risk-assessment
npx machina-cli add skill anthropics/knowledge-work-plugins/risk-assessment --openclawRisk Assessment
Systematically identify, assess, and plan mitigations for operational risks.
Risk Assessment Matrix
| Low Impact | Medium Impact | High Impact | |
|---|---|---|---|
| High Likelihood | Medium | High | Critical |
| Medium Likelihood | Low | Medium | High |
| Low Likelihood | Low | Low | Medium |
Risk Categories
- Operational: Process failures, staffing gaps, system outages
- Financial: Budget overruns, vendor cost increases, revenue impact
- Compliance: Regulatory violations, audit findings, policy breaches
- Strategic: Market changes, competitive threats, technology shifts
- Reputational: Customer impact, public perception, partner relationships
- Security: Data breaches, access control failures, third-party vulnerabilities
Risk Register Format
For each risk, document:
- Description: What could happen
- Likelihood: High / Medium / Low
- Impact: High / Medium / Low
- Risk Level: Critical / High / Medium / Low
- Mitigation: What we're doing to reduce likelihood or impact
- Owner: Who is responsible for managing this risk
- Status: Open / Mitigated / Accepted / Closed
Output
Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.
Source
git clone https://github.com/anthropics/knowledge-work-plugins/blob/main/operations/skills/risk-assessment/SKILL.mdView on GitHub Overview
This skill helps systematically identify risks across operations, evaluate likelihood and impact using a matrix, categorize risks (operational, financial, compliance, strategic, reputational, and security), and document mitigations in a risk register. It enables proactive planning to reduce disruption, control costs, and protect reputation.
How This Skill Works
Identify potential risks, categorize them, and rate each by Likelihood and Impact. Determine a Risk Level from the matrix, craft concrete Mitigations, assign an Owner, and track Status in a Risk Register. The output is a prioritized list of risks with actionable mitigations focused on controllable and material items.
When to Use It
- Before launching a new project, initiative, or decision to surface potential risks
- When evaluating a vendor, third-party service, or outsourcing arrangement
- During process redesigns or operational improvements to identify failure modes
- During budgeting, regulatory reviews, or audits to anticipate compliance or financial risks
- After a change, incident, or near-miss to reassess residual risk and adjust mitigations
Quick Start
- Step 1: Define the scope, triggers, and owners for the assessment
- Step 2: Identify risks, categorize them (Operational, Financial, Compliance, etc.)
- Step 3: Assess Likelihood and Impact, assign Risk Level, document Mitigations, and assign an Owner in the Risk Register
Best Practices
- Use a standardized risk assessment matrix (Likelihood x Impact) to normalize ratings
- Involve owners across functions to ensure realistic likelihoods and effective mitigations
- Document risks in a living Risk Register with clear descriptions, mitigations, owners, and statuses
- Prioritize controllable and material risks; escalate high-risk items early for action
- Regularly review and update mitigations as controls mature and environments change
Example Use Cases
- Assessing data privacy, outage, and compliance risks when deploying a new software platform
- Mapping financial, regulatory, and security risks in a vendor contract review
- Identifying process failure modes, staffing gaps, and system downtime risks in a manufacturing line
- Evaluating regulatory and reputational risks when entering a new market or region
- Reassessing residual risk after a security breach or access-control failure and updating mitigations
