Compliance Risk Assessment template instructions

RISKS: Risk scenarios: Enter the main risk scenarios for the legislation being managed in the 'Risk Scenarios' column

INHERENT RISK: Consequence: Using the University's Risk Management: Consequence table (see 'Further info on risk HERE' ta
the level. Note: this is the consequence ignoring any controls that are in place.
INHERENT RISK: Likelihood: Using the University's Risk Management: Likelihood table (see 'Further info on risk HERE' tab), bro
select the level. Note: this is the likelihood ignoring any controls that are in place.

INHERENT RISK: Inherent Risk Rating: This cell will be automatically calculated. For context, refer to the the University's Risk M

CONTROLS ASSESSMENT: Existing Controls: Summarise what controls already exist at the University in relation to this risk (do

CONTROLS ASSESSMENT: Controls Rating: Using the the University's Risk Management: Controls assessment table (see 'Furthe

RESIDUAL RISK: Likelihood: Given the controls listed in the 'Existing Controls' column, what is the realistic and reasonable likeli

RESIDUAL RISK: Residual Risk Rating: This cell will be automatically calculated. For context, refer to the University's Risk Mana
controls put in place will not change the consquences of the risk but will reduce the likelihood of it occuring.
RESIDUAL RISK: Further action?: Given the Residual Risk Rating, further action may be necessary or beneficial. You may know t
'Existing Controls' column, which may result in a lower likelihood and possible lower Residual Risk Rating.

Example: INHERENT RISK

RISKS (i.e. no controls present or
controls fail)
Inherent
Risk Scenarios Consequence Likelihood Risk Rating

EXAMPLE ONLY: Breach of Cake Act, specifically, non-provision of 4. Major 4. Likely 16 - high
Christmas cake to LCS for Christmas.
Risk Scenarios' column

(see 'Further info on risk HERE' tab), broadly assess the realistic and reasonable worst-case scenario across the range of consequence categ

urther info on risk HERE' tab), broadly assess the realistic and reasonable likelihood/frequency of the consequence being realised ('coming

efer to the the University's Risk Management: Risk Acceptance Criteria table (see 'Further info on risk HERE' tab).

iversity in relation to this risk (do not note expected improvements or new controls here).

rols assessment table (see 'Further info on risk HERE tab'), assess the efficacy of the current controls.

s the realistic and reasonable likelihood/frequency of the consequence being realised (using the drop-down box to select the level).

efer to the University's Risk Management: Risk Acceptance Criteria table (see 'Further info on risk HERE' tab). Note that there is no consequ
d of it occuring.
sary or beneficial. You may know these as 'Treatment Action Plans' from operational risk assessments. When these further actions are com
Risk Rating.

CONTROLS ASSESSMENT
Controls Residual
Existing Controls Likelihood Risk
Rating Rating

Reminder added to calendar for early December. Adequate 2. Unlikely 8 - medium

cross the range of consequence categories, using the drop-down box to select

onsequence being realised ('coming true'), using the drop-down box to

HERE' tab).

down box to select the level).

E' tab). Note that there is no consequence selection here as generally the

When these further actions are completed, they may be moved to the

RESIDUAL RISK
(i.e. after controls)
Further Action? (action, responsible person, expected date)

Amend reminder for perpetual yearly recurrence. A Sullivan. Jan 2016.

COMPLIANCE RISK ASSESSMENT: XYZ Act
INHERENT RISK
RISKS (i.e. no controls present or
controls fail)

Inherent
Risk Scenarios Consequence Likelihood Risk Rating

1 4. Major 4. Likely 16 - high

2 2. Minor 2. Unlikely 4 - low

5. Almost
3 1. Insignificant 5 - medium
certain

4 3. Moderate 2. Unlikely 6 - medium

7
 RESIDU
CONTROLS ASSESSMENT (i.e. after

Controls Residual
Existing Controls Likelihood Risk
Rating Rating

Adequate 2. Unlikely 8 - medium

Adequate 2. Unlikely 4 - low

Adequate 3. Possible 3 - low

Adequate 3. Possible 9 - medium

 RESIDUAL RISK
(i.e. after controls)

Further Action? (action, responsible person, expected date)

 All information on this page from the University's Risk Reference Tab

Likelihood descriptions

Consequence levels and descriptions

Refer to the Consequence Table of the Univerisity's Risk Reference Tables.Note: they are not copied to this tem

Risk acceptance criteria

Date of revocation: Page 7 of 13 398083817.xlsx

 Controls Assessment
Descriptor Foreseeable
Less than what a reasonable person would be expected
Inadequate to do in the circumstances.
Only what a reasonable person would be expected to do
Adequate in the circumstances.

More than what a reasonable person would be expected

Excellent to do in the circumstances.

Date of revocation: Page 8 of 13 398083817.xlsx

 the University's Risk Reference Tables (click here to access)

ables.Note: they are not copied to this template as they may change from time to time.

Date of revocation: Page 9 of 13 398083817.xlsx

Detail
Little to no action being taken. No protection systems exist or they have not been reviewed for some time. No formalised
procedures.
Being addressed reasonably. Protection systems are in place and procedures exist for common or typical circumstances.
Periodic review.

Controls fully in place and require only ongoing maintenance and monitoring. Protection systems are being continuously
reviewed and procedures are regularly tested.

Date of revocation: Page 10 of 13 398083817.xlsx

Date of revocation: Page 11 of 13 398083817.xlsx
Date of revocation: Page 12 of 13 398083817.xlsx
 Likelihood level
Consequence level 1. Rare 2. Unlikely 3. Possible 4. Likely5. Almost certain
1. Insignificant 1 - low 2 - low 3 - low 4 - low 5 - medium
2. Minor 2 - low 4 - low 6 - medium8 - medium 10 - high
3. Moderate 3 - low 6 - medium9 - medium 12 - high 15 - high
4. Major 4 - low 8 - medium 12 - high 16 - high 20 - extreme
5. Critical 5 - medium 10 - high 15 - high 20 - extreme25 - extreme

Risk rating
1 1 - low
2 2 - low
3 3 - low
4 4 - low
5 5 - medium
6 6 - medium
8 8 - medium
9 9 - medium
10 10 - high
12 12 - high
15 15 - high
16 16 - high
20 20 - extreme
25 25 - extreme