The Methodology

How the De-Risk Matrix Works

A step-by-step guide to understanding and applying the De-Risk Matrix in your organisation — from setting goal ranges to building a risk-aware culture.

Step 1

The Process

The practical application of the De-Risk Matrix encompasses four key process steps. Each step demands a thorough understanding of the interplay between goals, risks and actions. The cycle is not linear — it should be repeated whenever significant changes occur in your environment or organisation.

The De-Risk Matrix Process

Key insight: The process is cyclical, not sequential. Each iteration deepens your organisation's understanding of the relationship between goals, risk tolerance, and cultural capacity.

Step 2

Culture

Culture is one of the biggest barriers against goal achievement. The De-Risk Matrix explicitly addresses culture as a strategic variable — not a soft afterthought. For each risk state, the methodology recommends specific cultural practices that increase the probability of effective risk management and goal attainment.

Leadership is the primary driver of organisational culture. The De-Risk Matrix helps leaders understand which cultural behaviours are required at each stage of the risk journey, creating alignment between leadership style, team dynamics, and strategic ambition.

Culture specialist Kjersti Johanne Steinskog joined the De-Risk Matrix team in 2020, bringing deep expertise in leadership and cultural transformation to the methodology.

Culture

Culture as a Strategic Variable

Unlike frameworks that treat culture as a given, the De-Risk Matrix provides concrete guidance on which cultural practices to adopt based on your current risk state.

Leadership

Leadership Alignment

Leaders receive specific, actionable guidance on how their behaviours and decisions shape the cultural environment needed to manage risk effectively.

Step 3

Goals

In the De-Risk Matrix, goals are not single points but ranges. Every goal has two values:

  • Target Value — the upper limit; your aspirational outcome if everything goes well.
  • Threshold Value — the lower limit; the minimum acceptable result below which the goal is considered failed.

This range-based approach forces honest conversations about what success actually means, and creates a buffer zone that accounts for real-world uncertainty. It also makes risk assessment far more meaningful: the position of current performance within (or outside) this range directly informs the risk state.

The De-Risk Matrix integrates with existing goal frameworks — including OKR, Balanced Scorecard, and SMART goals — by adding the risk dimension that these frameworks typically lack.

TARGET VALUE (Upper Limit)

← Goal Range (Acceptable Zone) →

THRESHOLD VALUE (Lower Limit)

Why Range-Based Goals?

A single-point target either succeeds or fails. A range-based goal reveals degrees of success and risk — providing richer information for strategic decisions.

Step 4

Risk States

The risk state of a goal describes its current strategic health relative to both its goal range and the organisation's capacity to achieve it. Risk states are colour-coded by urgency, enabling rapid prioritisation.

Risk States Overview
Risk State 1

On Track

Goal is progressing well within the acceptable range. Maintain current practices and monitor for changes.

Risk State 2

Caution

Performance is declining or forecast indicates risk. Increased attention and pre-emptive action required.

Risk State 3

At Risk

Goal is approaching the threshold. Significant corrective action needed. Leadership escalation recommended.

Risk State 4

Critical

Goal has breached the threshold or is in serious jeopardy. Immediate crisis response and strategy revision required.

Risk State 5

Ambiguous

Insufficient data to determine the risk state. Prioritise gathering evidence and forecasting before acting.

Risk State 6

Exceeding

Goal is significantly ahead of target. Consider whether resources can be reallocated to support other goals.

Step 5

Risk Strategy

A risk strategy in the De-Risk Matrix context is not a generic mitigation plan — it is a tailored response to the specific risk state of each goal. Different risk states call for fundamentally different strategic responses.

The methodology moves away from the traditional view of risk as solely "probability × negative consequence." Instead, aligned with ISO 31000, risk is understood as the effect of uncertainty on objectives — encompassing both upside and downside potential.

This dual perspective allows organisations to develop strategies that do not just prevent failure, but also leverage favourable uncertainty to exceed targets.

Risk Strategy

Strategy by Risk State

Each risk state maps to a recommended strategic posture:

  • Green: Sustain and optimise
  • Yellow: Investigate and pre-empt
  • Orange: Intervene and escalate
  • Red: Crisis response and reset
  • Blue: Leverage and reallocate
Step 6

Actions

Actions are the concrete initiatives and decisions that flow from your risk strategy. In the De-Risk Matrix, actions are always anchored to a specific goal and its current risk state — ensuring that effort is directed where it has the greatest strategic impact.

Actions

Prioritised by Urgency

Actions are prioritised according to the colour-coded urgency of risk states, ensuring that the most critical goals receive attention first.

Goal

Goal-Linked

Every action is explicitly linked to a goal and its risk state. This creates accountability and allows impact to be measured directly.

Iterate

Iterative

Actions are reviewed and updated as risk states change. What works in a green state may be insufficient in an orange or red state.

Step 7

Organize

The final dimension of the De-Risk Matrix is organisation — how people, responsibilities, and resources are structured to support effective risk management and goal achievement.

Organising for risk means ensuring that the right competencies are available, that decision-making authority is clearly defined, and that communication flows freely across the organisation. The De-Risk Matrix provides guidance on how to align organisational structure with strategic risk posture.

Together, the seven elements — Process, Culture, Goals, Risk States, Risk Strategy, Actions and Organize — form a complete, integrated system for strategic goal and risk management.

Get Help Implementing
Organize

Organisational Alignment

Key organisational elements to address:

  • Clear ownership of each goal and its risk state
  • Regular risk state review cadences
  • Cross-functional communication structures
  • Escalation paths for red and orange states
  • Incentive alignment with goal ranges, not just targets