Scribd
Upload
122 views3 pages

Risk Assessment (Portrait)

This document provides a template for documenting a risk assessment at the divisional, operational, or project level. It includes sections for describing the risk, objectives affected, worst case scenario without controls, current controls and their effectiveness, current risk level, additional treatments if risk is not acceptable, residual risk after treatment, monitoring and review protocols, stakeholders to communicate with, and a section for comments. The template helps ensure all relevant information is captured to fully assess and manage risks.

Uploaded by

jake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
122 views3 pages

Risk Assessment (Portrait)

This document provides a template for documenting a risk assessment at the divisional, operational, or project level. It includes sections for describing the risk, objectives affected, worst case scenario without controls, current controls and their effectiveness, current risk level, additional treatments if risk is not acceptable, residual risk after treatment, monitoring and review protocols, stakeholders to communicate with, and a section for comments. The template helps ensure all relevant information is captured to fully assess and manage risks.

Uploaded by

jake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Risk Assessment (Portrait )

All risk assessments should be clearly documented .You can use either template 5a or 5b to document your assessment of a single risk at a
divisional, operational or specific project level. Note that you should capture all your risks in your risk register (see page 11/13).

Risk Description Risk Owner Stakeholders consulted


Objective(s) affected Include name of the person managing
Provide a brief description of the Include internal and external
Briefly list the objectives impacted by the risk the risk and the area of the agency they
risk stakeholders
work in

Worst Case
Make an assessment of the risk based on the scenario where the current controls do not exist or completely fail.
Refer template 5b for risk ratings legend

Consequence Level Likelihood Level Risk Level


Use your consequence table Use your likelihood table Use your risk matrix

Controls
List each current control and its effectiveness (substantially effective, partially effective or largely ineffective).See Template 5b for control effectiveness legend.

Control (s) description Control Effectiveness rating (s)

1.     1.    

2.     2.    

3.     3.    

Current Risk

Make an assessment of the risk considering the effectiveness of current controls

Consequence Level Likelihood Level Risk Level

Treatment

List additional controls to be put in place if the risk is not acceptable/tolerable including resources required for each (financial, physical assets, HR) and
schedule for implementation.

Treatment Resources Required Person Responsible Implementation Schedule


1.       1.       1 1
2.     2.     2 2
3.     3.     3 3

Residual Risk

Make an assessment of the risk level remaining after risk treatment

Consequence Level Likelihood Level Risk Level

Monitoring and Review

Outline the reporting protocols for the risk and when is the risk and controls are to be reviewed.

Communicate and Consult

Do you need to communicate the results of this risk assessment to any stakeholders? If so, what channel (s) will you use and what is the schedule?

Comments

Comment on any uncertainties or sensitivities - Are the risks that you have identified making the achievement of your agency’s objectives too uncertain?

Compiled by: Branch / Division: Date: DD/MM/YYYY Reviewed by / date


Risk Assessment (Landscape)
All risk assessments should be clearly documented. You can use either Template 5a or 5b to document your assessment of a single risk at a divisional, operational or specific project level. Note that you should capture all your risks in your risk register (see templates 6a and 6b in this
volume)

Compiled by: ……………………………. Date: ………………………… Division/Branch ………………………………………………………………………………………….

Reviewed by:   ………………………..….. Date : …………………………

Risk Assessment
Risk Treatment Implementation
Objective (s) affected Worst Case Current Controls Current Case Treatment Residual Risk
Description Effectiveness Schedule

Consequence Likelihood Risk Level Current controls in Effectiveness Consequence Likelihood Risk Level Additional control if Consequence Likelihood Risk Level
place the risk is not
acceptable
/tolerable (include
timeframe for
treatment)

Risk Owner

Include the name of the person managing the risk and the area of the agency he or she works in (if the person assigned to treat the risk is different to the risk owner, you may also include their details in brackets within

Resources required for proposed treatment

For example: financial, physical assets, HR.

Stakeholders consulted

Include internal and external stakeholders

Monitoring and Review

Outline the reporting protocols for the risk and when is the risk and controls are to be reviewed.

Communicate and consult

Do you need to communicate the results of this risk assessment to any stakeholders? If so, what channel (s) will you use and what is the schedule?

Comments

Comment on any uncertainties or sensitivities - Are the risks that you have identified making the achievement of your agency’s objectives too uncertain?
Risk Ratings Legend Control Effectiveness Legend
Risk Ratings Control Effectiveness

Design Operating
Risk Level Combined ratings for consequence and likelihood using your risk matrix Level Description and further action
Effectiveness Effectiveness

Existing controls address risk, are in operation and are


applied consistently. Management is confident that the
Worst Case The risk if the current controls do not exist or completely fail. Substantially effective Y Y
controls are effective and reliable. Ongoing monitoring
required.

Partially effective Controls are only partially effective, require ongoing N Y


Current Case Rating the risk as it is now monitoring and may require to be redesigned, improved
or supplemented. Y N

Management cannot be confident that any degree of


Residual Risk Rating the risk level remaining after risk treatment Largely ineffective risk modification is being achieved. Controls need to be N N
redesigned.

You might also like