Use when you need to identify, analyze, and mitigate risks in any plan, system, or decision. Systematically finds what could go wrong and how to prevent it.
Find what could go wrong before it goes wrong. Systematic identification, analysis, and mitigation of risks.
<HARD-GATE> Do NOT assess risks without considering at least 5 categories of risk. Do NOT identify a risk without proposing at least one mitigation strategy. </HARD-GATE>Every risk must have: a specific scenario, a likelihood estimate, an impact estimate, and at least one mitigation strategy.
| Category | What It Covers | Examples |
|---|
| Technical | System failures, bugs, scalability | Performance degradation, data loss, integration failures |
| Security | Vulnerabilities, attacks, data breaches | Injection, auth bypass, data exposure |
| Business | Market, competition, revenue | Wrong product, missed timing, cost overrun |
| Operational | Process, people, infrastructure | Key person dependency, tool failure, vendor lock-in |
| Compliance | Legal, regulatory, policy | GDPR violation, license conflict, policy breach |
Brainstorm risks by category
Use risk prompts
Assess likelihood
Assess impact
Calculate risk score
Risk Score = Likelihood × Impact
High × High = Critical (act immediately)
High × Medium = Major (act soon)
Medium × High = Major (act soon)
Medium × Medium = Moderate (plan mitigation)
Low × anything = Monitor (watch for changes)
Choose mitigation strategy
| Strategy | When to Use | Example |
|---|---|---|
| Avoid | Risk is too high | Don't use the risky technology |
| Reduce | Risk can be lowered | Add monitoring, add tests |
| Transfer | Someone else can handle it | Use managed service, get insurance |
| Accept | Risk is low or mitigation is too costly | Monitor and have a response plan |
Create mitigation plan
| Risk | Likelihood | Impact | Score | Strategy | Mitigation | Owner | Deadline |
|------|-----------|--------|-------|----------|------------|-------|----------|
| Risk 1 | High | High | Critical | Reduce | Add monitoring, add fallback | Who | When |
Set up early warning
Review and update
Risk Assessment: [Target]
Date: [date]
Assessor: [who]
## Executive Summary
- Total risks identified: N
- Critical: N | Major: N | Moderate: N | Low: N
- Overall risk level: [High/Medium/Low]
## Risk Register
[Detailed table of all risks]
## Mitigation Plan
[Specific actions for each risk]
## Monitoring Plan
[How risks will be tracked]
## Residual Risk
[Risk level after mitigation]
Related skills: decision-framework, strategic-planning, quality-assurance