AgentSkillsCN

value-risk-prioritizer

在为多个AI能力候选方案进行实施优先级排序时使用。建议在可行性测试识别出可行候选方案后使用。该技能可生成量化价值/风险评估报告,附上加权评分与排序建议。

SKILL.md
--- frontmatter
name: value-risk-prioritizer
description: Use when prioritizing multiple AI capability candidates for implementation. Use after feasibility testing identifies viable candidates. Produces quantified value/risk assessment with weighted scoring and sequencing recommendation.

Value-Risk Prioritizer

Overview

Prioritize AI capabilities using quantified value, assessed risk, and explicit mitigation requirements. The goal is a defensible prioritization that stakeholders understand and governance can approve.

Core principle: Don't compare "high value" to "medium risk" - quantify both to common scales, then score.

Priority Tiers

Every capability MUST be assigned to a tier with justification:

TierCriteriaAction
DO_FIRSTValue justifies effort, risk manageable with standard controlsInclude in next planning cycle
DO_WITH_CAUTIONHigh value but requires significant guardrailsPlan with explicit risk mitigation
DEFERValue uncertain or risk requires validationPrototype/pilot before committing
DONT_DORisk exceeds value even with mitigationRemove from consideration (document why)

Output Format

yaml
prioritization:
  capability_name:

    value_assessment:
      annual_value: "$X.XM"
      calculation: "[Show the math]"
      value_type: "[Cost reduction | Revenue enablement | Risk avoidance | Strategic]"
      confidence: "[HIGH | MEDIUM | LOW]"
      confidence_rationale: "[Why this confidence level]"

    risk_assessment:
      primary_category: "[Regulatory | Operational | Reputational | Financial]"
      secondary_categories: ["[Other applicable]"]
      impact_range:
        best_case: "$X"
        worst_case: "$Y"
        basis: "[How estimated - precedent, benchmarks, calculation]"
      likelihood_without_mitigation: "[HIGH | MEDIUM | LOW]"
      worst_case_scenario: "[Specific narrative]"

    mitigation_requirements:
      required_controls:
        - control: "[Specific guardrail]"
          purpose: "[What risk it addresses]"
          cost: "[FTE, $, or effort estimate]"
      residual_risk_after_mitigation: "[HIGH | MEDIUM | LOW]"
      mitigation_confidence: "[HIGH | MEDIUM | LOW - will these actually work?]"

    scoring:
      value_score: [1-10]
      risk_score: [1-10]  # After mitigation
      feasibility_score: [1-10]
      weighted_total: [Calculated]

    tier: "[DO_FIRST | DO_WITH_CAUTION | DEFER | DONT_DO]"
    tier_justification: "[Why this tier]"

sequencing:
  dependencies:
    - capability: "[Name]"
      enables: ["[Capabilities this unlocks]"]
      requires: ["[Prerequisites]"]

  recommended_order:
    Q1: "[Capability] - [Rationale]"
    Q2: "[Capability] - [Rationale]"
    # etc.

  build_logic: "[Why this sequence]"

summary:
  do_first: ["[List]"]
  do_with_caution: ["[List]"]
  defer: ["[List]"]
  dont_do: ["[List]"]

Value Quantification

Translation Formula

Convert vague claims to annual $ value:

Claim TypeFormulaExample
Time savingsHours × Rate × Days × Discount1,250 hrs × $50 × 250 days × 0.8 = $12.5M
Error reductionError rate × Volume × Cost per error5% × 10,000 × $500 = $250K
Capacity increaseAdditional volume × Margin1,000 more × $100 = $100K
Risk avoidanceProbability × Impact2% × $10M = $200K expected

Discount Factors

Apply discount for uncertainty:

  • HIGH confidence: 1.0 (verified data)
  • MEDIUM confidence: 0.8 (reasonable estimates)
  • LOW confidence: 0.5 (aspirational claims)

Value Type Classification

  • Cost reduction: Direct savings, headcount, efficiency
  • Revenue enablement: New capabilities, faster time-to-market
  • Risk avoidance: Prevented losses, compliance
  • Strategic: Market position, competitive advantage (hardest to quantify)

Risk Assessment

Impact Estimation

Always provide a range with basis:

yaml
impact_range:
  best_case: "$50K"      # Minor incident, quick resolution
  worst_case: "$5M"      # Major failure, regulatory involvement
  basis: "Industry benchmarks for settlement failures"

Precedent Reference

For financial services, reference known enforcement actions:

Risk TypePrecedent Range
AML violations$10M - $1B+ (OCC consent orders)
SEC filing errors$1M - $100M (depending on materiality)
Settlement failures$100K - $10M (per incident)
Customer harm$500K - $50M (class action potential)

Likelihood Assessment

  • HIGH: Has happened before, weak controls
  • MEDIUM: Plausible scenario, some controls exist
  • LOW: Rare occurrence, strong controls

Mitigation Requirements

Required Questions

Before ranking, ask for each capability:

  1. What controls reduce likelihood?
  2. What controls reduce impact?
  3. What's the cost of these controls?
  4. What risk remains after controls?

Mitigation Template

yaml
mitigation_requirements:
  required_controls:
    - control: "Human review for confidence < 0.95"
      purpose: "Catch AI errors before action"
      cost: "2 FTE ongoing"
    - control: "Daily reconciliation audit"
      purpose: "Detect errors within 24 hours"
      cost: "0.5 FTE + tooling"
  residual_risk_after_mitigation: "LOW"
  mitigation_confidence: "HIGH - standard industry practice"

Scoring Model

Default Weights

code
Weighted Total = (Value × 0.4) + (Risk × 0.3) + (Feasibility × 0.3)

Adjust weights based on organizational priorities:

  • Risk-averse org: Risk × 0.5
  • Growth-focused org: Value × 0.5
  • Resource-constrained: Feasibility × 0.4

Score Guidelines

Value Score (1-10):

  • 10: >$10M annual value, HIGH confidence
  • 7-9: $1-10M annual value
  • 4-6: $100K-$1M annual value
  • 1-3: <$100K or LOW confidence

Risk Score (1-10, AFTER mitigation):

  • 10: Negligible risk, strong controls
  • 7-9: Low risk, proven mitigations
  • 4-6: Medium risk, requires oversight
  • 1-3: High residual risk even with controls

Feasibility Score (1-10):

  • 10: FEASIBLE, data ready, skills exist
  • 7-9: FEASIBLE_WITH_CONSTRAINTS
  • 4-6: PROTOTYPE_FIRST needed
  • 1-3: NOT_FEASIBLE or major unknowns

Sequencing Logic

Dependency Analysis

Identify three types of dependencies:

  1. Technical: Capability A's infrastructure enables B
  2. Skill: Building A teaches team skills for B
  3. Governance: A establishes patterns B can follow

Build Order Principles

  1. Start with lowest risk - Build competency before stakes rise
  2. Unlock dependencies early - Don't block downstream capabilities
  3. Cluster similar work - Document processing skills transfer
  4. Space high-risk items - Don't overload governance review

Common Mistakes

MistakeWhy It's WrongDo This Instead
"High value" without $Not comparableCalculate annual $ value
"High risk" without rangeNo basis for decisionProvide $ impact range
Risk treated as fixedIgnores mitigationAssess residual risk after controls
Rank by single dimensionOversimplifiedUse weighted multi-factor score
Independent prioritizationMisses dependenciesAnalyze sequencing
Defer = neverLoses potential valueDefer = validate then decide

Red Flags in Your Output

If your prioritization has these, it's not ready:

  • Value claims without calculation
  • Risk assessment without impact range
  • No mitigation analysis
  • Single-dimension ranking
  • No sequencing recommendation
  • DONT_DO without alternative framing
  • Scores without rationale

Financial Services Context

Financial services prioritization requires:

Regulatory Risk Weighting

  • Compliance failures can be existential
  • Weight regulatory risk higher than operational
  • Reference actual enforcement precedent

Model Risk Governance

  • Some capabilities require MRM approval
  • Factor approval timeline into sequencing
  • Higher MRM burden = longer lead time

Audit Trail Requirements

  • Customer-facing AI needs more documentation
  • Factor documentation overhead into feasibility

Stakeholder Communication

  • CFO cares about $ value
  • CRO cares about risk ranges
  • COO cares about feasibility
  • Board cares about strategic alignment

Prioritization Checklist

Before finalizing:

  • All value claims have $ calculation with methodology
  • All risks have impact range with basis
  • Mitigation requirements specified for medium+ risk
  • Weighted scores calculated consistently
  • Tier assignment justified
  • Dependencies identified
  • Sequencing recommendation provided
  • DONT_DO items have clear rationale