Build a prioritized risk register with likelihood, impact, mitigation, owner, and status. — Claude Skill
A Claude Skill for Claude Code by Anthropic✓ — run /risk-assessment in Claude·Updated Jun 13, 2026·vmain@da04ccb
Identifies operational, financial, compliance, strategic, reputational, and security risks, then ranks them in a practical risk register.
- Uses a simple likelihood-by-impact matrix that non-specialists can understand.
- Classifies risks across operational, financial, compliance, strategic, reputational, and security categories.
- Prioritizes material and controllable risks instead of listing every possible concern.
- Creates mitigation, owner, and status for each risk.
A team says a project has risks, but the risks are not scored, owned, or tied to mitigations.
Run /risk-assessment to create a prioritized register with likelihood, impact, owner, mitigation, and escalation triggers.
Who this is for
What it does
Know what could block, delay, or damage a launch before committing.
Assess operational, compliance, security, and financial vendor risks.
Identify risks before changing a workflow, system, or control.
How it works
Collect the project, process, vendor, or decision being assessed.
Identify risks by category and remove low-materiality noise.
Score likelihood and impact as high, medium, or low.
Convert scores into critical, high, medium, or low risk level.
Add mitigation, owner, and status so the register is actionable.
Input options
Project, vendor, process, system change, launch, or decision being assessed.
Example
Project: migrate customer data from legacy CRM to new CRM over one weekend. Known concerns: duplicate accounts, missing billing contacts, executive customer list, support team needs old tickets, security wants access review, launch date tied to sales kickoff. Need: prioritized risk register and mitigations.
| | Low Impact | Medium Impact | High Impact | |---|---|---|---| | High Likelihood | Medium | High | Critical | | Medium Likelihood | Low | Medium | High | | Low Likelihood | Low | Low | Medium |
| Risk | Category | Likelihood | Impact | Level | Mitigation | Owner | Status | |---|---|---|---|---|---|---|---| | Duplicate accounts corrupt customer ownership | Operational | High | High | Critical | Run dedupe dry run and manual review for top accounts | RevOps | Open | | Billing contacts missing after migration | Financial | Medium | High | High | Validate billing contact field mapping before cutover | Finance Ops | Open | | Old support tickets not visible to agents | Reputational | Medium | Medium | Medium | Keep read-only legacy access for 30 days | Support Lead | Mitigated | | Access permissions copied incorrectly | Security | Low | High | Medium | Complete role-based access review before go-live | Security | Open | | Sales kickoff demo depends on migration | Strategic | Medium | Medium | Medium | Prepare fallback demo environment | Sales Ops | Accepted |
1. Run migration dry run with duplicate and missing-field report. 2. Review top 100 customer accounts manually before final cutover. 3. Keep read-only legacy CRM access during the first 30 days. 4. Complete access review and sign-off before production migration. 5. Prepare sales kickoff fallback if cutover is delayed.
| Trigger | Escalate to | Why | |---|---|---| | Duplicate rate above 2% in dry run | RevOps + Sales leadership | Customer ownership may be wrong | | Missing billing contacts above 1% | Finance Ops | Invoicing follow-up could fail | | Access review not signed off by Friday | Security + Project sponsor | Go-live should not proceed without approval |
Metrics this improves
Works with
Want to use Risk Assessment?
Choose how to get started.
Install and run this skill locally on your computer.
Open a terminal on your computer and paste this command:
This downloads the skill with all its files to your computer:
Add -g at the end to make it available in all your projects.
Start Claude Code, then type the command:
Risk Assessment
Systematically identify, assess, and plan mitigations for operational risks.
Risk Assessment Matrix
| Low Impact | Medium Impact | High Impact | |
|---|---|---|---|
| High Likelihood | Medium | High | Critical |
| Medium Likelihood | Low | Medium | High |
| Low Likelihood | Low | Low | Medium |
Risk Categories
- Operational: Process failures, staffing gaps, system outages
- Financial: Budget overruns, vendor cost increases, revenue impact
- Compliance: Regulatory violations, audit findings, policy breaches
- Strategic: Market changes, competitive threats, technology shifts
- Reputational: Customer impact, public perception, partner relationships
- Security: Data breaches, access control failures, third-party vulnerabilities
Risk Register Format
For each risk, document:
- Description: What could happen
- Likelihood: High / Medium / Low
- Impact: High / Medium / Low
- Risk Level: Critical / High / Medium / Low
- Mitigation: What we're doing to reduce likelihood or impact
- Owner: Who is responsible for managing this risk
- Status: Open / Mitigated / Accepted / Closed
Output
Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.
Reference documents
name: risk-assessment description: Identify, assess, and mitigate operational risks. Trigger with "what are the risks", "risk assessment", "risk register", "what could go wrong", or when the user is evaluating risks associated with a project, vendor, process, or decision.
Risk Assessment
Systematically identify, assess, and plan mitigations for operational risks.
Risk Assessment Matrix
| Low Impact | Medium Impact | High Impact | |
|---|---|---|---|
| High Likelihood | Medium | High | Critical |
| Medium Likelihood | Low | Medium | High |
| Low Likelihood | Low | Low | Medium |
Risk Categories
- Operational: Process failures, staffing gaps, system outages
- Financial: Budget overruns, vendor cost increases, revenue impact
- Compliance: Regulatory violations, audit findings, policy breaches
- Strategic: Market changes, competitive threats, technology shifts
- Reputational: Customer impact, public perception, partner relationships
- Security: Data breaches, access control failures, third-party vulnerabilities
Risk Register Format
For each risk, document:
- Description: What could happen
- Likelihood: High / Medium / Low
- Impact: High / Medium / Low
- Risk Level: Critical / High / Medium / Low
- Mitigation: What we're doing to reduce likelihood or impact
- Owner: Who is responsible for managing this risk
- Status: Open / Mitigated / Accepted / Closed
Output
Produce a prioritized risk register with specific, actionable mitigations. Focus on risks that are controllable and material.