UWA Risk Assessment Training
It is recommended that a UWA Risk Assessment is undertaken as soon as possible after a decision to
undertake a high or extreme risk activity has been made. The Assessment is then updated and kept
current for the length of the activity. Management and staff need to be aware Assessments take time
and/or may impact on the approvals process.
Note:
a) Submitting a UWA Risk Assessment does not guarantee the activity will be approved by UWA.
b) Risk Assessments for complex and high risk activities take many hours of research over a period of time to
mature and to produce an acceptable document.
c) Some risk controls require resourcing to be in place prior to the go ahead for the activity being given.
d) Appeals are to be submitted through line management to the Faculty, School or Division.
e) All approvals are based on UWA Risk Assessments at the time of being prepared and are subject to
cancelation or additional mitigations being required should the situation change either prior to or during the
activity.
f) Any escalation of the risk rating for the activity requires the review of the UWA Risk Assessment. Following
this the updated Assessment must be submitted to the Line manager/Senior Research Officer for review and
again go through the approval process.
If you do not feel confident in filling out the UWA Risk Assessment please get help:
- firstly go to the UWA Risk webpage;
- secondly, from your line manager and/or other group members then, if they are unsure;
- thirdly from your Faculty, School or Division.
The UWA Risk Assessment must be filled out by a member of the group undertaking the activity and signed off
on by the group prior to submission.
It is recommended everyone in the group works on the UWA Risk Assessment.
 Consider the risks from the perspective of someone without a vested interest in the activity going ahead.
 Examples for Specific Risk, Causal Factors and Mitigations can be found on the UWA Risk webpage.

Page 1 of 5
Phase 1
Breakdown the risks
Hint:
Try not to get bogged down on technicalities or perfect wording. It is more important to capture the risks and
develop and implement mitigations then to spend time in meetings and completing the template ‘correctly’.
Phase 2
Step 1: Download the UWA Risk Assessment Template from the
UWA Risk webpage.
Fill out the 1st row
‘Risk Assessment: Project title, Faculty/ School/ Division, Date completed and full names of Contributors.
Step 2: Number each ‘Specific Risk’ in the first column
Step 3: Write the risks you have identified in the ‘Specific Risk’
column of the table.
Hint:
In the first instance capture what you believe to be the issue. The wording can be matured at a later date
once experience has been gained in completing a Risk Assessment and as time allows.
Step 4: Open the UWA Risk Matrix from the UWA Risk webpage
and using the ‘Qualitative measures of Consequence’
review your activity against the seven rows.
Hint:
All staff should be mindful that risk exposures to UWA include Strategic Objectives, Reputation, Health and
Safety, Research, Teaching and learning, Legislative compliance and Financial loss.
Step 5: Discuss the risks you have identified with your team, other staff and managers who have undertaken the
task to help identify risks you may not have considered.
Hint:
Be open minded, encourage debate and thinking outside the box. There are no right or wrong answers to the
question of ‘What are the risks to this task?’.
Step 6: Add any risks identified in the above steps to the ‘Specific Risk’ column in your Risk Assessment Table.
Step 7: Identifying Consequences is an important task
as it allows management and staff to understand what
could happen should risks not be managed correctly.
Hint:
Use number and alpha sequencing to identify individual Consequences, Causal Factors, Controls and Actions.
Page 2 of 5
NB All Specific Risks are dealt with in the following manner.
Step 8: Fill out the Causal (Contributing) Factors
Hint:
At times it can be hard to isolate Specific Risks from Causal Factors. Remember it is important not to get
fixated on working out what ‘fits’ and where. It is important to capture the risk as you identify it and what
contributes to it being a risk to your task (Causal Factors).
Step 9: Now you have got a clearer understanding of what your
risks are, select the Category and Generic Risks
from the dropdown lists in columns 2 & 3
Hint:
This can be a confusing step and training is recommended. It can be left until the completion of the
Assessment once experience has been gained in risk identification, or omit if not required. If there is a
requirement to fill in the columns choose the words that most closely describe the Specific Risk as it is
unlikely that there will be a perfect ‘fit’ for your task.
Likelihood
Step 10: Using the Risk Matrix definitions for Consequences and
Likelihood fill in the corresponding columns.
Hint:
When deciding on Likelihood it is to be measured as if the controls /
mitigations have not been put in place.
The Consequences descriptions are at university level. Team should
scale the quantities back to task / School / Faculty level.
Consequences
Step 11: To rate the risk in the Risk Matrix use the Consequence and Likelihood ratings and work across and down
until the column and row intersect, this is the Risk Rating.
Fill in the Risk Rating column for each Specific Risk.
Likelihood
Consequences
Risk Rating
NB From this point forward the team may decide to only include Specific Risks with a Major or Extreme Risk
Rating on the Assessment and level lower level risks off. They may also decide to level some Moderate
and Minor rated risks on as the consequences have been known to be Major or Extreme on other sites.
Step 12: Confirm the level of management is attributed to the correct Risk Owner
by reviewing the Ratings against the Risk Management levels.
Hint:
This step gives an opportunity to see if the level of the current
management of the risk is adequate or if it should be allocated up
or down the line of management.
Page 3 of 5
NB The person attributed the role of Risk Owner must be informed of this decision and be involved with the
proceeding steps. They may delegate the Actions and associated tasks to other staff but will need to keep abreast
of the management of the risks and sign off on them. If this person believes the task or associated risks do not
reside with them they will need to have discussions with the team and also with the person they believe should
be responsible for the ownership of the risk and controls. A Risk Owner must be identified and have the correct
delegated level of authority to accept the Risk Owner role.
Step 13: The Risk Owner works with the team and completes
the Risk Controls (Mitigations) column.
Hint:
Be conscious that enough detail has been given for the person reviewing the Assessment to be comfortable
that the level of management is adequate or better.
Step 14: It is now time to reassess the Risk Rating against the
Controls that are in place or will be in place prior to the
risk being realised. This is called the Residual Risk.
Hint:
Universities traditionally work within reasonably high risk parameters (with high level controls) due to
their research and teaching responsibilities.
Step 15: The question is now asked ‘Given the Residual Risk
rating are the Existing Controls at an acceptable level to
the Risk Owner (Risk Appetite)?’
A dropdown list will give you a selection of Excellent, Adequate, Inadequate and Unable to rate.
Hint:
At this point it is essential to be honest and try to remove subjectivity from the decision. If the Risk Owner
and team are unsure or not confident to fill in this field they should get advice from their line management
or experts in the field.
Step 16: The Actions / Comments column is for detail and instructions.
Hint: These should be clear, consice and give comfort that Risk Controls are to be kept or put in place to
lower the exposure of high and extreme risk ratings to a level that falls below the university’s risk appetite
for that activity. If the team is unsure they are to ask the Project lead’s line manager or relevant Shared
Services area for assistance e.g. finance.
NB If the Residual Risk Rating cannot be lowered to a level that will be signed off on by the relevant Risk Owner
(given the controls that are to be in place) then the Specific Risk has to be escalated to a higher level of
delegation. At this level the task can be signed off on as being allowed to proceed or approval is not given and
the project cannot go forward. If approval is withheld the task cannot progress until adequate Risk Controls
have been negotiated, put in place and the Assessment signed off on by the Project Lead’s Line Manager. At
this time the Specific Risk can be reviewed against the increased mitigations and a new decision arrived at.
Page 4 of 5
Step 17: The Action Owner must be informed of the details of any
workload they are responsible for. Dates must be included with all
actions.
Hint:
If critical dates are attributed to the person by the Project Lead it is the responsibility of the Project Lead to
assure adequate resources are made available to the Action Owner to allow them to complete the action.
Hint:
These dates can be pushed out if there are reasonable grounds. To indicate this on the spreadsheet strike
out the old dates and write in new ones above. In the Comments section state the reason why the dates
have had to move and the remedy for meeting the next proposed date.
Step 18: After this version is agreed on by the team, everyone in the group must send an email to the project
lead stating that they sign off on the statements and agree to any Actions as described on the final version.
Suggested text: I accept the risks identified in the UWA Risk Assessment version XXX for ‘XYZ’ project
and/or Activity YYY, as submitted by ‘ABC’ to be true, correct and inclusive of the risks that would be
reasonable to have been identified. Furthermore I agree to abide by the controls as stated in the UWA Risk
Assessment.
The first row is updated to V 1.0 Final.
Step 19: The final version of the Risk Assessment is sent to the Project/Task Leads Line Manager for formal sign
off. If the Line Manager does not sign off on the Assessment it is either sent back to the team for further work
and/or the introduction of increased controls or is rejected.
 In the case of updating the Assessment the first row goes to v1.1 and the team proceed to developing
and maturing the document with guidance from their Line Manager. The Assessment then follows the
above process until accepted or rejected.
 If the Assessment is rejected outright and the project/task is not abandoned then the Line Manager
and/or relevant parties need to work together to review the planning and premise of the project/task.
 If Specific Risks, with high to extreme Residual Risk Ratings, are not formally signed off on then a review
must take place and the Assessment submitted up the line to where the delegated authority sits.
Step 20: Risk Assessments are to be integrated into the overall management of projects and tasks with high and
extreme Risk Rated Specific Risks. The document is classed as ‘live’ and is to be updated and reviewed regularly.
It can be used as a basis for resource applications and business plans and assists managers at all levels in their
decision making.
Page 5 of 5