Project & Change Risk Assessment Intake
A structured intake that scores the risk of any proposed project or change, flags the areas that need a deeper look, and routes medium and high-risk items to the right owner for sign-off before work starts.
A login-protected intake where anyone can submit a project or change, the tool scores its risk and flags review areas, the risk owner approves or holds medium/high items with conditions, decisions are emailed automatically, and every assessment exports to CSV.
Before you start
- A free Supabase account
- A free Resend account
- A free Vercel account (to publish when ready)
- Your current risk questions or intake form, even if it lives in a spreadsheet
The problem this kills
Every new project, system change, or "quick" new activity carries risk - but the risk check is usually a forwarded email, a meeting nobody documented, or a spreadsheet one person owns and everyone else guesses at. Some initiatives get a hard look; others slip through because they landed on a busy week. When something goes wrong later, nobody can find who assessed it, what they decided, or why.
You need a consistent, written go/no-go on every new initiative - one that scores risk the same way every time, automatically pulls the right deep-dive questions when something sensitive is involved (personal data, safety, money, regulation), and forces a real person to sign off before high-risk work begins.
What you'll build
A clean web intake where a PMO lead, change manager, or project sponsor describes a proposed project or change, answers a short questionnaire, and gets an instant risk score with flagged review areas. Low-risk items auto-clear but are still logged. Medium and high-risk items wait for the risk owner, who reviews, then approves with conditions or holds the work. Every decision triggers an email to the submitter, and the whole register exports to CSV - so your existing risk register or GRC system always has the truth.
What's inside the Implementation Plan
The plan opens by interviewing you about your business - your current intake process, the systems and spreadsheets you use, how you name and number projects, your typical and peak submission volumes, your exact scoring and approval rules, and your messy edge cases. It reflects a short tailored spec back to you and waits for your thumbs-up before building anything. The result is a tool shaped around how your organization actually assesses risk - not a generic template you have to bend to fit.
From there it walks you, one copy-paste prompt at a time, through building the database, the scoring engine, the branching deep-dive questions, the approval gate, the decision emails, and the CSV export. Each step ends with a prompt you paste straight into your AI coding agent.
The governance it includes (this is the point)
- Login so only your team can submit or review assessments.
- Row-level security so people only ever see their own organization's data.
- A complete audit trail - who submitted, who scored, who approved or held, and exactly when.
- A human-in-the-loop approval gate - the tool scores and drafts a recommendation, but a named risk owner must approve medium/high items before the project is cleared to proceed.
- Duplicate guards keyed to your project/change ID, so the same initiative can't be assessed twice by accident.
Who it's for
PMO leads, change managers, and risk partners who need a consistent, defensible risk check on new initiatives - and who are tired of chasing sign-offs through email. If you can describe how you decide what's risky, you can build this.
You've got this - paste the first prompt and let the agent interview you.