Risk Assessment

Systematically identify, assess, and plan mitigations for operational risks.

Risk Assessment Matrix

Low Impact Medium Impact High Impact

High Likelihood Medium High Critical

Medium Likelihood Low Medium High

Low Likelihood Low Low Medium

Risk Categories

• Operational: Process failures, staffing gaps, system outages

• Financial: Budget overruns, vendor cost increases, revenue impact

• Compliance: Regulatory violations, audit findings, policy breaches

• Strategic: Market changes, competitive threats, technology shifts

• Reputational: Customer impact, public perception, partner relationships

• Security: Data breaches, access control failures, third-party vulnerabilities

Risk Register Format

For each risk, document:

• Description: What could happen

• Likelihood: High / Medium / Low

• Impact: High / Medium / Low

• Risk Level: Critical / High / Medium / Low

• Mitigation: What we're doing to reduce likelihood or impact

• Owner: Who is responsible for managing this risk

• Status: Open / Mitigated / Accepted / Closed

Output

Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.