EPIC Risk Assessment and Management plan - FULL
The ACT Government is committed to robust risk management practices, recognising that risk management is an integral part of good management.
The ACT Government uses the internationally accepted standard AS/NZS ISO 31000:2009 as the basis for best risk management practice within the Territory and at EPIC.
Risk Management and your event
EPIC requires that all event managers complete either our BASIC or FULL versions of the risk management, or submit risk management documents that comply with the ACT
government standards.
The documentation, guides and toolkit developed by the ACT Insurance Authority (ACTIA) and available on their website have been developed to be consistent with the
standard.
For more information on the ACT Government risk management standards and additional templates please visit their website.
http://www.cwd.act.gov.au/act-insurance-authority/risk-management/risk-guidelines
Tip Sheets
Tip sheets have been developed to provide a point of reference and prompts for common risk management queries. Additionally, there is a copy of the completed risk management
register to provide an example of what a risk register might look like
Tip Sheet 1 Risk Identification - What Risks do I have? (Word 123KB)
Tip Sheet 2 Risk Description - How do I describe my Risks? (Word 41KB)
Risk Criteria
Risk Assessment Register – Part 1
Risk Reference
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
The Risk:
Source
Impact /Outcome
What can happen?
How can this happen?
What will be the outcome or
effect, if what can happen
does happen?
A description of the risk
Drivers to the risk
Contributor or source of the
risk
Impact on the business
objectives
Impact from the event
happening
Consequence
Risk Owner – the officer
responsible for managing
the risk
RATING
Consequence
RATING
Likelihood
Risk Register part 2 – risk assessment, risk evaluation and risk treatment
1
2
3
4
5
6
7
8
9
Monitoring and
reviewing
Control Effectiveness rating
Residual Risk Rating
Likelihood of Conseq.
Risk rating
following
additional risk
controls
Consequence
Reference can be made to an attaching “cost /
benefit analysis” or “risk treatment action plan” for
relevant risks.
for Management of Risk Treatments
Can include further risk treatment strategies or a
rationale behind no further action where rating is
rated as “Room for Improvement” or” inadequate.”
Risk Treatment Owner – officer responsible
Control Effectiveness Rating
Inherent Risk Rating
Action to be taken
Likelihood of Conseq.
This field is for the risk controls that already
exist and are currently managing the risk
Risk Rating
Consequence
Risk Reference
Risk Controls which are currently in
place
Monitored by whom with
the inclusion of details
about frequency
requirements of
monitoring in addition to
the final review to occur.
Where appropriate can
refer to a “risk treatment
plan.”
Risk Register part 2 – risk assessment, risk evaluation and risk treatment
10
11
12
13
14
15
Monitoring and
reviewing
Control Effectiveness rating
Residual Risk Rating
Likelihood of Conseq.
Risk rating
following
additional risk
controls
Consequence
Reference can be made to an attaching “cost /
benefit analysis” or “risk treatment action plan” for
relevant risks.
for Management of Risk Treatments
Can include further risk treatment strategies or a
rationale behind no further action where rating is
rated as “Room for Improvement” or” inadequate.”
Risk Treatment Owner – officer responsible
Control Effectiveness Rating
Inherent Risk Rating
Action to be taken
Likelihood of Conseq.
This field is for the risk controls that already
exist and are currently managing the risk
Risk Rating
Consequence
Risk Reference
Risk Controls which are currently in
place
Monitored by whom with
the inclusion of details
about frequency
requirements of
monitoring in addition to
the final review to occur.
Where appropriate can
refer to a “risk treatment
plan.”
RISK TREATMENT REGISTER
Risk Reference
Number
Identified Risk
Inherent Risk
Rating
Current Controls
Residual Risk
Rating to be
achieved
(on completion of
action plan)
TREATMENT STRATEGY
Strategy 1
Strategy 2
Strategy 3
Strategy 4
Strategy 5
IMPLEMENTATION
Action to be undertaken in order to implement the risk treatment strategy
ACTION 1
ACTION 2
ACTION 3
ACTION 4
ACTION 5
Action
Officer
Due
Date
Date
finished
Comments