45 Moreland St, Footscray VIC 3011 t: +61 (03) 9362 8871 | www.acapta.org.au Risk Assessment Template The activities below are based on the Australian and New Zealand Standard for Risk Management (AS/NZS 4360:1999). Step 1: Risk Identification Develop a comprehensive list of risks that may affect your performance or activity. This is perhaps the most critical step in the entire risk assessment process, as any risk not identified at this stage is incapable of any later evaluation, assessment or treatment. Step 2: Existing Risk Controls List the existing controls you have in place to minimise these risks. Step 3: Risk Analysis - Consequences Risk Analysis involves assessing the consequences of risk and the likelihood of it occurring in the context of any existing risk controls. Consequence Consequences may be described in many ways, each of which has a different impact. These may include financial loss, impact on people, damage to reputation, damage to the environment or interruption to critical business processes (see example below). Table 1 defines an example of consequence ratings and typical descriptors for various activities. 45 Moreland St, Footscray VIC 3011 t: +61 (03) 9362 8871 | www.acapta.org.au Table 1: Risk Consequence Descriptors Consequence Business Interruption Essential service failure, or key revenue generating service removed. Service or provider needs to be replaced. Category Catastrophic 5 Major 4 Moderate 3 Temporary, recoverable service failure. Minor 2 Brief service interruption. Negligible 1 Environmental Irreversible damage Financial Above $5,000,000 Harm requiring Up to restorative work. $5,000,000 Residual pollution requiring clean up work. Remote, temporary pollution Negligible Brief, non impact, brief hazardous, reduction/loss of transient service pollution Up to $500,000 Up to $100,000 Up to $10,000 Public Image & Reputation Death(s) / many National & critical injuries. International Concern / exposure Human Single Death/ multiple long term or critical injuries. Single minor disablement/ multiple temporary disablement. Injury State wide Concern / exposure Minor First Aid Resolved in day-to-day management Local community concern Customer complaint Step 4: Risk Analysis - Likelihood After you have determined the consequence, it is necessary to establish the likelihood of the risk occurring. Table 2 defines the Likelihood ratings. Table 2: Likelihood Ratings Likelihood Category Almost Certain A B C D E Likely Possible Unlikely Rare Description The event is expected to occur in most circumstances The event will probably occur in most circumstances The event should occur at some time The event could occur at some time The event may occur only in exceptional circumstances 45 Moreland St, Footscray VIC 3011 t: +61 (03) 9362 8871 | www.acapta.org.au Step 5: Risk Rating This Level of Risk Matrix compares the consequence of a risk occurring and the likelihood of it occurring. For each risk, determine the consequence descriptions in Table 1, and the likelihood using the likelihood ratings in Table 2. Then find the result on the Level of Risk matrix. Table 3: Level of Risk Matrix Consequence Likelihood A - Almost Certain B - Likely C - Possible D - Unlikely E - Rare 1 Negligible Moderate Low Low Low Low 2 Minor Moderate Moderate Low Low Low 3 Moderate High Moderate Moderate Moderate Low 4 Major High High High Moderate Moderate 5 Catastrophic Extreme Extreme High High Moderate Step 6 : Risk Evaluation The aim of Risk Evaluation is to determine those exposures that are acceptable or unacceptable to the organisation. Those risks that are determined as unacceptable are then subjected to later Risk Treatment. (It is important to note that no organisation can eliminate all the risks to which it is exposed.) Defining a risk as acceptable does not imply that the risk is insignificant. The evaluation should take account of the degree of control over each risk and the cost impact, benefits and opportunities presented by the risks. Reasons why a risk may be accepted: The level of risk is so low that specific treatment is not appropriate within available resources. The risk is such that there is no treatment available. For example, the risk that a project might be terminated following a change of government is not within the control of an organisation. The cost of treating the risk, including the purchase of insurance, is so manifestly excessive when comparing the benefits to the threats. Step 7: Risk Treatment Risk Treatment involves the selection and implementation of appropriate options for managing risk. Treatment needs to be appropriate to the significance of the risk. As a general guide: Accept the risk- Where risk cannot be avoided, reduced or transferred, you may chose to accept the risk. In such cases, usually the likelihood and consequences are low. Risks should be monitored and determined how losses, if they occur, will be funded. Transfer the risk-This option involves shifting the responsibility to another party such as an insurer or contractor who will bears the consequence of a loss if it were to occur eg. Purchase of insurance cover for company vehicles 45 Moreland St, Footscray VIC 3011 t: +61 (03) 9362 8871 | www.acapta.org.au Avoid the risk- Under this option a decision is taken not to proceed with the policy, program or activity likely to generate a risk. If it is not possible or feasible to avoid the activity it is usual to choose an alternative means of conducting/completing the activity. Manage (minimise) the risk- This option involves either reducing the likelihood of an occurrence or the consequences if it were to occur. e.g. Implement procedures for specified tasks. Step 8: Accountability Determine who is accountable for the risk treatment and when it needs to be completed Step 9: Residual Risk The Residual Risk is determined after the appropriate Risk Treatment option has been proposed and accepted. The rating is then determined using the Level of Risk matrix (Table 3). Step 10: Monitor & Review To ensure the ongoing effectiveness of the selected Risk Treatment options and to assess whether your risk management objectives are being achieved, it is necessary to regularly monitor and review the chosen treatment plan. Determine who is responsible for this process. The outcome of the monitor and review process should be an accurate measure of the extent to which the organisation is meeting its risk management objectives, how to close performance gaps and continually improve risk management standards.
© Copyright 2022 Paperzz