Risk Assessment

Systematically identify, assess, and plan mitigations for operational risks.

Risk Assessment Matrix

Low Impact

Medium Impact

High Impact

High Likelihood

Medium

High

Critical

Medium Likelihood

Low

Medium

High

Low Likelihood

Low

Low

Medium

Risk Categories

Operational

Process failures, staffing gaps, system outages

Financial

Budget overruns, vendor cost increases, revenue impact

Compliance

Regulatory violations, audit findings, policy breaches

Strategic

Market changes, competitive threats, technology shifts

Reputational

Customer impact, public perception, partner relationships

Security

Data breaches, access control failures, third-party vulnerabilities

Risk Register Format

For each risk, document:

Description

What could happen

Likelihood

High / Medium / Low

Impact

High / Medium / Low

Risk Level

Critical / High / Medium / Low

Mitigation

What we're doing to reduce likelihood or impact

Owner

Who is responsible for managing this risk

Status

Open / Mitigated / Accepted / Closed Output Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.