Introduction

In the dynamic and high-stakes world of event planning, uncertainty is the only constant. From sudden weather changes to technical failures and security threats, a multitude of factors can derail even the most meticulously planned event. This is where a structured approach to identifying and mitigating potential issues becomes indispensable. Effective risk matrix event risk management is not merely a procedural checkbox; it is the strategic foundation upon which successful, safe, and memorable events are built. It transforms the planner from a reactive firefighter into a proactive architect of resilience. The core of this approach is the risk matrix, a simple yet powerful tool that allows professionals to quantify and prioritize risks based on their likelihood and potential impact.

This guide will demystify the process of creating and implementing a risk matrix tailored for the event industry. We will explore the complete lifecycle of risk management, from initial brainstorming and categorization to the development of robust mitigation and contingency plans. Our methodology emphasizes a data-informed approach, measuring success through tangible KPIs such as incident reduction rates, adherence to budget, and enhanced attendee satisfaction. By the end of this article, you will be equipped with the knowledge and tools to embed a culture of proactive risk management into every stage of your event planning, ensuring you are prepared for any eventuality and can deliver exceptional experiences consistently.

Vision, values ​​and proposal

Focus on results and measurement

Our vision is to elevate the standard of event safety and success across the industry by championing a proactive, data-driven culture of risk management. We operate on the Pareto principle (the 80/20 rule), focusing our efforts on the 20% of risks that are likely to cause 80% of the potential negative impact. This prioritization ensures that resources are allocated efficiently, addressing the most severe threats first. Our core values ​​are preparedness, accountability, and continuous improvement. We adhere to international standards such as ISO 31000 (Risk Management) and ISO 20121 (Sustainable Event Management), ensuring our methodologies are not only effective but also globally recognized and responsible. Our unique value proposition lies in translating complex risk theories into simple, actionable, and measurable processes that deliver quantifiable improvements in event outcomes.

• Proactive Identification: We believe in identifying risks before they manifest. Our process involves comprehensive stakeholder workshops, historical data analysis, and environmental scanning.
• Data-Driven Prioritization: All identified risks are evaluated against a standardized likelihood and impact scale. This objective scoring system, forming the core of the risk matrix, removes guesswork and allows for clear, defensible decision-making.
• Actionable Mitigation: For every significant risk, we develop clear mitigation strategies with assigned owners, deadlines, and success metrics. This ensures accountability and follow-through.
• Continuous Monitoring & Review: Risk management is not a one-time task. We establish protocols for ongoing monitoring throughout the event lifecycle and conduct post-event reviews to feed lessons learned back into the process for future events.

Services, profiles and performance

Portfolio and professional profiles

We offer a tiered portfolio of services designed to integrate robust risk matrix event risk management into any event operation, regardless of scale. Our team comprises certified professionals, including Project Management Professionals (PMP) with risk management specializations, Certified Special Events Professionals (CSEP), and qualified health and safety officers (e.g., NEBOSH certified). Each service level is designed to provide tangible value and measurable improvements in event resilience.

Operational process

1. Phase 1: Discovery & Scoping (1-2 weeks): We begin with an in-depth consultation to understand the event’s objectives, scale, audience, and unique context. KPI: A comprehensive scope document signed off, with all key stakeholders identified.
2. Phase 2: Risk Identification & Assessment (2-3 weeks): Our team facilitates workshops and conducts research to build a comprehensive risk register. Each risk is then scored for likelihood and impact. KPI: A completed risk register with over 95% of potential operational, financial, reputational, and safety risks identified and scored.
3. Phase 3: Mitigation & Contingency Planning (2 weeks): We work with the client’s team to develop practical, cost-effective mitigation strategies for high-priority risks and create clear contingency plans for “black swan” events. KPI: Mitigation plans developed for all risks in the “High-High” quadrant of the risk matrix, with a projected risk exposure reduction of at least 40%.
4. Phase 4: Implementation & Monitoring (Duration of event planning): We oversee the implementation of mitigation strategies and establish a monitoring framework with clear reporting dashboards. KPI: 100% of mitigation actions tracked, with bi-weekly progress reports showing a less than 10% deviation from the plan.
5. Phase 5: On-Site Management & Post-Event Review (Event duration + 1 week): Our team provides on-site support to manage the risk plan in real-time and conducts a thorough post-event analysis. KPI: Post-event report delivered within 5 business days, identifying key lessons learned and achieving an attendee safety satisfaction score of over 90%.

Tables and examples

Representation, campaigns and/or production

Professional development and management

The production phase is where the theoretical risk plan meets reality. Effective management during this stage is critical to ensuring that mitigation strategies are implemented correctly and that the team is prepared to respond to any incidents. This involves meticulous coordination of suppliers, rigorous adherence to schedules, and obtaining all necessary permits and licenses well in advance. Our approach to production management is built around the risk register, with each key production task linked to specific identified risks. For example, the supplier vetting process is not just about cost; it includes checks for insurance coverage, safety records, and financial stability, directly mitigating supply chain and liability risks.

• Supplier & Vendor Management Checklist:
  • Are certificates of insurance (liability, workers’ compensation) collected and verified for all vendors?
  • Have background checks been performed on key security and technical staff?
  • Do supplier contracts contain clear force majeure and cancellation clauses?
  • Is there a backup supplier identified for critical services (e.g., power, AV, connectivity)?
• Permitting and Compliance Checklist:
  • Have all required permits (e.g., public assembly, food service, alcohol, fire safety) been applied for and received?
  • Does the venue layout comply with all accessibility (e.g., ADA) and fire code regulations?
  • Is there a plan to manage noise and environmental impact in compliance with local ordinances?
• Contingency Planning Checklist:
  • Is there a documented plan for severe weather, including evacuation procedures and communication protocols?
  • What is the procedure for a medical emergency? Are medical staff locations clearly marked?
  • Is there a crisis communication plan ready to be activated, with pre-approved statements for common scenarios (e.g., technical failure, security incident)?
  • Has a full “tabletop exercise” been conducted with key staff to walk through potential crisis scenarios?

Content and/or media that converts

Messages, formats and conversions

Content and media, while crucial for promotion and engagement, also carry their own set of risks. Reputational damage from inappropriate content, technical failures during a live stream, or intellectual property disputes can have significant negative consequences. A key part of risk matrix event risk management is applying the same rigorous assessment to the content strategy. This involves vetting speakers and performers, securing necessary rights for all media used, and having robust technical plans for digital delivery. The “hook” in our content is often safety and reliability, which becomes a key selling point. Calls to Action (CTAs) in pre-event communication can encourage attendees to download a safety app or review emergency procedures, turning a risk mitigation tool into an engagement opportunity. We use A/B testing on safety-related messaging to see what resonates best, ensuring clarity and compliance.

1. Content Vetting & Clearance (Pre-Production): The Content Manager, in collaboration with the Legal Advisor, reviews all planned presentations, performances, and marketing materials for potential issues (e.g., offensive material, copyright infringement). All speakers sign an agreement outlining content guidelines.
2. Technical Planning & Redundancy (Pre-Production): The Technical Director creates a plan that includes primary and backup systems for all critical media delivery (e.g., streaming servers, presentation laptops, audio mixers). This plan is tested during a mandatory technical rehearsal.
3. Live Monitoring & Moderation (Production): During the event, a dedicated team monitors all live-streamed content and social media channels. They are empowered to act immediately on any issues, following a pre-defined escalation protocol.
4. Post-Event Archiving & Takedown (Post-Production): The Content Manager ensures all content is archived securely and that any time-limited licensed material is removed from public view as per agreements, mitigating future IP risks.

Training and employability

Demand-oriented catalogue

To foster a culture of safety and preparedness, we offer specialized training programs designed for event professionals at all levels. These courses are practical, hands-on, and focused on building the skills needed to implement effective event risk management in the real world. Graduates of our programs are highly sought after, as they possess the demonstrable ability to protect an event’s financial, reputational, and human assets.

• Module 1: Foundations of Event Risk Management (1 Day): You introduce the core concepts of risk, the ISO 31000 framework, and the importance of a proactive mindset. Participants learn to identify and categorize common event risks.
• Module 2: Mastering the Risk Matrix (1 Day): A deep dive into creating and using a risk matrix. This module covers scoring systems, setting risk appetite, and using the matrix to prioritize resources and communicate with stakeholders.
• Module 3: Advanced Mitigation and Contingency Planning (2 Days): Participants work in groups on real-world case studies to develop detailed mitigation strategies and comprehensive contingency plans for a variety of high-impact scenarios.
• Module 4: Crisis Communications for Events (1 Day): Focuses on preparing for and managing the reputational impact of an incident. Includes drafting statements, managing social media, and conducting a press conference.
• Module 5: On-Site Risk Management and Incident Command (2 Days): A simulation-based course that teaches participants how to lead a response team during a live event, covering decision-making under pressure, communication, and post-incident reporting.

Methodology

Our training methodology is based on experiential learning. We use a combination of expert-led instruction, interactive workshops, and high-fidelity simulations. Assessment is conducted through practical application, where participants must develop a complete risk management plan for a hypothetical event. This plan is evaluated using a detailed rubric that measures the thoroughness of risk identification, the practicality of mitigation strategies, and the clarity of the contingency plan. Successful participants receive a certification and access to our professional network, which includes a job board with postings from event organizations specifically seeking professionals with these certified skills. We expect graduates to be able to reduce event-related insurance claims by up to 20% and improve staff response times to incidents by 30%.

Operational processes and quality standards

From request to execution

1. Initial Request & Consultation: The process begins with a client inquiry. We conduct a free 1-hour consultation to understand your needs and the event’s basic parameters. Deliverable: A high-level needs analysis document.
2. Diagnostic & Proposal: We perform a preliminary risk assessment based on the initial information. This reports a detailed proposal outlining the scope of work, timeline, team, and pricing. Deliverable: A formal proposal with a preliminary risk overview. Acceptance criteria: Client sign-off.
3. Pre-Production & Planning: Upon engagement, we initiate the full risk management cycle. This includes stakeholder workshops, risk register development, creation of the risk matrix, and mitigation planning. Deliverable: A comprehensive Event Risk Management Plan. Acceptance criteria: Approval by the client’s steering committee.
4. Execution & Monitoring: During the event’s production phase, we oversee the implementation of the plan. This involves regular check-ins, audits, and updating the risk register as the situation evolves. Deliverable: Bi-weekly progress reports and a live risk dashboard. Acceptance criteria: Mitigation tasks completed on schedule.
5. Closure & Review: After the event, we conducted a thorough post-mortem analysis. We compare the identified risks to any incidents that occurred and evaluate the effectiveness of the response. Deliverable: A Post-Event Risk Report with actionable recommendations. Acceptance criteria: Final report accepted by the client.

Quality control

• Roles and Responsibilities: A RACI (Responsible, Accountable, Consult, Informed) chart is created for every risk plan, ensuring clear ownership.
• Escalation Pathway: A clear protocol is established for escalating unresolved issues or new high-impact risks, from the on-site team lead up to the event director and client.
• Service Level Agreements (SLAs): Key performance indicators are contractually agreed upon. For example, a maximum response time of 5 minutes for a critical on-site incident, or a 24-hour turnaround for non-urgent plan updates.
• Peer Review: All major deliverables, especially the final Risk Management Plan, undergo an internal peer review by a senior risk manager not assigned to the project to ensure completeness and quality.

Cases and application scenarios

Case 1: “Soundwave” International Music Festival

Scenario: A three-day outdoor music festival with an expected attendance of 50,000 per day. Key risks included severe weather (thunderstorms), crowd control issues (crushing, altercations), medical emergencies (dehydration, substance abuse), and infrastructure failure (stage collapse, power outage).
Application of Risk Matrix: We identified “severe weather” as a high-likelihood, high-impact risk. “Stage collapse” was low-likelihood but catastrophic-impact. “Minor alterations” were high-likelihood but low-impact. This prioritization allowed the client to focus their significant investment on a robust weather monitoring system and evacuation plan, while managing alterations with standard security protocols.
Mitigation & Outcome: A meteorologist was contracted to be on-site. Pre-defined weather triggers were established (e.g., wind speed > 40 mph, lightning within 10 miles) that would automatically initiate show-stop and evacuation procedures. Clear evacuation routes were marked and communicated to attendees via an app. On day two, a severe thunderstorm warning was issued. The plan was activated, the site was safely evacuated to designated shelters, and the event resumed two hours later with no injuries. The pro-active communication resulted in positive media coverage, and the event’s insurance premium for the following year was reduced by 15% due to the demonstrated effectiveness of the plan. The total cost of the mitigation was less than 2% of the event budget, preventing a potential multi-million dollar loss and catastrophic reputational damage.

Case 2: “InnovateX” Global Tech Conference

Scenario: A five-day hybrid conference with 5,000 in-person attendees and 20,000 virtual participants. Key risks were cybersecurity threats (data breach, platform hijacking), technical failures (streaming outage, registration system crash), key speaker cancellation, and reputational damage from controversial content.
Application of Risk Matrix: “Streaming platform failure” was identified as a medium-likelihood, high-impact risk, affecting the majority of the audience. “Keynote speaker cancellation” was low-likelihood but high-impact on reputation. A “data breach” was low-likelihood but catastrophic-impact.
Mitigation & Outcome: A secondary, fully redundant streaming provider was placed on hot-standby. All speakers were required to pre-record their sessions as a backup, even if planned to present live. The lead keynote speaker fell ill 24 hours before their slot. Instead of a last-minute scramble, their pre-recorded session was seamlessly broadcast, followed by a live 15-minute Q&A from their home. Virtual attendee satisfaction remained at 92%. A minor DDoS attack was attempted on day three; it was immediately mitigated by the cybersecurity provider with no interruption to service. The investment in redundancy and backups (costing approximately $50,000) preserved an estimated $1.2 million in virtual ticket revenue and sponsor value.

Case 3: “City Marathon” Public Sporting Event

Scenario: A 42.2 km marathon through a major city, involving 30,000 runners and an estimated 100,000 spectators along the route. Risks were extensive: participant medical issues (cardiac arrest, heatstroke), public safety threats (terrorism, crowd disorder), logistical failures (course marking errors, water station shortages), and vehicle traffic disruption.
Application of Risk Matrix: “Participant heatstroke” was rated high-likelihood and medium-impact for a summer race. “Terrorism” was very low-likelihood but catastrophic-impact. “Water station failure” was medium-likelihood and high-impact. The matrix guided the allocation of resources, prioritizing medical support and security presence over other, less critical aspects.
Mitigation & Outcome: The number of medical tents was increased by 30% compared to previous years, with roving paramedic teams on bikes. A unified command center was established with police, fire, and medical services. All volunteers received “See Something, Say Something” training. Water stations were overstocked by 25% and supplemented by misting stations. During the race, temperatures rose unexpectedly by 5 °C. The enhanced medical plan managed a 40% increase in heat-related incidents with no hospitalizations. The robust logistics ensured no water shortages occurred, a major complaint from the previous year. The NPS score from runners increased from +20 to +55, directly attributed to the perceived level of care and safety.

Case 4: High-Profile Charity Gala

Scenario: An exclusive fundraising gala for 500 high-net-worth individuals, aiming to raise over $2 million. The primary risks were financial (failure to meet fundraising goals), reputational (negative association with a sponsor or guest), security (protecting high-profile attendees), and operational (catering failure, auction technology glitch).
Application of Risk Matrix: “Auction technology failure” was identified as a medium-likelihood, high-impact risk, as it could directly affect the primary revenue stream. “Negative press from a controversial guest” was a low-likelihood, high-impact reputational risk. “Failure to meet fundraising goal” was the ultimate high-impact risk to be mitigated.
Mitigation & Outcome: A full dry-run of the digital auction platform was conducted with a wired backup system in place. All attendees and major donors underwent discreet background screening to flag potential reputational conflicts. A “fund-a-need” moment was carefully scripted with a pre-committed lead donor to build momentum. The auction platform experienced a brief wireless connectivity issue, and the team switched to the hard-wired backup in under 60 seconds with no loss of bids. The vetting process identified a donor whose business was under investigation, allowing the development team to tactfully decline the donation and avoid a media scandal. The event exceeded its fundraising goal by 18%, raising $2.36 million, largely due to the seamless execution of the auction and the confidence instilled in donors.

Step-by-step guides and templates

Guide 1: How to Create Your First Event Risk Matrix

1. Step 1: Assemble Your Team. Gather a diverse group of stakeholders, including operations, marketing, security, catering, and client representatives. A wider range of perspectives will identify more potential risks.
2. Step 2: Brainstorm and Identify Risks. Using a whiteboard or collaborative software, list every possible thing that could go wrong. Don’t filter at this stage. Think in categories: Financial (e.g., low ticket sales), Operational (e.g., power failure), Reputational (e.g., bad press), Safety (e.g., fire), and Legal (e.g., permit issues).
3. Step 3: Define Your Scales. Create simple, clear scales for ‘Likelihood’ and ‘Impact’.
   • Likelihood Scale (1-5): 1=Rare, 2=Unlikely, 3=Possible, 4=Likely, 5=Almost Certain.
   • Impact Scale (1-5): 1=Insignificant (minor inconvenience), 2=Minor (some attendee complaints), 3=Moderate (financial loss, minor injuries), 4=Major (event cancellation, serious injuries), 5=Catastrophic (multiple fatalities, business closure).
4. Step 4: Create the Matrix Grid. Draw a 5×5 grid. Label the Y-axis ‘Likelihood’ (1 to 5, bottom to top) and the X-axis ‘Impact’ (1 to 5, left to right).
5. Step 5: Assess and Plot Each Risk. Discuss each risk identified from Step 2. As a group, agree on a score for its likelihood and impact. For example, a “Keynote Speaker’s flight is delayed” might be Likelihood=3 (Possible) and Impact=3 (Moderate). Plot this on your grid.
6. Step 6: Calculate the Risk Score. For each risk, multiply its Likelihood score by its Impact score. The delayed speaker risk has a score of 3 x 3 = 9.
7. Step 7: Define Risk Zones. Color-code your matrix to define action levels.
   • Green (Score 1-5): Low risk. Accept and monitor.
   • Yellow (Score 6-12): Medium risk. Requires mitigation plan.
   • Red (Score 13-25): High risk. Requires immediate, robust mitigation and contingency planning.
8. Step 8: Develop Mitigation Strategies. For every risk in the Yellow and Red zones, brainstorm actions to either reduce its likelihood or its impact. For the delayed speaker: (a) book an earlier flight (reduces likelihood), (b) have a backup speaker on standby (reduces impact).
9. Step 9: Assign Ownership and Deadlines. For each mitigation strategy, assign a specific person to be responsible for its implementation and set a clear deadline.
10. Step 10: Review and Update. A risk matrix is ​​a living document. Schedule regular reviews (e.g., weekly) to update the matrix as plans change or new information becomes available.

Guide 2: A Checklist for On-Site Event Risk Audits

1. Perimeter and Access Control: Are all entry/exit points staffed and monitored? Is there a process for credentialing staff, vendors, and media? Are bag checks being conducted according to policy?
2. Fire Safety: Are fire extinguishers visible, charged, and inspected? Are exit signs illuminated? Are evacuation routes clear of any obstructions? Do staff know the evacuation plan and assembly points?
3. Medical Plan: Is the first aid station clearly marked and properly staffed? Do all staff know how to report a medical incident? Are roving medical teams deployed in large crowds?
4. Staffing and Communication: Are all staff in their correct positions? Do all staff have a functioning radio or other communication device? Has a communication test been conducted? Is there a clear chain of command?
5. Crowd Management: Are there any dangerous pinch points or areas of overcrowding? Are security staff actively monitoring crowd density and mood? Is signage clear and effective?
6. Infrastructure and Technical: Are all cables and wires safely covered or flown? Are generators properly ventilated and secured? Has a final AV and lighting check been completed?
7. Sanitation and Waste: Are restrooms clean and stocked? Are trash receptacles being emptied regularly to prevent overflow and fire hazards?
8. Weather Monitoring: Is a designated person actively monitoring a reliable weather source? Is the communication plan ready to be activated for a weather-related announcement?

Guía 3: Developing a Crisis Communication Plan

1. Identify a Crisis Team and Spokesperson: Designate a core team (Event Director, Head of Security, PR Lead) and a single, trained spokesperson to ensure a consistent message.
2. Develop Pre-Approved Statements: Draft template holding statements for various scenarios (e.g., technical failure, medical emergency, security incident). The template should be about 80% complete, leaving blanks for specific details. Example: “We are aware of an incident at [Location]. Our immediate priority is the safety of our attendees. We are working with [Authorities] and will provide more information as soon as it is available at [Official Channel].”
3. Establish Communication Channels: Define the primary channels for communicating with attendees (e.g., event app push notifications, social media, on-site announcements) and media (e.g., press release, designated briefing area).
4. Create a Monitoring Protocol: Set up real-time monitoring of social media and news outlets to understand the public narrative and address misinformation quickly.
5. Define Internal Communication Protocol: Create a plan for how staff and volunteers will be informed. A well-informed team can help manage attendees and quell rumors.
6. Schedule a Tabletop Exercise: Before the event, run the crisis team through a simulated crisis to test the plan, identify gaps, and ensure everyone knows their role.

Recursos internos y externos (sin enlaces)

Recursos internos

• Plantilla de Matriz de Riesgos para Eventos (Formato Excel)
• Checklist de Auditoría de Seguridad de Recintos
• Plantilla de Plan de Acción de Emergencia (PAE)
• Catálogo de Escenarios de Riesgo Comunes por Tipo de Evento
• Guía de Contratación de Proveedores Seguros
• Plantilla de Informe Post-Incidente

External reference resources

• ISO 31000:2018 – Risk management — Guidelines
• Event Safety Alliance – Event Safety Guide
• National Fire Protection Association (NFPA) 101 – Life Safety Code
• Occupational Safety and Health Administration (OSHA) – Guidelines for Workplace Safety
• Ready.gov – Business Continuity and Emergency Planning Resources
• Purple Guide – Health, Safety and Welfare at Music and Other Events (UK Specific)

Frequently asked questions

What is the difference between a risk and an issue?

A risk is a potential future event that might happen and could have a negative impact. An issue is a risk that has already occurred; it is a current problem that must be managed. The goal of risk management is to deal with risks proactively so they do not become issues.

How often should we review our event risk matrix?

The risk matrix should be a living document. It should be reviewed at key project milestones, such as venue selection and vendor contracting. During the final month before the event, it should be reviewed weekly. A final review should happen 24-48 hours before the event begins.

Isn’t risk management just common sense? Why do we need a formal process?

While many aspects are based on common sense, a formal process like risk matrix event risk management ensures nothing is overlooked. It provides a structured, comprehensive way to identify risks, forces objective prioritization instead of focusing on what’s emotionally “scary,” creates accountability through assigned ownership, and provides a defensible record of due diligence.

Our event has a small budget. How can we afford risk management?

Risk management is scalable. For a small event, it might simply be a one-hour team meeting to create a basic risk matrix on a whiteboard. The cost of not managing risk (e.g., an injury, cancellation, or reputational damage) is almost always far greater than the cost of proactive planning. Many effective mitigation strategies, like clear communication or having a backup plan, cost very little to implement.

Who should be involved in creating the risk matrix?

The more diverse the group, the better. You should include the core event team, client representatives, and key department heads (security, technical, catering). For larger events, consider including representatives from local emergency services (police, fire) in the planning process. This collaborative approach ensures a 360-degree view of potential risks.

Conclusión y llamada a la acción

The landscape of event planning is inherently filled with uncertainty, but this does not mean we must be victims of circumstance. By systematically embracing a framework of risk matrix event risk management, planners can seize control, turning potential threats into managed and mitigated variables. The risk matrix is more than just a color-coded chart; it is a strategic tool that fosters a culture of foresight, preparedness, and resilience. It enables teams to allocate finite resources effectively, focusing on the threats that truly matter. The results are tangible and compelling: safer environments for attendees, greater financial predictability with budget variances kept under 5%, enhanced reputations, and ultimately, more successful and impactful events. The goal is not to eliminate all risk—an impossible task—but to understand it, prepare for it, and build events that can withstand the inevitable challenges they will face.

Do not wait for an incident to highlight the gaps in your planning. Take the first step today towards building a more resilient event strategy. Begin by downloading our risk matrix template and scheduling a brainstorming session with your team. Use the guides provided to build your first risk register and start the conversation. For those seeking to embed this expertise at a deeper level, consider our professional training or consulting services to accelerate your journey towards mastering event risk management.

Glosario

Risk Matrix

A tool used in risk assessment to visualize and prioritize risks by plotting their likelihood of occurrence against their potential impact.

Risk Register

A document that lists all identified risks, their characteristics (category, cause), and scores for likelihood and impact. It serves as the foundation for the risk matrix.

Mitigation

Actions taken to reduce the likelihood of a risk occurring or to lessen the impact if it does occur.

Contingency Plan

A plan designed to be executed if a risk materializes. It outlines the specific steps to be taken in response to an incident (the “Plan B”).

Risk Appetite

The level of risk an organization is willing to accept in pursuit of its objectives. This helps define the boundaries between acceptable (green) and unacceptable (red) risks on the matrix.

ISO 31000

An international standard that provides principles and generic guidelines on risk management. It is not specific to any industry and can be adapted for event management.