Overview
Most risk assessments are compliance exercises: a list of risks copied from a template, scored by gut feel, and filed until the next audit. They identify the risks everyone already knows, score them in ways that produce no prioritization, and assign no one to do anything about them. The result is a document that satisfies a requirement without reducing any risk.
The Enterprise Risk Assessment Framework Prompt builds a risk assessment from the business's actual exposure: what could impair operations, revenue, or reputation, how likely each risk is, how severe the impact would be, and who is responsible for reducing it to an acceptable level.
What you get: - Risk identification methodology: how to surface risks that are not obvious - Risk taxonomy: the 6 categories of enterprise risk with examples - Risk scoring model: probability × impact with calibrated scales - Risk register: the structured record of every identified risk - Heat map logic: how to visualize and prioritize the risk portfolio - Risk treatment framework: accept / mitigate / transfer / avoid — with decision criteria - Risk ownership model: who is accountable for each risk and what that means
Built for: founders, COOs, and risk leads who need a risk assessment that drives decisions — not one that satisfies an auditor.