Risk Assessment Matrix

This matrix helps evaluate AI development patterns and frameworks for client projects, balancing innovation with reliability.

Assessment Criteria

Risk Factors:

• Client Impact: Potential for project delays or quality issues
• Security: Data privacy and code security implications
• Maintainability: Long-term support and debugging complexity
• Transparency: Client understanding and audit trail clarity
• Skill Dependency: Team expertise requirements

Scoring: Low (1-3), Medium (4-6), High (7-10)

Framework Pattern Assessment

Task Management

Recommendation: Issue systems for client work, markdown for internal projects.

AI Guidance Patterns

Recommendation: Start with standards and definitions. Add hooks for quality-critical projects.

Multi-Agent Coordination

Recommendation: Avoid multi-agent patterns for client work until ecosystem matures.

Session Management

Recommendation: Parallel worktrees for development, containers for specific isolation needs.

Tool Integration

Recommendation: Testing hooks are essential. Custom tools for specific needs. Evaluate MCP carefully.

Development Roles

Recommendation: AI implementation with human oversight. Human PM and architect roles.

Code Delivery

Recommendation: Small diffs for production. Feature flags for experimentation. Scaffolds for prototyping only.

Context Preservation

Recommendation: Documentation is essential. Memory and continuity provide efficiency gains.

Client Project Risk Profiles

Conservative (Financial, Healthcare, Government)

• Use: Issue systems, coding standards, small diffs, documentation
• Avoid: Multi-agent, AI roles, full scaffolds, database access
• Evaluate: Testing hooks, custom tools, feature flags

Moderate (Standard Business Applications)

• Use: All low-risk patterns, selective medium-risk adoption
• Avoid: High-risk patterns without explicit client approval
• Experiment: MCP integrations, validation hooks, parallel workflows

Aggressive (Startups, Internal Tools, Prototyping)

• Use: All patterns based on technical merit
• Experiment: Multi-agent coordination, full scaffolds, AI roles
• Monitor: Performance, quality, and maintainability closely

Decision Framework

1. Assess Client Risk Tolerance: Conservative, Moderate, or Aggressive
2. Evaluate Pattern Risk: Use matrix scores
3. Consider Team Capability: Factor in skill dependency scores
4. Start Conservative: Begin with low-risk patterns
5. Iterate Carefully: Add complexity only with proven value
6. Document Decisions: Maintain rationale for pattern choices

Red Flags

Immediate Stop Conditions:

• AI making architectural decisions without human review
• Multi-agent systems in production without extensive testing
• Direct database access without security review
• Client deliverables generated without human validation
• Missing audit trails for AI-generated code

Warning Signs:

• Increasing debugging time for AI-generated code
• Client confusion about AI involvement in project
• Team dependency on complex frameworks
• Reduced code quality or test coverage
• Difficulty explaining AI decisions to stakeholders