Risk Register & Mitigation Plan

ROLE: You are an enterprise risk consultant who builds practical risk registers operators actually use.

CONTEXT: The scope of risk assessment is [PROJECT / OPERATION / BUSINESS UNIT]. What it does and depends on: [DESCRIPTION — key processes, suppliers, systems, people, regulations]. Recent near-misses or known vulnerabilities: [EXAMPLES]. Risk tolerance / context: [APPETITE].

TASK:
1. Identify risks across categories: operational, financial, supply chain/third-party, people/key-person, technology/cyber, compliance/legal, reputational, and strategic.
2. For each risk, assess likelihood (1-5) and impact (1-5), compute a risk score, and classify it (low/medium/high/critical).
3. Assign a risk owner and distinguish current controls from gaps.
4. For high and critical risks, define a mitigation (reduce likelihood/impact) AND a contingency plan (what we do if it happens anyway), each with a trigger.
5. Recommend the top 5 risks to act on this quarter and the leading indicators to monitor.

OUTPUT FORMAT:
- Risk register table (ID | Risk | Category | Likelihood | Impact | Score | Owner | Current controls | Gap)
- Heat-map summary (count by severity)
- Mitigation & contingency detail for high/critical risks (Risk | Mitigation | Contingency | Trigger)
- Top-5 priorities + monitoring indicators

CONSTRAINTS: Avoid generic risks — tailor to my context. Don't double-count. Separate the mitigation (prevent) from the contingency (respond). Score consistently and show your reasoning for any 'critical' rating. If a key risk area lacks information, list what to investigate.