Risk Matrix

Severity

NEGLIGIBLE MARGINAL CATASTRO

CRITICAL

small/ minimal maximum

serious/
unimportant; importance; importance;
important;
not likely to has an effect could result
will affect the
have a major on the disaster/dea
operation of
effect on the operation of WILL affect
the event in a
operation of the event but will operation of
negative way /
event / no not affect the event in a
suffers serious
bodily injury to event negative wa
injuries or
requiring minor outcome / death,
medical
first aid injury requires dismemberm
treatment of
medical or serious in
minors
treatment minors

LOW
This risk has
rarely been
a problem
and never LOW (1) MEDIUM (4) MEDIUM (6) HIGH (1
occurred at
Probability

a college
event of this
nature

MEDIUM LOW (2) MEDIUM (5) HIGH (8) EXTREME

This risk will
MOST LIKELY
occur at this
event
 HIGH
This risk
WILL occur
at this
event,
possibly MEDIUM (3) HIGH (7) HIGH (9) EXTREME
multiple
times, and
has
occurred in
the past

Explanation of Risk Ranking

If the consequences to this

event/activity are LOW / MEDIUM,
your group should be OK to proceed
LOW MEDIUM
with this event/activity. It is advised
that if the activity is MEDIUM, risk
mitigation efforts should be made.

If the consequences to this

event/activity are HIGH, it is advised
HIGH
that you seek additional event
planning support.

If the consequences to this

event/activity are EXTREME, it is
EXTREME advised that you do not hold this
event without prior consultation
with Risk Management
1. Risk Categories
1. Technical Risks

2. Operational Risks

3. Security and Compliance Risks

4. Financial Risks

5. Stakeholder and User Adoption Risks

6. External Risks

2. Risk Identification

Risk Identification Table

Risk Lev
Risk Risk Likelihoo (from Ri
ID Risk Description Category d Impact Matrix)

Incompatibility between
01 different software components Technical Medium Marginal Medium (

Data breach due to insufficient Security and Catastrop

02 security measures Compliance Medium hic Extreme (

Platform downtime due to

03 infrastructure failure Operational Medium Critical High (8

Insufficient funding to complete

04 the project Financial Medium Critical High (8
 Stakeholder
User resistance to adopting a and User
05 new leasing platform Adoption Medium Marginal Medium (

Regulatory changes affecting Security and

06 the platform’s legality Compliance Low Critical Medium (

Delays in development due to

07 resource constraints Operational Medium Marginal Medium (

Security vulnerabilities from Technical +

08 third-party integrations Security High Critical High (9

Stakeholder
Poor user experience leading to and User
09 low adoption Adoption Medium Critical High (8

Loss of critical data during Catastrop

10 system updates or migration Technical Medium hic Extreme (

Negative publicity or
11 reputational damage External Medium Critical High (8

3. Risk Assessment
Risk Assessment Table
List All Associated Risk(s) Severity Probability Risk Score
Activities Risk(s) associated with the Level of impact on The chances of Risk score, foun
Your activity activity the project that risk by combining
name happening impact and
probability on th
risk matrix
1. Incompatibility 1. Marginal 1. Mediu 1. Medium
between software 2. Marginal m (5)
components 2. Mediu 2. Medium
Development
2. Delays in m (5)
of the
development due to
platform resource constraints

Implementin 1. Data breach due to 1. Catastrop 1. Mediu 1. Extrem

g data insufficient security hic m (11)
measures 2. Critical 2. High 2. High (9
 2. Secure vulnerability
from third-party
integrations
security
protocols

1. Platform downtime 1. Critical 1. Mediu 1. High (8)

Infrastructure due to infrastructure 2. Critical m 2. High (8)
management failure 2. Mediu
for platform 2. Difficulty in scaling m
the platform to meet
hosting
growing demand

User
1. Poor user experience
interface 1. Mediu 1. High (8)
leading to low 1. Critical
design and m
adoption
user testing

1. Insufficient funding
Budget 1. Mediu
to complete the 1. Critical 1. High (8)
management m
project

Data
1. Loss of critical data
migration 1. Catastrop 1. Mediu 1. Extreme
during system
and system hic m (11)
updates or migration
updates
Public and
Negative publicity or Mediu
customer Critical High (8)
reputational damage m
relations

User resistance to adopting Mediu Medium

Marginal
a new leasing platform m (5)

4.Risk Evaluation
This risk evaluation of the LeaseGuard Online Leasing Platform is
a result of identifying several critical and high-priority risks that
need to be dealt with immediately to ensure the project is a
success. Among those risks of utmost severity is data breach
which may happen with a very high probability of 11. The fact
that the platform has sensitive personal and financial information
makes it so that the data breach may eventually lead to things
such as legal liability, loss of user trust, and reputational damage.
Getting rid of them, however, the risk of losing important data
during the updates of the system or data migration is also
considered as extreme with a score identical to the previous one.
Alternatively, strategies to erode these risks must include the use
of tough data security measures, or in other words, data security
measures that will include encryption, two-factor authentication,
regular audits, and secure data backup systems should be
adopted. These actions will prevent unauthorized access and
consequently, user data will be safe during system changes.

Platform downtime and the readiness to scale up according to

demand are both primary risks for the project as well. Online
traffic congestion, apart from which the risk score of 8 downtimes
brought about by infrastructure failure may very well be the
reasons the operation will suffer, as a result, there will be the loss
of revenue, and the user may not be satisfied with the service. In
the same way, third-party integrations with security
vulnerabilities susceptible to high-risk scoring 9 are chiefly if
these integrations make additional weaknesses to the
infrastructure of the platform. Utilizing cloud-based services with
redundant systems and failover capabilities built-in is critical for
business continuity. It is also necessary to perform regular stress
tests to verify that the platform can handle increased traffic as it
grows. Also, comprehensive examinations and security
assessments of third-party services will be crucial in avoiding risks
caused by external integrations.

Medium-risk factors are also included in continuous monitoring

and mitigation which require monitoring and mitigating of these
factors throughout the lifetime of the project. To exemplify, the
incompatibility of software components and delays in
development due to resource constraints which are both
exhibiting moderate risks (5) are two sources of potential risks.
On the one hand, these risks may not halt the project directly,
rather, they may lead to inefficiency, delays, and extra costs if not
managed properly. By implementing agile development
techniques, there would be resource planning, and continuous
system integration testing to decrease the effect of these
problems. User resistance to the new platform gets another
medium-risk issue (scoring 5). To tackle this, the chief focus would
be on the aesthetics of the interface to improve ease of use, and
the institution should also be ready to provide technical support
as users navigate the transition to the new system. The last thing
but not least is the high-risk score of 8 which shows the risk of
negative publicity or damage to the reputation as being very
important. Even minor incidents, for example a failure to deal with
user concerns on time or negative feedback may quickly grow
into a reputational crisis. Therefore, the major action that should
be taken by the project team is the public relations strategy that
should always remain active, and user concerns should be
addressed quickly with transparency.