Risk Assessment Template and Examples

Inherent Risk Assessment Residual Risk Assessment Risk Treatment Monitoring notes /
Ris Risk Category Description of Risk Review
Risk Name Current controls Toleranc Treatments Responsibility Implementatio treatment
k# (optional) Consequence Consequenc Likelihoo Risk Consequenc Likelihoo Risk date
e d rating e d rating e n date effectiveness

[public
authorities may
choose to [summarise [provide status
group/categoris consequence of update of risk
e the identified [what could the identified risk. treatment as at
risks. For happen and why? And consider [summarise additional [summarise who has review date. This
example: This may include what/who the controls/future responsibility for may include a
[Insignifica [Rare [Insignifican [Rare [Low
- planning risks that are risk could impact nt Unlikely [Low t Unlikely Mediu [Accept actions/strategies to be managing/monitori reassessment of risk
[summarise how the
- common to all e.g. the Minor Possible Medium Minor Possible m Avoid implemented that will lower ng the risk, and (therefore increase
1 Moderate Likely High
risk is currently Moderate Likely High Transfer
goods/services procurement procurement the likelihood of the risk implementing or decrease of risk
Major Almost Extreme] managed] Major Almost Extreme Reduce]
- procurement processes and objective, Critical] Certain] Critical] Certain] ]
occurring, or the treatments (these rating), and
process risks that are client/end-user, consequence if the risk did may be different updated review
-industry/ specific to this employees, the occur] functions)] date. If treatments
suppliers procurement] public authority, are effective, this
- stakeholders suppliers or other may change the risk
- contract stakeholders] tolerance level]
- political

2
3

(1)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 1
Version: 1.1
OFFICIAL
 OFFICIAL

APPENDIX 1 - RISK ASSESSMENT EXAMPLE

Inherent Risk Assessment Current controls Residual Risk Assessment Risk Treatment Risk Monitoring notes /
Ris Risk Category Description of
Risk Name Toleran Treatments Responsibility Implementatio Review treatment
k# (optional) consequences Consequenc Likelihoo Risk Consequenc Likelihoo Risk
e d rating e d rating ce n date date effectiveness

 Adherence to
 Complaints from Communication
Sector / s
Industry / policies/proced
Community ures
 Impact on public  Robust contract
Change in
authority management  Keeping up-to-date  Contract
government Accept
reputation. Possibl Mediu and Mediu with any policy Manager
1 Political policy / Minor Minor Possible &
 Uncertain e m administration m changes or issues that  Senior Manager
political Manage
monitoring of process impact the Sector / Executive
demands
performance including
 Client/end-user regular
dissatisfaction meetings to
due to service manage any
disruption potential
contract impact
 Adherence to
Communication
 Being prepared for the
s
need to respond to
policies/proced
media / minister etc –
ures.
contract manager to
 Robust contract
 Embarrassment ensure they are across
management
Public and surprises for all issues occurring
and  Contract
sensitivity Minister  Consistent and regular
Political / administration Mediu Manager
2 and/or a high  Adverse publicity Major Likely High Minor Likely Reduce monitoring and
Stakeholders process m  Senior Manager
level of media for both supplier reporting of known
including / Executive
scrutiny and the public issues
verification of
authority  Regular contact with
processes for
supplier
management of
 Prioritise issue without
high-risk
delay depending on the
issues/incidents
risk involved
and media
involvement
 CPU
responsible to
request,
 No public liability receive, check,
Insurances not cover if incident register and file
 Required insurance is a
current or do occurs insurance  Central
mandatory criterion in
not have the  No Workcover for policies during Unacce Procurement
Mediu Insignifica tender evaluation
3 Suppliers required cover workers injuries Critical Rare tender process, Rare nil ptable Unit
m nt  Insurances are
when contract  Financial liability and append to & Avoid  Contract
appended in the
period for the supplier the contract Manager
contract prior signing
commence. and public  BU to review
authority insurance for
currency at
regular
intervals.
4 Procurement Lack of  Breaches – policy, Major Unlikely Mediu  Adherence to Moderate Rare Low Reduce  Apply public authority  Central
process probity, audit findings, m policies/proced processes Procurement
unethical legal ures relating to  Consistent and regular Unit

(2)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 2
Version: 1.1
OFFICIAL
 OFFICIAL

Inherent Risk Assessment Current controls Residual Risk Assessment

Probity,
Finance, and meetings, periodic
Procurement. Risk assessment and Treatment Risk Monitoring notes /
Ris Risk Category Description of
Risk Name  Robust contract Toleran reporting
Treatments Responsibility Implementatio Review treatment
k# (optional)  Financial liability
consequences
management ce  Address financial and n date date effectiveness
for the supplier
and performance issues  Finance Unit.
and public
behaviour; administration with the supplier  Contract
authority.
fraud. processes immediately Manager
 Commitment to
including  Regular training for  BU Manager
Govt
regular relevant procurement
compromised.
meetings to & contract
manage any management staff re
potential probity requirements
service impact
 Contract
 Breach of variation
contract process
 Ensuring resources are
Dedicated  Impact on undertaken
Procurement adequately allocated to
Contract clients/end- Mediu  Implications on Mediu
5 planning / Major Unlikely Manage assign a dedicated  Contract Owner
Manager not users/community Unlikely m stakeholders Moderate m
Contract Contract Manager.
assigned  Commitment to assessed
Govt  Any impact on
compromised whole-of-life
cost assessed
 Contract
complexity is  Ensure public authority
regularly Contract Management
reassessed Framework is
 Apply best maintained and
contract implemented
 Breach of
management  Apply public authority
contract
principles to processes for
 Ineffective
align public workforce
service delivery
authority’s management and staff
 Adverse publicity
Contract is Contract development  Contract Owner
Contract for both the Possibl Mediu
6 poorly Moderate Management Minor Low Reduce  Succession planning  Contract
Management supplier and the e m Unlikely
managed Framework and workforce Manager
public authority
 Ensure management to
 Impact on clients
experienced encompass
 Commitment to
contract transitions/handover
Govt
manager processes
compromised
manages the  Regular capability
contract assessments
 Regular  Regular professional
contract development training
management opportunities
meetings
7 Procurement Changes to the  Ineffective Moderate Possibl Mediu  Regular Minor Possible Mediu Reduce  Briefing subject matter  Contract
planning scope/ delivery of e m meetings with m experts/internal Manager
specifications outcomes subject matter stakeholders on  BU Manager.
due to change  Adverse publicity experts/interna supplier performance  Public authority
in needs for both supplier l stakeholders and feedback Senior
identification and the public and  Working Management
authority industry/comm collaboratively within  Subject matter
 Impact on unity public authority and experts.
clients/end-users stakeholders industry on needs
 Up to date identification and

(3)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 3
Version: 1.1
OFFICIAL
 OFFICIAL

Inherent Risk Assessment Current controls Residual Risk Assessment

communication
market analysis
s plan Risk Treatment Risk Monitoring notes /
Ris Risk Category Supplier does Description of
Risk Name Toleran Treatments Responsibility Implementatio Review treatment
k# (optional) not deliver consequences
ce n date date effectiveness
obligations
across the
contract:
 Lack of
capacity
or
 Apply public authority
capability
processes
of
 Consistent and regular
individual
 Apply best monitoring and
suppliers.
contract reporting
 Complac
management  Robust performance
ency in  Breach of
principles to management of KPIs
long term contract.
align with through regular
supplier  Ineffective
public authority meetings, periodic
relations delivery of
Contract assessment and
hips. contract
Management reporting
 Non- outcomes.
Contract Framework.  Address poor
performa  Adverse publicity  Contract
Management Mediu  Ensure Mediu performance indicators
8 nce of for both supplier Major Reduce Manager
/ Supplier Unlikely m experienced Moderate Unlikely m with the supplier
supplier and public  BU Manager
Performance contract immediately.
(e.g. KPIs authority.
manager  Succession planning
not  Impact on
appointed to and workforce
met/outc clients/end-user.
manage the management to
omes not  Commitment to
contract. encompass
achieved) Govt
 Regular transitions/handover
. compromised.
contract processes
 Inapprop
management  Regular capability
riately
meetings. assessments
qualified
 Regular professional
or
development training
inadequa
opportunities
te
personne
l.
 Services
ineffectiv
e or
difficult
to access.
9 Supplier Disputes occur  Time delays to Moderate Mediu  Performance Insignifica Rare Low Reduce  Apply public authority  Contract
between critical Possibl m guidelines and nt processes. Manager
supplier and milestones. e rating are  Consistent and regular  BU Manager
public  Quality of service documented, monitoring and
authority that less than and clear reporting.
impact service expected. transition  Robust performance
delivery  Impact on processes management of KPIs
clients/end-user. outlined with through regular
 Terminate suppliers. meetings, periodic
contract.  Negotiate as assessment and
required with reporting
the supplier.  Address poor
performance indicators
with the supplier

(4)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 4
Version: 1.1
OFFICIAL
 OFFICIAL

Inherent Risk Assessment Current controls Residual Risk Assessment

immediately
Risk Treatment Risk Monitoring notes /
Ris Risk Category Description of  Succession planning
Risk Name Toleran andTreatments Responsibility Implementatio Review treatment
k# (optional) consequences  Implement workforce
ce n date date effectiveness
Record management to
 Loss of key skills,
Management encompass
contract-specific
Turnover of processes transitions/handover
knowledge and
procurement/c  Regular processes
experience  Central
ontract updates to  Regular capability
depart with the Procurement
Procurement management contract assessments
people who hold Mediu Unit Manager
10 Planning / staff & loss of Moderate management Minor Rare Low Reduce  Regular professional
them Unlikely m  Contract
Resources corporate plan and development training
 Reduction of Manager
knowledge performance opportunities
performance due  BU Manager
relating to monitoring  Maintenance of
to inaccuracy of
contract documents internal reporting and
historical
 Information records documents
information
sharing across with critical
the BU. performance and
contextual data
 Adherence to
internal
 Loss of time and policies/proced
resources. ures Records  Apply public authority
 breaches of Management processes
confidentiality.  Robust contract  Engage in Transition
 reputational management Planning with suppliers
 Contract
Lack of damage. and in advance of contract
Manager
Procurement properly  legal action. Mediu administration transitions
11 Moderate Possibl Minor Low Manage  BU Manager
Process maintained  Loss of valuable m process Unlikely  Maintain strong
e  Public authority
records information. including relationship with
Policy team
 compromised regular records management
accountability meetings and and data system
and targeted stakeholders
transparency. discussions
 Fraud. relating to
records
management

(5)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 5
Version: 1.1
OFFICIAL
APPENDIX 2 - RISK ASSESSMENT TABLES AND MATRIX
The below Risk Assessment tables and matrices are examples only. Public authorities should review and implement their own specific risk
assessment protocols
Likelihood Table Risk Decision Matrix
Likelihood Description
Rare Once in ten years.
Critical High High Extreme Extreme Extreme
Event may occur in exceptional circumstances.
No known past occurrences.
Major Medium Medium High High Extreme

CONSEQUENCE
< 1% chance the event will occur.
Unlikely Once in five years.
Moderate Medium Medium Medium High High
Event could occur but is not anticipated.
Very few known past occurrences.
Minor Low Low Medium Medium Medium
1 - 25% chance the event will occur in foreseeable future.
Possible Once a year.
Insignificant Low Low Low Low Low
Event could occur at some time.
Past occurrences have been minimal. LIKELIHOOD
26 - 50% chance the event will occur in medium term.
Likely Once a month. Rare Unlikely Possible Likely Almost
Certain
Event could occur in most circumstances.
Past occurrences are known.
Required Actions
51 - 85% chance the event will occur in short term.
Almost Certain Once a week or daily. Risk Rating Action Required
Event expected to occur in most circumstances.
Immediate action required with specific treatments required. Report
Occurrences are happening now. Extreme
action in risk management plan.
> 85% chance the event will occur.
High Risk treatment should be a priority. Report action in risk
management plan.

Medium Determine specific monitoring or response procedures and assign

management responsibility.

(6)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 6
Version: 1.1
OFFICIAL

Consequences Table
Category Financial People
Critical Significant financial loss / Fatality / fatalities or actual
impact upon budget. or severe permanent
disability.
Inability to recruit staff /
contractors with necessary
skills resulting in contract
failure or long-term skills,
knowledge and/or expertise
shortage.
Major Major financial loss / impact No fatality but inpatient
upon budget. hospitalisation and actual or
severe potential disability.
Widespread engagement
issues resulting in potential
contract failure or medium-
term skills, knowledge
and/or expertise shortage.
Moderate Moderate financial loss / Medical treatment required
impact upon budget. but no fatalities or potential
disability.
Short-term skills, knowledge
and/or expertise shortage.
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 7
Version: 1.1
Low
Procurement
Significant breakdown in
governance structures.
Significant fraudulent/
corrupt activity.
Inability to procure a critical
technology or services, with
significant impact on
clients/end-users and
community.
Significant breakdown in
industry/supplier
relationship with public
authority.
Systemic breakdown in
governance structures, or
one-off major breakdown in
governance structures.
Systemic fraudulent/ corrupt
activity, or one-off major
fraudulent/ corrupt activity.
Inability to procure a
technology or services, with
major impact on clients/end-
users and community.
Breakdown in
industry/supplier
relationship with public
authority.
Repeated breakdown in
governance structures., or
one-off moderate breakdown
in governance structures.
Repeated mismanagement,
or one-off moderate
mismanagement of
procurement activity
(7)
OFFICIAL
Manage by routine procedures. Nominated officer should monitor.
Service Delivery
Systemic failure of
procurement process and/or
contract.
Significant impact upon
service delivery (i.e. service
failure or significant service
disruption).
Significant intervention
required by public authority
(Minister/CE level) to address
impact on service delivery.
Continued viability of
procurement process and/or
contract is threatened.
Major impact upon service
delivery (i.e. high risk of
service failure or significant
service disruption).
Intervention required by
public authority (Executive)
to address impact on service
delivery.
Effectiveness and efficiency
of key elements of the
procurement process and/or
contract is reduced.
Moderate impact upon
service delivery.
Executive/senior
management intervention
Contractual
Significant contractual non-
compliance or non-
performance. Significant
impact on clients/end-users
and/or community.
Contract termination and
sustained contract disputes
almost certain.
Systemic contractual non-
compliance or non-
performance, or one-off
major contractual non-
compliance or non-
performance, having major
impact on client/end-users
and/or community.
Contract termination and
contract disputes are likely.
Repeated contractual non-
compliance or non-
performance, or one-off
moderate contractual non-
compliance or non-
performance, with moderate
impact on clients/end-users
and/or community.
Objectives / Reputation
Significant number of
procurement objectives not
achieved.
Sustained negative publicity /
Parliamentary inquiry.
Long-term damage to public
authority reputation.
Several procurement
objectives not achieved.
Widespread negative
publicity that lasts for
months / Ministerial
intervention.
Sustained damage to
reputation and loss of
confidence in public
authority.
Major components of
procurement objectives not
achieved.
Negative publicity that lasts
for weeks.
Significant but short-term
damage to public authority
reputation.
 resulting in probity breaches.
Delays/impacts on ability to
procure a technology or
services, with moderate
impacts on clients/end-users
and community.
Strained relationships
between industry/supplier
and public authority.
Minor Minor financial loss / impact First aid treatment required One-off minor breakdown in
upon budget. but no fatalities or potential governance structures.
disability. One-off minor
Minor skills shortage. mismanagement of
procurement activity
resulting in minor probity
breaches.
Delays/ impacts on ability to
procure a technology or
services, with minor impacts
on clients/end-users and
community.
Supplier complaints.
Insignificant Insignificant financial loss / No injuries. Immaterial breakdown in
impact upon budget. No skills shortage. governance structures.
Immaterial mismanagement
of procurement activity with
no impact on probity
matters.
Immaterial impacts on ability
to procure a technology or
services, with no impacts on
clients/end-users and
community.
required.
Effectiveness and efficiency
of elements of the
procurement process and/or
contract is reduced.
Minor impact upon service
delivery.
Manager intervention
required.
Negligible impact upon
effectiveness and efficiency
of the procurement process
and/or contract.
No impact upon service
delivery.
No intervention required.
Dealt with through normal
operations.
High level of performance
improvement resources
required.
One-off minor contractual
non-compliance or non-
performance. minor impact
on clients/end-users or
community.
Moderate performance
improvement resources
required.
Immaterial contractual non-
compliance or non-
performance.
No impact on clients/end
users and/or community.
Minor components of
procurement objectives not
achieved.
Some negative publicity that
lasts for days.
Temporary minor negative
impact upon public authority
reputation.
No effect upon procurement
objectives.
Potential for public interest.
No damage to public
authority reputation.

(8)
Further information: Procurement Services SA Effective: 20.02.2023
Contact Number: (08) 8226 5001 Next review: 01.07.2024
Contact Email: procurement@sa.gov.au Page Number: 8
Version: 1.1
OFFICIAL