Risk Assessment Calculator
Risk Assessment Results
Risk Score (P × I)-
Risk Level-
Expected Loss (probability-weighted)-
Risk-to-Mitigation Ratio-
Recommended Action-
Risk Matrix (5×5)
| P\I | 1 Negligible | 2 Minor | 3 Moderate | 4 Major | 5 Catastrophic |
|---|---|---|---|---|---|
| 5 Almost Certain | 5 | 10 | 15 | 20 | 25 |
| 4 Likely | 4 | 8 | 12 | 16 | 20 |
| 3 Possible | 3 | 6 | 9 | 12 | 15 |
| 2 Unlikely | 2 | 4 | 6 | 8 | 10 |
| 1 Rare | 1 | 2 | 3 | 4 | 5 |
Green (1-4): Low risk, monitor. Yellow (5-9): Medium, mitigate. Orange (10-15): High, action required. Red (16-25): Critical, immediate action.
Risk Response Strategies
Avoid
Eliminate risk
Transfer
Insurance/outsource
Mitigate
Reduce P or I
Accept
Monitor & review
Escalate
Senior management
Exploit
Positive risks
How to Use This Calculator
1
Describe the risk
Enter a clear description of the risk you are assessing. Be specific about what could go wrong.
2
Rate probability and impact
Select the likelihood of the risk occurring (1-5) and the severity of its impact (1-5). The product gives the risk score.
3
Enter financial estimates
Input the estimated financial impact if the risk materialises and the cost of mitigation measures.
4
Review risk score and action
The calculator shows the risk score, risk level, expected loss, and recommended response strategy.
Frequently Asked Questions
What is a risk assessment matrix?
A risk assessment matrix is a tool that plots risks on a grid of probability (likelihood) versus impact (severity), typically using a 5x5 scale. The resulting score (P x I) ranges from 1 to 25 and helps prioritise which risks need immediate attention. Scores of 1-4 are low risk, 5-9 medium, 10-15 high, and 16-25 critical.
How often should risk assessments be reviewed?
Risk assessments should be reviewed at least annually, but more frequently when there are significant changes to the business, new projects, incidents, or regulatory changes. Under UK health and safety law, employers must review risk assessments whenever there is reason to believe they are no longer valid.
Is risk assessment a legal requirement in the UK?
Yes. Under the Management of Health and Safety at Work Regulations 1999, all employers must carry out risk assessments. If you employ 5 or more people, the significant findings must be recorded. Beyond H&S, financial services firms must conduct operational risk assessments under FCA regulations.
What is the difference between qualitative and quantitative risk analysis?
Qualitative risk analysis uses descriptive scales (low/medium/high) and the probability-impact matrix. Quantitative analysis uses numerical data, Monte Carlo simulations, and expected monetary value calculations. Most organisations start with qualitative analysis and apply quantitative methods to the highest-priority risks.
What is Expected Monetary Value (EMV)?
EMV = Probability x Financial Impact. If there is a 30% chance of a £100,000 loss, the EMV is £30,000. This helps compare risks on a financial basis and determine whether mitigation spending is justified. If mitigation costs less than the EMV, it is generally worth implementing.
What are the 5 steps of risk assessment?
The HSE's 5 steps are: 1) Identify the hazards, 2) Decide who might be harmed and how, 3) Evaluate the risks and decide on precautions, 4) Record your findings and implement them, 5) Review and update regularly. This framework applies to both workplace H&S and broader business risk management.
Official Sources & References
Data verified against official UK government sources. Last checked April 2026.