Risk Assessment Matrix (Identify, Prioritize, Mitigate)
This prompt creates comprehensive risk assessments that identify potential threats, evaluate likelihood and impact, prioritize by severity, and propose mitigation strategies. It helps teams anticipate problems before they become crises and allocate resources wisely to reduce risk.
GPT / Claude / Gemini5 variables
Prompt
Create a risk assessment for {PROJECT/INITIATIVE}.
Input:
- Project/Initiative: {NAME}
- Scope: {SCOPE}
- Timeline: {TIMELINE}
- Stakeholders: {STAKEHOLDERS}
- Known concerns: {CONCERNS}
Rules:
- Identify risks across multiple categories
- Rate likelihood (1-5) and impact (1-5) consistently
- Prioritize by severity score (likelihood × impact)
- Propose specific, actionable mitigations
- Assign owners to monitor and mitigate
Output format:
RISK ASSESSMENT OVERVIEW
Project: {NAME}
Assessment date: [Date]
Assessed by: [Team/Person]
Review frequency: [How often to update]
RISK IDENTIFICATION
Technical Risks:
- [Risk description]
- [Risk description]
Resource Risks:
- [Risk description]
Schedule Risks:
- [Risk description]
External/Market Risks:
- [Risk description]
Compliance/Legal Risks:
- [Risk description]
Operational Risks:
- [Risk description]
DETAILED RISK ANALYSIS
Risk 1: [Clear description of what could go wrong]
Category: [Technical/Resource/Schedule/etc.]
Likelihood: [1-5]
- 1 = Very unlikely (<10%)
- 2 = Unlikely (10-30%)
- 3 = Possible (30-50%)
- 4 = Likely (50-75%)
- 5 = Very likely (>75%)
Rating: [X/5]
Rationale: [Why this likelihood]
Impact: [1-5]
- 1 = Negligible (minor inconvenience)
- 2 = Low (small delays or costs)
- 3 = Medium (moderate impact on schedule/budget/quality)
- 4 = High (significant impact, major delays)
- 5 = Critical (project failure, major loss)
Rating: [X/5]
Impact if occurs: [Specific consequence]
Severity Score: [Likelihood × Impact = X/25]
[Repeat for each identified risk...]
RISK PRIORITY MATRIX
Critical Risks (Score 15-25):
1. [Risk name]: Score [X]
2. [Risk name]: Score [X]
High Risks (Score 10-14):
1. [Risk name]: Score [X]
Medium Risks (Score 5-9):
1. [Risk name]: Score [X]
Low Risks (Score 1-4):
1. [Risk name]: Score [X]
MITIGATION STRATEGIES (for high-priority risks)
Risk: [Name of critical/high risk]
Current severity: [Score]
Mitigation strategy:
[Specific actions to reduce likelihood or impact]
Actions:
1. [Specific action]: Owner [Name], Due [Date]
2. [Specific action]: Owner [Name], Due [Date]
Monitoring approach:
[How we'll track if this risk is materializing]
Leading indicators: [Early warning signs]
Contingency plan:
[What we'll do if risk occurs despite mitigation]
Residual risk after mitigation:
Likelihood: [New rating/5]
Impact: [New rating/5]
New severity: [Score/25]
[Repeat for each high-priority risk...]
RISK OWNERSHIP
| Risk | Owner | Mitigation Status | Review Date |
|------|-------|------------------|-------------|
| [Name] | [Person] | [Not started/In progress/Complete] | [Date] |
MONITORING & REVIEW
Review schedule: [Frequency]
Escalation triggers:
- [Condition that requires immediate attention]
Risk dashboard:
[How risk status will be communicated to stakeholders]
ASSUMPTIONS & CONSTRAINTS
Assumptions made in this assessment:
- [Assumption that could invalidate analysis]
Constraints affecting mitigation:
- [Budget/Timeline/Resource limitation]
Project: {NAME}
Scope: {SCOPE}Quick brief
Purpose
Systematically identify and prioritize risks to make better decisions about where to invest in mitigation.
Expected output
A risk assessment containing: comprehensive risk inventory across categories, likelihood and impact ratings, priority matrix showing highest risks, detailed mitigation plans for top risks with owners and timelines, residual risk after mitigation, and monitoring approach.
Customize before copying
Replace these placeholders with your own context before you run the prompt.
{NAME}{SCOPE}{TIMELINE}{STAKEHOLDERS}{CONCERNS}
Works well with
GPT
Claude
Gemini
Variations
Add quantitative risk analysis (Monte Carlo for schedule/budget).
Include opportunity analysis (positive risks).
Make it cybersecurity-focused (threat modeling).
Add risk appetite and tolerance levels.
What this prompt helps you do
This prompt creates comprehensive risk assessments that identify potential threats, evaluate likelihood and impact, prioritize by severity, and propose mitigation strategies. It helps teams anticipate problems before they become crises and allocate resources wisely to reduce risk.
When to use it
Use when planning projects, launching products, making strategic decisions, preparing for audits, or any situation with significant downside risk. Essential for project management, compliance, and strategic planning.
How it works
The prompt structures assessment with: risk identification across categories, likelihood and impact evaluation, priority scoring (likelihood × impact), detailed mitigation strategies for high-priority risks, ownership assignment, and monitoring approach.
Best practices
Include diverse perspectives in risk identification. Be realistic about likelihood and impact. Focus mitigation on highest priority risks first. Assign clear owners for monitoring. Update regularly as situations change. Don't just identify risks—actually implement mitigations.
Common mistakes
Only considering obvious risks. All risks rated as high priority (everything is critical = nothing is). Vague mitigation strategies without owners. Creating the assessment but not acting on it. Not updating as projects progress. Optimism bias (underestimating likelihood or impact).
What you should expect back
A risk assessment containing: comprehensive risk inventory across categories, likelihood and impact ratings, priority matrix showing highest risks, detailed mitigation plans for top risks with owners and timelines, residual risk after mitigation, and monitoring approach.
Limitations
Can't predict all possible risks or black swan events. Ratings involve subjective judgment. Effectiveness depends on team's experience and honesty. Can't eliminate all risk, only manage it. Requires ongoing maintenance.
Real-world applications
Project managers use this for initiative planning. Compliance teams use it for regulatory risk. Product teams use it for launch readiness. Finance teams use it for strategic decisions. Operations teams use it for business continuity.
How to tell if it worked
Successful assessments mean risks are identified before becoming problems, highest risks have active mitigations, surprises decrease over time, and stakeholders understand risk profile. If crises still happen from known risk categories, assessment or mitigation failed.
Where to go next
Use Crisis Response Plan for high-impact risks. Pair with Project Plan for mitigation execution. Follow with Incident Postmortem when risks materialize.
Related prompts
7-Day Study Plan (Realistic, Not Delusional)
Build a study plan that assumes you're human and get tired.
Meeting Agenda (Clear Outcomes, Not Generic Lists)
Create agendas that make meetings actually productive.
Feature Spec Template (Problem → Solution → Success)
Write feature specs that engineers and designers can actually build from.
Stakeholder Communication Plan (Right Message, Right Time)
Design communication strategies that keep stakeholders informed without overwhelming them.
Meeting Notes with Action Items (Clarity & Accountability)
Document meetings so everyone knows what was decided and what happens next.
Crisis Response Plan (Prepared, Not Panicked)
Prepare for potential crises so teams can respond quickly and effectively when they happen.