Risk Assessment

Systematically identify, assess, and plan mitigations for operational risks.

Risk Assessment Matrix

Risk Categories

• Operational: Process failures, staffing gaps, system outages
• Financial: Budget overruns, vendor cost increases, revenue impact
• Compliance: Regulatory violations, audit findings, policy breaches
• Strategic: Market changes, competitive threats, technology shifts
• Reputational: Customer impact, public perception, partner relationships
• Security: Data breaches, access control failures, third-party vulnerabilities

Risk Register Format

For each risk, document:

• Description: What could happen
• Likelihood: High / Medium / Low
• Impact: High / Medium / Low
• Risk Level: Critical / High / Medium / Low
• Mitigation: What we're doing to reduce likelihood or impact
• Owner: Who is responsible for managing this risk
• Status: Open / Mitigated / Accepted / Closed

Output

Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.