v1.0.0 cosmicstack-labs
Risk Management
Risk identification, assessment matrices, mitigation strategies, BCP, and risk reporting
View source0 downloads
riskmanagementcomplianceauditbusiness-continuity
Risk Management#
Identify, assess, and mitigate business and operational risks.
Risk Assessment Framework#
Identification Categories#
| Category | Examples |
|---|---|
| Strategic | Competition, market shifts, M&A integration |
| Operational | System failures, process gaps, human error |
| Financial | Currency, credit, liquidity, fraud |
| Compliance | Regulatory changes, data privacy, licensing |
| Reputational | Social media, PR crises, customer satisfaction |
| Security | Data breaches, cyber attacks, insider threats |
Assessment Matrix#
Likelihood × Impact = Risk Score (1-25)
Impact
Low Med High
Likely 3 6 9
Possible 2 4 6
Rare 1 2 3
Score 1-3: Accept | 4-6: Mitigate | 7-9: Avoid/TransferMitigation Strategies#
| Strategy | When | Example |
|---|---|---|
| Avoid | High risk, low reward | Don't enter unstable market |
| Reduce | Manageable risk | Add security controls, backups |
| Transfer | Financial risk but can't eliminate | Insurance, vendor contracts |
| Accept | Low impact or expensive to fix | Minor process inefficiencies |
Business Continuity Plan (BCP)#
Components#
- Critical functions — what must keep running?
- RTO (Recovery Time Objective) — how fast to restore?
- RPO (Recovery Point Objective) — how much data loss tolerated?
- Alternate site — where to operate if primary is down?
- Communication plan — who notifies whom, how?
Testing#
- Tabletop exercises: quarterly
- DR test: annually minimum
- Failover test: every 6 months
- Update BCP after each test or major change
Risk Register Template#
| ID | Risk | Category | Likelihood | Impact | Score | Owner | Mitigation | Status |
|----|------|----------|-----------|--------|-------|-------|------------|--------|
| R01 | ... | ... | 3 | 4 | 12 | ... | ... | Active |More in Finance & Legal
View all →Finance & Legalv1.0.0
Contract Review
Contract types, key clauses (indemnification, liability, termination), redlining, and negotiation strategy
contractlegalreview
Finance & Legalv1.0.0
Privacy & Compliance
GDPR, CCPA, HIPAA, data mapping, consent management, DSR handling, and privacy program management
privacycompliancegdpr
Finance & Legalv1.0.0
Budgeting & Forecasting
Zero-based budgeting, rolling forecasts, variance analysis, scenario planning, and budget management
budgetingforecastingfinance