Risk register
| Risk | Impact | Mitigation |
|---|---|---|
| The product tries to solve too many organisational problems at once | Slow delivery and unclear value proposition | Keep MVP focused on documentation, compliance, evidence, and auditable communication |
| Customers have limited budget | Weak conversion | Validate willingness to pay early and design tiers for small organisations |
| Volunteer users find the platform too complex | Low adoption | Test with volunteer-heavy organisations and simplify core workflows |
| Documentation and compliance duties sit with people who lack specialist expertise | Poor-quality controls, reputation damage, disputes, and legal liability exposure | Provide structured templates, review prompts, clear ownership, evidence links, and strong disclaimers that encourage appropriate professional advice |
| Legal and compliance variation is underestimated | Incorrect templates or misleading claims | Treat templates as starting points and consult appropriate advisors |
| Data migration is harder than expected | Costly onboarding | Start with lightweight imports and guided prioritisation of critical documents |
| Communication audit expectations exceed MVP scope | Customer disappointment | Be clear whether communication is logged, linked, or sent natively |
| Sensitive information is mishandled | Trust, privacy, and legal harm | Design privacy, role access, audit logs, and retention controls early |
| Generic tools are perceived as good enough | Competitive pressure | Emphasise sector templates, compliance links, and audit-ready governance records |
| Pilot feedback diverges across organisations | Scope pressure | Use the 80 percent shared model and separate common capability from configuration |
| Founder or delivery capacity is insufficient | Roadmap delay | Stage delivery, avoid bespoke commitments, and prioritise validated workflows |
Highest-priority risks
The most important early risks are adoption complexity, willingness to pay, legal/compliance variation, documentation quality, and MVP scope control.
These should shape discovery interviews and pilot design before major build investment.
Risk posture
Opries should be ambitious about sector value but conservative about product claims. The platform can help organisations manage evidence and obligations, but it should not claim to guarantee compliance.