Section One - Overview: An
executive overview of the exercise provides the scope and
context of the assessment. High-level
information is provided for each of the threats being
Section Two - Objective:
universal fact that all organisations operate under a level
of inherent risk.
The objective of this assessment is to
ensure that the overall risk to the organization and its
operations is managed appropriately on an ongoing basis.
Section Three - Risk Tolerance:
This section determines the
organizations risk appetite. It clearly identifies at
what level of risk the organization must act to reduce the
risk to a tolerable level.
Section Four - Risk Assessment Tool:
The risk assessment tool acts as a guide to determine an
appropriate risk rating for each risk.
Figure 1 - Risk Assessment
Section Five - Risk Register : The
register contains the ratings that have determined by the
assessment. Listed in order of priority and aligned to
the risk tolerance and objectives listed previously.
Figure 2 - Risk
Section Six - Risk Treatment Plan:
A risk treatment plan exists for each risk item listed in
the template. Each treatment plan lists example
potential causes, potential consequences, existing control
measures, and suggested additional control measures. An
example risk treatment plan is illustrated below:
Figure 3 - Risk