Tabletop Exercise Facilitator Guide
# 14. Tabletop Exercise Facilitator Guide
**Domain:** Audit and Assurance
**Level:** Practitioner
## Use Case
Build a complete tabletop exercise for any GRC scenario - cyber incident, AI system failure, data breach, business disruption, regulatory investigation, or third-party failure. Produces a full facilitator guide with scenario injects, discussion questions, evaluation criteria, and a debrief structure. Ready to run with no additional preparation.
## Variables
| Variable | What to Enter | Example |
|----------|--------------|---------|
| `[EXERCISE_SCENARIO]` | The scenario the exercise will test | e.g. Ransomware attack on core banking systems; AI credit model produces discriminatory outputs at scale; critical cloud provider declares major outage; regulatory dawn raid |
| `[ORGANISATION]` | Organisation name and type | e.g. NHS Trust, 4,000 staff; mid-size UK insurer regulated by PRA and FCA |
| `[PARTICIPANTS]` | Who will participate and their roles | e.g. CISO, CRO, Head of Operations, Legal Counsel, Head of Communications, DPO - 8 people total |
| `[OBJECTIVES]` | What the exercise is designed to test or improve | e.g. Test decision-making under the new incident response policy; identify gaps in regulatory notification procedures; assess inter-team coordination |
| `[DURATION]` | How long the exercise will run | e.g. 2 hours, half-day, 90 minutes |
| `[EXISTING_PLANS]` | Plans or procedures the exercise is testing | e.g. Cyber Incident Response Plan v2.1, AI Governance Policy Section 10; or 'no formal plans in place' |
## The Prompt
Copy everything below this line. Replace all `[VARIABLES]` with your specific information. Paste into Claude, GPT-4o, Gemini, or any capable LLM.
---when to use it
Community prompt sourced from the open-source GitHub repo KunalCyber/GRC-Prompts-Library (MIT). A "Tabletop Exercise Facilitator Guide" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
businesscommunitygeneral
source
KunalCyber/GRC-Prompts-Library · MIT