Playbook

Migration Risk Register

Comprehensive risk inventory for migration projects with likelihood, impact, mitigations, and triggers.

Migration Risk Register

Every migration project has risks that destroy timelines, blow budgets, or kill the project entirely. Surfacing them upfront — with explicit mitigations and trigger conditions — is what separates successful migrations from cautionary tales.

When to use

  • After Legacy System Audit
  • Before kickoff (so leadership knows what they're signing up for)
  • Reviewed monthly during migration

Prompt

You are a senior architect with experience leading migrations that succeeded
AND ones that failed. Generate a comprehensive risk register for the
migration described below. Be honest about uncertainty.

## Input

**Migration summary:**
{{migration_summary}}

**Legacy audit findings:**
{{legacy_audit_findings}}

**Known concerns:**
{{known_concerns}}

## Output

A Markdown document with:

### 1. Risk philosophy
2-3 paragraphs:
- Why this register exists (not theater; actively used)
- How it should be reviewed (monthly, at slice transitions)
- How to add new risks as they emerge
- Distinction between risks (might happen), issues (happening now), and constraints (will definitely happen)

### 2. Top risks (2-page summary)

The 5-10 risks most likely to derail the project. Each:
- Risk title (one line)
- Likelihood (1-5)
- Impact (1-5)
- Risk score (likelihood × impact)
- One-line mitigation summary

This is what the steering committee needs to see.

### 3. Full risk register

For each risk:

```markdown
## RISK-NNN: [Risk title]

**Category:** Technical | Data | Schedule | Resource | External | Compliance | Operational | Knowledge
**Likelihood:** 1 (Very Low) - 5 (Very High)
**Impact:** 1 (Negligible) - 5 (Catastrophic)
**Risk score:** [Likelihood × Impact]
**Owner:** [Role responsible for monitoring]
**Status:** Open | Mitigating | Accepted | Closed | Materialized

### Description
What this risk is, in 2-3 sentences.

### Why it matters here
What's specific to THIS migration that makes this risk relevant.
(Generic risks don't drive action; specific ones do.)

### Trigger / leading indicators
What would tell us this risk is materializing? E.g.:
- Migration of slice 1 takes >2x estimate
- Parity tests show >1% drift in financial calculations
- Key DBA gives notice
- Vendor announces EOL of source DB version

### Mitigation strategy
**Preventive:** Actions to take to reduce likelihood
**Detective:** Actions to take to spot it early
**Reactive:** Actions to take if it happens

### Cost of mitigation
What we're paying to mitigate (time, money, scope).

### Cost of accepting
What happens if we don't mitigate and the risk materializes.

### Last reviewed
Date — risks should be reviewed and updated regularly.
```

### 4. Risks to consider (don't miss these)

The audit may have missed risks below. Generate entries for each that applies:

#### Technical risks
- **Hidden business logic in stored procedures**
  Stored procs are often skipped in initial estimates. Migrating logic from
  T-SQL to application code is high-effort.
- **Authentication migration complexity**
  Forms Auth, Windows Auth, custom auth migrating to OAuth/JWT is rarely simple.
- **Performance regression**
  New stack may not match legacy performance without explicit work.
- **Browser / client compatibility**
  Legacy may target IE11; modern frameworks may break for some users.
- **Mobile compatibility**
  Legacy may have mobile workflow patterns that don't translate to SPA.
- **Print and document generation**
  Server-side reports, PDF generation, label printing — easy to miss in scope.
- **Real-time / push notifications**
  WebSockets / Server-Sent Events / SignalR migration patterns differ.

#### Data risks
- **Data quality issues surfacing only at scale**
  Synthetic data hides issues; real data exposes 12 years of weirdness.
- **Schema drift between source and target during long migrations**
  Source schema changes mid-migration; new app must accommodate.
- **PII / sensitive data handling**
  Compliance bar might be different on target (e.g., cloud vs on-prem).
- **Backup compatibility**
  New backup format may not match old DR plan.
- **Reporting and BI dependencies**
  Reports built on source schema break when source goes away.
- **External integrations querying source DB directly**
  Salesforce, Tableau, custom reports — they all need to be redirected.

#### Schedule risks
- **Optimistic estimates**
  Migrations always take longer. Use historical rate-of-completion if available.
- **Scope creep**
  "While we're rewriting it, let's also fix..." is the project killer.
- **Decisions waiting on stakeholders**
  Auth approach, hosting decisions, vendor choices — schedule slips on these.
- **Dependencies on other teams**
  Network changes, AD changes, security review — out of your control.

#### Resource risks
- **Key person dependencies**
  Original developer is the only one who knows X.
- **Engineer burnout**
  Migrations are grueling; multi-quarter projects need rotation.
- **Vendor delays**
  External consultants, contractor availability.
- **Tool licensing**
  CDC tools, monitoring tools, IDE plugins all have lead times.

#### External risks
- **Compliance audit during migration**
  Auditor sees migration in flight; may flag concerns.
- **Vendor product changes**
  Source DB engine vendor announces deprecation mid-migration.
- **Customer pushback**
  Tenants discover migration; complain about minor differences.
- **Acquisition or reorg**
  Project loses its sponsor; deprioritized.

#### Compliance risks
- **Regulatory boundary crossing**
  Moving from on-prem to cloud may trigger new compliance review.
- **Data residency requirements**
  Target hosting region may not satisfy contracts.
- **Audit trail continuity**
  Migration period may have gaps in audit logs.

#### Operational risks
- **Operations team unfamiliar with new stack**
  Need training, runbooks, monitoring before cutover.
- **Disaster recovery untested on new stack**
  RTO / RPO requirements may not be met initially.
- **Monitoring blind spots**
  New system has different metrics than old; alerts miss issues.

#### Knowledge risks
- **Documentation gaps**
  Behavior nobody documented becomes "regression" when it changes.
- **Tribal knowledge loss**
  Operators who know "if X happens, do Y" leave or are not consulted.
- **Original developers gone**
  Code intent is unrecoverable; safest path is "preserve all behavior, even bugs".

### 5. Risk monitoring plan

How risks are tracked over time:
- Weekly review by tech lead — update statuses, add new risks
- Monthly review with steering committee — top 10 to leadership
- Trigger conditions watched automatically (CI fail rate, parity test drift, etc.)
- Post-mortem when a risk materializes — what did we miss? What's the next risk?

### 6. Risk acceptance log

Some risks we accept rather than mitigate. For each:
- Risk
- Why we're accepting it
- Conditions under which we'd reconsider
- Who approved acceptance

### 7. Communications plan

When a risk materializes or escalates:
- Who needs to know
- How fast
- Through what channel

## Style

- Specific over generic
- Honest about probability (don't underestimate to look optimistic)
- Distinguish risks from issues (issues are happening; risks might)
- Distinguish risks from constraints (constraints are certain; plan around them)

Tips

  • Review the register monthly. Risks change. New ones emerge.
  • A risk register that never changes is theater. It should reflect what's actually changing in the project.
  • Specific risks > vague risks. "Performance regression" is generic. "The order detail page may take 3-5x longer to render due to chatty API pattern" is actionable.
  • Don't only list bad outcomes. Risks that would speed up delivery (e.g., we discover the legacy system is simpler than feared) deserve tracking too.
  • Bring it to retrospectives. Did our top 3 risks materialize? Did unexpected ones? Why did we miss them?

Common mistakes to avoid

  • Treating the register as one-and-done (it's a living doc)
  • Generic risks that apply to any migration (be specific to this one)
  • Sandbagging likelihoods to look better to leadership
  • Ignoring "low likelihood, high impact" risks ("it'll never happen")
  • No trigger conditions (so risks materialize unnoticed)
  • Risks without owners (no one watches them)
  • Overlooking knowledge / people risks (the most common cause of failure)

Related assets

Command Palette

Search for a command to run...