# Risk Assessment Checklist *By Touseef Shaik — touseefshaik.com* --- ## How to Use This Checklist For each risk category, score Probability (1-5) and Impact (1-5). Multiply for a Risk Score. - **1-6 (Green):** Accept. Monitor periodically. - **7-14 (Amber):** Mitigate. Active management required. - **15-25 (Red):** Escalate. May block progress. --- ## 1. Technical Risks | # | Risk | Present? | Probability (1-5) | Impact (1-5) | Score | Mitigation | |---|------|----------|-------------------|---------------|-------|------------| | 1.1 | Integration complexity with external systems | ☐ | | | | | | 1.2 | Data migration challenges (volume, quality, format) | ☐ | | | | | | 1.3 | Scalability — will the architecture handle projected load? | ☐ | | | | | | 1.4 | Technology stack maturity (new/unproven tools?) | ☐ | | | | | | 1.5 | Third-party API/ service reliability and SLAs | ☐ | | | | | | 1.6 | Security vulnerabilities (OWASP Top 10) | ☐ | | | | | | 1.7 | Data integrity and consistency across systems | ☐ | | | | | | 1.8 | Performance bottlenecks under load | ☐ | | | | | | 1.9 | Technical debt from rushed development | ☐ | | | | | | 1.10 | Disaster recovery and backup readiness | ☐ | | | | | **Technical Risk Summary:** - Total risks identified: ___ - Red (15-25): ___ - Amber (7-14): ___ - Green (1-6): ___ --- ## 2. Business Risks | # | Risk | Present? | Probability (1-5) | Impact (1-5) | Score | Mitigation | |---|------|----------|-------------------|---------------|-------|------------| | 2.1 | Regulatory / compliance requirements missed | ☐ | | | | | | 2.2 | Market timing — too early or too late? | ☐ | | | | | | 2.3 | User adoption — will users actually use this? | ☐ | | | | | | 2.4 | Stakeholder alignment — conflicting priorities? | ☐ | | | | | | 2.5 | Competitive response — what will competitors do? | ☐ | | | | | | 2.6 | Revenue / business model assumptions unvalidated | ☐ | | | | | | 2.7 | Customer data privacy concerns | ☐ | | | | | | 2.8 | Brand / reputation risk if feature fails publicly | ☐ | | | | | **Business Risk Summary:** - Total risks identified: ___ - Red (15-25): ___ - Amber (7-14): ___ - Green (1-6): ___ --- ## 3. Project / Delivery Risks | # | Risk | Present? | Probability (1-5) | Impact (1-5) | Score | Mitigation | |---|------|----------|-------------------|---------------|-------|------------| | 3.1 | Key person dependency (bus factor) | ☐ | | | | | | 3.2 | Timeline is unrealistic | ☐ | | | | | | 3.3 | Resource constraints (headcount, budget) | ☐ | | | | | | 3.4 | Scope creep — requirements expanding mid-sprint | ☐ | | | | | | 3.5 | Cross-team dependency delays | ☐ | | | | | | 3.6 | Testing coverage insufficient | ☐ | | | | | | 3.7 | Deployment / release process fragility | ☐ | | | | | | 3.8 | Vendor / third-party delivery risk | ☐ | | | | | **Project Risk Summary:** - Total risks identified: ___ - Red (15-25): ___ - Amber (7-14): ___ - Green (1-6): ___ --- ## 4. Risk Matrix (Visual Summary) ``` Impact 5 | ░░ ░░ ██ ██ ██ 4 | ░░ ░░ ░░ ██ ██ 3 | ░░ ░░ ░░ ░░ ██ 2 | ░░ ░░ ░░ ░░ ░░ 1 | ░░ ░░ ░░ ░░ ░░ +--------------------- 1 2 3 4 5 Probability ██ = High Risk (15-25) — Escalate ░░ = Medium Risk (7-14) — Mitigate = Low Risk (1-6) — Monitor ``` --- ## 5. Top 5 Risks (Fill after assessment) | Rank | Risk ID | Risk Description | Score | Owner | Action Plan | |------|---------|-----------------|-------|-------|------------| | 1 | | | | | | | 2 | | | | | | | 3 | | | | | | | 4 | | | | | | | 5 | | | | | | --- *This template is part of the free BA/PO Toolkit from touseefshaik.com/resources. For AI-powered risk analysis, try BA Assistant at tshaik1990-ba-assistant.hf.space.*