This Risk Assessment Instructions Manual provides guidance on the methodology and formula for undertaking a risk assessment and sets out the following:
- Risk criteria;
- Risk descriptors;
- Risk matrix;
- Risk tolerance;
- Risk response requirements.
This Risk Assessment Instructions Manual is suitable for organisations of all sizes and complies with the guidelines of the International Standard for Risk Management.
- Purpose. 2
- Scope. 2
- Risk assessment process. 2
- Risk tables. 4
- Document information. 9
The purpose of this Risk Assessment Instructions Manual (Manual) is to provide guidance on the methodology and formula for undertaking a risk assessment and sets out the risk criteria, risk descriptors, risk matrix, risk tolerance and risk escalation requirements for [Organisation name].
The consistent application of the risk assessment process will ensure that all risks, and corresponding opportunities, of the organisation are effectively measured, analysed, evaluated, prioritised and approved by appropriate levels of management of [Organisation name].
This Risk Assessment Instructions Manual must be read in conjunction with the following:
This Risk Assessment Instructions Manual applies to all directors, officers, employees, consultants and contractors of [Organisation name]. This Manual extends to all current and future activities of [Organisation name], and to any new opportunities [Organisation name] may encounter from time to time.
The risk assessment process is part of the methodology implemented for identifying, managing and treating risks as described in the Risk Management Procedures document. Before assessing risks, you are required to read the risk management documentation described in the Purpose section above.
Following the identification of the risk, the first step is to analyse the risk rating for the inherent risk, being the worst-case scenario for a risk item if no risk controls are applied.
Risk analysis should be conducted in the following manner:
- Determine cause of risk;
- Determine inherent risk according to Risk Consequences Table;
- Determine likelihood of inherent risk according to Risk Likelihood Table;
- Determine inherent risk rating according to Risk Rating Table.