Form Number (3)
Effective from 30/4/2020
Risk Assessment as of [DATE] | ||||||
Identified Risks and Schemes | Likelihood | Significance | Risk Rating | Controls Effectiveness Assessment | Residual Risks | Risk Response (List an action plan on how each residual risk will be mitigated) |
Insurance risk |
|
|
|
|
|
|
Credit risk |
|
|
|
|
|
|
Market risk |
|
|
|
|
|
|
Operational risk |
|
|
|
|
|
|
Regulatory risk |
|
|
|
|
|
|
Contagion and related party risk |
|
|
|
|
|
|
Financial crime risk |
|
|
|
|
|
|
Cyber risk |
|
|
|
|
|
|
Strategic risk |
|
|
|
|
|
|
Regulatory Risk |
|
|
|
|
|
|
Likelihood | ||||
Rating | Based on Annual Frequency | Based on Annual Probability of Occurrence | ||
Descriptor | Definition | Descriptor | Definition | |
5 | Very frequent | More than twenty times per year | Almost certain | >90% chance of occurrence |
4 | Frequent | Six to twenty times per year | Likely | 65% to 90% chance of occurrence |
3 | Reasonably frequent | Two to five times per year | Reasonably possible | 35% to 65% chance of occurrence |
2 | Occasional | Once per year | Unlikely | 10% to 35% chance of occurrence |
1 | Rare | Less than once per year | Remote | < 10% chance of occurrence |
Significance | |
Rating | Descriptor |
5 | Catastrophic |
4 | Major |
3 | Moderate |
2 | Minor |
1 | Incidental |
Control Effectiveness | |
Control Risk Rating | Description |
5 | Very effective (reduces 81-100% of the risk) |
4 | Effective (reduces 61-80% of the risk) |
3 | Moderately effective (reduces 41-60% of the risk) |
2 | Marginally effective (reduces 21-40% of the risk) |
1 | Not effective (reduces 0-20% of the risk) |
OVERALL ASSURANCE | |
FULL " Very effective" | Full assurance that the system of internal control is designed to meet the organisation's objectives and controls are consistently applied in all the areas reviewed |
SIGNIFICANT " Effective" | Significant assurance that there is a generally sound system of control designed to meet the organisation's objectives. However, some weakness in the design or inconsistent application of controls put the achievement of particular objectives at risk. |
LIMITED " Moderately effective" | Limited assurance as generally moderate sound system in the design or inconsistent application of controls put the achievement of the organisation's objectives at risk in the areas reviewed. |
Very LIMITED " Marginally effective" | Limited assurance as weaknesses in the design or inconsistent application of controls put the achievement of the organisation's objectives at risk in the areas reviewed. |
NO ASSURANCE | No assurance as weaknesses in control or consistent non-compliance with key controls could result (have resulted) in failure to achieve the organisation's objectives in the areas reviewed. |
Residual Risks for individual findings | |
High | Active management attention required as a high priority. Controls are not adequate to address the associated risk. |
Medium | Active management attention required as a moderate priority. Controls are not adequate to address the associated risk. |
Low | Active management attention not required on priority. Controls are more or less adequate to address the associated risk. |