A likelihood and impact matrix is a risk assessment tool that plots the probability of a risk event occurring against the severity of its potential consequences. Risks are typically scored on scales (e.g., 1–5 for both axes), producing a heat map that visually categorises risks as low, medium, high, or critical, enabling consistent and repeatable risk evaluation across the organisation.
This matrix is widely used in frameworks such as ISO 27005 and ISO 31000 to prioritise risk treatment efforts and allocate resources effectively. It supports informed decision-making during risk workshops and management reviews by providing a clear, visual summary of the organisation's risk landscape and highlighting which risks demand immediate attention.