Scales For Risk Assessment

Last updated: 2025-08-25
Was this article helpful?
13 of total 13 found this helpful.

What Are Risk Assessment Scales?

Risk assessment scales help small and medium-sized businesses identify, measure, and prioritize potential problems. They do this by evaluating how likely a risk is to happen (chance) and how much damage it could cause (impact). By using these scales, you can determine how serious each risk is and how likely it is to occur. These levels are often combined into a 'risk matrix,' a simple chart that makes it easy to see which risks need the most attention.

  • Impact Level: How serious the consequences would be
  • Probability Level: How likely the risk is to happen
  • Overall Risk Score: Usually calculated by multiplying the Impact Level by the Probability Level

Commonly Used Scales for Risk Assessment

Common risk assessment scales typically use 3, 4, or 5 levels to measure the severity and likelihood of risks. These scales help you systematically evaluate and prioritize risks based on their potential impact and probability:

  • 3-point scale: Low, Medium, High
  • 4-point scale: Negligible, Minor, Major, Critical/Catastrophic
  • 5-point scale: Insignificant, Minor, Moderate, Major, Critical/Catastrophic

These scales assist in consistently assessing and ranking risks according to their impact and likelihood. The choice of scale depends on your specific approach. Based on our experience, the 4-point scale—set as the default in many risk registers—is the most effective for small and medium-sized businesses.

Example of a 3-Level Risk Assessment Scale

Probability:

  1. Low: Unlikely to happen under normal operations.
  2. Medium: Possible — could occur occasionally.
  3. High: Very likely to occur if not addressed.

Impact:

  1. Small: Minor disruption or limited cost/effort to fix.
  2. Medium: Noticeable effect on operations, revenue, or reputation; requires management.
  3. High: Major disruption with substantial financial, legal, or reputational consequences.

Risk Levels:

  1. Low: Acceptable risk — continue normal operations and review periodically.
  2. Moderate: Manage — monitor closely and implement mitigation actions as needed.
  3. High: Unacceptable — take immediate corrective action and escalate to leadership.
3-point risk assessment scale

Example of 4-Point Risk Rating Scale

Probability:

  1. Low: Extremely unlikely, very low chance that the risk will occur.
  2. Medium: Normally possible.
  3. High: Highly likely, the risk is likely to occur.
  4. Almost Certain: Bordering on certainty, the risk will almost certainly occur.

Impact:

  1. Negligible: Minimal or no impact.
  2. Minor: Small impact that can be easily handled.
  3. Significant: Significant impact that requires management.
  4. Critical: Severe impact that can be catastrophic.

Risk Level:

The level of risk is calculated by combining probability and impact. Here is a common range:

  • 1-4: Negligible, Low Risk - Acceptable, no action required.
  • 5-8: Moderate Risk - Monitor and manage.
  • 9-12: High Risk - Requires immediate attention.
  • 13-16: Extreme, Catastrophic Risk - Immediate and significant action required.
4-point risk assessment scale

Example of a 5-Point Risk Assessment Scale

Probability:

  1. Almost Impossible / Rare: Very unlikely to occur.
  2. Unlikely: Could happen but not expected.
  3. Possible / Occasional: Might happen from time to time.
  4. Likely: Expected to happen in many situations.
  5. Almost Certain / Frequent: Very likely to occur.

Impact:

  1. Insignificant: No real disruption; little or no cost or downtime.
  2. Minor: Small disruption; manageable with routine resources.
  3. Moderate: Noticeable effect on operations or costs; requires supervisor involvement.
  4. Major: Significant disruption or financial loss; needs formal management and mitigation.
  5. Severe / Critical: Major business impact or legal exposure; could threaten business continuity.

Risk Levels:

  1. 1–4: Low (Acceptable) – No immediate action; monitor routinely.
  2. 5–9: Moderate – Manage and monitor; implement controls as needed.
  3. 10–16: High – Take corrective actions soon; assign ownership and track progress.
  4. 17–20: Very High – Act immediately; escalate to senior management.
  5. 21–25: Extreme – Stop or change the activity; immediate remediation and executive decision required.
how to evaluate risk with risk scales

How to Assess Risk: Set Risk Impact and Likelihood Levels 

  1. Open the Risk Register
  2. Choose a specific risk (risk record)
  3. Set the Impact level and Likelihood (Probability) level
  4. The overall Risk Rating will be calculated automatically based on your formula

TIP: The default setup (4 levels) can be easily adjusted. See how to customize risk levels or their names to fit your methodology