top of page
  • Julian Talbot

ChatGPT for Risk Management

The following is a prompt that you can give to ChatGPT to develop a first draft of your scope and context statement for a risk assessment that follows the ISO31000:2018 Risk Management Guidelines.

I recommend that you replace the text in the 'Background' with the 'About' section from your website and/or the Executive Summary from your annual report. But if you just want to test it out, be my guest.

Use your imagination and have fun with it. I just tested it by asking it to invent my Formula 1 Grand Prix team which wasn't the same as owning a GP team but ChatGPT did a good job of making me feel like I owned one, at least for a moment.

ChatGPT typing
Scope, Context, and Criteria in a flash


Please create a scope and context statement for the following organization


Please use the following fictional organization as a reference:

  • Background: [Type of organization]

  • Organization Name: [insert name]

  • Organization Size: [Specify]

  • Annual Budget: [Specify]

  • Mission: [Specify]

  • Vision: [Specify]

  • Physical Locations: [Specify]

  • Objectives: [Specify]

  • Risk Assessment Scope: All security risks, excluding personnel security.


Please use ONLY the following Level 1 (H1) and Level 2 (H2) headings to produce a report without any bullet points:

  • Scope (H1)

    • Inclusions (H2)

    • Exclusions (H2)

  • Context (H1)

    • External Context (H2)

    • Internal Context (H2)

    • Risk Management Context (H2)

The following is guidance regarding the content and structure of the scope and context statement.



  • Describe what is included in this risk assessment. Please consider the areas of your organization, the types of risks, and the timescale over which these risks might emerge.


  • Clarify what is not included in this risk assessment. Are there any parts of your organization, certain types of risks, or periods that are outside the scope of this risk assessment?


External Context

Describe the external context within which your organization operates and strives to achieve its objectives. Please use the PESTLE framework to structure your response but omit the headings and produce the information in sentences and paragraphs, without bullet points.

  • Political. How do political influences such as legislation, trade tariffs, and policy changes impact your organization?

  • Economic. What global and local economic factors influence your organization's operations?

  • Social. How do societal forces, expectations, trends, and demographics affect your organization?

  • Technological. What technological changes and implications are relevant to your organization?

  • Legal. What legal environment and requirements for compliance does your organization need to consider?

  • Environmental. How do environmental factors such as pollution, climate change, and stakeholder expectations impact your organization?

Internal Context

Describe the internal context within which your organization operates. Please address the items in the MORTAR framework below but omit the headings. The text should read like a series of sentences and paragraphs not bullet points.

  • Management systems. Describe your organization's management systems, including policies, procedures, and processes.

  • Organization. Detail the culture, objectives, vision, and ethics of your organization.

  • Resources. Identify the resources, such as capabilities, cash flow, people, property, information, and intellectual property, that your organization possesses.

  • Technologies. Discuss the technology your organization employs, such as robotics, information systems, and communication tools.

  • Accountability. Describe your organization's structure, ownership, and governance.

  • Relationships. Identify and describe your organization's stakeholders, interconnections, and dependencies.

Risk Management Context

Outline the context within which your organization manages risk. Please use the SWOT framework to structure your response but omit the headings (the text should read like a series of paragraphs, not bullet points):

  • Strengths. What are your organization's strengths in managing risk?

  • Weaknesses. What weaknesses does your organization have concerning risk management?

  • Opportunities. What opportunities may present themselves for improving risk management in your organization?

  • Threats. What are the potential threats to achieving the organization's objectives regarding risk management?


Risk Management Template

If you would like a template for a risk assessment based on ISO3100:2018, you can find a risk assessment template and a short video on how to use it at this link.

Recent Posts

See All


bottom of page