تجاوز إلى المحتوى الرئيسي

Form Number (3)

يسري تنفيذه من تاريخ 30/4/2020

 

Risk Assessment as of [DATE]

Identified Risks and Schemes

Likelihood

Significance

Risk Rating

Controls Effectiveness Assessment

Residual Risks

Risk Response (List an action plan on how each residual risk will be mitigated)

Insurance risk

 

 

 

 

 

 

Credit risk

 

 

 

 

 

 

Market risk

 

 

 

 

 

 

Operational risk

 

 

 

 

 

 

Regulatory risk

 

 

 

 

 

 

Contagion and related party risk

 

 

 

 

 

 

Financial crime risk

 

 

 

 

 

 

Cyber risk

 

 

 

 

 

 

Strategic risk

 

 

 

 

 

 

Regulatory Risk

 

 

 

 

 

 

 

Likelihood

Rating

Based on Annual Frequency

Based on Annual Probability of Occurrence

Descriptor

Definition

Descriptor

Definition

5

Very frequent

More than twenty times per year

Almost certain

>90% chance of occurrence

4

Frequent

Six to twenty times per year

Likely

65% to 90% chance of occurrence

3

Reasonably frequent

Two to five times per year

Reasonably possible

35% to 65% chance of occurrence

2

Occasional

Once per year

Unlikely

10% to 35% chance of occurrence

1

Rare

Less than once per year

Remote

< 10% chance of occurrence

 

Significance

Rating

Descriptor

5

Catastrophic

4

Major

3

Moderate

2

Minor

1

Incidental

 

Control Effectiveness

Control Risk Rating

Description

5

Very effective (reduces 81-100% of the risk)

4

Effective (reduces 61-80% of the risk)

3

Moderately effective (reduces 41-60% of the risk)

2

Marginally effective (reduces 21-40% of the risk)

1

Not effective (reduces 0-20% of the risk)

 

OVERALL ASSURANCE

FULL " Very effective"

Full assurance that the system of internal control is designed to meet the organisation's objectives and controls are consistently applied in all the areas reviewed

SIGNIFICANT " Effective"

Significant assurance that there is a generally sound system of control designed to meet the organisation's objectives. However, some weakness in the design or inconsistent application of controls put the achievement of particular objectives at risk.

LIMITED " Moderately effective"

Limited assurance as generally moderate sound system in the design or inconsistent application of controls put the achievement of the organisation's objectives at risk in the areas reviewed.

Very LIMITED " Marginally effective"

Limited assurance as weaknesses in the design or inconsistent application of controls put the achievement of the organisation's objectives at risk in the areas reviewed.

NO ASSURANCE

No assurance as weaknesses in control or consistent non-compliance with key controls could result (have resulted) in failure to achieve the organisation's objectives in the areas reviewed.

 

Residual Risks for individual findings

High

Active management attention required as a high priority. Controls are not adequate to address the associated risk.

Medium

Active management attention required as a moderate priority. Controls are not adequate to address the associated risk.

Low

Active management attention not required on priority. Controls are more or less adequate to address the associated risk.