Lookup matrices

A lookup matrix derives a value from a combination of inputs, using a table you define rather than a formula buried in code. The classic example is risk: a severity down one axis and a probability across the other, with the resulting risk level in each cell.

How a matrix works

A matrix has rows and columns representing two input dimensions, and a value in each cell giving the result for that combination. When a record supplies the two inputs, the matrix returns the corresponding cell value automatically. Because the mapping is an explicit, visible table, it’s easy to review and agree on — and easy to change when your policy does.

Why table-driven matters

In a regulated setting, how a value like a risk rating is derived has to be transparent and defensible. A lookup matrix makes the derivation a piece of configuration you can show an auditor — “this severity and this probability yield this risk level, by this agreed table” — rather than an opaque calculation. Change the policy, change the table, and every future derivation follows the new rule.

Where they’re used

Lookup matrices underpin scored assessments like the risk matrix described in Scoring, giving those scores a consistent, configurable, organization-wide basis.