Professional Documents
Culture Documents
Compliance Risk Assessment Template
Compliance Risk Assessment Template
RISKS: Risk scenarios: Enter the main risk scenarios for the legislation being managed in the 'Risk Scenarios' column
INHERENT RISK: Consequence: Using the University's Risk Management: Consequence table (see 'Further info on risk HERE' ta
the level. Note: this is the consequence ignoring any controls that are in place.
INHERENT RISK: Likelihood: Using the University's Risk Management: Likelihood table (see 'Further info on risk HERE' tab), bro
the level. Note: this is the likelihood ignoring any controls that are in place.
INHERENT RISK: Inherent Risk Rating: This cell will be automatically calculated. For context, refer to the the University's Risk M
CONTROLS ASSESSMENT: Existing Controls: Summarise what controls already exist at the University in relation to this risk (do
CONTROLS ASSESSMENT: Controls Rating: Using the the University's Risk Management: Controls assessment table (see 'Furth
RESIDUAL RISK: Likelihood: Given the controls listed in the 'Existing Controls' column, what is the realistic and reasonable like
RESIDUAL RISK: Residual Risk Rating: This cell will be automatically calculated. For context, refer to the University's Risk Mana
controls put in place will not change the consquences of the risk but will reduce the likelihood of it occuring.
RESIDUAL RISK: Further action?: Given the Residual Risk Rating, further action may be necessary or beneficial. You may know
Controls' column, which may result in a lower likelihood and possible lower Residual Risk Rating.
EXAMPLE ONLY: Breach of Cake Act, specifically, non-provision of 4. Major 4. Likely 16 - high
Christmas cake to LCS for Christmas.
isk Scenarios' column
see 'Further info on risk HERE' tab), broadly assess the realistic and reasonable worst-case scenario across the range of consequence categ
rther info on risk HERE' tab), broadly assess the realistic and reasonable likelihood/frequency of the consequence being realised ('coming
efer to the the University's Risk Management: Risk Acceptance Criteria table (see 'Further info on risk HERE' tab).
versity in relation to this risk (do not note expected improvements or new controls here).
ols assessment table (see 'Further info on risk HERE tab'), assess the efficacy of the current controls.
the realistic and reasonable likelihood/frequency of the consequence being realised (using the drop-down box to select the level).
fer to the University's Risk Management: Risk Acceptance Criteria table (see 'Further info on risk HERE' tab). Note that there is no consequ
of it occuring.
ary or beneficial. You may know these as 'Treatment Action Plans' from operational risk assessments. When these further actions are com
ng.
CONTROLS ASSESSMENT
Existing Controls Controls Likelihood Residual
Rating Risk Rating
nsequence being realised ('coming true'), using the drop-down box to select
ERE' tab).
When these further actions are completed, they may be moved to the 'Existing
RESIDUAL RISK
(i.e. after controls)
Further Action? (action, responsible person, expected date)
Inherent
Risk Scenarios Consequence Likelihood Risk Rating
7
CONTROLS ASSESSMENT RESID
(i.e. afte
Controls Residual
Existing Controls Rating Likelihood Risk Rating
Likelihood descriptions
Refer to the Consequence Table of the Univerisity's Risk Reference Tables.Note: they are not copied to this te
bles.Note: they are not copied to this template as they may change from time to time.
Controls fully in place and require only ongoing maintenance and monitoring. Protection systems are being continuously
reviewed and procedures are regularly tested.
Risk rating
1 1 - low
2 2 - low
3 3 - low
4 4 - low
5 5 - medium
6 6 - medium
8 8 - medium
9 9 - medium
10 10 - high
12 12 - high
15 15 - high
16 16 - high
20 20 - extreme
25 25 - extreme