Risk Assessment Prompt Templates

AI prompt templates for risk assessments. Identify, analyze, and mitigate business risks.

Overview

Risk assessment helps organizations identify, evaluate, and prepare for potential threats before they become crises. Good risk management isn't about eliminating all risk, it's about understanding which risks to accept, which to mitigate, and having contingency plans ready. These prompts help you systematically analyze and address business risks.

Best Practices

1

Assess both likelihood and impact, a likely minor issue differs from an unlikely catastrophe

2

Identify risk owners responsible for monitoring and mitigation

3

Define trigger points that activate contingency plans

4

Review and update risk assessments regularly, risks evolve

5

Balance thoroughness with pragmatism, not every risk needs extensive analysis

Prompt Templates

1. Business Risk Assessment

Conduct a risk assessment for [BUSINESS/PROJECT]. Categories to consider: [CATEGORIES]. For each risk, evaluate likelihood, impact, and mitigation strategies. Prioritize by risk score.
Business: E-commerce startup, Categories: operational, financial, market, technology, regulatory
Business Risk Assessment

**HIGH PRIORITY RISKS**

| Risk | Likelihood | Impact | Score | Mitigation |
|------|------------|--------|-------|------------|
| Key supplier failure | Medium | High | 8 | Diversify suppliers, maintain 30-day inventory |
| Cyber attack/data breach | Medium | Critical | 9 | SOC 2 compliance, incident response plan |

**MEDIUM PRIORITY RISKS**
| Risk | Likelihood | Impact | Score | Mitigation |
|------|------------|--------|-------|------------|
| Economic downturn | Medium | Medium | 6 | Reduce fixed costs, maintain 6-mo runway |

**RISK OWNERS**
- Operational: COO
- Financial: CFO
- Technology: CTO

Annual planning, major initiatives, or after significant business changes

  • Use consistent scoring criteria across all risks
  • Review quarterly and after major incidents

2. Project Risk Register

Create a risk register for [PROJECT]. Include: risk description, probability, impact, risk score, mitigation strategy, contingency plan, owner, and status.
Project: ERP system implementation, 12-month timeline, $500K budget
Project Risk Register: ERP Implementation

| ID | Risk | Prob | Impact | Score | Mitigation | Contingency | Owner | Status |
|----|------|------|--------|-------|------------|-------------|-------|--------|
| R1 | Scope creep | High | High | 9 | Change control board, fixed scope document | Descope non-critical features | PM | Active |
| R2 | Data migration issues | Med | High | 6 | Pilot migration, validation scripts | Parallel running period | Tech Lead | Active |
| R3 | User resistance | Med | Med | 4 | Change management plan, champions | Extended training | Change Mgr | Monitoring |

**TRIGGER POINTS**
- R1: Any scope request >$10K or 2 weeks triggers escalation
- R2: >5% data errors in pilot triggers remediation sprint

Project kickoff and ongoing project management

  • Update weekly during active projects
  • Define specific trigger points for each risk

3. Vendor Risk Assessment

Assess the risks of engaging [VENDOR] for [SERVICE]. Evaluate: financial stability, operational capability, security posture, contractual risks, and dependency risks.
Vendor: Cloud infrastructure provider, Service: Hosting critical business applications
Vendor Risk Assessment: CloudHost Inc.

**OVERALL RISK RATING: MEDIUM**

| Category | Rating | Key Concerns |
|----------|--------|-------------|
| Financial Stability | Low | Profitable, well-funded |
| Operational | Medium | 99.9% SLA but recent outage |
| Security | Low | SOC 2, ISO 27001 certified |
| Contractual | Medium | Limited liability cap |
| Dependency | High | No easy migration path |

**KEY RISKS**
1. Single point of failure for critical apps
2. Liability cap of $50K vs. potential losses of $500K+

**MITIGATIONS**
- Negotiate higher liability cap
- Implement multi-region redundancy
- Document exit strategy

Before signing significant vendor contracts

  • Request SOC 2 reports and financial statements
  • Always plan for vendor exit, even with good vendors

4. Risk Mitigation Plan

Create a mitigation plan for [SPECIFIC_RISK]. Current state: [CURRENT_STATE]. Include: risk description, current controls, additional mitigations, implementation timeline, success metrics, and residual risk.
Risk: Key person dependency on lead developer, Current State: One person knows critical systems, no documentation
Risk Mitigation Plan: Key Person Dependency

**RISK DESCRIPTION**
Lead developer holds critical knowledge of core systems. Departure would cause 3-6 month productivity loss.

**CURRENT CONTROLS**
- None effective

**MITIGATION ACTIONS**
| Action | Owner | Timeline | Status |
|--------|-------|----------|--------|
| Document system architecture | Lead Dev | 4 weeks | Not started |
| Cross-train backup developer | Lead Dev | 8 weeks | Not started |
| Record video walkthroughs | Lead Dev | 2 weeks | Not started |
| Establish code review requirement | Eng Mgr | 1 week | Not started |

**SUCCESS METRICS**
- Backup can deploy independently within 90 days
- All critical systems documented

**RESIDUAL RISK**
Medium, even with mitigation, some knowledge loss is inevitable

When high-priority risks need detailed action plans

  • Assign specific owners and deadlines
  • Track progress in regular risk reviews

5. Crisis Response Plan

Create a crisis response plan for [CRISIS_SCENARIO]. Include: trigger criteria, response team, immediate actions, communication plan, and recovery steps.
Scenario: Major data breach affecting customer information
Crisis Response Plan: Data Breach

**TRIGGER CRITERIA**
Activate when: Unauthorized access to customer PII confirmed or suspected

**RESPONSE TEAM**
| Role | Primary | Backup |
|------|---------|--------|
| Incident Commander | CTO | CEO |
| Technical Lead | Security Eng | Sr. Developer |
| Communications | PR Lead | CEO |
| Legal | General Counsel | External Firm |

**IMMEDIATE ACTIONS (First 4 Hours)**
1. Contain breach, isolate affected systems
2. Preserve evidence for investigation
3. Notify legal counsel
4. Begin impact assessment

**COMMUNICATION PLAN**
- Internal: All-hands within 24 hours
- Customers: Within 72 hours per regulations
- Regulators: As required by law

**RECOVERY STEPS**
1. Root cause analysis
2. Remediate vulnerability
3. Improved monitoring
4. Post-incident review

Preparing for potential crisis scenarios

  • Practice the plan with tabletop exercises
  • Keep contact lists current and accessible

Common Mistakes to Avoid

Identifying risks without assigning owners responsible for monitoring and mitigation

Creating risk registers that are never updated, risks evolve and so should assessments

Focusing only on external risks while ignoring internal vulnerabilities

Frequently Asked Questions

Risk assessment helps organizations identify, evaluate, and prepare for potential threats before they become crises. Good risk management isn't about eliminating all risk, it's about understanding which risks to accept, which to mitigate, and having contingency plans ready. These prompts help you systematically analyze and address business risks.

Related Templates

Sales Email Prompt Templates

AI prompt templates for sales emails. Create compelling cold outreach, follow-ups, and closing messages.

Business Proposal Prompt Templates

AI prompt templates for business proposals. Create persuasive proposals that win clients and projects.

Business Report Prompt Templates

AI prompt templates for business reports. Create clear, actionable reports for stakeholders.

Have your own prompt to optimize?

Try Prompt Optimizer More Business Prompts