MCP HubMCP Hub
Back to Skills

risk-assessment

aj-geddes
Updated Today
24 views
7
7
View on GitHub
Developmentgeneral

About

This skill systematically identifies, analyzes, and prioritizes project risks to maximize success probability. It uses qualitative and quantitative methods to develop mitigation strategies for threats like technical complexity and resource changes. Developers should apply it during project initiation, before major milestones, or when introducing new technologies.

Documentation

Risk Assessment

Overview

Risk assessment is a systematic process of identifying potential threats to project success and developing strategies to mitigate, avoid, or accept them.

When to Use

  • Project initiation and planning phases
  • Before major milestones or decisions
  • When introducing new technologies
  • Third-party dependencies or integration
  • Organizational or resource changes
  • Budget or timeline constraints
  • Regulatory or compliance concerns

Instructions

1. Risk Identification Techniques

# Risk identification framework

class RiskIdentification:
    RISK_CATEGORIES = {
        'Technical': [
            'Technology maturity',
            'Integration complexity',
            'Performance requirements',
            'Security vulnerabilities',
            'Data integrity'
        ],
        'Resource': [
            'Team skill gaps',
            'Staff availability',
            'Budget constraints',
            'Equipment/infrastructure',
            'Vendor availability'
        ],
        'Schedule': [
            'Unrealistic deadlines',
            'Dependency delays',
            'Scope creep',
            'Approval delays',
            'Resource conflicts'
        ],
        'External': [
            'Regulatory changes',
            'Market conditions',
            'Vendor stability',
            'Political/economic factors',
            'Natural disasters'
        ],
        'Organizational': [
            'Stakeholder misalignment',
            'Priority changes',
            'Organizational restructuring',
            'Politics/conflicts',
            'Requirement changes'
        ]
    }

    @staticmethod
    def brainstorm_risks(project_context):
        """
        Facilitated brainstorming session to identify risks
        """
        risks = []
        for category, risk_types in RiskIdentification.RISK_CATEGORIES.items():
            for risk_type in risk_types:
                risks.append({
                    'category': category,
                    'description': risk_type,
                    'identified_by': [],
                    'probability': None,
                    'impact': None
                })

        return risks

    @staticmethod
    def analyze_assumptions_as_risks(assumptions):
        """
        Convert project assumptions into potential risks
        """
        assumption_risks = []
        for assumption in assumptions:
            assumption_risks.append({
                'risk_type': 'Assumption Violation',
                'description': f"Assumption '{assumption}' is invalid",
                'trigger': f"Evidence that {assumption} is false",
                'impact': 'High' if assumption.startswith('Critical') else 'Medium'
            })

        return assumption_risks

2. Risk Analysis Matrix

// Qualitative and quantitative risk analysis

class RiskAnalysis {
  constructor() {
    this.riskMatrix = [];
    this.priorityMap = [];
  }

  // Probability scale 1-5
  static PROBABILITY = {
    1: { name: 'Very Low', percentage: 0.1, color: 'Green' },
    2: { name: 'Low', percentage: 0.3, color: 'Green' },
    3: { name: 'Medium', percentage: 0.5, color: 'Yellow' },
    4: { name: 'High', percentage: 0.7, color: 'Orange' },
    5: { name: 'Very High', percentage: 0.9, color: 'Red' }
  };

  // Impact scale 1-5
  static IMPACT = {
    1: { name: 'Negligible', value: 1, scope: 'Minor inconvenience' },
    2: { name: 'Minor', value: 10, scope: 'Some delay or cost' },
    3: { name: 'Moderate', value: 100, scope: 'Significant delay or cost' },
    4: { name: 'Major', value: 1000, scope: 'Critical failure risk' },
    5: { name: 'Catastrophic', value: 10000, scope: 'Project cancellation' }
  };

  analyzeRisk(risk) {
    const probability = this.PROBABILITY[risk.probability];
    const impact = this.IMPACT[risk.impact];

    // Risk Score = Probability × Impact
    const riskScore = risk.probability * risk.impact;

    // Risk Exposure = Probability × Financial Impact
    const riskExposure = probability.percentage * impact.value;

    return {
      riskId: risk.id,
      riskScore,
      riskExposure,
      priority: this.calculatePriority(riskScore),
      severity: this.calculateSeverity(riskScore),
      mitigationUrgency: riskExposure > 100 ? 'Immediate' : 'Planned'
    };
  }

  calculatePriority(riskScore) {
    if (riskScore >= 16) return 'Critical';
    if (riskScore >= 12) return 'High';
    if (riskScore >= 6) return 'Medium';
    if (riskScore >= 2) return 'Low';
    return 'Very Low';
  }

  calculateSeverity(riskScore) {
    return {
      score: riskScore,
      rating: this.calculatePriority(riskScore),
      responseNeeded: riskScore >= 12
    };
  }

  // Risk Matrix
  createRiskMatrix(risks) {
    const matrix = {
      critical: [],
      high: [],
      medium: [],
      low: [],
      veryLow: []
    };

    risks.forEach(risk => {
      const analysis = this.analyzeRisk(risk);
      const priority = analysis.priority.toLowerCase();

      if (matrix[priority]) {
        matrix[priority].push({
          ...risk,
          ...analysis
        });
      }
    });

    return matrix;
  }
}

3. Risk Response Planning

Risk Response Strategies:

Risk 1: Integration Delay with Third-Party API
  Probability: High (4/5)
  Impact: Major (4/5)
  Risk Score: 16 (Critical)

  Response Strategy: MITIGATION

  Actions:
    - Engage vendor early in planning (Week 1)
    - Develop fallback solution in parallel (Week 2-4)
    - Allocate 20% more development time (buffer)
    - Weekly sync with vendor team
    - Performance testing starts Month 2

  Owner: Technical Lead
  Budget Impact: +$15,000
  Timeline: 6 weeks vs. 4 weeks planned

---

Risk 2: Scope Creep from Stakeholders
  Probability: High (4/5)
  Impact: Moderate (3/5)
  Risk Score: 12 (High)

  Response Strategy: AVOIDANCE & MITIGATION

  Actions:
    - Establish change control process (Week 1)
    - Lock requirements for Phase 1 (Week 2)
    - Monthly scope review meetings
    - Create feature backlog for Phase 2
    - Strict change request evaluation criteria

  Owner: Project Manager
  Cost of Avoidance: 5 hours/week PM time
  Alternative: Accept 2-week timeline extension

---

Risk 3: Key Person Departure
  Probability: Medium (3/5)
  Impact: Major (4/5)
  Risk Score: 12 (High)

  Response Strategy: MITIGATION & CONTINGENCY

  Actions:
    - Knowledge transfer documentation (ongoing)
    - Cross-training second developer (Week 1)
    - Maintain up-to-date runbooks
    - Competitive salary review (HR)
    - Mentoring program setup

  Owner: HR Manager
  Contingency: Hire contractor within 1 week
  Estimated Cost: $20,000

4. Risk Monitoring & Control

// Risk tracking and monitoring dashboard

class RiskMonitoring {
  constructor() {
    this.risks = [];
    this.triggers = [];
    this.escalations = [];
  }

  createRiskRegister(risks) {
    return risks.map((risk, index) => ({
      id: `RK-${String(index + 1).padStart(3, '0')}`,
      description: risk.description,
      category: risk.category,
      probability: risk.probability,
      impact: risk.impact,
      riskScore: risk.probability * risk.impact,
      responseStrategy: risk.strategy,
      owner: risk.owner,
      status: 'Active',
      triggers: risk.triggers,
      contingencyPlan: risk.contingency,
      createdDate: new Date(),
      lastReviewDate: new Date(),
      closeDate: null
    }));
  }

  identifyRiskTriggers(risk) {
    return {
      riskId: risk.id,
      triggers: [
        {
          trigger: 'Vendor communication delay >1 week',
          indicator: 'No response from vendor',
          escalationAction: 'Contact vendor PM, evaluate alternatives'
        },
        {
          trigger: 'Team member absence >3 days',
          indicator: 'Unplanned time off',
          escalationAction: 'Activate cross-training plan'
        },
        {
          trigger: 'Performance test fails baseline',
          indicator: 'Response time > 500ms',
          escalationAction: 'Emergency optimization sprint'
        }
      ],
      reviewFrequency: 'Weekly standup'
    };
  }

  monitorRisks(riskRegister) {
    const statusReport = {
      timestamp: new Date(),
      summary: {
        total: riskRegister.length,
        active: riskRegister.filter(r => r.status === 'Active').length,
        mitigated: riskRegister.filter(r => r.status === 'Mitigated').length,
        closed: riskRegister.filter(r => r.status === 'Closed').length
      },
      criticalRisks: riskRegister.filter(r => r.riskScore >= 16),
      highRisks: riskRegister.filter(r => r.riskScore >= 12 && r.riskScore < 16),
      triggeredRisks: riskRegister.filter(r => r.triggered === true)
    };

    return statusReport;
  }
}

Best Practices

✅ DO

  • Identify risks early in project planning
  • Involve diverse team members in risk identification
  • Quantify risk impact when possible
  • Prioritize based on risk score and exposure
  • Develop specific mitigation plans
  • Assign clear risk ownership
  • Monitor triggers regularly
  • Review and update risk register monthly
  • Document lessons learned from realized risks
  • Communicate risks transparently to stakeholders

❌ DON'T

  • Wait until problems occur to identify risks
  • Assume risks will not materialize
  • Treat all risks as equal priority
  • Plan mitigation without clear trigger conditions
  • Ignore early warning signs
  • Make risk management a one-time activity
  • Skip contingency planning for critical risks
  • Hide negative risks from stakeholders
  • Eliminate all risk (impossible and uneconomical)
  • Blame individuals for realized risks

Risk Management Tips

  • Risk ownership motivates accountability
  • Regular risk review prevents surprises
  • Risk response should be cost-effective
  • Some risk tolerance is healthy and necessary
  • Documented risks are easier to manage

Quick Install

/plugin add https://github.com/aj-geddes/useful-ai-prompts/tree/main/risk-assessment

Copy and paste this command in Claude Code to install this skill

GitHub 仓库

aj-geddes/useful-ai-prompts
Path: skills/risk-assessment

Related Skills

subagent-driven-development

Development

This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.

View skill

algorithmic-art

Meta

This Claude Skill creates original algorithmic art using p5.js with seeded randomness and interactive parameters. It generates .md files for algorithmic philosophies, plus .html and .js files for interactive generative art implementations. Use it when developers need to create flow fields, particle systems, or other computational art while avoiding copyright issues.

View skill

executing-plans

Design

Use the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.

View skill

cost-optimization

Other

This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.

View skill