Risk assessment methodology for scoring contracts before detailed review. Enables prioritization and right-sized review effort based on quantified risk dimensions. Customize with your company's risk tolerance and dimension weights.
# Contract Risk Scorer
## Overview
Not all contracts need the same level of review. A $5K SaaS subscription with standard terms is not the same as a $500K services agreement with a startup handling customer data. This skill provides a scoring methodology to assess contract risk and allocate review effort appropriately.
## Why Score Risk
```
WITHOUT RISK SCORING:
─────────────────────
All contracts reviewed same way
High-risk contracts under-reviewed (buried in queue)
Low-risk contracts over-reviewed (wasted effort)
No visibility into risk exposure
WITH RISK SCORING:
──────────────────
High-risk contracts prioritized
Low-risk contracts fast-tracked
Review depth matches risk level
Portfolio-level risk visibility
```
## Risk Dimensions
### The Seven Dimensions
```
┌─────────────────────────────────────────────────────────────────┐
│ CONTRACT RISK DIMENSIONS │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 1. VALUE 2. COUNTERPARTY 3. DATA EXPOSURE │
│ Financial Who is this? What data access? │
│ exposure Stability? Sensitivity? │
│ │
│ 4. TERM 5. CONTRACT TYPE 6. JURISDICTION │
│ Duration Standard or Where? │
│ Lock-in unusual? What law? │
│ │
│ 7. NEGOTIABILITY │
│ Their paper or │
│ ours? │
│ │
└─────────────────────────────────────────────────────────────────┘
```
## Scoring Methodology
### Dimension 1: Contract Value
| Value Range | Score | Rationale |
|-------------|-------|-----------|
| <$25,000 | 1 | Limited financial exposure |
| $25,000 - $100,000 | 2 | Moderate exposure |
| $100,000 - $500,000 | 3 | Significant exposure |
| $500,000 - $1,000,000 | 4 | Major exposure |
| >$1,000,000 | 5 | Critical exposure |
```
CUSTOMIZATION REQUIRED:
┌─────────────────────────────────────────────┐
│ Your value ranges: │
│ │
│ Score 1: Under $________ │
│ Score 2: $________ to $________ │
│ Score 3: $________ to $________ │
│ Score 4: $________ to $________ │
│ Score 5: Above $________ │
└─────────────────────────────────────────────┘
```
### Dimension 2: Counterparty Risk
| Counterparty Type | Score | Rationale |
|-------------------|-------|-----------|
| Fortune 500 / Established public company | 1 | High stability, reputation risk |
| Mid-market established company | 2 | Stable, reasonable risk |
| Growth-stage company (funded, >3 years) | 3 | Some stability uncertainty |
| Early-stage startup (<3 years, funded) | 4 | Higher failure risk |
| Unknown / Individual / Unfunded | 5 | Uncertain stability |
**Additional Counterparty Factors:**
| Factor | Score Adjustment |
|--------|------------------|
| Prior relationship (positive history) | -1 |
| Prior relationship (issues) | +1 |
| Publicly traded | -1 |
| Private equity backed | 0 |
| VC backed (Series B+) | 0 |
| Seed/Angel stage | +1 |
| Foreign entity | +1 |
| Government entity | 0 (but special handling) |
```
CUSTOMIZATION REQUIRED:
┌─────────────────────────────────────────────┐
│ Your counterparty classifications: │
│ │
│ Approved vendors (score 1): [list/location] │
│ Preferred vendors (score 2): [list/location]│
│ Standard vendors (score 3): default │
│ Watch list (score 4): [list/location] │
│ Blocked vendors (score 5): [list/location] │
└─────────────────────────────────────────────┘
```
### Dimension 3: Data Exposure
| Data Type | Score | Examples |
|-----------|-------|----------|
| No data access | 1 | Physical goods, no system access |
| Internal business data only | 2 | Financial systems, internal docs |
| Employee data | 3 | HR systems, payroll |
| Customer data (non-sensitive) | 4 | CRM, usage analytics |
| Sensitive data (PII, PHI, financial) | 5 | Healthcare, payments, SSN |
**Data Exposure Checklist:**
```
DATA ACCESS ASSESSMENT:
□ No system access required
□ Read-only access to internal systems
□ Write access to internal systems
□ Access to employee data
□ Access to customer data
□ Access to customer PII
□ Access to payment/financial data
□ Access to healthcare data (PHI)
□ Cross-border data transfer required
Highest checked = Data score
```
### Dimension 4: Contract Term
| Term Length | Score | Rationale |
|-------------|-------|-----------|
| Month-to-month | 1 | Easy exit |
| <1 year | 2 | Short commitment |
| 1-2 years | 3 | Standard commitment |
| 2-3 years | 4 | Extended commitment |
| >3 years | 5 | Long-term lock-in |
**Term Adjustments:**
| Factor | Score Adjustment |
|--------|------------------|
| Termination for convenience | -1 |
| No termination for convenience | +1 |
| Auto-renewal (standard notice) | 0 |
| Auto-renewal (>90 day notice required) | +1 |
| Termination penalties | +1 |
### Dimension 5: Contract Type
| Contract Type | Score | Rationale |
|---------------|-------|-----------|
| NDA (standard) | 1 | Low complexity, standard terms |
| Simple purchase order | 1 | Transactional |
| SaaS subscription (standard) | 2 | Standard terms available |
| Professional services | 3 | Deliverable/performance risk |
| MSA (new relationship) | 3 | Foundational agreement |
| Licensing agreement | 4 | IP complexity |
| Partnership/Reseller | 4 | Ongoing relationship complexity |
| Joint venture / Investment | 5 | High complexity, long-term |
| M&A related | 5 | Highest complexity |
### Dimension 6: Jurisdiction
| Jurisdiction | Score | Rationale |
|--------------|-------|-----------|
| Your home state | 1 | Known law, convenient forum |
| Favorable US state (DE, NY) | 2 | Predictable, business-friendly |
| Other US state | 2 | Generally manageable |
| Canada, UK, Western Europe | 3 | Similar legal systems |
| Other developed markets | 4 | Different legal systems |
| Emerging markets / High-risk jurisdictions | 5 | Enforcement uncertainty |
```
CUSTOMIZATION REQUIRED:
┌─────────────────────────────────────────────┐
│ Your jurisdiction preferences: │
│ │
│ Home state (score 1): _______________ │
│ Preferred states (score 2): _________ │
│ Standard international (score 3): ____ │
│ Requires approval (score 4+): ________ │
└─────────────────────────────────────────────┘
```
### Dimension 7: Negotiability
| Negotiability | Score | Rationale |
|---------------|-------|-----------|
| Our approved template | 1 | Known terms, low risk |
| Our template with minor mods | 2 | Mostly known terms |
| Negotiated (balanced) | 3 | Both parties' input |
| Their paper (standard vendor) | 3 | Need to review |
| Their paper (non-negotiable) | 4 | Limited recourse |
| Their paper (aggressive) | 5 | One-sided terms likely |
## Risk Calculation
### Basic Formula
```
RISK SCORE = Σ (Dimension Score × Weight)
DEFAULT WEIGHTS:
Dimension 1 (Value): 20%
Dimension 2 (Counterparty): 15%
Dimension 3 (Data): 25%
Dimension 4 (Term): 10%
Dimension 5 (Type): 10%
Dimension 6 (Jurisdiction): 10%
Dimension 7 (Negotiability): 10%
────
100%
```
### Weighted Score Example
```
EXAMPLE: SaaS Contract
Dimension 1 (Value): $150K → Score 3 × 20% = 0.60
Dimension 2 (Counterparty): Series B startup → Score 3 × 15% = 0.45
Dimension 3 (Data): Customer PII → Score 5 × 25% = 1.25
Dimension 4 (Term): 2 years → Score 3 × 10% = 0.30
Dimension 5 (Type): SaaS → Score 2 × 10% = 0.20
Dimension 6 (Jurisdiction): Delaware → Score 2 × 10% = 0.20
Dimension 7 (Negotiability): Their paper → Score 3 × 10% = 0.30
TOTAL RISK SCORE: 3.30
```
```
CUSTOMIZATION REQUIRED:
┌─────────────────────────────────────────────┐
│ Your dimension weights: │
│ │
│ Value: _____% │
│ Counterparty: _____% │
│ Data exposure: _____% │
│ Term: _____% │
│ Contract type: _____% │
│ Jurisdiction: _____% │
│ Negotiability: _____% │
│ │
│ Total: 100% │
└─────────────────────────────────────────────┘
```
## Risk Levels
### Score Interpretation
| Score Range | Risk Level | Review Approach |
|-------------|------------|-----------------|
| 1.0 - 1.5 | **Low** | Self-service or light-touch |
| 1.5 - 2.5 | **Medium** | Standard review |
| 2.5 - 3.5 | **High** | Full review, senior legal |
| 3.5 - 5.0 | **Critical** | Priority review, exec involvement |
### Risk Level Actions
```
LOW RISK (1.0 - 1.5):
───────────────────
□ Self-service with checklist
□ Or light-touch legal review
□ Standard approval authority
□ Turnaround: 1-2 days
MEDIUM RISK (1.5 - 2.5):
────────────────────────
□ Standard legal review
□ Manager approval
□ Document any deviations
□ Turnaround: 3-5 days
HIGH RISK (2.5 - 3.5):
──────────────────────
□ Full legal review
□ Senior legal involvement
□ Business sponsor required
□ Director approval
□ Turnaround: 5-7 days
CRITICAL RISK (3.5 - 5.0):
──────────────────────────
□ Priority legal handling
□ GC/CLO awareness
□ Cross-functional review
□ Executive approval
□ Board notification (if threshold met)
□ Turnaround: As needed
```
## Risk Scorecard
```
CONTRACT RISK SCORECARD
═══════════════════════
CONTRACT INFORMATION
────────────────────
Contract Name: _________________________
Counterparty: _________________________
Type: _________________________________
Value: $______________________________
Term: ________________________________
DIMENSION SCORES
────────────────
Score Weight Weighted
(1-5) % Score
Dimension 1: Value [ ] × [ ]% = [ ]
Dimension 2: Counterparty [ ] × [ ]% = [ ]
Dimension 3: Data Exposure [ ] × [ ]% = [ ]
Dimension 4: Term [ ] × [ ]% = [ ]
Dimension 5: Contract Type [ ] × [ ]% = [ ]
Dimension 6: Jurisdiction [ ] × [ ]% = [ ]
Dimension 7: Negotiability [ ] × [ ]% = [ ]
────────────
TOTAL RISK SCORE: [ ]
RISK LEVEL: □ Low □ Medium □ High □ Critical
RECOMMENDED REVIEW: ________________________
APPROVAL AUTHORITY: ________________________
SCORED BY: _____________ DATE: _____________
```
## Override Triggers
### Automatic Escalation
Regardless of calculated score, escalate to next level if:
| Trigger | Action |
|---------|--------|
| Sensitive data (PHI, financial) | Minimum: High |
| Government/public sector | Minimum: High |
| Strategic relationship | +1 level |
| First contract with counterparty | +1 level |
| CEO/Board counterparty | Minimum: Critical |
| Press/PR implications | +1 level |
| Regulatory implications | Minimum: High |
### Manual Override
```
OVERRIDE DOCUMENTATION:
──────────────────────
Contract: _____________________
Calculated Risk Level: ________
Override Risk Level: __________
OVERRIDE RATIONALE:
□ Strategic importance
□ Executive request
□ Risk factors not captured in scoring
□ Other: _________________________
Explanation: ___________________
_______________________________
Approved by: ___________________
Date: _________________________
```
## Portfolio Risk View
### Aggregated Risk Tracking
```
PORTFOLIO RISK DASHBOARD
────────────────────────
BY RISK LEVEL:
Low: [████████████████] 45 contracts ($2.1M)
Medium: [████████████ ] 28 contracts ($4.5M)
High: [████████ ] 15 contracts ($6.2M)
Critical: [██ ] 5 contracts ($3.8M)
RISK CONCENTRATION:
- Highest counterparty exposure: $X with [Vendor]
- Highest data risk category: [Category]
- Contracts expiring next quarter: [X] ($Y value)
ACTION ITEMS:
- [X] contracts require renewal review
- [Y] contracts past review date
- [Z] contracts in critical status
```
## Integration with Intake
### Pre-Scoring at Intake
```
INTAKE FORM + RISK SCORE:
When legal request submitted:
1. Requestor answers scoring questions
2. System calculates preliminary score
3. Auto-routes based on risk level
4. Legal validates/adjusts score
5. Review proceeds at appropriate level
```
### Scoring Questions (for intake form)
```
1. What is the total contract value?
□ Under $25K □ $25K-$100K □ $100K-$500K □ $500K-$1M □ Over $1M
2. Who is the counterparty?
□ Fortune 500/Public □ Established mid-market □ Growth-stage
□ Early-stage startup □ Unknown/Individual
3. What data will they access?
□ None □ Internal only □ Employee data
□ Customer data □ Sensitive (PII/PHI/financial)
4. What is the contract term?
□ Month-to-month □ Under 1 year □ 1-2 years
□ 2-3 years □ Over 3 years
5. What type of contract?
□ NDA □ PO/Order form □ SaaS □ Services
□ MSA □ Licensing □ Partnership □ Other
6. What jurisdiction/law applies?
□ Our state □ Other US □ Canada/UK/EU □ Other
7. Whose paper?
□ Our template □ Our template modified □ Negotiated
□ Their standard paper □ Their non-negotiable
```
## Resources
### references/
- **scoring-calibration-guide.md** — How to calibrate scores for your organization
- **override-criteria.md** — Detailed override trigger documentation
- **portfolio-reporting-guide.md** — Risk portfolio analytics
### scripts/
- **risk-scorer.py** — Calculates risk score from inputs
- **portfolio-analyzer.py** — Aggregates risk across contracts
### assets/
- **scorecard-template.xlsx** — Excel risk scorecard
- **dashboard-template.xlsx** — Portfolio risk dashboard
- **intake-scoring-form.docx** — Intake form with scoringFramework for documenting and applying contract negotiation positions by clause type. Enables sales and procurement to negotiate effectively without involving legal for every term. Customize with your company's specific positions, thresholds, and red lines.
Process checklists and risk assessment for employment actions including terminations, leaves, and investigations. Ensures compliance and reduces legal exposure. Customize with your jurisdiction-specific requirements and company policies.
Decision framework for routing legal requests - when legal review is required vs. when business can self-serve. Reduces legal bottleneck while ensuring appropriate oversight. Customize with your company's thresholds, approved templates, and routing rules.
Try it now in your favorite AI, or set up MCP for persistent access.
Try Now
Or Set Up MCP