Free Tool

Risk Assessment Matrix

Plot risks on a 5x5 heatmap by probability and impact. Identify critical threats, prioritize mitigation, and export a professional PDF report.

Example: ERP Migration Risks

A mid-size company is migrating from a legacy ERP system to a modern cloud-based solution. The project team identified six key risks during the kickoff workshop. Here is how they mapped them:

Critical

– Budget escalation (P:3, I:5 = 15)
– Timeline overrun (P:4, I:4 = 16)

High

– Vendor lock-in (P:3, I:4 = 12)
– Employee resistance (P:4, I:3 = 12)

Medium

– Data loss during migration (P:2, I:5 = 10)
– Integration failures (P:3, I:3 = 9)

Need to decide with your team?

DecTrack helps teams make structured, transparent decisions together, from defining options to reaching consensus.

Try DecTrack for free

Learn about decision methods Methods

Frequently Asked Questions

What is a risk assessment matrix?: A risk assessment matrix is a visual tool that plots risks on a grid based on their probability of occurring and their potential impact. Each cell is color-coded from green (low risk) to red (critical risk), making it easy to identify which risks need immediate attention.
How do I rate probability and impact?: Rate each on a scale of 1 to 5. Probability: 1 = very unlikely, 5 = almost certain. Impact: 1 = negligible, 5 = catastrophic. The risk score is the product of both (1 to 25), which determines the color zone on the matrix.
What is a 5x5 risk matrix?: A 5x5 risk matrix uses five levels for both probability and impact, creating 25 cells. This is the most widely used format in professional project management because it provides enough detail for meaningful prioritization without being overly complex.
When should I use a risk assessment matrix?: Use it at the start of any project, before major decisions, during change management, or as part of regular risk reviews. It is especially valuable for ERP migrations, product launches, organizational changes, and compliance audits.
Is my data stored on a server?: No. All data stays in your browser (localStorage) and is never sent to any server. Your risk assessment is private by default. You can share it via a URL that encodes the data in the link itself.

Related from the blog

More Free Tools

Impact/Effort Matrix

Rate tasks by impact and effort to spot quick wins, big bets, fill-ins, and time wasters. See them plotted on a visual matrix.

SWOT Analysis

Identify Strengths, Weaknesses, Opportunities, and Threats in an interactive 2x2 grid to evaluate your strategic position.

Eisenhower Matrix

Sort tasks by urgency and importance. Drag and drop to instantly see what to do first, schedule, delegate, or eliminate.

All free tools