AgentSkillsCN

risk-assessment

技术决策的风险识别和分析框架

SKILL.md
--- frontmatter
name: risk-assessment
description: Risk identification and analysis frameworks for technology decisions

Risk Assessment Skill

Objectives

Provide structured methodology for identifying and analyzing risks:

  • Systematic risk identification
  • Impact and probability assessment
  • Mitigation strategy development

Risk Categories

Technical Risks

Risk TypeExamplesIndicators
PerformanceLatency, throughput issuesBenchmark gaps, load test failures
ScalabilityGrowth limitationsArchitecture constraints, bottlenecks
ReliabilitySystem failures, data lossSPOF, recovery gaps
SecurityVulnerabilities, breachesCVEs, compliance gaps
IntegrationAPI incompatibilitiesVersion conflicts, protocol mismatches

Implementation Risks

Risk TypeExamplesIndicators
TimelineDelays, scope creepComplexity underestimation
ResourceSkill gaps, turnoverTraining needs, market scarcity
QualityTechnical debt, bugsCode coverage gaps, review failures
DependencyThird-party failuresVendor instability, EOL products

Business Risks

Risk TypeExamplesIndicators
FinancialBudget overrun, hidden costsIncomplete TCO analysis
StrategicLock-in, obsolescenceSingle vendor dependency
OperationalDowntime, productivity lossChange management gaps
ComplianceRegulatory violationsCertification requirements

Risk Assessment Matrix

Probability Scale

LevelDescriptionLikelihood
5Almost Certain>90%
4Likely60-90%
3Possible30-60%
2Unlikely10-30%
1Rare<10%

Impact Scale

LevelDescriptionEffect
5CriticalProject failure, major loss
4MajorSignificant delay, budget overrun
3ModerateNotable impact, recoverable
2MinorLimited impact, easily managed
1NegligibleMinimal impact

Risk Score = Probability × Impact

ScorePriorityAction
15-25CriticalImmediate mitigation required
8-14HighMitigation plan essential
4-7MediumMonitor and plan contingency
1-3LowAccept and monitor

Mitigation Strategies

Strategy Types

  1. Avoid: Eliminate the risk source
  2. Transfer: Shift risk to third party (insurance, contracts)
  3. Mitigate: Reduce probability or impact
  4. Accept: Acknowledge and prepare contingency

Mitigation Plan Template

markdown
## Risk: [Risk Name]

**Category**: [Technical/Implementation/Business]
**Probability**: [1-5]
**Impact**: [1-5]
**Risk Score**: [P × I]

### Description
[Detailed risk description]

### Root Cause
[What causes this risk]

### Impact Analysis
- Best case: [Outcome]
- Most likely: [Outcome]
- Worst case: [Outcome]

### Mitigation Strategy
- Strategy type: [Avoid/Transfer/Mitigate/Accept]
- Actions:
  1. [Action 1]
  2. [Action 2]
- Cost: [Mitigation cost]

### Contingency Plan
[What to do if risk occurs]

### Monitoring
- Trigger indicators: [Warning signs]
- Review frequency: [Weekly/Monthly]

Output Specification

Risk assessments should include:

  • Risk register with all identified risks
  • Heat map visualization (probability vs impact)
  • Top risks with mitigation plans
  • Residual risk summary
  • Monitoring recommendations