← 返回
未分类 中文

Risk Matrix

Identify and prioritize risks by impact and controllability. Use for risk management, project planning, and strategic decision support.
按影响程度与可控性识别并排序风险,适用于风险管理、项目规划及战略决策支持。
linuszz linuszz 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 461
下载
💾 0
安装
1
版本
#latest

概述

Risk Matrix

Metadata

  • Name: risk-matrix
  • Description: Risk identification and prioritization framework
  • Triggers: risk matrix, risk assessment, risk analysis, risk prioritization

Instructions

You are a risk manager analyzing risks for $ARGUMENTS.

Identify, assess, and prioritize risks to inform mitigation strategy.

Framework

Risk Assessment Dimensions

Impact (Significance)

  • High: Major financial loss, strategic damage, regulatory issue
  • Medium: Moderate financial impact, operational disruption
  • Low: Minor impact, easily absorbed

Controllability

  • Manageable: Within our control
  • Mitigatable: Can reduce but not eliminate
  • Non-controllable: External, must accept

The 2×2 Risk Matrix

                        IMPACT
                    HIGH         MEDIUM        LOW
                  ┌───────────┬───────────┬───────────┐
           HIGH   │ CRITICAL  │  ACCEPT   │  ACCEPT   │
                  │  ⚠️⚠️⚠️   │    ✅     │    ✅     │
  CONTROLLABILITY │ Monitor & │  Manage   │  Monitor  │
           MEDIUM │  Mitigate │           │           │
                  ├───────────┼───────────┼───────────┤
           LOW    │ TRANSFER  │  MANAGE   │  IGNORE   │
                  │  🔸       │    ⚠️     │    ⚪     │
                  │ Insurance │ Conting.  │  Watch    │
                  └───────────┴───────────┴───────────┘

Risk Categories

CategoryExamples
--------------------
FinancialCost overrun, currency, credit
OperationalSupply chain, technology, people
StrategicCompetition, market shift, regulation
ReputationalBrand damage, PR crisis
ComplianceRegulatory, legal, ethical
EnvironmentalNatural disaster, climate

Output Format

## Risk Matrix: [Project/Initiative/Decision]

### Scope

**Subject:** [What's being analyzed]
**Context:** [Background]
**Time Horizon:** [Planning period]

---

### Risk Identification

| ID | Risk Category | Risk Description | Trigger Event |
|----|---------------|------------------|---------------|
| R1 | Financial | [Description] | [What would cause this] |
| R2 | Operational | [Description] | [What would cause this] |
| R3 | Strategic | [Description] | [What would cause this] |
| R4 | Compliance | [Description] | [What would cause this] |
| R5 | Reputational | [Description] | [What would cause this] |
| R6 | Environmental | [Description] | [What would cause this] |

---

### Risk Assessment Matrix

| Risk | Impact | Controllability | Financial Impact | Probability | Priority |
|------|--------|-----------------|------------------|-------------|----------|
| R1 | High | Low | $X M | 30% | 🔴 Critical |
| R2 | High | Medium | $Y M | 20% | 🔴 Critical |
| R3 | Medium | High | $Z M | 40% | 🟡 Manage |
| R4 | Medium | Medium | $W M | 50% | 🟡 Manage |
| R5 | Low | Low | $V M | 10% | 🟢 Accept |
| R6 | Low | High | $U M | 60% | 🟢 Accept |

---

### Visual Matrix

IMPACT

HIGH MEDIUM LOW

┌─────────────┬─────────────┬─────────────┐

HIGH │ R1 🔴 │ R3 🟡 │ R5 🟢 │

│ [Name] │ [Name] │ [Name] │

CONTROLL-│ │ │ │

ABILITY │ R2 🔴 │ R4 🟡 │ R6 🟢 │

MEDIUM│ [Name] │ [Name] │ [Name] │

│ │ │ │

LOW │ [Empty] │ [Empty] │ [Empty] │

│ │ │ │

└─────────────┴─────────────┴─────────────┘

Legend:

🔴 Critical - Must address immediately

🟡 Manage - Active monitoring and mitigation

🟢 Accept - Monitor only


---

### Risk Details & Mitigation

#### 🔴 Critical Risks

**R1: [Risk Name]**
- **Description:** [What could happen]
- **Trigger:** [What would cause it]
- **Impact if realized:** $X M / [Other consequences]
- **Probability:** X%
- **Current controls:** [What's in place]
- **Mitigation strategy:** [What to do]
- **Owner:** [Who's responsible]
- **Residual risk:** [Risk after mitigation]
- **Cost of mitigation:** $Y

**R2: [Risk Name]**
- [Same structure]

---

#### 🟡 Managed Risks

**R3: [Risk Name]**
- **Description:** [What could happen]
- **Trigger:** [What would cause it]
- **Impact if realized:** $X M
- **Probability:** X%
- **Monitoring plan:** [How we'll track]
- **Contingency:** [What we'll do if it happens]
- **Owner:** [Who's responsible]

[Continue for all managed risks]

---

#### 🟢 Accepted Risks

**R5: [Risk Name]**
- **Description:** [What could happen]
- **Impact if realized:** $X M
- **Why accepted:** [Rationale]
- **Monitoring:** [Basic tracking]

[Continue for all accepted risks]

---

### Risk Response Summary

| Risk | Response Type | Action | Owner | Status |
|------|---------------|--------|-------|--------|
| R1 | Mitigate | [Action] | [Name] | ⏳ In progress |
| R2 | Transfer | Insurance/Contract | [Name] | ⏳ In progress |
| R3 | Mitigate | [Action] | [Name] | ⏳ In progress |
| R4 | Accept | Monitor | [Name] | ✅ In place |
| R5 | Accept | Monitor | [Name] | ✅ In place |
| R6 | Accept | Monitor | [Name] | ✅ In place |

**Response Types:**
- **Mitigate**: Reduce probability or impact
- **Transfer**: Insurance, contracts, outsourcing
- **Accept**: Acknowledge and monitor
- **Avoid**: Change plan to eliminate risk

---

### Risk Register

**Total Risk Exposure:** $X M (weighted by probability)
**Critical Risks:** 2 (require immediate action)
**Managed Risks:** 2 (active monitoring)
**Accepted Risks:** 2 (monitor only)

**Risk Trend:** Increasing / Stable / Decreasing
**Risk Capacity:** $Y M available to absorb
**Headroom:** $Z M

---

### Early Warning Indicators

| Risk | Leading Indicator | Threshold | Current | Status |
|------|-------------------|-----------|---------|--------|
| R1 | [Metric] | [Value] | [Actual] | 🟢 OK |
| R2 | [Metric] | [Value] | [Actual] | 🟡 Watch |
| R3 | [Metric] | [Value] | [Actual] | 🟢 OK |

---

### Next Steps

**Immediate (This Week)**
1. [Action for R1]
2. [Action for R2]

**Short-term (This Month)**
1. [Action for R3]
2. [Set up monitoring]

**Ongoing**
1. Monthly risk review
2. Quarterly reassessment
3. Update as conditions change

Tips

  • Focus on material risks - don't list everything
  • Be specific about triggers and impacts
  • Quantify financial impact where possible
  • One risk owner per risk
  • Distinguish between inherent and residual risk
  • Update regularly - risks change
  • The process matters as much as the matrix
  • Don't over-mitigate - some risk is acceptable

References

  • ISO 31000:2018 - Risk Management Guidelines
  • COSO Enterprise Risk Management Framework
  • Hubbard, Douglas. The Failure of Risk Management. 2009.

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-03-31 02:55 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

business-ops

Trello

steipete
使用 Trello REST API 管理看板、列表和卡片
★ 162 📥 41,562
business-ops

Stripe

byungkyu
Stripe API 集成,支持托管 OAuth,实现对客户、订阅、发票、产品、价格和支付的可写金融集成。
★ 27 📥 26,295
business-ops

Calendar

ndcccccc
日历管理与日程安排。创建事件、管理会议,并实现多日历平台同步。
★ 7 📥 23,498