risk-analysis

When to Use This Skill

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "risk-analysis" with this command: npx skills add melodic-software/claude-code-plugins/melodic-software-claude-code-plugins-risk-analysis

Risk Analysis

When to Use This Skill

Use this skill when:

  • Risk Analysis tasks - Working on risk analysis using risk registers, probability/impact matrices, and mitigation planning. identifies, assesses, and manages project, business, and technical risks with structured response strategies

  • Planning or design - Need guidance on Risk Analysis approaches

  • Best practices - Want to follow established patterns and standards

Overview

Systematically identify, assess, and manage risks using risk registers, probability/impact matrices, and structured response planning. Supports project risks, business risks, technical risks, and opportunity management.

What is Risk Analysis?

Risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on objectives. Risk analysis involves:

  • Identification: What could happen?

  • Assessment: How likely? How impactful?

  • Response Planning: What will we do about it?

  • Monitoring: Track and update risks

Risk vs Issue

Concept Definition Action

Risk Potential future event (uncertain) Plan response

Issue Current problem (certain) Resolve now

Threats vs Opportunities

Type Effect Response Goal

Threat Negative impact Minimize exposure

Opportunity Positive impact Maximize benefit

Risk Register

The central repository for all identified risks:

Risk Register

IDRisk DescriptionCategoryProbabilityImpactScoreOwnerResponseStatus
R-001[Description][Category]H/M/LH/M/L[P×I][Name][Strategy]Open

Risk Register Fields

Field Description

ID Unique identifier

Description Clear risk statement

Category Type of risk

Probability Likelihood of occurrence

Impact Consequence if it occurs

Score Risk priority (P × I)

Owner Person responsible

Response Planned response strategy

Status Open, Mitigated, Closed, Occurred

Risk Categories

Category Examples

Technical Technology failure, integration issues

Schedule Delays, dependencies

Cost Budget overrun, resource costs

Resource Skill gaps, availability

External Vendor, regulatory, market

Organizational Change resistance, priorities

Quality Defects, performance

Security Data breach, unauthorized access

Probability/Impact Matrix

Scoring Scales

Probability Scale:

Level Score Description Likelihood

Very Low 1 Rare < 10%

Low 2 Unlikely 10-30%

Medium 3 Possible 30-50%

High 4 Likely 50-70%

Very High 5 Almost Certain

70%

Impact Scale:

Level Score Schedule Cost Quality

Very Low 1 < 1 week < 5% Minor

Low 2 1-2 weeks 5-10% Noticeable

Medium 3 2-4 weeks 10-20% Significant

High 4 1-3 months 20-40% Major

Very High 5

3 months 40% Critical

Risk Score Calculation

Risk Score = Probability × Impact

Score Range: 1-25

Risk Priority Zones:

Score Priority Action

1-4 Low Accept or monitor

5-9 Medium Active management

10-14 High Priority attention

15-25 Critical Immediate action

Visual Matrix

quadrantChart title Risk Matrix x-axis Low Impact --> High Impact y-axis Low Probability --> High Probability quadrant-1 Critical quadrant-2 High Priority quadrant-3 Low Priority quadrant-4 Medium Priority

Risk Response Strategies

For Threats (Negative Risks)

Strategy Description When to Use

Avoid Eliminate the threat High probability and impact

Transfer Shift to third party Financial/contractual risks

Mitigate Reduce probability or impact Most common approach

Accept Acknowledge, no action Low priority risks

For Opportunities (Positive Risks)

Strategy Description When to Use

Exploit Ensure opportunity occurs High-value opportunities

Share Partner to increase capability Need external help

Enhance Increase probability or impact Moderate opportunities

Accept Take advantage if it occurs Low-effort opportunities

Response Planning Template

Risk Response Plan: R-001

Risk: [Description] Strategy: [Avoid/Transfer/Mitigate/Accept]

Prevention Actions

ActionOwnerDue DateStatus
[Preventive measure][Name][Date][Status]

Contingency Plan

Trigger: [What indicates risk is occurring] Actions:

  1. [Contingency action 1]
  2. [Contingency action 2]

Residual Risk

After mitigation:

  • Probability: [Reduced level]
  • Impact: [Reduced level]
  • New Score: [Residual score]

Workflow

Phase 1: Risk Identification

Step 1: Gather Inputs

Sources for risk identification:

  • Project plans and schedules

  • Stakeholder concerns

  • Historical data from similar projects

  • SWOT analysis (Threats)

  • Technical assessments

  • External environment analysis

Step 2: Brainstorm Risks

Techniques:

  • Checklist review: Standard risk categories

  • Expert interviews: Subject matter experts

  • Assumption analysis: Test project assumptions

  • Root cause analysis: Work backward from impacts

  • SWOT: Threats and opportunities

Step 3: Document Risks

Risk statement format:

"There is a risk that [CONDITION/CAUSE] may result in [CONSEQUENCE/IMPACT]"

Example: "There is a risk that key developer leaves may result in schedule delay and knowledge loss"

Phase 2: Risk Assessment

Step 1: Assess Probability

For each risk:

  • What is the likelihood of occurrence?

  • What evidence supports this assessment?

  • Use defined scale (1-5)

Step 2: Assess Impact

For each risk:

  • What would be the consequence?

  • Consider multiple impact types (schedule, cost, quality)

  • Use the highest impact dimension

  • Use defined scale (1-5)

Step 3: Calculate and Prioritize

Risk Assessment Summary

IDRiskPIScorePriority
R-001[Risk 1]4520Critical
R-002[Risk 2]339Medium
R-003[Risk 3]224Low

Phase 3: Response Planning

Step 1: Select Response Strategy

For each significant risk:

  • Match strategy to risk characteristics

  • Consider cost of response vs. risk exposure

  • Assign risk owner

Step 2: Define Response Actions

  • Specific, measurable actions

  • Clear owners and due dates

  • Contingency triggers defined

Step 3: Calculate Residual Risk

After planned mitigations:

  • Re-assess probability and impact

  • Calculate residual risk score

  • Determine if acceptable

Phase 4: Monitoring

Step 1: Track Risk Status

Regular review cadence:

  • Critical risks: Weekly

  • High risks: Bi-weekly

  • Medium risks: Monthly

  • Low risks: Quarterly

Step 2: Update Register

  • New risks identified

  • Risk scores changed

  • Responses executed

  • Risks closed or occurred

Output Formats

Risk Register (Markdown Table)

Risk Register: [Project/Initiative]

Date: [ISO Date] Owner: [Name] Review Cycle: [Weekly/Monthly]

IDRisk DescriptionCategoryPIScoreOwnerResponseActionsStatus
R-001Key developer may leave during critical phaseResource4520PMMitigateCross-train, documentOpen
R-002Third-party API may have breaking changesTechnical3412Tech LeadMitigateAbstraction layerOpen
R-003Budget approval may be delayedCost248SponsorAcceptMonitorOpen
R-004New regulation may require featuresExternal236BAAcceptWatchOpen

Summary

  • Total Risks: 4
  • Critical (15+): 1
  • High (10-14): 1
  • Medium (5-9): 1
  • Low (1-4): 1

Risk Matrix Visualization

quadrantChart title Risk Assessment Matrix x-axis Low Impact --> High Impact y-axis Low Probability --> High Probability quadrant-1 Critical - Immediate Action quadrant-2 High - Active Management quadrant-3 Low - Monitor quadrant-4 Medium - Plan Response "R-001 Key Dev": [0.9, 0.8] "R-002 API Changes": [0.7, 0.6] "R-003 Budget": [0.7, 0.35] "R-004 Regulation": [0.5, 0.35]

Structured Data (YAML)

risk_register: name: "[Project/Initiative]" version: "1.0" date: "2025-01-15" owner: "Project Manager" review_cycle: "weekly"

risk_appetite: overall: "moderate" schedule: "low" cost: "moderate" quality: "low"

scales: probability: 1: "Rare (<10%)" 2: "Unlikely (10-30%)" 3: "Possible (30-50%)" 4: "Likely (50-70%)" 5: "Almost Certain (>70%)" impact: 1: "Very Low" 2: "Low" 3: "Medium" 4: "High" 5: "Very High"

risks: - id: "R-001" description: "Key developer may leave during critical phase" category: "Resource" probability: 4 impact: 5 score: 20 priority: "critical" owner: "Project Manager" response_strategy: "mitigate" response_actions: - action: "Cross-train team member" owner: "Tech Lead" due_date: "2025-02-01" status: "in_progress" - action: "Document critical knowledge" owner: "Developer" due_date: "2025-02-15" status: "not_started" contingency: trigger: "Developer gives notice" actions: - "Accelerate knowledge transfer" - "Engage contractor" residual_risk: probability: 3 impact: 3 score: 9 status: "open" created_date: "2025-01-15" last_reviewed: "2025-01-15"

summary: total: 4 by_priority: critical: 1 high: 1 medium: 1 low: 1 by_status: open: 4 mitigated: 0 closed: 0 occurred: 0

Narrative Summary

Risk Assessment Summary

Project: [Name] Date: [ISO Date] Assessed By: risk-analyst

Risk Profile

PriorityCountTop Risk
Critical1Key developer leaving
High1Third-party API changes
Medium1Budget approval delay
Low1Regulatory changes

Critical Risks Requiring Action

R-001: Key Developer Departure

  • Score: 20 (P:4 × I:5)
  • Response: Mitigate through cross-training and documentation
  • Target Residual: 9 (P:3 × I:3)
  • Actions: 2 in progress, 0 completed

Risk Trends

MetricThis PeriodLast PeriodTrend
Total Risks43
Critical10
Closed01

Recommendations

  1. Immediate: Accelerate R-001 mitigation actions
  2. This Week: Complete API abstraction layer design
  3. Monitor: Watch for regulatory announcements

Common Pitfalls

Pitfall Prevention

Vague risk descriptions Use "condition may cause consequence" format

Inconsistent scoring Define and use standard scales

No risk owners Assign owner at identification

Stale register Schedule regular reviews

Ignoring opportunities Include positive risks

Over-analysis Focus on high-priority risks

No contingency Plan for when risks occur

Integration

Upstream

  • swot-pestle-analysis - Threats from strategic analysis

  • stakeholder-analysis - Stakeholder concerns as risks

  • decision-analysis - Risks inform decisions

Downstream

  • Project planning - Risk-adjusted schedules

  • Budgeting - Contingency reserves

  • Monitoring - Risk tracking dashboards

Related Skills

  • swot-pestle-analysis

  • Strategic threats/opportunities

  • root-cause-analysis

  • When risks occur

  • decision-analysis

  • Risk-based decisions

  • prioritization

  • Risk prioritization

Version History

  • v1.0.0 (2025-12-26): Initial release

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

design-thinking

No summary provided by upstream source.

Repository SourceNeeds Review
-109
melodic-software
Coding

plantuml-syntax

No summary provided by upstream source.

Repository SourceNeeds Review
-77
melodic-software
Coding

system-prompt-engineering

No summary provided by upstream source.

Repository SourceNeeds Review
-59
melodic-software