risk management template

Risk Assessment & Management Plan

Risk Management Principles:Risk Management should:

1 create value – resources expended to mitigate risk should be less than the consequence of inaction2 be an integral part of organizational processes3 be part of decision making4 explicitly address uncertainty and assumptions5 be systematic, structured and timely6 be based on the best available information7 be tailorable8 take human and cultural factors into account9 be transparent and inclusive

10 be dynamic, iterative and responsive to change11 facilitates continual improvement and enhancement of the organization12 be continually or periodically re-assessed

Navigation of this tool1 To Identify Risks2 To Evaluate Risks3 To Treat (Manage/Action) Risks4 To Monitor (Review) Risks5 To Report on Risks

6 To View/Update Validation Rules

Benefits of Risk Management1 Increase the likelihood of achieving objectives;2 Encourage proactive management;3 Be aware of the need to identify and treat risk throughout the organization;4 Improve the identification of opportunities and threats;5 Achieve compatible risk management practices between organisations and nations;6 Comply with relevant legal and regulatory requirements and international norms;7 Improve governance;8 Improve stakeholder confidence and trust;

9 Establish a reliable basis for decision making and planning;

Author: Sean Chamberlin

Click HereClick HereClick HereClick HereClick HereClick Here

http://www.linkedin.com/in/seanchamberlin

http://www.linkedin.com/in/seanchamberlin

Risk Management Process:

create value – resources expended to mitigate risk should be less than the consequence of inaction

Com

mun

icat

ion

Con

sulta

tion

Further Information on Risk Management10 Improve controls; LinkedIn Group 'ISO 31000 Risk Management Standard'

11 Effectively allocate and use resources for risk treatment;12 Improve operational effectiveness and efficiency; International Organisation for Standardization

13 Enhance health & safety performance and environmental protection;14 Improve loss prevention and incident management; Standards Australia Risk Management Principles & Guidelines

15 Minimize losses;16 Improve organizational learning; and Concise Guide to Treasury Risk Management

17 Improve organizational resilience. http://www.charteredaccountants.com.au/Industry-Topics/Audit-and-assurance/Current-issues/Audit-Committee-Guides/Audit-Committee-Guides/Treasury-Management-Guide.aspx

http://www.linkedin.com/groups/ISO-31000-Risk-Management-Standard-1834592?trk=my_groups-b-grp-v

http://www.iso.org/iso/home/standards/iso31000.htm

http://sherq.org/31000.pdf




Risk Management Process:

Establishing the Context

Mon

itorin

g &

Rev

iew

Risk Assessment

Risk Identification

Risk Analysis

Risk Evaluation

Risk Treatment

Further Information on Risk ManagementLinkedIn Group 'ISO 31000 Risk Management Standard'

International Organisation for Standardization

Standards Australia Risk Management Principles & Guidelines

Concise Guide to Treasury Risk Management

http://www.charteredaccountants.com.au/Industry-Topics/Audit-and-assurance/Current-issues/Audit-Committee-Guides/Audit-Committee-Guides/Treasury-Management-Guide.aspx







http://www.charteredaccountants.com.au/Industry-Topics/Audit-and-assurance/Current-issues/Audit-Committee-Guides/Audit-Committee-Guides/Treasury-Management-Guide.aspx

Risk Assessment & Management Plan

IDENTIFY

# Risk

1 loss of relevance of products to customer base

2 Risk 23 Risk 34 Risk 45 Risk 56 Risk 67 Risk 78 Risk 89 Risk 9

10 Risk 10111213141516171819202122232425262728293031323334353637383940

IDENTIFY

Source

changing market needs & sentiment

Business Goals/Objectivesimpacted by Risk

IDENTIFY

Business Process Category

Strategic Environmental

Assumptions & key variables used to assess risk

IDENTIFY

Link to Document Document Type Existing Controls

Strategic Plan annual review of plans

Business Continuity PlanOH&S Policies & ProceduresOther

EVALUATION

Assessment of Existing Controls Consequence Likelihood

Opportunities for Improvement Major Possible

Major Almost CertainModerate LikelyModerate PossibleMinor PossibleMinor PossibleMinor UnlikelyMinor UnlikelyNegligible RareNegligible Rare

Cost of Consequence (if known)

EVALUATION TREATMENT / ACTION PLAN

Risk Priority Action Action Type Responsibility

High Google Analytics daily review Marketing rep

V HighHigh

MediumMediumMedium

LowLowLowLow

Reduce Likelihood (eg. P&P, Training)

TREATMENT / ACTION PLAN Monitoring

By When Residual Risk Rating Key Risk Indicators Reporting/Monitoring

01-Jan-15 AdequateGoogle searching for our product description falling

Weekly line graph of total searches for our products

ONGOING REVIEWS

Last Reviewed Review Frequency (# Months) Next Review Due Responsibility

01-Mar-14 12 01-Mar-15 Marketing

Top Risks by Category/Industry

Click on appropriate category to get a list of the common risks

Board Legal Responsibilities (and therefore may represent risks)

Avoid Conflict of InterestAvoid Insolvent TradingAvoid FraudAvoid Negligence

Information Security

Anti-DiscriminationContracts LawDefamation

Board level risksInsurance Industry top 10 risksManufacturing Industry risksSmall Business risksProcurement process risks, consequences & related actionsTreasuryProject RisksOHS (Health & Safety)

Fiduciary Duty (common law) – act in good faith for the benefit of, or in the interests of, the organisation

Duty to Act in Good Faith (sect 181 of Corporations Act) – A director must exercise their power in good faith in the best interests of the corporation & for a proper purpose

Do Not Misuse Information or Position of Director - The law prohibits Board members from using their position to gain an advantage for themselves or another, or to cause detriment to the entity they are governing

Do Not Abuse an Opportunity – if you become aware of an opportunity as a result of your position on a board then you should not take up tht opportunity for personal benefit at the expense of the organisation

Duty to Act with Care & Diligence - Board members must exercise their powers and discharge their duties with the care and diligence of a "reasonable person" in their position. Board members with a high level of expertise will attract a higher standard of care than other members.

Tax – tax legislation including any obligations required for charitable income tax exempt status and/or deductible gift recipient status (if applicable).

Conditions of funding – contractual obligations that exist to any funding bodies.

Occupational health and safety – must provide a safe workplace for employees, subcontractors, volunteers and a range of others. For example training on fire evacuation procedures, electrical safety, first aid, no smoking in workplace, etc.

Industry-specific – for example child care and safety in schools.

Organisation Constitutional compliance – for example rights of members, appointments to the board & their tenure, etc.

Privacy – important to understand what data is considered to be private as this is subject to tight regulatory controls as to its use, accesibility, accuracy & storage

Environmental Sustainability such as EPA compliance

HR – for example pay rates, superannuation contribution amounts & frequency, Sick Leave, Overtime, Hiring & Firing procedures

Trade Practices Act – for example misleading & deceptive conduct, Third Line Forcing, etc

Fund Raising

Manufacturing IndustryAre substances used in particular tasks suitable for the tasks?

Are hazardous substance containers adequately labelled?

Are hazardous substances stored according to respective MSDS?

Is plant and equipment suitable for the required tasks?

Are there systems in place to prevent injury from fragmentation of or flying particles from plant and equipment?

Are there systems in place to prevent injury from falling plant and equipment?

Are there systems in place to prevent injury from performing a task with plant and equipment in a confined space?

Are there systems in place to prevent injury from inadvertent movement of plant and equipment?

Does plant and equipment have adequate power isolation, noise insulation, ventilation and fume extraction?

Are tasks performed for more than 2 hours done so at humidity levels between 40% to 60%?

Are electrical fixtures provided with adequate earthing or other residual current devices?

Are any signs of damage to either cable isolation or other electrical fixtures rectified?

Are there identified colour coded cable labelled isolators to all switchboards?

Are employees prevented from performing tasks in metal enclosures or damp places using electrical tools?

Is there a regular inspection of portable cords and extension leads?

Are ‘Danger' tags used by electricians when working on plant?

Is employees' eyesight assessed every two years to determine their ability to continue performing their tasks?

Has lifting, carrying, pushing, and pulling been eliminated from all tasks?

Has frequent bending, twisting and stretching been eliminated from all tasks?

Has lifting of awkward loads been eliminated from all tasks?

Is there a register of hazardous substances, and an inventory of chemicals purchased or produced and material safety data sheet (MSDS) for each substance?

Are all moving parts of plant and equipment guarded to prevent contact with people and property to minimise the risk of injuries and damage, such as crushing, stabbing, cutting, puncturing, shearing, and tearing?

Are there systems in place to prevent injury from ‘stored energy' in plant and equipment, for example compressed air or hydraulic pressure after turning off plant?

Are there systems in place to prevent injury resulting from failure of plant and equipment due to the loss of contents, loss of load, unintended ejection of product, explosion, fragmentation or collapse of parts?

Is the noise level of plant, equipment and the surrounding environment within the legislated noise level set down for your particular workplace?

For people using vibrating hand-held equipment or operating vibrating controls (chain saws, sewing machines, grinders, pneumatic drills, and so on) are exposure levels within values recommended by Australian Standard AS2763?

For drivers of vehicles and tractors, and helicopter and airplane pilots, are the vibration exposure levels within values recommended by Australian Standard AS2670?

For operators of vibrating platforms on manufacturing/construction sites, are exposure levels within values as per Australian Standard AS2670?

Are occupational exposures to Ionising radiation, such as X-rays, and gamma-rays equipment, within limits set by WorkSafe Australia Network Health and Medical Research Council (National Standard Recommendations for limiting exposure to ionising radiation)?

Is plant and equipment that generates UV radiation, such as photocopiers, lasers, UV cured inks in the printing industry, and welding emissions enclosed?

Are radio frequency exposure levels from TV/FM radios transmitters, radio, microwaves, plastic moulders, induction heaters and so on kept as low as practically possible?

Are outdoor workers provided with personal protective equipment and work systems as per WorkSafe Australia - guidance note on the protection of workers from UV radiation in sunlight?

Are tasks performed at temperatures between 16°C and 24°C for sedentary work, 4°C and 24°C for light work and – 7°C and 24°C for moderately heavy work?

Is electrical wiring installed according to Australian Standard AS 3900?

Does electrical equipment comply with Australian Standard AS3100 - General Requirements For Electrical Equipment?

Is adequate lighting provided according to Australian Standard AS1680 – lighting levels for different types of work?

Are hazardous conditions that are likely to arise during the use of plant and equipment as a result of friction, fire, explosion, moisture, vapour, gases, dust and ice controlled?

Are access and egress arrangements for doorways, passageways, stairs, gangways and so on clear of obstructions, well lit, free of slip hazards and secure?

Has repetitive work using awkward or constrained postures been eliminated from all tasks?

Have slip, trip and fall hazards been eliminated?

Are all walkways free of obstructions?

Are floors undamaged?

Are ladders checked regularly for any damage?

Are stairways well lit and properly maintained?

Are work stations and benches adjusted to suit the physical dimensions of workers?

Are safety devices and emergency back-up arrangements of plant equipment and systems suitable for the tasks being performed?

Are plant, equipment, building areas and fixtures maintained and repaired?

Are environmental conditions and terrain suitable for the plant and substances that are used?

Are hazardous elements, such as electricity, water and incompatible chemicals, segregated?

Are systems in place to address conflict between staff?

Are systems in place to address poor job satisfaction?

Are systems in place to address low job security?

Have poor work conditions, such as noise, dust, lack of ventilation and so on been eliminated?

Are visitors to the workplace provided with relevant safety information and are they supervised?

Do workers hold the required competency requirements, such as licensing, certification and apprenticeships?

Is training and supervision provided to meet the needs of each individual worker?

Insurance IndustryClimate change

Demographic shifts in core markets

Catastrophic events

Emerging markets

Regulatory intervention

Channel distribution

Integration of technology with operations and strategy

Securities markets

Legal risk

Geopolitical or macroeconomic shocks

Small Business

Are the current work systems appropriate, for example, whether more or fewer people should be involved and whether work procedures need to be revised?

Financial – includes cash flow, budgetary requirements, tax obligations, creditor and debtor management, remuneration and other general account management concerns.

Equipment – extends to equipment used to conduct the business and includes everyday use, maintenance, depreciation, theft, safety and upgrades.

Organisational – relates to the internal requirements of a business, extending to the cultural, structural and human resources of the business.

Security – includes the business premises, assets and people. Also extends to security of company information, intellectual property, and technology.

Legal & regulatory compliance – includes legislation, regulations, standards, codes of practice and contractual requirements. Also extends to compliance with additional ‘rules’ such as policies, procedures or expectations, which may be set by contracts, customers or the social environment.

Reputation – entails the threat to the reputation of the business due to the conduct of the entity as a whole, the viability of products/services, or the conduct of employees or others associated with the business.

Treasury

Operational – covers the planning, daily operational activities, resources (including people) and support required within the a business that results in the successful development and delivery of products/services.

Contractual – meeting obligations required in a contract including delivery, product/service quality, guarantees/warranties, insurance and other statuatory requirements, non-performance.

Service delivery – relates to the delivery of services, including the quality of service provided, or the manner in which a product is delivered. Includes customer interaction and after-sales service.

Commercial – includes risks associated with market placement, business growth, product development, diversification and commercial success. Also to the commercial viability of products/services, extending through establishment, retention, growth of a customer base and return.

Project – includes the management of equipment, finances, resources, technology, timeframes and people involved in the management of projects. Extends to internal operational projects, business development and external projects such as those undertaken for clients.

Safety – including everyone associated with the business: individual, workplace and public safety. Also applies to the safety of products/services delivered by the business.

Stakeholder management – includes identifying, establishing and maintaining the right relationships with both internal and external stakeholders.

Client-customer relationship – potential loss of clients due to internal and external factors.Strategic – includes the planning, scoping, resourcing and growth of the business.

Technology – includes the implementation, management, maintenance and upgrades associated with technology. Extends to recognising critical IT infrastructure and loss of a particular service/function for an extended period of time. It further takes into account the need and cost benefit associated with technology as part of a business development strategy.

Market Risk(the movement in value due to a change in price, creating a positive or negative value for the organisation)

Credit Risk(the risk that your counter party defaults before or on settlement date)

Liquidity Risk(risk of not being able to deal in a market due to lack of liquidity, and funding risk, which is not havingadequate funds in place when they are needed)

Project Risks

Executive Support

Cost Management

Change Management

Stakeholders

Communication

Resources & Team

Liquidity Risk(risk of not being able to deal in a market due to lack of liquidity, and funding risk, which is not havingadequate funds in place when they are needed)

Operational Risk(loss due to failure of people, processes and systems, or an external event suchas fire, fraud, flood, earthquake or other natural phenomenom)

Resources & Team

Architecture

Design

Technical

Integration

Requirements

Decisions & Issue Resolution

Decisions & Issue Resolution

Procurement

Authority

Approvals & Red Tape

Organizational

External

Project Management

User Acceptance

Commercial

Risk Category

Planning

Procurement - common risks & management approaches

Planning

Developing the specification

Selecting the purchasing method

Purchasing documentation

Purchasing documentation

Inviting, clarifying and closing offers

Evaluating offers

Evaluating offers

Selecting the successful tenderer

Negotiations

Negotiations

Contract management

Contract management

Evaluating the procurement process

Disposals

OH&S (Health & Safety)

Risk Category

Mechanical hazards

Chemical and biological hazards

Sources of energy

Body stressing or impact hazards

Gravity

Psychological

Are risks identified as early as possible to ensure adequate steps are taken to handle the exposure in a timely manner?

Do risk measurement methodologies measure the risks adequately and in a timely manner?

Are potential stress tests and ‘what if’ analyses undertaken monthly – (eg.measuring sensitivity of exposure to market risk (VAR) and scenario analysis?

Is there a suitable mix of floating and fixed interest rates?

What is the foreign exchange risk hedging policy?

What percentage of foreign exchange is hedged?

Is the audit committee informed of any breaches of market risk policy or limits?

Is there adequate capacity to measure credit exposure?

Does the organisation have a process for handling and valuing collateral received or paid?

Does the organisation have settlement limits?

What reliance is placed on credit ratings provided by a credit rating agency?

Is credit risk appropriately managed?

Is the audit committee informed of any breaches of credit or settlement limits immediately?

What processes are in place to determine credit limits?

What processes are in place to measure liquidity risk?

What impact do financial instruments have on cash flow?

Are appropriate cash limits in place?

Are secured funding lines in place?

What level of security do these funding lines have?

Is close contact kept with funders, shareholders and bankers?

Are there diversified sources of funds?

Is there a spread of products and maturities so that maturities do not build up?

Is there liquidity in all the various financial instruments eg. any exotic or structure products?

What stress scenarios are run and are they stressful enough?

Is the audit committee informed of liquidity stress issues in a timely manner?

Are all staff who are responsible for monitoring derivative transactions well trained and qualified?

What is the culture of staff and management toward risk and controls?

Have staff adequate expertise for the roles that they perform?

Are bonuses paid based on the results of any risk management or treasury activities?

Is there an independent system for calculating and reporting to calculate and report results?

Are treasury operations handled by internal staff with the appropriate treasury skills?

Are front and back office systems adequate and appropriately segregated to ensure the completeness and accuracy of processing, settlement and verification of the value of outstanding transactions?

Are valuation and spreadsheet models independently reviewed?

Are all back office staff adequately trained and do they understand the products used?

Are the organisation’s systems capable of producing adequate disclosure information for users of the financial statements?

Are accounting results routinely calculated and regularly reported?

Do the external auditors have a clear understanding of their role in verifying the financial transactions?

Are the policies and procedures reviewed at least annually?

1. Executives fail to support project

2. Executives become disengaged with project

3. Conflict between executive stakeholders disrupts project

4. Executive turnover disrupts project

5. Scope is ill defined

6. Scope creep inflates scope

7. Gold plating inflates scope

8. Estimates are inaccurate

9. Dependencies are inaccurate

10. Activities are missing from scope

11. Cost forecasts are inaccurate

12. Exchange rate variability

13. Change management overload

14. Stakeholder conflict over proposed changes

15. Perceptions that a project failed because of changes

16. Lack of a change management system

17. Lack of a change management process

18. Lack of a change control board

19. Inaccurate change priorities

20. Low quality of change requests

21. Change request conflicts with requirements

22. Stakeholders become disengaged

23. Stakeholders have inaccurate expectations

24. Stakeholder turnover

25. Stakeholders fail to support project

26. Stakeholder conflict

27. Process inputs are low quality

28. Project team misunderstand requirements

29. Communication overhead

30. Under communication

31. Users have inaccurate expectations

32. Impacted individuals aren't kept informed

33. Resource shortfalls

34. Learning curves lead to delays and cost overrun

35. Training isn't available

36. Training is inadequate

37. Resources are inexperienced

38. Resource performance issues

39. Team members with negative attitudes towards the project

40. Resource turnover

41. Low team motivation

42. Lack of commitment from functional managers

43. Architecture fails to pass governance processes

44. Architecture lacks flexibility

45. Architecture is not fit for purpose

46. Architecture is infeasible

47. Design is infeasible

48. Design lacks flexibility

49. Design is not fit for purpose

50. Design fails peer review

51. Technology components aren't fit for purpose

52. Technology components aren't scalable

53. Technology components aren't interoperable

54. Technology components aren't compliant with standards and best practices

55. Technology components have security vulnerabilities

56. Technology components are over-engineered

57. Technology components lack stability

58. Technology components aren't extensible

59. Technology components aren't reliable

60. Information security incidents

61. System outages

62. Legacy components lack documentation

63. Legacy components are out of support

64. Components or products aren't maintainable

65. Components or products can't be operationalized

66. Project management tool problems & issues

67. Delays to required infrastructure

68. Failure to integrate with business processes

69. Failure to integrate with systems

70. Integration testing environments aren't available

71. Failure to integration with the organization

72. Failure to integrate components

73. Project disrupts operations

74. Project disrupts sales

75. Project disrupts compliance

76. Requirements fail to align with strategy

77. Requirements fail to align with business processes

78. Requirements fail to align with systems

79. Requirements have compliance issues

80. Requirements are ambiguous

81. Requirements are low quality

82. Requirements are incomplete

83. Decision delays impact project

84. Decisions are ambiguous

85. Decisions are low quality

86. Decisions are incomplete

87. No response to RFP

88. Low quality responses to RFP

89. Failure to negotiation a reasonable price for contracts

90. Unacceptable contract terms

91. Conflict with vendor leads to project issues

92. Conflict between vendors leads to project issues

93. Vendors start late

94. Vendor components fail to meet requirements

95. Vendor components are low quality

96. Infrastructure is low quality

97. Service quality is low

98. Vendor components introduce third party liability

99. Loss of intellectual property

100. Project team lack authority to complete work

101. Authority is unclear

102. Delays to stakeholder approvals impact the project

103. Delays to financial approvals impact the project

104. Delays to procurement processes impact the project

105. Delays to recruiting processes impact the project

106. Delays to training impact the project

107. The project fails to match the organization's culture

108. An organizational restructuring throws the project into chaos

109. A merger or acquisition disrupts the project

110. Legal & regulatory change impacts project

111. Force Majeure (e.g. act of nature) impacts project

112. Market forces impact project

113. Technical change impacts project

114. Business change impacts project

115. Failure to follow methodology

116. Lack of management or control

117. Errors in key project management processes

119. Users reject the prototype

120. User interface doesn't allow users to complete tasks

121. User interface is low quality

122. User interface isn't accessible

123. Project reduces business productivity

124. Project reduces innovation

125. Product disrupts business metrics (measurements of objectives)

126. Users reject the product

127. Product doesn't sell

128. Product incurs legal liability

129. Product negatively affects brand

130. Product negatively affects reputation

Risk

Understatement of the need

Understatement of the need

Overstatement of the need

Misinterpretation of user needs

Insufficient funding

Impractical timeframe

Probity issues

Biased specification

Inadequate statement of requirements

Failure to identify potential sources

Selecting inappropriate method

Narrow definition or commercial specification (eg. use of brand name)

Definition of inappropriate product or service

Terms and conditions unacceptable to tenderers

Providing inadequate information

Insufficient number of responses

Breaches of security

Terms and conditions unacceptable to tenderers

Failure to adequately address enquiries from tenderers

Actual or perceived favouritism in providing information

Actual or perceived breach of confidentiality

No response from known quality suppliers

Failure to follow effective evaluation procedures

Breaches of security

Offers fail to meet needs

Failure to identify a clear winner

Decision made on subjective grounds

Selecting an inappropriate supplier

Selecting inappropriate product

Deadlock on details of agreement

Failure to secure mandatory conditions

Not matching the expectations of buyer and tenderer

Unfair or onerous requirements on the tenderer in the contract conditions

Variations in price and foreign exchange

Inadequately administering the contract

Unauthorised increase in scope of work

Loss of intellectual property

Loss or damage to goods in transit

Fraud

Key personnel not available

Unfair or onerous requirements on the tenderer in the contract conditions

Failure to reflect the terms offered and agreed in the contract

Inadvertently creating a contract without the delegate's prior approval

Unwillingness of the supplier to accept the contract

Failure of either party to fulfil the conditions of the contract

Commencement of work by the supplier before contract is exchanged or letter of acceptance issued

Failure to meet liabilities of third parties (eg. royalties or third party property insurance)

Key personnel not available

Failure to identify and address problems

Collusive bidding at auction

Inadequate tender management

Risk

Plant, equipment and items (and parts of them) that have the potential to cut, rip, tear, abrade, crush, penetrate, produce projectiles or cause sudden impact.

Chemicals, compounds, materials, powders, dusts and vapours that have the potential to impair health, have adverse effects on human reproduction, cause disease or have explosive, fl ammable, toxic or corrosive properties.

A range of sources of energy that have the potential to cause harm, including electricity, heat, cold, noise, high powered light and damaging radioactive sources.

Activities that cause stress to the muscles and/or skeleton, including manual handling of people, animals, goods or materials and things or circumstances that can cause a person to slip, trip or fall at the same level.

Activities that are carried out where a person can fall or an object can fall onto people.

Hazards Events, systems of work or other circumstances that have the potential to lead to psychological and associated illness, including work-related stress, bullying, workplace violence and work-related fatigue.

Failure to evaluate procurement and management processes

Are risks identified as early as possible to ensure adequate steps are taken to handle the exposure in a timely manner?

Do risk measurement methodologies measure the risks adequately and in a timely manner?


Is there a suitable mix of floating and fixed interest rates?

What is the foreign exchange risk hedging policy?

What percentage of foreign exchange is hedged?

Is the audit committee informed of any breaches of market risk policy or limits?

Is there adequate capacity to measure credit exposure?

Does the organisation have a process for handling and valuing collateral received or paid?

Does the organisation have settlement limits?

What reliance is placed on credit ratings provided by a credit rating agency?

Is the audit committee informed of any breaches of credit or settlement limits immediately?

What processes are in place to determine credit limits?

What processes are in place to measure liquidity risk?

What impact do financial instruments have on cash flow?

What level of security do these funding lines have?

Is close contact kept with funders, shareholders and bankers?

Is there a spread of products and maturities so that maturities do not build up?

Is there liquidity in all the various financial instruments eg. any exotic or structure products?

What stress scenarios are run and are they stressful enough?

Is the audit committee informed of liquidity stress issues in a timely manner?

Are all staff who are responsible for monitoring derivative transactions well trained and qualified?

What is the culture of staff and management toward risk and controls?

Have staff adequate expertise for the roles that they perform?

Are bonuses paid based on the results of any risk management or treasury activities?

Is there an independent system for calculating and reporting to calculate and report results?

Are treasury operations handled by internal staff with the appropriate treasury skills?


Are valuation and spreadsheet models independently reviewed?

Are all back office staff adequately trained and do they understand the products used?

Are the organisation’s systems capable of producing adequate disclosure information for users of the financial statements?

Are accounting results routinely calculated and regularly reported?

Do the external auditors have a clear understanding of their role in verifying the financial transactions?

Are the policies and procedures reviewed at least annually?

2. Executives become disengaged with project

3. Conflict between executive stakeholders disrupts project

14. Stakeholder conflict over proposed changes

15. Perceptions that a project failed because of changes

16. Lack of a change management system

17. Lack of a change management process

21. Change request conflicts with requirements

23. Stakeholders have inaccurate expectations

28. Project team misunderstand requirements

32. Impacted individuals aren't kept informed

34. Learning curves lead to delays and cost overrun

39. Team members with negative attitudes towards the project

42. Lack of commitment from functional managers

43. Architecture fails to pass governance processes

51. Technology components aren't fit for purpose

52. Technology components aren't scalable

53. Technology components aren't interoperable

54. Technology components aren't compliant with standards and best practices

55. Technology components have security vulnerabilities

56. Technology components are over-engineered

57. Technology components lack stability

58. Technology components aren't extensible

59. Technology components aren't reliable

62. Legacy components lack documentation

63. Legacy components are out of support

64. Components or products aren't maintainable

65. Components or products can't be operationalized

66. Project management tool problems & issues

68. Failure to integrate with business processes

70. Integration testing environments aren't available

71. Failure to integration with the organization

76. Requirements fail to align with strategy

77. Requirements fail to align with business processes

78. Requirements fail to align with systems

79. Requirements have compliance issues

89. Failure to negotiation a reasonable price for contracts

91. Conflict with vendor leads to project issues

92. Conflict between vendors leads to project issues

94. Vendor components fail to meet requirements

98. Vendor components introduce third party liability

100. Project team lack authority to complete work

102. Delays to stakeholder approvals impact the project

103. Delays to financial approvals impact the project

104. Delays to procurement processes impact the project

105. Delays to recruiting processes impact the project

106. Delays to training impact the project

107. The project fails to match the organization's culture

108. An organizational restructuring throws the project into chaos

109. A merger or acquisition disrupts the project

110. Legal & regulatory change impacts project

111. Force Majeure (e.g. act of nature) impacts project

117. Errors in key project management processes

120. User interface doesn't allow users to complete tasks

123. Project reduces business productivity

125. Product disrupts business metrics (measurements of objectives)

130. Product negatively affects reputation

Likely consequences

Purchase of unsuitable product or service

Money wasted

Need not satisfied

Greater expense

Poor competition

Totally unacceptable purchase or not most suitable product or service

Time lost

Increased costs

Possible downtime

Delay in making the purchase

Additional costs for re-tender

Inadequate responses from tenderers

Reduced competition

Delivery schedule not met

Increased procurement costs

Misuse of resources

Most suitable product not obtained

Unethical conduct

Fewer alternatives

Most suitable product or service may not be obtained

Increased costs

Need not satisfied

Time lost

Increased costs

Possible downtime

Inadequate responses from tenderers

Claims of unfair dealings

Variety of offers

Insufficient responses

Products offered not meeting needs

Difficult to evaluate

Lack of offers from suitable tenderers

Need to seek offers again

Possible cost variations

Failure to obtain value for money

Loading of costs in offers

Having to modify tender terms and conditions

Disruption

Low response

Loading of costs in offers

Variations in offers

Having to provide clarifying information, causing delays in tender closing

Additional costs

Claims of unfair practices

Offers with qualifications by tenderers

Withdrawal of offers

Complaints from tenderers

Withdrawal of offers


Mistrust by tenderers

Need to undertake process again

Increased costs

Delayed delivery to the client

Poor value for money due to limited competition

Reduced competition

Increased costs of products or services

Inconsistent evaluations

Possible complaints from tenderers

Subjective not objective evaluation of offers

Claims of unethical or unfair practices

Loss of faith with tenderers

Need to call tenders again

Additional costs

Delay in delivery

Claims of unethical and unfair behaviour


Failure to fulfil the contract

Failure to meet the client's need

Contract disputes

Delivery delays

Cost variations

Reduction in value for money

Purchase of less suitable product

Inefficient use of resources

Delays in delivery

Need to restart procurement

Possible cost of legal action

Inability to finalise contract

Delays in delivery

Variations in cost

Inefficient use of resources

Contract disputes

Invalidity of contract

Legal action

Poor supplier/customer relationship

Contract disputes

Legal action

Poor supplier/customer relationship

Expense of negotiating out of the contract and paying damages

Committing to other associated work prior to main contract existing

Cost overruns

Delays in delivery

Need to restart procurement

Contract disputes

Failure to satisfy needs

Delays in delivery

Downtime

Legal action

Cost increases

Failure of contract

Full benefits not achieved

Delivery of unsatisfactory product

Contract/supply disputes

Potential liability to pay for unauthorised work

Possibility of legal action for perceived breach of contract

Unanticipated cost increases

Contract disputes

Loss of commercial opportunity

Unwarranted reliance on supplier for product support

Legal action

Damage to the agency's professional reputation

Delays in delivery

Downtime

Liability disputes

Misuse of resources

Legal action

Disruption to procurement activities

Progress on project disrupted

Less expertise

Failure to improve procurement and management processes

Procurement objectives not achieved

Possible failure in the future

Not achieving best return

Claims of unethical and unfair practices

Claims of bias and favouritism to organisations or individuals

Reduction in value for money





Activities that are carried out where a person can fall or an object can fall onto people.


Action

Analyse need accurately

Analyse need accurately

Use functional and performance requirements

Improve consultation with users

Obtain clear statement of work and definition of need

Improve planning

Improve communication with potential tenderers

Maintain ethical environment

Improve training of personnel

Put suitable controls and reviews in place

Consider using a probity adviser

Improve communication with potential tenderers

Define the specification in terms of required outputs

Use functional and performance specifications

Ensure specification is consistent with needs analysis

Improve market knowledge



Be familiar with requirements


Improve procurement planning processes


Seek industry participation

Use the Industry Capability Network (ICN)

Provide staff with appropriate training and experience

Use standard documentation prepared by Crown Law

Obtain appropriate approvals before undertaking process

Improve forecasting, planning and consultation with users

Implement best practice policies, guidelines and practices

Implement a control mechanism to review specification before release

Use an Expression of Interest or Request for Information to clarify requirements (be careful not to infringe intellectual property rights or copyright)

Improve implementation of procurement policies, guidelines and practices

Improve tender documentation and clearly identify the evaluation criteria in Request for Tenders

Improve tender planning

Assess and allocate risks appropriately

Consult with Crown Law

Use commercially acceptable terms

Improve tender planning and preparation

Respond in a timely manner to enquiries

Allow adequate time for tenderers to respond

As above

Establish formal security procedures

Train staff in their obligations

Advise tenderers of security measures

Consult with the ICN to identify potential tenderers

Improve tender documentation and specifications

Allow sufficient time for tenderers to respond

Actions as above for insufficient number of responses

Improve your market knowledge

Review specifications or conditions

Improve tender assessment and evaluation processes

Maintain, audit and review evaluation procedures

Maintain, audit and review security procedures

Select appropriate documentation for purchase type (ie. goods, services, goods and services, or information technology related)

Provide staff with appropriate tender planning and procurement skills

Ensure staff have appropriate tender planning and documentation training and experience

Review tender documents before issuing them and ensure evaluation criteria contain the critical factors on which assessment of tenders will be based

Implement standardised procedures for responding to enquiries

Provide staff with appropriate tender management training and experience

Answer queries in writing and provide copies to all potential tenderers

Ensure that all potential tenderers are provided with any addenda

Perform regular audits and reviews of security processes

Use appropriate tender advertisement strategy to increase competition (eg. consider advertising tenders in other publications as well as the local paper)

Provide potential tenderers with advance notice of tender requests

Seek feedback from known suppliers on their non-response

Provide staff with appropriate tender assessment and evaluation training and experience

Ensure that Evaluation Committee members declare any conflicts of interest


Improve tender documentation

Conduct market research

Develop functional and performance specifications

Improve evaluation procedures

Reject unacceptable offers

Define terms carefully

Record each party's obligations

Clarify all ambiguities before signing the contract

Look at alternatives to share risk

Establish baseline before negotiations

Distinguish essential goals from others

Consider variations to contract

Provide negotiators with adequate training

Provide negotiators with adequate training and support

Negotiate commercial terms

Terms should be fair and reasonable

Provide staff with appropriate training and experience and monitor performance

Ensure that Evaluation Committee members understand and sign Confidentiality Agreements

Ensure evaluation criteria contain the critical factors on which the assessment of tenders will be based and that they are clearly identifiable to tenderers in tender documents

Ensure evaluation criteria are appropriate and measurable

Ensure that Evaluation Committee members sign Declaration of Conflict and Confidentiality Agreements

Provide staff with appropriate tender evaluation, financial and technical skills training and commercial expertise

Improve evaluation criteria and clearly identify them to tenderers in tender documents

Perform financial, technical and company evaluations before awarding contract

Procurement Review Committee to review tender and selection process prior to awarding contract

Ensure users are involved in the evaluation/selection process

Improve technical evaluation procedures and train staff as appropriate

Procurement Review Committee to review tender and selection process prior to awarding contract

Improve communication, including ensuring that Conditions of Contract form part of the Request for Tender

Provide staff with training in contract planning and management

Distinguish between essential and non-essential goals and requirements

Check final draft of contract with successful tenderer

Keep records of all negotiations and agreements

Provide negotiators with adequate training

Agree on prices and the basis of prices

Agree on a formula for calculating variations

Seek legal redress if non-acceptance causes loss

Negotiate but retain integrity of the contract

Ensure all staff know responsibilities and conditions

Ensure good record keeping and documentation

Maintain up-to-date agency procedures and practices

Accept all contracts in writing

Ensure all contract amendments are issued in writing

Record all discussions and negotiations

Confirm instructions in writing

Ensure suitable clauses are included in the contract

Check that all obligations are covered in the contract

Agree on responsibilities

Implement appropriate safety standards and programs

Agree on insurance cover for supplier to provide

Accept delivery only after inspection

Know when title of goods is transferred to buyer

Maintain an ethical environment

Follow and maintain fraud control procedures

Know the market

Procedure in place to ensure delegate's approval obtained first

Ensure good contract administration and performance management

Hold regular inspections / meetings and ensure progress reports

Ensure all staff are suitably trained and experienced in contract planning and management

Confirm verbal acceptance of contract with written advice

Ensure approvals are received before allowing work to start

Include appropriate packaging instructions in specification

Include requirement in specification and ensure compliance in post-tender negotiation

Accept risk and manage possible delay

Develop good relationships with suppliers

Include evaluation clause in the contract

Implement performance management strategies

Set reserve prices

Deal with reputable firms

Include disposal clause in initial contract

Maintain ethical environment

Sell by open tender

Document reasons for decision

Provide staff with appropriate training






Develop systematic evaluation methods, techniques and evaluation criteria

Agree on performance criteria (with supplier and customer)

Risk Reporting AS AT 19-Apr-23

Assessment of Existing Controls

Adequate Inadequate No Assessment Totals

Risk

Prio

rity V High 0 0 0 1 1

High 0 1 0 1 2Medium 0 0 0 3 3Low 0 0 0 4 4Totals 0 1 0 9 10

ConsequenceCatastrophic Major Moderate Minor Negligible Totals

Like

lihoo

d

Almost Certain 0 1 0 0 0 1Likely 0 0 1 0 0 1Possible 0 1 1 2 0 4Unlikely 0 0 0 2 0 2Rare 0 0 0 0 2 2Totals 0 2 2 4 2 10

Colour Code V HighHigh

MediumLow

Opportunities for Improvement

V High High Medium Low0

1

2

3

4

5

Risks - # by Priority

Preference Order Treatment1 Avoid

2 Accept

3 Avoid

4 Mitigate

5 Transfer

6 Accept

Risk Management OptionAvoidance by not starting or continuing the activity that led to the risk

Accepting or increasing the risk in order to pursue an opportunity

Removing the risk source

Changing likelihood and/or Consequences

Sharing risk with another party

Retaining risk by informed decision

Term DefinitionRisk Effect of uncertainty on objectives (either positive or negative deviation from what is expected). Often expressed as a combination of the consequences of an event & associated likelihood of occurrence

ControlResidual Risk Risk left over after you’ve implemented a risk treatment option.Hazard Potential to cause uncertainty. Risk includes the likelihood of it happening.Issue Risk with probability of 100%. Ie. it has eventualised into an existing issue.Risk Identification Process of finding, recognising and describing risks involving identification of risk sources, events, causes and potential consequencesRisk Analysis Process to comprehend the nature of risk and to determine the level of riskRisk Evaluation Risk with probability of 100%. Ie. it has eventualised into an existing issue.

Risk TreatmentResidual Risk Risk remaining after risk treatment

Distinction between a Hazard and a Risk

Hazard Present condition, event, object, or circumstance that could lead to or contribute to an unplanned or undesired event such as an accident. It is a source of danger

Risk Future impact of a hazard that is not controlled or eliminated. It can be viewed as future uncertainty created by the hazard

Risk Likelihood/Probability of OccurrenceType Estimation Description Indicators

Threats

High (probable) Likely to occur each year or more than 25% chance of occuring Potential of it occuring several times ithin the time period (eg. 10 years). Hac occurred recently.

Medium (possible) likely to occur in a 10 year time period or less than 25% chance oc occurrence

Low (remote) Not likely to occur in a 10 year period or less than 2% chance of occurrence Has not occurred. Unlikely to occur.

Opportunities

High (probable) Favourable outcome is likely to be achieved in 1 year or better than 75% chance of occurrence

Medium (possible) Reasonable prospects of favourable results in 1 year of 25% to 75% chance of occurrence

Low (remote) Some chance of favourable outcome in the medium term or less than 25% chance of occurrence

Any measure or action that modifies risk. Includes any policy, procedure, practice, process, technology, technique, method or device that modifies or managed risk.Risk treatments become Controls or modify existing Controls once they have been implemented.

Process to modify risk that can involve: - avoidance, taking or increasing a risk, removing the risk source, changing the likelihood, changing the consequences, sharing the risk (eg. Contracts), retaining the risk by informed decision,

Could occur more than once within time period (eg. 10 years). Could be difficult to control due to some external influences. Is there a history of occurrence?

Clear opportunity which can be relied on with reasonable certainty, to be achieved in the short term based on current management processes

Opportunities which may be achievable but which require careful management. Opportunities which may arise over and above the plan.

Possible opportunity which has yet to be fully investigated by management. Opportunity for which the likelihood of success is low on the basis of management resources currently being applied.

Business Category Risk Category ControlsAsset Management Business Continuity AdequateInfrastructure Management Liability Opportunities for ImprovementFinance Environmental InadequateClinical Governance FinancialRegulatory Compliance PoliticalService Delivery OH&SCorporate Governance Infrastructure, Assets & SystemsOperational ReputationMarket / EnvironmentalStrategic

Document Type Action Type ConsequenceStrategic Plan Avoided (eg. don't do risky activity) Likelihood NegligibleBusiness Continuity Plan Accepted Almost Certain MediumOH&S Policies & Procedures Removed (risk source removed) Likely MediumOther Reduce Likelihood (eg. P&P, Training) Possible Low

Reduce Consequences Unlikely LowShared/Transferred (eg. Insurance) Rare LowRetained (by informed decision)

ConsequenceMinor Moderate Major CatastrophicMedium High V High V HighMedium High High V HighMedium Medium High HighLow Medium Medium HighLow Medium Medium High

risk management template

Documents