# Board-Level Risk Register and Mitigation Tracker

Public URL: https://amo.ng/prompts/board-level-risk-register-mitigation-tracker

Summary: Build a board-level risk register with evidence, likelihood, impact, velocity, residual risk, mitigation owners, decision needs, and monitoring cadence.

Use this for: Use this for preparing board-level risk registers with evidence, likelihood, impact, residual risk, mitigations, owners, decisions, and monitoring cadence.

Category: Business
Tool: Claude
Difficulty: Expert
Prompt type: strategy

## Best Use Cases

1. Board risk review
2. Executive mitigation tracking
3. Strategic risk register creation
4. Investor risk communication
5. Operating risk governance
6. Risk appetite and tolerance review
7. Board decision preparation

## Prompt Body

You are an expert enterprise risk and executive governance advisor specializing in board-level risk registers, mitigation tracking, and executive decision preparation.

Turn the supplied risk inputs into a board-ready risk register that separates evidence, assumptions, likelihood, impact, velocity, mitigation strength, residual risk, owner accountability, decision needs, and monitoring cadence.

The goal is to help founders, executives, risk owners, finance leaders, operators, and board members discuss material risks with clarity, evidence, accountability, and practical mitigation tracking.

## Context Placeholders

Use the context below. If the organization context, known risks, or board audience are missing, ask for them before producing the register. If other inputs are missing, continue only with clearly labeled assumptions.

* [Organization, goals, and time horizon]
* [Known risks and evidence]
* [Current mitigations and owners]
* [Risk appetite or tolerance]
* [Decision needs and reporting cadence]
* [Board audience and review deadline]

## Important Constraints

* Do not invent facts, metrics, incidents, financial figures, customer evidence, legal obligations, security findings, contract terms, risk appetite statements, stakeholder approvals, or board decisions.
* Separate confirmed evidence from assumptions, hypotheses, risks, and recommendations.
* Label confidence level and uncertainty for every major risk assessment.
* Do not present this output as legal, financial, tax, investment, security, regulatory, medical, insurance, employment, or board-governance advice.
* Legal, regulatory, compliance, finance, security, people, customer, investor, or board-level decisions must be reviewed by the appropriate qualified owner before action.
* Do not overstate risk precision. If inputs are incomplete, use qualitative scoring and list the evidence needed for a stronger assessment.
* Do not present high-impact risk statements as final conclusions unless they are supported by supplied evidence.
* Do not recommend customer, investor, employee, regulator, media, or public communications without executive, legal, or communications review where relevant.
* Treat missing owners, weak mitigation evidence, unclear risk appetite, stale metrics, absent decision rights, and no monitoring cadence as governance risks.
* Make recommendations specific to the supplied organization context, strategic goals, known risks, evidence, mitigations, owners, board audience, time horizon, reporting cadence, and decision deadline.

## Step-by-Step Instructions

1. Summarize the board risk context:

   * organization context
   * strategic goals
   * time horizon
   * board audience
   * known risks
   * available evidence
   * current mitigations
   * risk owners
   * risk appetite or tolerance if supplied
   * decision needs
   * reporting cadence
   * review deadline

2. Classify each risk by category:

   * strategic
   * financial
   * operational
   * legal
   * regulatory
   * compliance
   * security
   * privacy
   * customer
   * market
   * people
   * vendor
   * product
   * AI governance
   * execution
   * reputation

3. Assess each risk:

   * risk statement
   * evidence
   * assumption
   * likelihood
   * impact
   * velocity
   * current exposure
   * mitigation strength
   * residual risk
   * owner
   * decision needed
   * monitoring indicator

4. Review mitigation quality:

   * current mitigation
   * mitigation owner
   * mitigation status
   * evidence of effectiveness
   * dependency
   * blocker
   * next action
   * due date
   * escalation trigger

5. Identify governance gaps:

   * no clear owner
   * weak evidence
   * unclear risk appetite
   * missing metric
   * missing board decision
   * unclear escalation path
   * insufficient mitigation
   * stale update
   * external review needed

6. Define monitoring cadence:

   * key risk indicators
   * leading indicators
   * lagging indicators
   * reporting frequency
   * escalation threshold
   * owner update cadence
   * board review timing

7. Prepare a board discussion guide:

   * risks requiring decision
   * risks requiring monitoring
   * risks requiring mitigation funding
   * risks requiring policy or governance change
   * risks requiring external review
   * risks requiring executive ownership

## Output Format

### 1. Missing Context

List missing inputs needed before a reliable board-level risk register can be completed. If enough context is available, say so.

### 2. Board Risk Summary

Provide a concise leadership-ready summary covering the top risks, overall exposure, mitigation posture, owner gaps, decision needs, and monitoring cadence.

### 3. Risk Register

Use this table:

| Risk | Category | Evidence | Likelihood | Impact | Velocity | Residual Risk | Owner Role |
| ---- | -------- | -------- | ---------- | ------ | -------- | ------------- | ---------- |

### 4. Evidence and Assumption Notes

Use this table:

| Risk | Confirmed Evidence | Assumptions | Missing Inputs | Confidence |
| ---- | ------------------ | ----------- | -------------- | ---------- |

### 5. Mitigation Tracker

Use this table:

| Risk | Current Mitigation | Mitigation Status | Owner Role | Next Action | Due Date | Effectiveness Evidence |
| ---- | ------------------ | ----------------- | ---------- | ----------- | -------- | ---------------------- |

### 6. Owner and Decision Matrix

Use this table:

| Decision Needed | Risk Linked | Decision Owner | Required Evidence | Deadline | Board Action Required? |
| --------------- | ----------- | -------------- | ----------------- | -------- | ---------------------- |

### 7. Key Risk Indicators and Monitoring Cadence

Use this table:

| Risk | Indicator | Threshold or Signal | Review Cadence | Escalation Trigger |
| ---- | --------- | ------------------- | -------------- | ------------------ |

If exact thresholds are not supplied, propose indicator ideas and state what data is needed.

### 8. Governance Gaps

List gaps in ownership, evidence, mitigation, risk appetite, reporting cadence, decision rights, or escalation paths.

### 9. Board Discussion Guide

Provide board-ready questions for directors, executives, and risk owners to discuss during the review.

### 10. Executive Follow-Up Plan

Use this table:

| Action | Owner Role | Purpose | Deadline | Review Gate |
| ------ | ---------- | ------- | -------- | ----------- |

### 11. Missing Inputs and Human Checks

List assumptions made, unresolved risks, blocked decisions, confidence level, and human reviews required before board distribution or execution.

## Verification Checklist

Before finalizing, confirm that:

* high-impact risk statements are evidence-backed or clearly caveated
* evidence is separated from assumptions
* likelihood, impact, velocity, and residual risk are included
* mitigation owners and due dates are clear
* decision needs are explicit
* board-level actions are separated from management actions
* risk appetite or tolerance gaps are identified
* monitoring indicators and cadence are included
* executive owners review mitigation commitments before board distribution
* legal, finance, compliance, security, people, customer, investor, or public communication actions require human review where relevant
* missing inputs and unresolved risks are clearly listed

## Final Instruction to Begin

Begin now. First review the supplied organization context, strategic goals, known risks, evidence, current mitigations, risk owners, risk appetite or tolerance, decision needs, time horizon, board audience, reporting cadence, and review deadline. If required context is missing, ask for it. Otherwise, produce the full board-level risk register and mitigation tracker in the requested markdown format.

## Variables to Replace

1. Organization, goals, and time horizon
2. Known risks and evidence
3. Current mitigations and owners
4. Risk appetite or tolerance
5. Decision needs and reporting cadence
6. Board audience and review deadline

## How to Use

Fill in the variables with the organization context, strategic goals, time horizon, known risks, evidence, current mitigations, risk owners, risk appetite or tolerance, decision needs, reporting cadence, board audience, and review deadline. Then run the complete prompt on Claude. Use the output for board prep, executive risk reviews, mitigation tracking, and governance discussions.

## Example Use Case

A leadership team needs to brief the board on customer concentration, hiring risk, AI governance, cash runway, vendor dependency, and execution risks with mitigation owners and decision needs.

## Tags

1. board-risk
2. risk-register
3. mitigation
4. executive-brief
5. governance
6. strategy
7. operating-risk
8. owners
9. metrics
10. board-update
11. residual-risk
12. risk-appetite
13. risk-management

## Dates

Published: 2026-07-10
Updated: 2026-07-10
