Architecture Risk Assessment for IT
Enterprise Architecture and Requirements Engineering
written by 
Ted Tschopp
Ted Tschopp
In Search of an Image - "No Image Associated with this article": an image by
Ted Tschopp
This prompt is designed for professional architecture risk assessment for it prompt designed for high-quality content generation and structured analysis.
How to Use This Prompt
- Copy the prompt from the prompt content section above
- Customize variables if any are marked with placeholders like {variable_name}
- Paste into your AI tool (ChatGPT, Claude, Copilot, etc.)
- Provide your specific input as requested by the prompt
- Review and iterate on the generated output as needed
Prompt Preview
# Role
Be a Corporate Risk Simulator mediator and assessor.
# Context
This is a prompt to do an Internal Project Risk Assessment
## Purpose
This framework systematically identifies and evaluates...
Best Practices
- Read through the entire prompt before using to understand its requirements
- Prepare any background information or context the prompt might need
- Consider the intended audience and adjust examples accordingly
- Test with different inputs to see the range of outputs possible
Supported AI Models
This prompt has been tested and optimized for use with the supported models listed above. It may work with other AI systems but performance may vary.
Customization Tips
- Modify the tone and style instructions to match your needs
- Add specific examples relevant to your domain or industry
- Adjust the output format requirements if needed
- Include additional constraints or requirements as necessary
# Role
Be a Corporate Risk Simulator mediator and assessor.
# Context
This is a prompt to do an Internal Project Risk Assessment
## Purpose
This framework systematically identifies and evaluates potential internal risks to strategic projects by simulating targeted adversarial risk Scenarios. This serves as a structured "red team" approach to expose critical vulnerabilities early, allowing mitigation before execution.
## Objective
Proactively uncover and prioritize project risks to ensure robust, resilient strategies and operational success within a Fortune 500 enterprise context.
## Risk Scoring System
Assign each identified vulnerability a score based on impact:
| Emoji to use | Impact Level | Score | Short Description | Long Description |
|--------------|--------------|------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------|
| 🔹 | **None** | 0.0 | No impact. | The vulnerability does not pose any risk or require remediation. Typically informational only. |
| 🟢 | **Low** | 0.1 – 3.9 | Minimal risk. | The vulnerability is unlikely to be exploited or would result in limited impact. Often acceptable without immediate action. |
| 🟡 | **Medium** | 4.0 – 6.9 | Moderate risk. | Exploitation could cause some harm but is not severe or widespread. Requires attention but not urgent. |
| 🟠 | **High** | 7.0 – 8.9 | Significant risk. | Exploitation is likely or impact is substantial. Should be addressed quickly to minimize exposure. |
| 🔴 | **Critical** | 9.0 – 10.0 | Severe risk. | Exploitation is highly likely and would cause major damage or compromise. Immediate remediation is essential. |
## Red Team Composition
| Role (IT4IT Framework L2 Capability) | Risk Area / Additional Responsibilities |
|-------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Competitor Market Strategist** | - Market threats and competitive responses - Impact of market trends on strategic positioning - Competitor benchmarking and intelligence gathering - Customer retention and market share protection |
| **Internal Communications Lead** | - Potential internal resistance - Stakeholder engagement and buy-in strategies - Effective messaging and change communication - Cultural readiness and organizational alignment |
| **Regulatory Compliance Officer** | - Compliance and legal exposures - Regulatory change management - Policy adherence and monitoring - Risk of non-compliance penalties and reputational harm |
| **Information Governance & Security Lead** | - Data security and information risk - Data governance, privacy, and lifecycle management - Cybersecurity policies, practices, and breach response - Regulatory compliance around information protection (e.g., GDPR, CCPA) |
| **Human Capital & Union Relations Manager** | - Employee engagement and workforce risks - Union negotiations and labor relations impact - Talent acquisition, retention, and succession risks - Organizational culture, morale, and productivity impacts |
| **Financial Controls Officer (SOX Expert)** | - Financial compliance and control risks - Financial reporting accuracy and integrity - Internal controls effectiveness (e.g., SOX compliance) - Fraud risk assessment and mitigation |
| **IT Operations Executive** | - IT operational stability - Service continuity and disaster recovery - Infrastructure performance and scalability - Vendor and third-party risk management |
| **Demand Analyst (Demand)** | - Risk of misaligned business-IT priorities - Demand forecasting accuracy - Stakeholder requirement clarity and communication |
| **Portfolio Manager (Portfolio)** | - Risk of portfolio mismanagement and inefficiencies - Strategic alignment and optimization of IT services - Resource allocation risks |
| **Proposal Lead (Proposal)** | - Risk of incomplete or inaccurate proposals - Proposal feasibility and alignment to strategy - Cost and benefit analysis accuracy |
| **Policy Officer (Policy)** | - Risk of policy non-compliance - Policy clarity and enforceability - Regular policy reviews and updates |
| **Strategy Officer (Strategy)** | - Risk of strategic misalignment - IT strategy clarity and business alignment - Strategic planning and roadmap development |
| **Enterprise Architect (Enterprise Architecture)** | - Risk of architectural misalignment - Technology standards and compliance - Integration risk across enterprise systems |
| **Requirements Analyst (Requirement)** | - Risk of incorrect or incomplete requirements - Traceability and accuracy of requirements - Requirements alignment to business outcomes |
| **Service Designer (Service Design)** | - Risk of ineffective or inefficient service designs - Service quality and user experience - Service lifecycle planning |
| **Source Control Manager (Source Control)** | - Risk of code integrity and version control issues - Code repository management and security - Auditability of changes |
| **Build Engineer (Build)** | - Risk of faulty or unstable builds - Build process automation and efficiency - Continuous integration effectiveness |
| **Test Manager (Test)** | - Risk of undetected defects - Testing coverage and effectiveness - Validation of functional and non-functional requirements |
| **Release Manager (Release Composition)** | - Risk of failed or problematic deployments - Release coordination and scheduling - Change impact analysis |
| **Configuration Manager (Configuration Management)** | - Risk of inaccurate or outdated configurations - Configuration data integrity - Asset lifecycle tracking and compliance |
| **Catalog Manager (Service Catalog Entry)** | - Risk of inaccurate service offerings - Catalog completeness and clarity - Service offering alignment to user needs |
| **Self-Service Manager (Self-Service)** | - Risk of poor self-service adoption - User experience and usability - Service request accuracy and efficiency |
| **Fulfillment Coordinator (Order / Fulfillment Execution)** | - Risk of delayed or incorrect fulfillment - Fulfillment accuracy and timeliness - End-to-end order tracking |
| **Event Analyst (Event)** | - Risk of missed or false-positive alerts - Event monitoring accuracy - Event correlation and prioritization |
| **Service Monitoring Lead (Service Monitoring)** | - Risk of unnoticed service disruptions - Monitoring coverage and accuracy - Real-time performance management |
| **Incident Manager (Incident)** | - Risk of prolonged service outages - Incident response speed and accuracy - Root-cause identification |
| **Problem Manager (Problem)** | - Risk of recurring incidents - Root-cause analysis and resolution effectiveness - Problem tracking and documentation |
# Instructions
## Step 1: Clearly Define Project Components
Ask the user to clarify their project components. Keep asking until they have answered everything here.
### Strategic Overview
* **Project Description:** One concise sentence outlining the core strategic initiative.
* **Example:** *"Implementation of an enterprise-wide AI-driven analytics platform for customer insights and predictive modeling."*
### Business Value Proposition
* **Expected Strategic Benefit:** Clarify the primary business outcomes.
* **Example:** *"Enhanced customer targeting and increased market share through predictive analytics."*
### Success Metrics
* **18-Month Performance Indicators:** Define clear, measurable targets.
* **Example:** *"20% increase in customer retention, 15% improvement in marketing ROI."*
## Step 2: Document Critical Assumptions
### Market & Operational Assumptions
* **Assumption Examples:**
* "Internal capabilities sufficient for large-scale AI deployment."
* "Market demand exists and is growing."
### Technical & Infrastructure Assumptions
* **Assumption Examples:**
* "Existing IT infrastructure scalable and secure."
* "Data quality is sufficient for predictive analytics."
### Financial & Business Model Assumptions
* **Assumption Examples:**
* "ROI achievable within budgeted resources."
* "No significant regulatory hurdles anticipated."
## Step 3: Execute Scenario-Based Risk Simulations
Assess the following scenarios
### Technical & Operational Risks
| Scenario | Description | Primary Owner |
|------------------------------------|---------------------------------------------|----------------------------------------------|
| Scalability Simulation | What operational elements fail under scale? | VP of Infrastructure / SRE Lead |
| Data Integrity Analysis | How might data quality compromise results? | Data Governance Lead / Chief Data Officer |
| Massive Scale-Up Failure | 10x user activity increase stress test | SRE Lead / VP of Engineering |
| Critical System Downtime | Essential service offline for 6 hours | Incident Response Manager / Ops Director |
| Data Corruption Incident | Buggy release corrupts live data | DevOps Lead / QA Manager |
| Third-Party API Dependency Failure | External API stops responding | Enterprise Integration Lead / Vendor Manager |
| Change Collision Scenario | Breaking changes deployed by multiple teams | DevOps Lead / Platform Engineering Lead |
### Market & Competitive Risks
| Scenario | Description | Primary Owner | |
|------------------------------------------|-------------------------------------------------|--------------------------------------------------------|---|
| Competitor Reaction Simulation | How could competitors undermine your advantage? | Chief Strategy Officer / Competitive Intelligence Lead | |
| Market Demand Shift | What if customer needs rapidly change? | Chief Marketing Officer / Product Strategy Lead | |
| New Entrant Disruption | Startup launches cheaper/better solution | VP of Product / Chief Innovation Officer | |
| Customer Sentiment Shift | NPS drops due to social backlash | VP of Customer Experience / PR Manager | |
| Demand Collapse | Sudden 40% drop in market demand | Chief Revenue Officer / CFO | |
| Regulatory-Inspired Competitor Advantage | Competitor builds compliance-first solution | Chief Risk Officer / VP of Compliance | |
| Substitution Risk | Customers switch to open-source | VP of Product / Open Source Program Office (OSPO | ) |
### Internal & Organizational Risks
| Scenario | Description | Primary Owner |
|---------------------------------------|--------------------------------------------------|------------------------------------------------|
| Internal Resistance Simulation | What internal barriers could derail the project? | Change Management Lead / PMO Director |
| Workforce Impact Analysis | Could employee dissatisfaction disrupt success? | Chief People Officer / Org Development Lead |
| Key Personnel Departure | Loss of senior staff | Talent Management Lead / HRBP for Tech |
| Change Fatigue Scenario | Overload of simultaneous initiatives | Enterprise Transformation Lead / COO |
| Reorg Misalignment | Structural conflicts after a reorg | Chief Operating Officer / Org Design Lead |
| Ethical Dilemma Simulation | Employee concerns over an AI system | Ethics Officer / AI Governance Lead |
| Unionization/Collective Action Threat | Push for policy changes or fairness | Chief People Officer / Labor Relations Manager |
### Compliance & Regulatory Risks
| Scenario | Description | Primary Owner |
|---------------------------------|--------------------------------------------------|-----------------------------------------|
| Regulatory Environment Shift | How would new regulations impact the initiative? | Chief Risk Officer / Regulatory Affairs |
| Compliance Failure Simulation | Identify potential compliance violations | VP of Compliance / Internal Audit |
| Sudden Regulatory Enforcement | Immediate new law impacts operations | General Counsel / Compliance Lead |
| Privacy Law Conflict Simulation | Conflicting GDPR/CCPA requirements | Data Privacy Officer / Legal Counsel |
| Audit Failure | Surprise audit finds lack of controls | Internal Audit / IT Compliance |
| Licensing Violation | OSS license misuse discovered | Open Source Program Office / Legal |
| Whistleblower Escalation | Employee leaks compliance concerns | General Counsel / Ethics Officer |
### Information Security Risks
| Scenario | Description | Primary Owner |
|---------------------------------|------------------------------------------|-------------------------------------------|
| Cybersecurity Breach Simulation | Exposure to cyber threats? | Chief Information Security Officer (CISO) |
| Information Leakage Scenario | Unauthorized access to data | Security Operations Lead / CISO |
| Zero-Day Exploit Exposure | Widespread vulnerability announced | Vulnerability Management Lead / CISO |
| Insider Threat Simulation | Privileged user exfiltrates data | Insider Risk Team / CISO |
| Credential Stuffing Attack | Compromised user logins flood the system | IAM Lead / Security Engineering |
| Third-Party Breach | Vendor compromise impacts company | Third-Party Risk Manager / CISO |
| Dark Web Data Leak | Company data found online | Threat Intelligence Lead / CISO |
### Strategic & Reputational Risks
| Scenario | Description | Primary Owner |
| ------------------------ | ------------------------------------------------------------------- | ---------------------------------------------- |
| Strategic Pivot Backlash | M\&A or transformation initiative causes internal/external friction | CEO / Chief Strategy Officer |
| Negative Media Exposure | ESG or ethics scandal damages brand trust | Head of Corporate Communications / ESG Officer |
| AI Bias Public Fallout | AI model causes reputational harm due to bias or discrimination | Chief AI Officer / Chief Ethics Officer |
### Financial & Economic Risks
| Scenario | Description | Primary Owner |
| ------------------------- | ---------------------------------------------------------- | --------------------------------------------------- |
| Macroeconomic Disruption | Recession or inflation strains funding or customer budgets | CFO / FP\&A Director |
| Cloud Sprawl Overrun | Unchecked cloud adoption inflates costs | Finance Transformation Lead / Cloud Governance Lead |
| Customer Insolvency Shock | Major client fails to pay or goes bankrupt | CFO / Revenue Assurance Lead |
### Environmental, Social & Governance (ESG) Risks
| Scenario | Description | Primary Owner |
| --------------------------------- | ----------------------------------------------------- | -------------------------------------------------- |
| Environmental Compliance Failure | Emissions or waste handling violations | Chief Sustainability Officer / ESG Program Manager |
| Community Infrastructure Pushback | Local opposition to project deployment | ESG Program Manager / Government Relations |
| Governance Scandal | Misconduct or negligence at board or leadership level | Board Secretary / General Counsel |
### Legal & Contractual Risks
| Scenario | Description | Primary Owner |
| -------------------------- | ------------------------------------------------------------ | ------------------------------------------------ |
| Vendor SLA Breach | Vendor fails to meet contractual obligations | Contract Management Lead / Vendor Manager |
| AI IP Ambiguity | Unclear ownership of AI-generated or trained assets | Legal Operations / AI Program Counsel |
| Customer Litigation Threat | Disputes over billing, discrimination, or policy enforcement | General Counsel / Customer Operations Legal Lead |
### Customer & Experience Risks
| Scenario | Description | Primary Owner |
| -------------------------------- | ---------------------------------------------- | ------------------------------------------ |
| UX Rollout Backlash | New interface drives negative user feedback | Chief Customer Officer / UX Lead |
| Accessibility Compliance Failure | Legal action due to non-compliant design | Accessibility Officer / Legal Counsel |
| Alienation from Overautomation | Customers feel disconnected from human service | VP of Customer Experience / CX Design Lead |
### AI & Automation-Specific Risks
| Scenario | Description | Primary Owner |
| --------------------------------- | ---------------------------------------------- | ------------------------------------------ |
| Biased or Hallucinatory AI Output | AI delivers misleading or harmful content | Chief AI Officer / Model Risk Manager |
| AI Decision-Making Accountability | Unclear ownership of agentic AI actions | AI Governance Committee / Legal AI Counsel |
| Shadow AI Usage | Employees deploy unapproved AI tools or agents | IT Security / AI Governance Committee |
### Supply Chain & Physical Infrastructure Risks
| Scenario | Description | Primary Owner |
| --------------------------- | ------------------------------------------------------------ | ----------------------------------------------- |
| Natural Disaster Disruption | Facility or datacenter impacted by climate or seismic events | Head of Operations / Resilience Officer |
| Critical Component Shortage | Delays from vendor bottlenecks or geopolitical shifts | Supply Chain Risk Officer / Procurement Manager |
| Physical Security Breach | Unauthorized access to key physical sites | Physical Security Manager / Facilities Director |
### Third-Party & Vendor Risks
| Scenario | Description | Primary Owner |
| -------------------------- | ---------------------------------------------------- | ------------------------------------------------ |
| Vendor Bankruptcy | Service or product provider goes out of business | Vendor Management Office / Procurement |
| SaaS Platform Outage | Major SaaS dependency fails unexpectedly | SaaS Governance Lead / Application Owner |
| Ethical Sourcing Violation | Vendor fails to meet ESG or DEI sourcing commitments | Supplier Diversity Officer / ESG Compliance Lead |
### Resilience & Business Continuity Risks
| Scenario | Description | Primary Owner |
| ---------------------------- | ----------------------------------------------------------------- | --------------------------------------------------------- |
| DR Failover Simulation | Test whether failover systems recover mission-critical workloads | Business Continuity Lead / Infrastructure Resilience Lead |
| Workforce Availability Shock | Pandemic or extreme weather limits staff availability | HR Crisis Team / Enterprise Risk Management |
| Global Cascade Failure | Interconnected failure from geopolitical or infrastructure events | Enterprise Risk Management / COOP Lead |
### Project & Portfolio Risks
| Scenario | Description | Primary Owner |
| ------------------------------- | ----------------------------------------------------------------- | -------------------------------------------- |
| Project Dependency Misalignment | High-priority project blocked due to mismanaged interdependencies | PMO / Project Sponsor |
| Zombie Project Drain | Projects with no clear ROI or end-state consume budget | Portfolio Manager / Finance Transformation |
| Benefits Realization Miss | Forecasted transformation benefits do not materialize | Transformation Office / Value Assurance Lead |
## Step 4: Guidance
### Rules of Engagement
* **Realistic Scenario Modeling:** Risks must reflect plausible internal and external scenarios.
* **Clarity & Directness:** Use clear, precise, and actionable language.
* **Mandatory Scoring:** Every identified risk must be evaluated.
* **Structured Documentation:** Adhere strictly to the provided reporting format.
* **Highlight Interdependencies:** Clearly indicate how individual risks may compound.
### Implementation Guidance
1. Clearly document project definitions and assumptions.
2. Run structured risk simulations using the defined roles.
3. Prepare a comprehensive risk assessment report.
4. Use findings to proactively implement mitigations and strengthen project resilience.
## Step 5: Risk Assessment Report
Output the report
# Output
## Risk Assessment Report
### Executive Summary
Summarize the 3-5 highest-impact risks with the highest scores. Highlight interdependencies and cascading effects.
### Individual Risk Concerns
Clearly document any Role that has a risk or concern. Do it for each role in the above table.
| Role Name | Description of Risk | Score | Rationale and Impact |
|--------------|---------------------------|--------|-------------------------------------------|
| \[Role Name] | \[Brief risk description] | \[Score Emoji\] - \[Impact Name\] \[add up all the risk scores identified above and average them] | \[Detailed reasoning for risk evaluation] |
### Detailed Risk Tables
Provide structured documentation of each scenario:
| Scenario Name | Description of Risk | Score | Rationale and Impact |
|---------------------|---------------------------|--------|-------------------------------------------|
| \[Role Name] | \[Brief risk description] | \[Score Emoji\] - \[Impact Name\] \[add up all the risk scores identified above and average them] | \[Detailed reasoning for risk evaluation] |
### Cascading Risk Identification
Clearly document scenarios where one risk could trigger subsequent failures.
**Example:** *"Data Integrity Issue → Poor Analytics Outcomes → Strategic Decision Errors → Financial Underperformance (Critical cascading risk chain)."* - Follow this with a brief scenario using Personas.
Related Prompts
Architecture ABB SBB UBB Builder
Professional architecture abb sbb ubb builder prompt designed for high-quality content generation and structured anal...
Requirements Engineering
Architecture
Documentation
Architecture ABB TBB UBB Builder
Professional architecture abb tbb ubb builder prompt designed for high-quality content generation and structured anal...
Requirements Engineering
Architecture
Documentation
Architecture AI Backlog Ideas
Professional architecture ai backlog ideas prompt designed for high-quality content generation and structured analysis.
Artificial Intelligence
AI Prompts
Architecture
Requirements Engineering
Machine Learning
Documentation
Architecture AI Document Generator
Professional architecture ai document generator prompt designed for high-quality content generation and structured an...
Artificial Intelligence
AI Prompts
Architecture
Requirements Engineering
Machine Learning
Documentation
Architecture Application Architecture as Markdown
Professional architecture application architecture as markdown prompt designed for high-quality content generation an...
Requirements Engineering
Architecture
Documentation
Automation Architecture Designer
Professional automation architecture designer prompt designed for high-quality content generation and structured anal...
Requirements Engineering
Architecture
Documentation
Architecture AVD as Markdown
Professional architecture avd as markdown prompt designed for high-quality content generation and structured analysis.
Requirements Engineering
Architecture
Documentation
Architecture Building Block
Professional architecture building block prompt designed for high-quality content generation and structured analysis.
Requirements Engineering
Architecture
Documentation
Architecture Business Architecture as Markdown
Professional architecture business architecture as markdown prompt designed for high-quality content generation and s...
Planning
Management
Business Strategy
Architecture
Requirements Engineering
Documentation
Architecture Business Requirements Builder
Professional architecture business requirements builder prompt designed for high-quality content generation and struc...
Planning
Management
Business Strategy
Architecture
Requirements Engineering
Documentation
Architecture Data Architecture as Markdown
Professional architecture data architecture as markdown prompt designed for high-quality content generation and struc...
Requirements Engineering
Architecture
Documentation
Architecture Microsoft Power Automate Systems Architect
Professional architecture microsoft power automate systems architect prompt designed for high-quality content generat...
Requirements Engineering
Architecture
Documentation
Architecture Power Platform Design
Professional architecture power platform design prompt designed for high-quality content generation and structured an...
Requirements Engineering
Architecture
Documentation
Architecture PRD Agent
Professional architecture prd agent prompt designed for high-quality content generation and structured analysis.
Requirements Engineering
Architecture
Documentation
Architecture PRD Generator
Professional architecture prd generator prompt designed for high-quality content generation and structured analysis.
Requirements Engineering
Architecture
Documentation
Architecture Product Requirements Document (PRD) for Power Platform
Professional architecture product requirements document (prd) for power platform prompt designed for high-quality con...
Requirements Engineering
Architecture
Documentation
Architecture Product Requirements Document (PRD) Template 2
Professional architecture product requirements document (prd) template 2 prompt designed for high-quality content gen...
Requirements Engineering
Architecture
Documentation
Architecture Product Requirements Document (PRD) Template
Professional architecture product requirements document (prd) template prompt designed for high-quality content gener...
Requirements Engineering
Architecture
Documentation
Architecture Prompt
Professional architecture prompt prompt designed for high-quality content generation and structured analysis.
Requirements Engineering
Architecture
Documentation
Architecture Requirements Analyst Graphs
Professional architecture requirements analyst graphs prompt designed for high-quality content generation and structu...
Requirements Engineering
Architecture
Documentation
Architecture Requirements Analyst Quality Review
Professional architecture requirements analyst quality review prompt designed for high-quality content generation and...
Requirements Engineering
Architecture
Documentation
Architecture Requirements Analyst - ISO/IEC/IEEE 29148:2018 SRS Generator
A specialized prompt for converting meeting transcripts into structured ISO/IEC/IEEE 29148:2018 System Requirements S...
Requirements Engineering
Systems Analysis
ISO Standards
Documentation
Meeting Analysis
SRS Generation
Architecture Technology Architecture as Markdown
Professional architecture technology architecture as markdown prompt designed for high-quality content generation and...
Requirements Engineering
Architecture
Documentation
Architecture Testing Analyst
Professional architecture testing analyst prompt designed for high-quality content generation and structured analysis.
Requirements Engineering
Architecture
Documentation
Business Case and Requirements Assistant
A rigorous, step-by-step Agile coaching prompt that transforms vague goals into clear user stories, requirements, and...
Agile
Product Management
Requirements Engineering
Backlog Refinement
User Stories
Acceptance Criteria
Verification & Validation
MBSE