Risk Assessment
Systematically identify, assess, and plan mitigations for operational
risks.
Risk Assessment Matrix
|
Low Impact |
Medium Impact |
High Impact |
| High Likelihood |
Medium |
High |
Critical |
| Medium Likelihood |
Low |
Medium |
High |
| Low Likelihood |
Low |
Low |
Medium |
Risk Categories
- Operational: Process failures, staffing gaps,
system outages
- Financial: Budget overruns, vendor cost increases,
revenue impact
- Compliance: Regulatory violations, audit findings,
policy breaches
- Strategic: Market changes, competitive threats,
technology shifts
- Reputational: Customer impact, public perception,
partner relationships
- Security: Data breaches, access control failures,
third-party vulnerabilities
For each risk, document:
- Description: What could happen
- Likelihood: High / Medium / Low
- Impact: High / Medium / Low
- Risk Level: Critical / High / Medium / Low
- Mitigation: What we're doing to reduce likelihood
or impact
- Owner: Who is responsible for managing this
risk
- Status: Open / Mitigated / Accepted / Closed
Output
Produce a prioritized risk register with specific, actionable
mitigations. Focus on risks that are controllable and material.