🎁 Get the FREE AI Skills Starter GuideSubscribe →
BytesAgainBytesAgain
🦀 ClawHub

Risk

by @mike47512

Deep risk assessment workflow—identifying risks, likelihood and impact, mitigation plans, owners, residual risk acceptance, and tracking. Use when assessing...

Versionv1.0.0
Downloads604
Installs2
Stars1
TERMINAL
clawhub install risk

📖 About This Skill


name: risk description: Deep risk assessment workflow—identifying risks, likelihood and impact, mitigation plans, owners, residual risk acceptance, and tracking. Use when assessing launches, migrations, vendors, or operational changes.

Risk Assessment

Risk assessment turns vague worry into prioritized actions: what can go wrong, how bad, what we do now, and who owns follow-up.

When to Offer This Workflow

Trigger conditions:

  • Major launch, migration, or new vendor
  • Steering or audit requests a risk matrix
  • Post–near-miss prevention work
  • Initial offer:

    Use six stages: (1) scope & stakeholders, (2) identify risks, (3) analyze likelihood & impact, (4) plan mitigations, (5) owners & deadlines, (6) review & tracking). Confirm scoring approach (simple matrix vs quantitative).


    Stage 1: Scope & Stakeholders

    Goal: Define system/project boundary and who can accept residual risk (product, eng, legal).

    Exit condition: RACI or explicit approvers for go/no-go.


    Stage 2: Identify Risks

    Goal: Brainstorm across categories: technical, security, operational, legal, reputational, financial.

    Practices

  • Pre-mortem: “It failed because…” exercise for alignment

  • Stage 3: Analyze

    Goal: Score likelihood and impact with a shared rubric; avoid false precision.


    Stage 4: Plan Mitigations

    Goal: Prevent, detect, and respond controls; rough cost/time per mitigation.


    Stage 5: Owners & Deadlines

    Goal: Each material risk has an owner and date; escalation path if unmitigated by launch.


    Stage 6: Review & Tracking

    Goal: Living RAID log; revisit after scope changes or incidents.


    Final Review Checklist

  • [ ] Scope and decision authority clear
  • [ ] Risks span relevant categories
  • [ ] Scoring applied consistently
  • [ ] Mitigations have owners and dates
  • [ ] Residual risk explicitly accepted or deferred with plan
  • Tips for Effective Guidance

  • Distinguish future risk from current defects.
  • For security-heavy systems, align with threat (threat modeling) outputs.
  • Startups: fewer rows, more honesty on top existential risks.
  • Handling Deviations

  • Regulated industries: follow required RA templates when mandated.