2-D Risk Maps

In James Lam's Enterprise Risk Management book, there are some general approaches to Operational Risk Management as well as brief discussions on some of the specific techniques on how to assess and control risks. One particular approach is that of developing 2-D Risk Maps whereby a general risk assessment is treated with the application of relative risk rankings (with respect to probability and severity). Additionally, he discusses risk indicators and performance triggers that get factored into the "dashboard"

I can think of a number of examples of the indicators and triggers (e.g. 99.97/8/9% uptime of a production application or piece of hardware, etc). But, I would love to see some specific examples of these Risk Maps for an bank's application environment as I think this could be a rather tough thing to create given the diversity and complexity of the enterprise. Presumably, the severity ranking would include the criticality of the application in general, impact of certain functions/information not being available, and the knock-on (chain) effects. As for probability, I would imagine that it is more of a combination of some emperical data (ie knowledge of existing problematic systems) and a some finger-waving guestimates.