Appendix D Risk Management Procedure Template

APPENDIX D:
Risk Management Procedure Template

248615841.DO
Ta!le o" ontents
Risk Management Procedure.....................................................................................1
Template...................................................................................................................... 1
Ta!le o" ontents........................................................................................................ 2
#ntroduction................................................................................................................. $
Definitions..................................................................................................................... 3
Objectives of Risk Management...................................................................................4
Benefits of Risk Management.......................................................................................4
Roles and responsi!ilities.......................................................................................... 5
Risk Management Governance Structure.....................................................................5
Relations%ip &it% ot%er processes............................................................................'
(e) Process *teps...................................................................................................... 8
One: Communicate an Consu!t..................................................................................."
#$o: %stab!is& t&e Conte't......................................................................................... ()
#&ree: *entif+ Risks................................................................................................... ((
,our: -na!+se Risks.................................................................................................... (.
,ive: %va!uate Risks................................................................................................... (3
Si': #reat Risks........................................................................................................... (4
Seven: Monitor an Revie$........................................................................................ (5
Risk Reporting.......................................................................................................... 18
Risk Management Re/orting Res/onsibi!ities.............................................................(0
Risk %sca!ation........................................................................................................... ("
Risk Re/orts an Reci/ients...................................................................................... ("
Revie$ an -//rova!.................................................................................................. .)
-ccess to Risk Management Re/orting ,rame$ork....................................................)
Re"erences................................................................................................................ 2+
,ppendi-. Risk ontrol /ikeli%ood onse0uence Rating....................................18
Contro! %ffectiveness Rating Criteria..........................................................................(0
1ike!i&oo Rating Criteria............................................................................................ (0
Conse2uence Rating Sca!e........................................................................................ (0
,ppendi-. Risk assessment templates and %eat map...........................................18
Risk -ssessment #em/!ate......................................................................................... (0
Risk -ssessment #reatment 3!an #em/!ate................................................................(0
,ppendi-. Risk Reporting potential risk reports...................................................1
#em/!ates 4%'am/!es5................................................................................................ (0
Risk 3rofi!e................................................................................................................. (0
Risk #reatment -ctions Status 6 Detai!e...................................................................(0
-ssurance Coverage of 7e+ Risks.............................................................................("
Risk Management -nnua! -ctivit+ Sc&eu!e an *m/rovement *nitiatives...................)
8e$ an %merging #&reats an O//ortunities............................................................(
Detai!e Risk Register................................................................................................ .(
248615841.DO
#ntroduction
The role of this risk management procedure is to provide staff with guidance in how to
apply consistent and comprehensive risk management This procedure provides information
on how to identify! analyse! evaluate and treat risks
In addition! it identifies other key activities needed for an effective risk management
approach The risk management process contained in this procedure aligns with the
Australian "tandard for #isk $anagement %A"&N'" I"()*+++:,++-.
#isk is the chance of something happening that will have an impact on o/0ectives It is
important that we manage risks in order that the negative impact of risks upon achievement
of our o/0ectives is minimised and our a/ility to realise potential opportunities is ma1imised
"et out /elow is a diagram illustrating how this procedure interacts with other key risk
management documents:
De"initions
Risk Management is the
culture! processes and
structures that are directed
towards realising potential
opportunities whilst
managing adverse effects
%A"&N'" I"()*+++:,++-.
A risk is the chance of
something happening that will have an impact on o/0ectives %A"&N'" I"()*+++:,++-.
A control is a process! affected /y an entity2s /oard of directors! management and other
personnel! designed to provide reasona/le assurance regarding the achievement of
o/0ectives
248615841.DO
O!1ecti2es o" Risk Management
#isk management is a responsi/ility of all! with specific risk responsi/ilities /eing allocated to
different groups and levels within the organisation It is important to have complete and
current risk information availa/le as this information assists the to make more informed
decisions around /oth strategic direction and operational o/0ectives
#isk management is not a stand3alone discipline /ut re4uires integration with e1isting
/usiness processes such as /usiness planning and Internal Audit! in order to provide us with
the greatest /enefits
The o/0ectives of a risk management framework are to:
Provide a systematic approach to the early identification and management of risks5
Provide consistent risk assessment criteria5
$ake availa/le accurate and concise risk information that informs decision making
including /usiness direction5
Adopt risk treatment strategies that are cost effective and efficient in reducing risk to
an accepta/le level5 and
$onitor and review risk levels to ensure that risk e1posure remains within an
accepta/le level
3ene"its o" Risk Management
#isk management will support us in /eing a/le to meet our values and deliver upon our
o/0ectives Application of a consistent and comprehensive risk management process will:
Increase the likelihood of us achieving our strategic and /usiness o/0ectives5
Encourage a high standard of accounta/ility at all levels of the organisation5
"upport more effective decision making through /etter understanding of risk
e1posures5
6reate an environment that ena/les us to deliver timely services and meet
performance o/0ectives in an efficient and cost effective manner5
"afeguard our assets 7 human! property and reputation5 and
$eet compliance and governance re4uirements
248615841.DO
Roles and responsi!ilities
An organisation2s a/ility to conduct effective risk management is dependent upon having an
appropriate risk governance structure and well3defined roles and responsi/ilities
It is important for everyone to /e aware of his or her individual and collective risk
management responsi/ilities In order for risks to /e effectively managed! it is essential to
have people /ehaving in a way that is consistent with the organisation2s approved approach
This indicates that risk management is not merely a/out having a well3defined process /ut
also a/out effecting the /ehavioural change necessary for risk management to /e em/edded
in all organisational activities
"et out /elow is risk management governance structure This structure illustrates that
risk management is not the sole responsi/ility of one individual /ut rather occurs and is
supported at all organisational levels
Risk Management 4o2ernance *tructure
# i s k 6 o m m i t t e e
" t a f f 8 6 o n t r a c t o r s
3 c o m p l y w i t h r i s k p r o c e d u r e s
3 i d e n t i f y r i s k s
E 1 e c u t i v e 8 $ a n a g e m e n t
3 s u p p o r t r i s k c u l t u r e
3 m a n a g e 8 i d e n t i f y r i s k s
# i s k 6 o m m i t t e e
3 r e v i e w s r i s k s t a t u s
3 e n d o r s e s r i s k s t r a t e g y ! p o l i c y
6 E (
3 d r i v e s c u l t u r e o f r i s k
9 o a r d
3 p r o v i d e s o v e r s i g h t a n d r e v i e w
248615841.DO
Provide a high level description of the roles of the various people or groups involved
in the risk governance structure This will /e e1panded in the procedures
Boar
Indicate the detailed responsi/ilities of the 9oard %if applica/le.
Committee
Indicate the detailed responsi/ilities of the relevant committee %if applica/le.
C&ief %'ecutive Officer
Indicate the detailed responsi/ilities of the relevant 6E( or relevant position %if
applica/le.
Risk Committee
Indicate the detailed responsi/ilities of the relevant internal risk committee or relevant
group & forum %if applica/le.
Risk Manager
Indicate the detailed responsi/ilities of the relevant internal risk committee or relevant
risk manager 3 this may /e a specific role or it may /e one role has specific risk oversight
respons/ilities for the organisation %if applica/le.
Managers
Indicate the detailed responsi/ilities of the management team! may include managing
risks! fostering risk culture
Staff an Contractors
Indicate the detailed responsi/ilities of staff $ay include applying risk
management within their roles
248615841.DO
Relations%ip &it% ot%er processes
#isk management is not a stand3alone discipline In
order to ma1imi:e risk management /enefits and
opportunities! it needs to /e integrated with e1isting
/usiness processes
"ome of the key /usiness processes with which risk alignment is necessary are:
#nternal ,udit 7 Internal Audit reviews the effectiveness of controls
Alignment /etween the Internal Audit function and that of the controls within the
#isk $anagement process is critical! and the role of #isk 8 6ompliance $anager
will seek to align these core processes
3usiness Planning 5including !udget6 7 Identifying risk during the /usiness
planning process allows us to set realistic delivery timelines for strategies&
activities or to choose to remove a strategy& activity if the associated risks are too
high or unmanagea/le The impact of changing risk levels over the year can then
/e mapped to the relevant o/0ective! ena/ling us to conduct more timely
e1pectation management with key stakeholders

Per"ormance Management 7 All risk responsi/ilities! whether a general
responsi/ility to use the risk management process or specific responsi/ilities such
as risk ownership or implementation of risk treatments should /e included within
the relevant individuals2 performance plans
248615841.DO
(e) Process *teps
#isk management is a continual process that involves the
following key steps:
6ommunicate and consult
Esta/lish the conte1t
Identify risks
Analyse risks
Evaluate risks
Treat risks
$onitor and review
It is important to follow this process when conducting risk management as this ensures that
the approach to risk management is /oth comprehensive and consistent
This process is formally conducted across the entire organisation on an annual /asis This
occurs in con0unction with the corporate and /usiness planning process and involves the
review and update of risk profiles for the enterprise as a whole includes a review for each
individual division This illustrates a ;top3down< and a </ottom3up< approach to risk
management
Although this process is conducted across the entire organisation on an annual /asis! risk
management is not solely an annual process It should /e occurring at all times and in
relation to all /usiness activities Therefore everyone has a responsi/ility to continually apply
this process when making /usiness decisions and when conducting day3to3day
management
To assist you in completing the risk management process! each process step is descri/ed in
further detail
Process *tep O2er2ie& Process
One. ommunicate
and onsult
6ommunication and consultation with internal and
e1ternal stakeholders is important throughout the risk
management process to ensure the organisation has a
comprehensive picture of the risks we face
7-ternal communication and consultation is targeted
at informing e1ternal stakeholders of:
The organisation2s risk management approach
The effectiveness of our risk management
approach
#e4uesting feed/ack where appropriate
#isk management is a key governance and
management function! which e1ternal stakeholders!
including =overnment and industry! are paying!
increased attention to "atisfying these stakeholders
that we use appropriate risk management practices will
influence their perception of the organisation
#nternal communication and consultation is aimed at
informing internal stakeholders of:
The risk management process
"eeking feed/ack in relation to the process
>ey risks and their responsi/ilities relating to
management of these
T&o. 7sta!lis% t%e
onte-t
This means considering:
1. T%e e-ternal conte-t
9uilding an understanding of our e1ternal stakeholders
and hence the e1tent to which this e1ternal environment
will impact on our a/ility to achieve corporate o/0ectives:
9usiness! "ocial! #egulatory! 6ultural!
6ompetitive! ?inancial and Political Environments
in which we operate
It also involves considering our strengths!
weaknesses! opportunities and threats
2. T%e internal conte-t
This is aimed at understanding organisational elements
and the way they interact! such as:
6ulture! internal stakeholders! structure!
capa/ilities %in terms of resources such as people!
systems! processes and capital.! goals and
o/0ectives and the strategies in place to achieve
these
$. T%e risk management conte-t
The goals! o/0ectives! strategies! scope and parameters
for the risk management process itself must also /e
considered
8ote.
The ;Esta/lish the 6onte1t< part of the risk management
process will only need to /e repeated when there are
significant changes to either our e1ternal environment or
/usiness operations
T%ree. #denti") Risks
#isk identification is a key step in the risk management
process to ensure a complete list of risks is identified
#isks can /e identified using various tools and
techni4ues including:
Part of risk identification also involves identifying risks
that may arise ;over the hori:on< "ome e1amples of
possi/le considerations could include:
@orldwide events
#ising pu/lic e1pectations re pu/lic sector
entities
6hanging pu/lic attitudes towards =overnment
Identifying all risk elements provides a /etter
understanding of the risk and assists when considering
current controls and identifying further treatment actions
It also reduces risk duplication and minimises confusion
as to risk meaning
9our. ,nal)se Risks
(nce a risk is identified! it is important to ade4uately
descri/e it The components of a comprehensive risk
description are:
Event eg Aigh staff turnover5
6ause eg "taff 0o/ dissatisfaction5 and
Impact ie Ina/ility to achieve strategic o/0ectives
#isk analysis involves:
Identifying controls currently in place to
manage the risk /y either reducing the
conse4uence or likelihood of the risk5
Assessing the effectiveness of current
controls5
Identifying the likelihood of the risk occurring5
and
Identifying the potential conse4uence or
impact that would result if the risk was to
occur
@hen evaluating the effectiveness of current controls! the
factors to consider include consistency of application!
understanding of control content and documentation of
controls where appropriate 6ontrols are aimed at
/ringing the risk within an accepta/le level The
evaluation of current controls can occur through several
different processes including:
6ontrol self assessment5
Internal Audit reviewing the effectiveness of
controls5 and
E1ternal Audit reviewing the effectiveness of
controls
The conse4uence and likelihood ratings! as identified
after consideration of current controls! are com/ined to
determined the overall risk level
9i2e. 72aluate Risks
#isk evaluation involves considering the risk2s overall risk
level This allows determination of whether further risk
treatment actions are re4uired to /ring the risk within a
level accepta/le
The output of the risk evaluation phase is a prioritised list
of risks
There may /e times when the action re4uired will differ
from that identified a/ove5 however where this is the
case! the 6hief E1ecutive (fficer must approve deviation
from the a/ove action
*i-. Treat Risks
#isk treatment involves e1amining possi/le treatment
options to determine the most appropriate action for
managing a risk Treatment actions are re4uired where
the current controls are not managing the risk within
defined tolerance levels Treatment options could involve
improving e1isting controls and implementing additional
controls
Possi/le risk treatment options include:
Avoid the risk 7 change /usiness process or
o/0ective so as to avoid the risk5
6hange the likelihood 7 undertake actions aimed
at reducing the cause of the risk5
6hange the conse4uence 7 undertake actions
aimed at reducing the impact of the risk5
"hare&transfer the risk 7 transfer ownership and
lia/ility to a third party5 and
#etain the risk 7 accept the impact of the risk
@hen determining the preferred treatment option!
consideration should /e given to the cost of the treatment
as compared to the likely risk reduction that will result
%cost /enefit analysis.
(n selecting the preferred treatment option! the following
should occur:
The cost of any actions should /e incorporated
into the relevant /udget planning process5
A responsi/le person should /e identified for
delivery of the action! with this e1pectation /eing
communicated to them5
A realistic due date should /e set5 and
Performance measures should /e determined
*e2en. Monitor and
Re2ie&
#isk information re4uires regular monitoring and review
to ensure currency The environment in which we
operate is constantly changing and so therefore are our
risks If risk information is inaccurate! we may make poor
decisions that could otherwise have /een avoided
Therefore #isk (wners and #isk Treatment (wners have
key risk and control review and update responsi/ilities to
ensure continued currency of information pertaining to
their particular risks In addition! on an annual /asis! the
entire risk register will /e reviewed! with review
participation /eing /roader than solely #isk (wners and
#isk Treatment (wners
It is also important for the effectiveness of the risk
management framework to monitored and reviewed This
framework drives the e1tent to which risks will /e
ade4uately managed throughout the organisation
$onitoring implementation of the #isk $anagement
"trategy is one availa/le monitoring mechanism
In addition! the risk management framework itself will /e
reviewed annually! with results /eing reported to the A#6
and the 9oard As risk management developments are
constantly occurring! this review mechanism will provide
us with information on current risk management
developments! facilitating us making continuous risk
management improvements
Risk Reporting
"et out /elow is a diagram illustrating how the risk management reporting process fits into
overall risk management framework
#isk management reporting is a key element of the B$onitor
and #eview2 phase of the risk management process! and
needs to occur at each step of the process This risk
management reporting process supports a formalised!
structured and comprehensive approach /y to the
monitoring and review of its risks! there/y enhancing its risk
management process
Risk Management Reporting Responsi!ilities
4roup Responsi!ilities
9oard #eview reports
6ommunicate risk information issues /ack to the organisation
Identify new and emerging risks
Audit and #isk
6ommittee
#eview reports
6ommunicate risk information issues /ack to the organisation
6ommunicate key risk issues to the 9oard
6E( #eview reports
6losely monitor e1treme risks
#isk $anagement
E1ecutive 6ommittee
#eview reports
6ommunicate key risk issues to the Audit and #isk 6ommittee
=eneral $anagers #eview reports
6ommunicate key risk issues to the #$E6
#isk (wners $onitor and review the risks which they own
Prepare reports for the risks which they own
Provide the #isk and 6ompliance $anager with information on
the risks which they own
=eneral $anager!
?inance and
6orporate "ervices
#eview reports prepared /y the #isk and 6ompliance $anager
Provide e1ecutive support to the #isk and 6ompliance
$anager! for e1ample! re4uiring timely provision of risk
information from the organisation to the #isk and 6ompliance
$anager
#isk and 6ompliance
$anager
Prepare reports
=ather risk information from the relevant organisational people!
for e1ample! #isk (wners
$anagement and
"taff
Provide risk information to those that re4uest it
$onitor and review risks within their areas
18
6orporate Plan ,++C 3 ,+*+
9usiness Plan ,++C 3 ,++D
#isk Policy
#isk $anagement Process
#isk Tools
#isk $anagement
#eporting ?ramework
#isk "trategy ,++C 3 ,++D
Risk 7scalation
#isk escalation is an important tool for ensuring that risks are known and understood /y the
people with the authority to appropriately manage them If a risk poses an e1treme risk and
re4uires allocation of su/stantial risk treatment resources! then it would not /e appropriate for this
to /e managed at the divisional level The 9oard has overall accounta/ility for managing risks and
therefore! where a risk poses such a high threat! the 9oard should /e immediately informed of it
Everyone has the a/ility to identify risks at any time of the year @hen these risks are identified
outside of the formal annual risk review process! escalation of the risk to the appropriate recipient
needs to occur The ta/le set out /elow indicates the appropriate escalation process The
will act as the conduit /etween the person who has identified the risk and the relevant escalation
recipient Therefore if you identify a risk which re4uires escalation please report it directly to the

The will assess and review the risk information provided to them and escalate the risk in line
with the re4uirements set out in the /elow ta/le
Risk /e2el 7scalation Recipient Timing
Aigh
"ignificant
$edium
Eow
Risk Reports and Recipients
Report
T)pe
Recipient
T)pe o" Report O2er2ie&
Templates for these reports are availa/le in the Appendices
19
Re2ie& and ,ppro2al
The #isk $anagement #eporting ?ramework and report templates will /e reviewed
annually /y the and approved at least every /y the
,ccess to Risk Management Reporting 9rame&ork
The #isk $anagement #eporting ?ramework will /e made availa/le to each employee of

The #isk $anagement #eporting ?ramework will /e availa/le as follows:

Re"erences
?or further information on risk management! the following documents provide a
comprehensive and practical overview:
A"&N'" I"( )*+++:,++- 7 #isk management 3 Principles and guidelines
I"( =uide C):,++- 7 #isk management 3 Foca/ulary
IE6&I"( )*+*+:,++- 7 #isk $anagement 3 #isk assessment techni4ues
A9 ),C:,+*+ 7 6ommunicating and consulting a/out risk
A"&N'" G+G+:,+*+ 7 9usiness continuity 3 $anaging disruption3related risk
A9 ,HH:,+*+ 7 =uide for managing risk in not3for3profit organisations
20
,ppendi-. Risk ontrol /ikeli%ood onse0uence Rating
The following were endorsed /y the in for These will /e su/0ect to review in
ontrol 7""ecti2eness Rating riteria
Rating De"inition #ndicators
/ikeli%ood Rating riteria
Rating Descriptor 9re0uenc) Description
onse0uence Rating *cale
Description
Rating
9inancial *er2ice
:ualit)
Reputation People ;
(no&ledge
*take%olders ompliance<
4o2ernance
; /egal
*)stems ;
Processes
18
,ppendi-. Risk assessment templates and %eat map
R#*(* 9OR
= IPDATED AND END(#"ED 9J TAE
O&ner Risk Description Risk
ategor)
8o onse0uence/ikeli%ood Risk
Rating

,lmost
ertain
/ikel)
Possi!le
>nlikel)
Remote
#nsigni"icant Minor Moderate Ma1or 7-treme
?ig%
*igni"icant
Medium
/o&
18
Risk ,ssessment Template
Title.
Risk ,ssessment
ompleted 3).

ategor). Date ,ssessed.
#denti") Risks ,nal)se Risks
72aluate ,ction
Risk
Description @
#mpact
ause 7-isting ontrols ontrol
,ssessment
Risk ,ssessment Treat RiskA
onse0uence Avoid #isk
Accept #isk
#educe #isk
Transfer #isk
Increase #isk
/ikeli%ood
Risk Rating
Risk ,ssessment Treatment Plan Template
Risk O&ner.
Pre"erred Risk Treatment and O!1ecti2e
18
Treat Risks Monitor ;
Re2ie&

#nsurance (R# (#
Risk Treatment @
,ction Plan
,ccounta!ilitie
s
Timelines Risk Rating Re2ie& @
Monitor
#nsurance
*tatus
Measurement and
monitoring
Insura/leK
InsuredK
19
,LDH*GDL*D(6
,ppendi-. Risk Reporting potential risk reports
Risk Profile
Purpose
The #isk Profile #eport provides a graphical representation of the placement of key risks on a
heat map This report provides a 4uick reference for Directors and E1ecutives as to the
organisation2s risk e1posure It helps to guide the allocation of resources to treat those risks! which
pose the /iggest threat! /oth in terms of likelihood and conse4uence This report is a snapshot of
the organi:ations current organisational risk profile
In addition! the #isk Profile #eport will document the e1tent of risk rating changes that have
occurred and e1plain the known or likely reasons for the change The types of reasons that might
/e presented include:
6hange in operations
Internal Audit findings indicate that controls are less effective than anticipated
Implementation of risk treatment actions
6hange in the e1ternal environment! for e1ample! creation of a new stakeholder /ody! and & or
>nowledge of events that have occurred which raise either the likelihood of or conse4uence if
an event occurs! for e1ample! a competing /usiness has /egun a market poaching e1ercise
increasing the likelihood of staff turnover
This report can /e used to track the movement of risks and their specific ratings across the
organisation and to develop an understanding of what factors %e1ternal & internal. can influence
changes in risk ratings It ena/les tracking of the effectiveness of risk treatment actions in
reducing risks! while also supporting awareness of risk increases so that proactive management of
these may occur
Information included
The organisational risks plotted on its risk heat map 9eneath the heat map in the report! the
following summary information is provided for each risk:
#isk description
Prior risk rating %E1treme! Aigh! $edium! Eow.
6urrent risk rating %E1treme! Aigh! $edium! Eow.
Any trend & movement that has occurred
#easons for change in risk rating
Any improvements re4uired
The status of any approved treatment actions
PA=E * (? )D
,LDH*GDL*D(6
Risk treatment actions status - detailed
Purpose
The #isk Treatment Actions #eport contains a status update on progress against approved risk
treatment actions People are more likely to deliver upon what they are measured against
Therefore this report increases accounta/ility for delivery against agreed risk management
actions It also provides comfort to Directors and E1ecutives that risks are /eing treated as
anticipated
#isk description
#isk rating
Description of the risk treatment action
Date for completion of risk treatment
Person%s. responsi/le
"tatus %eg in progress! completed.
Additional comments %eg specific detail around the status.
Assurance coverage of key risks
Purpose
The Assurance 6overage of >ey #isks #eport indicates which risks have /een covered /y
assurance activities in the previous year and which are proposed to /e covered over the coming
year This assurance can cover reviewing current control e1istence and effectiveness! as well as
treatment action completion
=aining assurance around key risks provides an o/0ective review of self3assessed risk and control
effectiveness ratings "ometimes perceptions a/out a given risk may /e incorrect This o/0ective
assessment of risks provides comfort that the risk information! as contained in the risk register! is
reflective of the actual situation
#isk description
6ontrols & treatments /eing covered /y assurance activities
#isk rating
Trend %increase & decrease.
Description of the assurance activities 7 Previous year
Description of the assurance activities 7 6urrent year
The key findings of assurance activities! as they influence risk! would /e reflected in the
organisation2s #isk Profile #eport within the Breason for change2 column
PA=E , (? )D
,LDH*GDL*D(6
Risk management annual activity schedule and improvement Initiatives
Purpose
The #isk $anagement Improvement Initiatives #eport tracks progress against the risk
management improvement initiatives approved to /e implemented over the coming year It
provides assurance around the continual improvement of the risk management processes and
practices
Description of the initiative5
Description of the risk management activity5
Person%s. responsi/le5
Date for completion5
"tatus %eg in progress! completed.5 and
Additional comments %eg specific detail around the status.
New and emerging risks
Purpose
The New and Emerging #isks #eport provides an opportunity to highlight emerging risks or add
new risks to the risk register throughout the year It is important to retain the risk register currency
outside of the formal annual risk review process Personnel from within the organisation would
notify the #isk and 6ompliance (fficer of any new or emerging risks They would then need to /e
source the information for inclusion in this report
This report helps to develop awareness and understanding of the importance of managing new
and emerging risks and provides a formalised structure for the reporting of these risks
This report is a summary risk register that includes the following information:
#isk description5
#isk category5
#isk rating5
6auses5
Impacts5 and
6urrent controls
The would then determine whether the risks contained in this report warranted inclusion in
the risk register @here risks are included in the risk register! the Audit and #isk 6ommittee and
the 9oard would have visi/ility of the new risk information in the #isk Profile #eport
Detailed risk register
Purpose
The Detailed #isk #egister #eport contains all information contained in the risk register All
information provided in other risk reports should /e reflected in the risk register This report is only
produced at completion of the annual risk review process unless otherwise specifically re4uested
/y the 9oard! Audit and #isk 6ommittee or the
PA=E ) (? )D
,LDH*GDL*D(6
#isk description5
#isk category5
#isk owner5
"hared responsi/ility5
Description of the cause & contri/uting factors5
Description of the impact5
Description of current controls5 and
Description of risk treatment information including action! responsi/le person! due date and
status
PA=E L (? )D
,LDH*GDL*D(6
Templates 57-amples6
Risk Pro"ile
,lmost ertain H
/ikel) ,!) D
Possi!le * *G -!G!*+
>nlikel) C *) *,!L
Remote *L **
/#(7/#?OOD@
O8*7:>787
#nsigni"icant Minor Moderate Ma1or 7-treme
Rank Re" Risk ategor) Risk Description Rating Trend Reason "or
%ange
#mpro2ement
Re0uiredA
#mpro2ement
*tatus
1 H ?ig%

Mreason for changeN Bes
2 D ?ig%

$ - *igni"icant

4 G *igni"icant

5 *+ *igni"icant

Mreason for changeN No
PA=E *D (? )D
,LDH*GDL*D(6
Rank Re" Risk ategor) Risk Description Rating Trend Reason "or
%ange
#mpro2ement
Re0uiredA
#mpro2ement
*tatus
6 *, *igni"icant

' L *igni"icant

8 , *igni"icant

C ) *igni"icant

1+ *) Medium

11 * Medium

12 ** /o&

1$ C /o&

14 *L /o&

15 *G Medium

(e)
Risks in red are ne&@ emerging risks
Ro&s %ig%lig%ted contain opportunities
#mpro2ement *tatus
PA=E *- (? )D
Completed
In
Pro
gre
ss
verdue
Not
Ap
plic
a!l
e
248615841.DO
Risk Treatment ,ctions *tatus Detailed
Re" Risk Description Rating Treatment ,ctions Due Date Responsi!le
Person
*tatus omments
H ?ig% * MdateN Mperson
responsi/leN
In progress -GO complete
%e1ample.
, MdateN Mperson
responsi/leN
6ompleted
) MdateN Mperson
responsi/leN
In progress
L MdateN Mperson
responsi/leN
6ompleted
- *igni"icant * MdateN Mperson
responsi/leN
In progress
, MdateN Mperson
responsi/leN
In progress
) MdateN Mperson
responsi/leN
6ompleted
L MdateN Mperson
responsi/leN
In progress
Completed
In Progress
verdue
248615841.DO
,ssurance o2erage o" (e) Risks
Rank Risk Description ontrol @
Treatment
Risk
Rating
Trend ,ssurance ,cti2ities Pre2ious Bear
5i.e. internal audit< e-ternal audit6
,ssurance ,cti2ities 8e-t Bear
5i.e. internal audit< e-ternal audit6
1 ?ig%

None Internal Audit
C *igni"icant

None Internal Audit
5 *igni"icant

None Internal Audit
6 *igni"icant

Internal Audit E1ternal Audit
4 *igni"icant

Internal Audit None
8 *igni"icant

Internal Audit None
248615841.DO
Risk Management ,nnual ,cti2it) *c%edule and #mpro2ement #nitiati2es
#mpro2ement
#nitiati2e
,ction Responsi!le
Person
Due date ,c%ie2ed omments
248615841.DO
8e& and 7merging T%reats and Opportunities
Title.
Risk ,ssessment
ompleted 3).

#denti") Risks ,nal)se Risks 72aluate ,ction
Risk
Description @
#mpact
,ssessment
onse0uence
Avoid #isk.
Accept #isk
#educe #isk
Transfer #isk
Increase #isk
/ikeli%ood
Risk Rating
Detailed Risk Register
248615841.DO
Title.
Risk ,ssessment
ompleted 3).

#denti") Risks ,nal)se Risks 72aluate ,ction
Risk
Description @
#mpact
,ssessment
onse0uence Avoid #isk
Accept #isk
#educe #isk
Transfer #isk
Increase #isk
/ikeli%ood
Risk Rating
Risk O&ner.
Pre"erred Risk Treatment ; O!1ecti2e
Treat Risks Monitor ;
Re2ie&

#nsurance (R# (#
Risk Treatment @ ,ction
Plan
,ccounta!ilities Timelines Risk Rating Re2ie& @ Monitor
#nsurance
*tatus
Measurement and
monitoring
Insura/leK
InsuredK

Appendix D Risk Management Procedure Template

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Appendix D Risk Management Procedure Template

Încărcat de

Drepturi de autor:

Formate disponibile

APPENDIX D:

Risk Management Procedure Template

S-ar putea să vă placă și