AI Prompts for Risk Management

Help me identify all potential risks in [specific business area/process]. Consider operational, financial, compliance, strategic, and reputational risks. For each risk, describe how it could impact our organization, what triggers might cause it, and any early warning signs we should monitor.

Create a risk assessment framework for [industry/organization type]. Include risk categories, probability scales (1-5), impact scales (1-5), and scoring methodology. Then help me prioritize our identified risks using this framework and determine which require immediate attention.

Analyze our [supply chain/operations/technology infrastructure] for vulnerabilities. Identify single points of failure, interdependencies, and cascading risk scenarios. Suggest which vulnerabilities pose the highest potential impact and which are most likely to materialize.

Help me conduct a business continuity risk assessment. Identify our most critical business processes, estimate recovery time objectives for each, assess current recovery capabilities, and recommend priority areas for contingency planning based on impact and likelihood.

Generate a cybersecurity risk assessment for our [organization type]. Consider threats like data breaches, ransomware, insider threats, supply chain compromise, and system outages. Evaluate our current security posture against each threat and recommend remediation priorities.

Create a comprehensive risk profile for [specific project/initiative]. Analyze technical, schedule, budget, resource, stakeholder, and market risks. For each risk category, identify specific threats, probability estimates, impact assessments, and interdependencies with other risks.

Map our current business processes against [specific regulation/standard - GDPR/SOX/ISO27001/HIPAA/etc]. Identify compliance gaps where our processes fall short of requirements. Prioritize gaps by regulatory consequence severity and remediation effort.

Help me create a compliance monitoring system for [regulatory domain]. Define key compliance metrics, data collection methods, monitoring frequency, escalation triggers, and remediation processes. Generate a compliance calendar identifying key dates, audit periods, and reporting deadlines.

Assess the regulatory risk landscape for [industry/geography]. Identify upcoming regulation changes, emerging compliance requirements, and regulatory trends. Evaluate how these will impact our organization and recommend strategic preparation steps.

Create a data protection and privacy risk assessment for our organization. Identify data assets, data flows, potential exposure points, and privacy risks. Evaluate our compliance with [GDPR/CCPA/PIPEDA/etc] and recommend improvements.

Help me design an audit program for [business area/process]. Define audit scope, frequency, sampling methods, and testing procedures. Create audit checklists and identify key risk areas that audits should focus on.

Develop a regulatory change monitoring and impact assessment process. Define how we'll track regulatory updates, assess impact on our organization, coordinate response across departments, and update our compliance programs accordingly.

Conduct a threat modeling exercise for [system/process/product]. Identify potential threat actors (internal/external), their motivations, capabilities, and attack vectors. For each plausible threat, assess likelihood and potential impact to the organization.

Analyze [competitor/industry player/emerging startup] as a strategic threat. Assess their capabilities, market positioning, potential moves, and how they could disrupt our business model. Recommend defensive strategies and competitive responses.

Help me scan for emerging technology risks and opportunities. Analyze [AI/blockchain/IoT/cloud/quantum/etc] threats and risks relevant to our industry. Assess our organization's exposure and recommend risk mitigation strategies.

Create an external threat intelligence program. Define which external threats we should monitor (geopolitical, natural disasters, market volatility, technology disruption, competitor moves). Establish data sources, monitoring frequency, and escalation procedures.

Assess reputational risks from [specific situation/decision/public position]. Analyze stakeholder perspectives, media reaction potential, social media amplification likelihood, and long-term brand impact. Recommend communication and mitigation strategies.

Develop a crisis risk assessment framework. Identify plausible crisis scenarios in [industry/organization], assess probability and severity, identify potential triggers, and evaluate our crisis response capabilities. Prioritize scenarios requiring contingency planning.

Help me design a risk mitigation plan for [identified risk]. Define the risk in detail, assess current controls, identify additional mitigating controls, assign accountability and timelines, define success metrics, and plan implementation phasing.

Create a control framework for [business area/process]. Identify preventive controls (stop risks from occurring), detective controls (identify when risks occur), and corrective controls (resolve impacts). For each control, specify owner, frequency, and effectiveness testing.

Evaluate our existing controls for [risk category]. Assess control design effectiveness (whether controls are appropriate), control operation effectiveness (whether controls are actually working), and identify gaps. Recommend control improvements.

Help me prioritize risk mitigation initiatives given [budget/resource constraints]. Analyze cost-benefit of different mitigation strategies. Rank initiatives by residual risk reduction per dollar spent and strategic importance. Create a phased implementation plan.

Develop a third-party risk management program. Define vendor risk assessment criteria, establish due diligence procedures, create contract risk clauses, define ongoing monitoring methods, and establish contingency plans for critical vendors.

Create a business continuity and disaster recovery plan for [business area/process]. Define recovery time objectives, recovery point objectives, critical resources, recovery procedures, communication plans, and testing schedules.

Design a risk monitoring and reporting dashboard for [organizational level - board/executive/operational]. Define key risk indicators to track, visualization methods, reporting frequency, escalation triggers, and decision support metrics.

Help me establish a risk governance structure for [organization type/size]. Define roles and responsibilities for risk oversight, establish escalation procedures, create decision rights, set meeting cadences, and define risk governance documentation requirements.

Create a risk culture assessment and improvement plan. Evaluate current attitudes toward risk awareness, risk reporting, risk accountability, and risk-informed decision-making. Identify gaps and recommend programs to strengthen risk culture.

Develop a risk reporting framework for stakeholders. Define risk metrics, create executive summaries, establish reporting frequency and distribution lists, implement escalation triggers, and create drill-down capabilities for detailed analysis.

Help me design a risk review and update process. Define how frequently we review risks, what triggers special reviews, how we incorporate new information, how we update risk scores, and how we communicate changes to stakeholders.

Create a risk training and awareness program. Identify required risk competencies by role, design training curricula, plan delivery methods, establish success metrics, and create ongoing awareness campaigns to embed risk thinking in decision-making.