Risk Assessment Summary Table

This summary table supports recording and reporting of each risk which has been assessed.

Risk Issue: / Assessed by:
Date:
Notes: Complete the table below using the tables and reference in this document which provideguidance for:
Risk description; Effectiveness of existing treatments;Risk levels; Adequacy of existing treatements; and Assessing proposed treatments.

Risk Description

How effective are current controls? / 
What is the Current Risk Level? / 
Does the effectiveness of current controls need improvement? /  Agreed solutions to be implemented.
<Enter / Choose an item. / Choose an item. / Choose an item. / <Enter
<Enter / Choose an item. / Choose an item. / Choose an item. / <Enter
<Enter / Choose an item. / Choose an item. / Choose an item. / <Enter
Add other rows to summarise each risk / Choose an item. / Choose an item. / Choose an item. / <Enter

30/01/2018Page 1 of 1

 Risk Description

Reflect on any emerging circumstancesyou are aware of that relate to the achievement of objectives.

Consider these circumstances from a range of perspectives then focus on your context.

Remember


 How effective are current controls?
Criteria for the effectiveness of controls. / Commentary
1: Ineffective / <INSERT comments on the thinking behind the judgement of effectiveness of existing controls>
Neither “prevention of” nor “reaction to” the risk are addressed.
What we do is reactive, behavioural and often poorly executed.
Misalignment between what we need to achieve and what we are doing.
Documentation significantly deficient or non-existent, non-auditable.
2: Largely ineffective / <INSERT comments on the thinking behind the judgement of effectiveness of existing controls>
Either “prevention of” or “reaction to” the risk are poorly addressed.
What we do is primarily reactive.
What we do is poorly executed when compared with the intention of the design.
Significant gaps in documentation, likely to achieve unfavourable audit.
3: Partially effective / <INSERT comments on the thinking behind the judgement of effectiveness of existing controls>
Either “prevention of” or “reaction to” the risk are reasonably well addressed.
Our focus is generally on reaction.
Design gaps between what we need to achieve and what we are doing.
Gaps in documentation, somewhat measurable and auditable.
4: Substantially effective / <INSERT comments on the thinking behind the judgement of effectiveness of existing controls>
“Prevention of” and “reaction to” the risk are both reasonably well addressed.
Blend of prevention and reaction.
General alignment between what we need to achieve and what we are doing.
Reasonably documented, measurable and auditable.
5: Fully effective / <INSERT comments on the thinking behind the judgement of effectiveness of existing controls>
“Prevention of” and “reaction to” the risk are comprehensively addressed
Our focus is on prevention.
Strong alignment between what we need to achieve and what we are doing.
Well documented, measurable and auditable.
 What is the Current Risk Level?
Risk Level / Conditions / Circumstances / Action
High / Conditions or Circumstances which could cause major adverse effect on the ability to achieve an objective. /
  • Requires giving high priority to immediate action.
  • Requires significant senior management intervention - and may require significant mobilisation of resources, including external assistance; with potential for ongoing resource diversion.

Medium / Conditions or Circumstances which could cause moderate adverse effect on the ability to achieve an objective. /
  • Requires prompt action.
  • Requires management intervention and may require external assistance.

Low / Conditions or Circumstanceswhich could cause minimal but measurable impact on the ability to achieve an objective. /
  • Appropriate governance - and monitoring - generally mitigates these risks.
  • Requires management attention and possibly, a minor use of external resources.

 Does the effectiveness of current controls need improvement?
Adequacy
Matrix / Risk Level
Low / Medium / High
Level of Control Effectiveness / 1 Ineffective / May require improvement / Must be improved / Must be improved
2 Largely Ineffective / May require improvement / May require improvement / Must be improved
3 Partially effective / Likely to be appropriate / May require improvement / May require improvement
4 Substantially effective / Likely to be appropriate / Likely to be appropriate / May require improvement
5 Fully effective / Likely to be appropriate / Likely to be appropriate / Likely to be appropriate
 Describe the
proposed treatments / Proposed treatments to be considered / Cost / Time to complete
  1. <INSERT >
/ $
$
$
$
Add other options as required
Rank the proposed treatments
by applying the selection criteria below. / Scores / To support the assessment process,
create columns and add proposed treatments to be assessed
Rec 1 / Rec 2 / Rec 3 / Rec 4
1. Risk reduction 1 = Low; 2 = Medium; or 3 = High – then (X2)
This control prevents a significant proportion of losses posed by this risk.
2. Continuity of effects 1 = Low; 2 = Medium; or 3 = High – then (X2)
The effects of the application of this control will be long term or ongoing.
3. Timing 1 = Low; 2 = Medium; or 3 = High – then (X2)
The beneficial effects of this control are likely to be quickly realized.
4. Cost-effectiveness 1 = Low; 2 = Medium; or 3 = High – then (X1.5)
This control is cost-effective.
5. Administrative efficiency 1 = Low; 2 = Medium; or 3 = High
We have the expertise and this control is easily administered.
6. Synergy, leverage and compatibility
1 = Low; 2 = Medium; or 3 = High
This control is likely to lead to further risk reducing actions by others and/or it is highly compatibility with other controls that exist or are likely to be adopted.
Sub Total
7. Risk creation (THIS IS A MINUS SCORE)
-1 = Low; - 2 = Medium; or -3 = High
Implementation of this control introduces new risks.
Total (Sub Total minus Risk Creation)

30/01/2018Page 1 of 1