YAML
---
name: automated-risk-assessment
description: Builds comprehensive enterprise risk matrices with quantified financial impact, probability scoring, and mitigation strategies. Use when conducting organizational risk assessments, preparing board reports, or developing risk management frameworks.
---

Automated Risk Assessment

ENTERPRISE RISK ASSESSMENT: [Company Name]

RISK MATRIX (Top 5 Sample):
Risk ID | Category | Risk Description | Probability | Impact | Financial Exposure | Risk Score
R001 | Financial | Market volatility impact | High (70%) | High | $2.5M-5M | 21
R002 | Operational | Supply chain disruption | Medium (40%) | Critical | $5M-10M | 20
R003 | Compliance | Regulatory changes | High (80%) | Medium | $1M-3M | 16
R004 | Strategic | Competitor disruption | Medium (50%) | High | $3M-8M | 15
R005 | Operational | Cybersecurity breach | Low (20%) | Critical | $10M-25M | 14

HEAT MAP: [Visual matrix showing probability vs impact with color coding]

Progress:

• Risk Identification: Catalog 20+ risks across 4 categories (Financial, Operational, Strategic, Compliance)
• Probability Assessment: Score likelihood (Low 1-3, Medium 4-6, High 7-9, Critical 10)
• Impact Scoring: Rate severity (Low 1-3, Medium 4-6, High 7-9, Critical 10)
• Financial Quantification: Estimate potential losses in dollar ranges
• Control Mapping: Document existing controls and identify gaps
• Mitigation Planning: Recommend strategies with cost/benefit analysis
• Risk Appetite Framework: Define acceptable risk thresholds
• Heat Map Creation: Visual board-ready risk matrix
• Emerging Risks: Include future threats and black swan scenarios

Risk Categories Template:

Financial: Market risk, credit risk, liquidity, currency, interest rates Operational: Process failures, system outages, supply chain, human resources Strategic: Competition, technology disruption, reputation, M&A integration Compliance: Regulatory changes, legal disputes, data privacy, industry standards

Example 1: Input: "Assess risks for mid-size manufacturing company" Output:

TOP RISKS IDENTIFIED:
R001 | Operational | Raw material shortage | 60% | High | $2-4M | 18
- Current Controls: Single supplier contracts, 30-day inventory
- Gaps: No backup suppliers, limited inventory buffer
- Mitigation: Diversify suppliers (Cost: $200K, Benefit: $2M risk reduction)

R002 | Compliance | Environmental regulations | 70% | Medium | $1-2M | 14
- Current Controls: Monthly compliance audits, legal monitoring
- Gaps: Automated monitoring system missing
- Mitigation: Install monitoring system (Cost: $150K, Benefit: $1.5M avoidance)

Example 2: Input: "Include emerging risks and black swan events" Output:

EMERGING RISKS:
- AI disruption of core processes (Strategic, 30%, Critical, $5-15M)
- Quantum computing threat to encryption (Operational, 10%, Critical, $20-50M)
- Climate-related supply disruption (Operational, 40%, High, $3-8M)

BLACK SWAN SCENARIOS:
- Pandemic impact on workforce (20%, Critical, $10-30M)
- Geopolitical trade war (15%, Critical, $15-40M)
- Major cyber warfare event (5%, Catastrophic, $50M+)

• Use consistent 1-10 scoring scale for probability and impact
• Quantify financial exposure in realistic ranges, not single numbers
• Map controls to specific risk scenarios, not general categories
• Include residual risk scores after mitigation measures
• Update risk appetite based on company's actual loss tolerance
• Color-code heat maps: Green (1-6), Yellow (7-12), Orange (13-18), Red (19-25)
• Present in order of risk score (probability × impact)
• Include both inherent and residual risk assessments

• Don't score all risks as "high" - use full scale distribution
• Avoid generic mitigation strategies that don't address root causes
• Don't ignore positive risks (opportunities) in strategic category
• Never present risks without corresponding control assessments
• Don't create static assessments - build in review cycles
• Avoid over-engineering - keep framework usable by business units
• Don't rely solely on historical data for emerging risk probability