There are several project management "errors" to be found in PMBOK. One is the concept of performing math on the risk matrix. Figure 11-8. Probability and Impact Matrix in PMBOK 2003 describes how the probability of occurrence and impact on the project once this occurrence appears is computed. They are multiplied together to produce a "risk rank."
Turning to Department of Defense Risk Management Guide for DoD Acquisition, Fifth Edition, June 2003, §2.6.4.3.1 - Risk Ranking and Prioritization Ranking, pp.18-21. Quoting from the Guide...
- Risk rankings are an indication of the potential impact of risks on a program
- In most cases risk scales are actually just raw (uncalibrated) ordinal scales, reflecting only relative standing between scale levels and not actual numerical differences
Any mathematical operations performed on results from uncalibrated ordinal scales, or a combination of uncalibrated ordinal scales, can provide information that will be misleading, if not completely meaninglessly, resulting in erroneous risk rankings.
Hence mathematical operations should generally not be performed on scores derived from uncalibrated ordinal scales.
Strong language from a competent source
One approach is to show each risk's probability of occurrence and its impact separately, with no calculations between them. This is usually done in a matrix that colors the intersection of the probability of occurrence and the impact Green, Yellow, or Red
For a better source (and a free source) of this topic and all other topics in PMBOK, see the Department of Defense version of PMBOK.
You can ignore the gory DoD parts and read through the concepts of how to manage a program or project