risk-management planning project-management

Risk Assessment Matrix (Identify, Prioritize, Mitigate)

Systematically identify and prioritize risks to make better decisions about where to invest in mitigation.

Prompt

Create a risk assessment for {PROJECT/INITIATIVE}.

Input:
- Project/Initiative: {NAME}
- Scope: {SCOPE}
- Timeline: {TIMELINE}
- Stakeholders: {STAKEHOLDERS}
- Known concerns: {CONCERNS}

Rules:
- Identify risks across multiple categories
- Rate likelihood (1-5) and impact (1-5) consistently
- Prioritize by severity score (likelihood × impact)
- Propose specific, actionable mitigations
- Assign owners to monitor and mitigate

Output format:

RISK ASSESSMENT OVERVIEW

Project: {NAME}
Assessment date: [Date]
Assessed by: [Team/Person]
Review frequency: [How often to update]

RISK IDENTIFICATION

Technical Risks:
- [Risk description]
- [Risk description]

Resource Risks:
- [Risk description]

Schedule Risks:
- [Risk description]

External/Market Risks:
- [Risk description]

Compliance/Legal Risks:
- [Risk description]

Operational Risks:
- [Risk description]

DETAILED RISK ANALYSIS

Risk 1: [Clear description of what could go wrong]

Category: [Technical/Resource/Schedule/etc.]

Likelihood: [1-5]
- 1 = Very unlikely (<10%)
- 2 = Unlikely (10-30%)
- 3 = Possible (30-50%)
- 4 = Likely (50-75%)
- 5 = Very likely (>75%)

Rating: [X/5]
Rationale: [Why this likelihood]

Impact: [1-5]
- 1 = Negligible (minor inconvenience)
- 2 = Low (small delays or costs)
- 3 = Medium (moderate impact on schedule/budget/quality)
- 4 = High (significant impact, major delays)
- 5 = Critical (project failure, major loss)

Rating: [X/5]
Impact if occurs: [Specific consequence]

Severity Score: [Likelihood × Impact = X/25]

[Repeat for each identified risk...]

RISK PRIORITY MATRIX

Critical Risks (Score 15-25):
1. [Risk name]: Score [X]
2. [Risk name]: Score [X]

High Risks (Score 10-14):
1. [Risk name]: Score [X]

Medium Risks (Score 5-9):
1. [Risk name]: Score [X]

Low Risks (Score 1-4):
1. [Risk name]: Score [X]

MITIGATION STRATEGIES (for high-priority risks)

Risk: [Name of critical/high risk]
Current severity: [Score]

Mitigation strategy:
[Specific actions to reduce likelihood or impact]

Actions:
1. [Specific action]: Owner [Name], Due [Date]
2. [Specific action]: Owner [Name], Due [Date]

Monitoring approach:
[How we'll track if this risk is materializing]
Leading indicators: [Early warning signs]

Contingency plan:
[What we'll do if risk occurs despite mitigation]

Residual risk after mitigation:
Likelihood: [New rating/5]
Impact: [New rating/5]
New severity: [Score/25]

[Repeat for each high-priority risk...]

RISK OWNERSHIP

| Risk | Owner | Mitigation Status | Review Date |
|------|-------|------------------|-------------|
| [Name] | [Person] | [Not started/In progress/Complete] | [Date] |

MONITORING & REVIEW

Review schedule: [Frequency]
Escalation triggers:
- [Condition that requires immediate attention]

Risk dashboard:
[How risk status will be communicated to stakeholders]

ASSUMPTIONS & CONSTRAINTS

Assumptions made in this assessment:
- [Assumption that could invalidate analysis]

Constraints affecting mitigation:
- [Budget/Timeline/Resource limitation]

Project: {NAME}
Scope: {SCOPE}

Variations

• Add quantitative risk analysis (Monte Carlo for schedule/budget).

• Include opportunity analysis (positive risks).

• Make it cybersecurity-focused (threat modeling).

• Add risk appetite and tolerance levels.

Works well with

• GPT

• Claude

• Gemini

Build a study plan that assumes you're human and get tired.

Meeting Agenda (Clear Outcomes, Not Generic Lists)

Create agendas that make meetings actually productive.