Risk Assessment Matrix Builder
The Risk Assessment Matrix Builder generates a comprehensive risk register with scored likelihood and impact ratings, categorized risk types, mitigation strategies, and assigned ownership. It turns the often-neglected risk planning step into a structured, actionable document that project teams can actually use.
Project managers, program directors, operations leaders, and compliance professionals use this template when launching new projects, entering new markets, preparing for audits, or conducting quarterly risk reviews. It works across industries: software development, construction, financial services, healthcare, manufacturing, and any domain where identifying and managing risk is part of professional practice.
This prompt delivers better risk analysis than most manual efforts because it enforces consistent scoring criteria (preventing the common problem where one person's "high" is another's "medium"), requires specific mitigation actions rather than vague awareness, assigns clear ownership for each risk, and includes monitoring triggers that tell the team when a risk is materializing. The categorization framework also ensures the team considers risks across multiple dimensions rather than fixating on the most obvious ones.
This prompt is just the starting point
Score it with AI, optimize it with one click, track versions, and build your prompt library.
The Prompt
Build a comprehensive risk assessment matrix for the following: **Project/Initiative**: [PROJECT NAME AND DESCRIPTION, e.g., "Migrating our e-commerce platform from on-premise to AWS, affecting 200K daily active users"] **Timeline**: [PROJECT TIMELINE, e.g., "6-month migration, April through September 2026"] **Team Size**: [TEAM, e.g., "12 engineers, 2 PMs, 1 QA lead"] **Key Stakeholders**: [STAKEHOLDERS, e.g., "CTO (sponsor), VP Engineering, VP Sales (revenue impact), Customer Support lead"] **Known Concerns**: [ANY RISKS YOU ALREADY KNOW ABOUT, e.g., "Legacy payment integration has no documentation; holiday shopping season starts in October"] Generate the following: ### Scoring Criteria Define the scoring scales before listing risks: - **Likelihood**: 1-5 scale with specific definitions (1 = rare/less than 5% chance, through 5 = almost certain/greater than 90%) - **Impact**: 1-5 scale with specific definitions tied to this project (what does a "5" impact actually mean in terms of timeline, budget, and scope?) - **Risk Score**: Likelihood x Impact, with threshold bands (Low: 1-6, Medium: 7-12, High: 13-19, Critical: 20-25) ### Risk Register Present as a table with these columns: | ID | Risk Description | Category | Likelihood (1-5) | Impact (1-5) | Risk Score | Owner | Mitigation Strategy | Monitoring Trigger | **Categories to assess** (identify 2-4 risks per category where relevant): - **Technical**: Architecture, integration, performance, security, data integrity - **Schedule**: Dependencies, resource availability, scope creep, external delays - **Financial**: Budget overruns, vendor costs, opportunity costs - **Operational**: Process disruption, training gaps, change management - **External**: Regulatory changes, market shifts, vendor reliability, third-party dependencies ### Risk Heat Map Organize the identified risks into a 5x5 likelihood-vs-impact grid to visualize concentration. ### Top 5 Critical Risks: Deep Dive For the 5 highest-scoring risks, provide: - **Detailed description**: What specifically could go wrong - **Root cause**: Why this risk exists - **Mitigation plan**: 2-3 specific actions to reduce likelihood or impact - **Contingency plan**: What to do if the risk materializes despite mitigation - **Early warning signs**: Observable indicators that this risk is increasing ### Risk Review Cadence Recommend a review schedule (weekly, biweekly, monthly) with a brief agenda for each risk review meeting.
Usage Tips
- List your known concerns honestly: The prompt generates risks across all categories, but your known concerns help calibrate the output to your specific situation. Mentioning "the lead engineer might leave" produces very different operational risks than "we have never used this cloud provider."
- Customize the impact scale to your project: After generation, review the impact definitions. A "5" should mean something concrete for your project (e.g., "launch delayed by 8+ weeks" or "revenue loss exceeding $500K"), not a generic "catastrophic."
- Assign real owners: Replace generic role names with actual people. A risk owned by "the engineering team" is owned by nobody. A risk owned by "Maria, backend lead" gets addressed.
- Schedule the first review immediately: The risk matrix loses value the moment it becomes stale. Book a recurring 30-minute risk review and use the monitoring triggers as the agenda.
- Update as risks materialize or resolve: Ask a follow-up question like "Risk #4 has materialized. Rewrite the matrix with the contingency plan activated and identify any new cascading risks."
Get more from this prompt
Save it, score it with AI, optimize it, and track every version. Free to start.