Aligned with ISO 31000

Most strategic failures aren't sudden.

They're visible weeks in advance — to anyone who knows where to look. De-Risk Matrix gives your leadership team exactly that visibility, built into how you manage goals every day.

Goals. Risk States. Culture. A repeating cycle that turns uncertainty into structured, actionable intelligence.

What most organizations do — and why it fails

The problem isn't that leaders don't care about risk. It's that the tools they use were never designed to catch it early.

Typical approach
  • Single-number targets
    No floor means no early warning — drift is invisible until it's a miss.
  • Quarterly reviews
    By the time risk appears in a report, the window to act has already closed.
  • Separate risk registers
    Risk lives in a spreadsheet, disconnected from the goals it threatens.
  • Gut-feel escalation
    Problems surface when someone is brave enough to raise them — not systematically.
  • Culture as afterthought
    Leadership behavior is never linked to risk state. Silence is the default.
De-Risk Matrix
  • Goal spans with explicit floors
    Threshold makes the risk appetite visible — drift is detected the moment it starts.
  • Continuous risk state per goal
    Every goal always has a state. Leadership always knows what needs attention.
  • Risk embedded in goal management
    No separate register. Risk is part of how every goal is tracked, every period.
  • Structured escalation by state
    Dire triggers an escalation protocol automatically — not when someone is willing to speak up.
  • Prescribed cultural responses
    Each risk state specifies the leadership behaviors required. Culture becomes manageable.

Core philosophy

Most risk frameworks ask: what could go wrong? De-Risk Matrix asks: what effect is uncertainty having on your specific objectives, right now?

By anchoring risk to goals — not abstract threat lists — organizations gain immediate, context-specific visibility. Every goal always has a risk state. Every state has a recommended leadership response.

This is ISO 31000 applied practically: risk as “the effect of uncertainty on objectives,” captured at the level where it actually matters.

The core insight
“A target number alone tells you nothing about risk. The threshold — the minimum acceptable level — is what defines exposure. The span between them is your risk appetite, made explicit.”

Six principles most risk frameworks ignore

These are not optional enhancements. Each one is a prerequisite for the system to work.

01

Goals must be spans, not points

Every goal needs both a target (ambition) and a threshold (minimum acceptable). A single number is not a goal — it's a wish. Without the threshold, you cannot define exposure, and you cannot detect drift until it's too late.

02

Risk is forward-looking, not historical

"Risk is the effect of uncertainty on objectives." (ISO 31000) This definition captures upside and downside — not just what went wrong, but what uncertainty is doing to your goals right now. Reporting actuals is not risk management.

03

Evidence quality changes the diagnosis

The same goal position means different things with strong vs weak evidence. Exceeding target with no data is not success — it's an unverified assumption. Evidence strength is what separates a real forecast from optimism.

04

Culture is a strategic variable

Leadership behavior determines whether risk is surfaced or suppressed. Every risk state prescribes specific leadership actions — because the cultural response is as important as the analytical one. Ignore this and the system breaks.

05

Urgency gradients must be explicit

Not all risk states demand the same response speed. Dire demands immediate escalation. Harmonious demands maintenance. Without explicit urgency gradients, everything becomes equally urgent — which means nothing is.

06

Forecasts rest on assumptions — make them visible

Behind every forecast is a set of beliefs about what must be true for a goal to succeed: market conditions, team capacity, competitor behavior. When those beliefs are invisible, managers react to symptoms rather than causes. Naming and monitoring the assumptions behind each forecast is what separates predictive risk management from reactive reporting.

The 6 risk states

A 2×3 matrix. Y-axis: goal position (beyond target / on track / below threshold). X-axis: evidence strength (strong / weak). Every goal is always in exactly one state.

Right now, every goal in your organization is in exactly one of these states. The question is whether your leadership team knows which — and whether they know what to do about it.

DefensiveRaise
Beyond targetStrong evidence

Performing above ambition with solid evidence. Raise the target — staying here breeds complacency.

PotentExplore
Beyond targetWeak evidence

Exceeding target but without strong data. Explore whether this is real performance or a measurement gap.

HarmoniousEnsure
On trackStrong evidence

On track with strong evidence. Ensure the conditions that got you here continue to hold.

OptimisticProve
On trackWeak evidence

On track but without enough data. Prove this trajectory is real before treating it as certain.

DireLower
Below thresholdStrong evidence

Confirmed underperformance. Lower uncertainty — escalate immediately and take structured action.

PessimisticIntervene
Below thresholdWeak evidence

Below threshold with insufficient data. Intervene now — you cannot afford to wait for better evidence.

The repeating process

Four steps. Repeated each period. Each cycle builds better calibration — and each cycle makes the next one faster and more accurate.

1

Set goal spans

Define target + threshold for every strategic goal. This makes risk appetite explicit and drift detectable.

2

Forecast outcomes

Update forecasts based on current data and evidence quality. Know where you're heading, not just where you've been.

3

Read risk states

Every goal surfaces its state automatically. Leadership sees what's Dire, Harmonious, or Defensive — instantly.

4

Act on culture

Apply the leadership behaviors prescribed for each state. Culture stops being passive — it becomes a structured response.

The missing layer: assumptions

Every forecast is a set of assumptions projected forward. A revenue target of $100M is only realistic if certain conditions hold — market growth, product delivery, team capacity. When those assumptions are invisible, risk management is reactive by design. The question is never just why are we off track — it is which assumption failed first.

The chain most organizations miss
ForecastAssumptionsUncertaintyDecision

Without visible assumptions, the chain breaks before the forecast is even made.

Each assumption has a tracked status

Assumptions are not binary. They degrade over time — a belief that was valid in January may be uncertain by March and failed by May. De-Risk Matrix tracks each one continuously.

Valid

The assumption still holds. The forecast basis is intact. No action required — continue monitoring.

Uncertain

The assumption is under pressure. The forecast may be optimistic. Investigate before the next review cycle.

Failed

The assumption no longer holds. The forecast basis has changed. Reassess the goal's risk state immediately.

If this assumption fails — what happens to the goal?

When you add an assumption to a goal, you also define its impact: if this assumption fails, does it push the goal toward a worse risk state, a better one, or is the direction unclear? And how severely — on a scale of 1 to 5?

↓ Negative

Failure undermines the forecast. The goal is likely to move toward a worse risk state — Optimistic becomes Pessimistic, Harmonious becomes Dire.

= Neutral

Failure affects the context but not the direction of the goal's trajectory. Monitor, but no immediate re-forecast required.

↑ Positive

Failure is actually a positive signal. A conservative assumption proved unnecessary — the goal may outperform its original forecast.

Magnitude 1–5 quantifies severity. A failed assumption with Negative direction and magnitude 5 is an immediate escalation trigger — even before the data moves.

Assumption Register

Each goal carries the explicit beliefs that justify its target and forecast. When conditions change, you know which goals are affected — before the numbers move.

Assumption Monitoring

Assumptions are not set-and-forget. Status is tracked continuously — Valid, Uncertain, or Failed. A failed assumption is a leading indicator, not a lagging one.

Early Warning Logic

Most indicators warn too late because they measure outcomes. Monitoring assumptions means you see risk before it appears in the forecast — not after.

Ready to see it?

Find out what state your goals are in — right now.

The platform implements the full methodology — goal spans, risk states, cultural practices, actions, forecasting, and assumption monitoring — in a single workspace. Start in minutes.

No credit card required · All features included · Cancel anytime