Tier 4

risk_assessment

Systematic procedure for identifying, analyzing, and planning responses to risks

Usage in Claude Code: /risk_assessment your question here

Risk Assessment

Overview

Systematic procedure for identifying, analyzing, and planning responses to risks

Steps

Step 1: Establish context and scope

Define what we are assessing and the boundaries:

  1. Identify what project, decision, or initiative is being assessed
  2. Determine the time horizon for risk consideration
  3. List the objectives that risks could threaten
  4. Identify stakeholders and their risk tolerance
  5. Document any constraints on risk response (budget, time, authority)

Step 2: Identify risks comprehensively

Generate a complete list of potential risks:

  1. Use multiple identification techniques (brainstorming, checklists, anticipated_failures_analysis)
  2. Cover all risk categories (technical, operational, financial, external, organizational)
  3. Include both obvious and unlikely risks
  4. Consider risks to all objectives, not just the primary goal
  5. Document risks in standard format: IF [cause] THEN [event] LEADING TO [consequence]

Step 3: Assess probability of each risk

Evaluate how likely each risk is to occur:

  1. Consider historical frequency of similar risks
  2. Assess current conditions that affect likelihood
  3. Get expert input where available
  4. Assign probability score (1-5) using defined scale
  5. Document rationale for probability assessment

Step 4: Assess impact of each risk

Evaluate consequences if each risk materializes:

  1. Consider worst reasonable case (not worst possible)
  2. Assess impact across multiple dimensions (cost, time, quality, reputation)
  3. Identify which objectives would be affected
  4. Assign impact score (1-5) using defined scale
  5. Document rationale for impact assessment

Step 5: Calculate and prioritize risks

Combine probability and impact to prioritize:

  1. Calculate risk score: Probability x Impact
  2. Categorize by risk level (critical, high, medium, low)
  3. Plot on risk matrix for visualization
  4. Rank risks by score within each level
  5. Identify risks requiring immediate attention

Step 6: Develop response strategies

Plan how to address each significant risk:

  1. For each medium+ risk, select response strategy (avoid, mitigate, transfer, accept)
  2. Define specific actions for mitigation
  3. Assign owner for each risk and response action
  4. Estimate cost and effort for response
  5. Calculate residual risk after response

Step 7: Create contingency plans

Prepare response plans for critical risks:

  1. For each critical/high risk, define trigger conditions
  2. Document step-by-step response if risk occurs
  3. Identify resources needed for response
  4. Pre-position critical resources where possible
  5. Define escalation path and decision authority

When to Use

  • Starting a new project with significant investment or complexity
  • Making a decision with potential negative consequences
  • Evaluating a proposal or business case before approval
  • Conducting regular risk reviews during project execution
  • After a near-miss or incident to identify systemic risks
  • When stakeholders express concern about uncertainty
  • Before committing resources to an irreversible course of action
  • When entering unfamiliar territory or using new technologies

Verification

  • Multiple identification techniques used (not just brainstorming)
  • All risk categories systematically considered
  • Diverse perspectives included in identification
  • Probability and impact scores have documented rationale
  • All significant risks have response plans with owners
  • Critical risks have detailed contingency plans
  • Residual risk assessed after planned mitigations
  • Review schedule established and communicated

Input: $ARGUMENTS

Apply this procedure to the input provided.