Risk Analysis Prompt Builder

Build prompts for structured risk identification and assessment

Generates risk-analysis prompts covering risk identification, likelihood and impact scoring, concrete mitigation strategies, and residual risk, delivered in a standardized table, register, or JSON output you can drop into planning docs. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What does the generated assessment include?

For each risk it produces an identified event with its root cause, likelihood and impact scores on your chosen scale, a combined score, a concrete mitigation, an owner role, and the residual risk remaining after mitigation.

Risk analysis prompt builder

Ask a model to “list the risks” and you get five generic bullet points. A useful risk assessment names specific events and their causes, scores them consistently, proposes concrete mitigations, and tracks what risk remains afterward. This builder encodes that discipline into a prompt so the output is something you can paste straight into a planning doc or risk register.

How it works

You describe the scenario, list the risk categories to cover, choose a likelihood and impact scale, and pick an output format. The tool builds a prompt that walks the model through a five-step method — identify, score, mitigate, estimate residual risk, and assign an owner — and requires at least two specific risks per category. The output is formatted as a Markdown table sorted by score, a full risk register, or structured JSON, with a “Top 3 risks” summary and an overall posture statement appended.

The five-step method the prompt encodes

1. Identify — Name the specific risk event and its root cause. The prompt requires this in the form “Risk event due to [cause],” which prevents vague entries like “security risk” and forces specificity like “Unauthorized access to customer data due to insufficient API key rotation.”

2. Score — Rate likelihood and impact independently on your chosen scale. Scoring them separately matters: a risk that is highly likely but low impact is different from one that is unlikely but catastrophic. The combined score is the product of the two, which naturally surfaces the severe-but-preventable risks that deserve the most attention.

3. Mitigate — Propose a concrete action that reduces either likelihood, impact, or both. The prompt requires the mitigation to be specific and actionable, not a generic “implement controls.” This is the most common place generic risk registers fail — “add monitoring” is not a mitigation; “add alerting when error rate exceeds 2% over 5 minutes, routed to on-call” is.

4. Estimate residual risk — After the mitigation, what risk remains? This step is often omitted from informal risk assessments and is what makes the register useful for ongoing decision-making. A risk with a mitigation that brings residual score from 20 to 4 is resolved; one that goes from 20 to 16 despite the mitigation needs a different approach.

5. Assign an owner — Name a role responsible for implementing the mitigation and tracking the residual risk. Unowned risks are risks that will not be mitigated.

Useful risk categories by domain

The categories you name drive the breadth of the assessment. Generic categories produce generic risks:

  • Software project: technical, security, schedule, third-party dependency, data, team/resource
  • Business launch: market, regulatory/compliance, financial, operational, reputational
  • Infrastructure change: data integrity, availability, performance, rollback/recovery, operational

Tips and notes

  • Be specific about scope. “Weekend database migration” yields sharper risks than “the project.”
  • Pick categories deliberately. They drive breadth — add a compliance or financial category if those matter to you.
  • JSON for tooling, table for humans. Use JSON when you will import the result; use the table when stakeholders will read it.
  • Keep a human in the loop. Models miss context-specific risks; treat the output as a thorough first pass, not a final sign-off.