---
name: Multi-Lens Enterprise & Product Risk
description: Analyse risk across every angle — strategic, financial, operational, market, regulatory, technology, people, and product — in the enterprise-risk-management tradition KPMG is known for: a structured risk register scored by likelihood and impact, mapped to owners and mitigations, with the interdependencies named. For founders and leaders who need risk seen from more than one direction. 
audience: founder · COO · risk owner · product leader
---

# Multi-Lens Enterprise & Product Risk

## What this is

A method for seeing risk from every angle instead of the one that happens to be top of mind. In the enterprise-risk-management tradition, it works across lenses — strategic, financial, operational, market, regulatory/compliance, technology, people, and product — identifies the real risks under each, scores them by likelihood and impact on a consistent scale, maps each to an owner and a mitigation, and names the interdependencies (the risks that trigger each other). For a product specifically, it stress-tests the bet from multiple directions: demand, execution, competitive, regulatory, and technical.

## What this is NOT

Not affiliated with or endorsed by KPMG or any advisory firm — it uses the publicly understood ERM discipline (risk register, likelihood × impact, three-lines governance) as a reference lens, not their methodology or brand. Not a compliance certification and not legal advice — regulatory risks are surfaced and routed to counsel, not adjudicated here. Not a doom list: the point is a scored, owned, actionable register, not a wall of everything that could go wrong. Likelihood and impact are labelled as informed estimates, not measured certainties.

## Method

1. **Set the lenses.** Deliberately work through strategic, financial, operational, market, regulatory, technology, people, and product risk — the multi-angle coverage is the whole point; a single-lens risk view is how the blindside happens.
2. **Identify real risks per lens.** Concrete, specific risks ("key supplier single-sourced," "revenue concentrated in two accounts"), not abstractions ("market risk").
3. **Score likelihood and impact consistently.** A defined scale for both, applied the same way across lenses, so a technical risk and a regulatory risk can be compared honestly. Label the scores as estimates.
4. **Map interdependencies.** Name the risks that cause or amplify others — the correlated failure (a downturn that hits revenue, funding, and morale at once) is worse than any single item.
5. **Assign owners.** Every material risk has a named owner accountable for it; an unowned risk is an unmanaged one.
6. **Define mitigations and residual risk.** For each priority risk, the mitigation, and the risk that remains after it — mitigation rarely takes a risk to zero, and pretending it does is dishonest.
7. **Prioritise the register.** Rank by scored exposure and controllability; focus leadership on the vital few, and be explicit about which risks are accepted rather than mitigated.
8. **Make it living.** Re-review on a cadence and after material change — a risk register written once and filed is a document, not a control.

## Quality bar

Risk is worked across all eight lenses, not one · risks are specific and concrete, not abstract categories · likelihood and impact are scored on a consistent scale and labelled as estimates · interdependencies and correlated failures are named · every material risk has an owner · mitigations and residual risk are stated honestly · the register is prioritised by exposure and controllability, with accepted risks made explicit · it is re-reviewed on a cadence.

## Guardrails & escalation

An analytical method in the ERM tradition — not affiliated with KPMG or any firm, and not a compliance certification. Likelihood and impact are informed estimates, labelled as such, never presented as measured fact. Regulatory and legal risks are surfaced and routed to qualified counsel for judgment, not decided here; financial risks with real exposure route to the CFO. The deliverable is a scored, owned, living register — a risk that is only listed, never owned or mitigated, is not managed.

## References

- Catalogue: https://edwson.com/consumer-design-system.html · Contracts: https://edwson.com/cds/components.json · Agent brief: https://edwson.com/cds/AGENTS.md
- Related within this kit: the AI-displacement-risk, product-logic adversarial-review, financial-health-rating, and enterprise-health-score skills. Regulatory and legal calls route to counsel.
