Purpose: Supply chain managers must balance accuracy, timeliness and accessibility of information to make good decisions on risk, preventing or mitigating un-acceptable risks. Thus, any risk assessment method must strike a practical balance between the three. The risk matrix is popular in Supply Chain Risk Management (SCRM) as it reduces complexity of more quantitative risk analyses, by categorising likelihood and impact into qualitative constructs or semi-quantitative scores. This makes SCRM much more realistic and understandable to non-quantitative risk managers. However, while it is simple and easy to use, it is also, according to a now substantial literature, not fit for purpose due to numerous mathematical flaws which are discussed in this article.

Design: This paper reassesses the SCRM domain when it comes to making good decisions based on increasingly complex amounts of qualitative and quantitative data.

Findings: The advantages and disadvantages of both the risk matrix and Quantitative Risk Analysis (QRA) are discussed, providing some solutions for overcoming the majority of the mathematical flaws of the risk matrix.

Originality: Often poor implementation, rather than a structural issue with the risk matrix approach is evident in practice. The criticisms of risk matrices can be overcome, producing a more reliable way to assess and manage supply chain risk.

Practical implications: A more appropriate, fit-for-purpose approach toward the supply chain risk management matrix is offered.