3 – high

  1. Multiply likelihood and consequence ratings to identify risk rating as follows:

Likelihood (L) x Consequence (C) = Risk rating (