Risk Management Principles:

Risk Management should: create value resources expended to mitigate risk should be less than the consequence of inaction - the g 1 be an integral part of organizational processes 2 be part of decision making 3 explicitly address uncertainty and assumptions 4 be systematic and structured 5 be based on the best available information 6 be tailorable 7 take human factors into account 8 be transparent and inclusive 9 be dynamic, iterative and responsive to change 10 be capable of continual improvement and enhancement 11 12 be continually or periodically re-assessed

Risk Management Process:

1 2 3 4 5 Identification Assessment Management / Action Plan Ongoing Reviews Reporting

s than the consequence of inaction - the gain should exceed the pain

Risk Assessment & Management Plan

# 1 Risk 1 2 Risk 2 3 Risk 3 4 Risk 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Risk 5 Risk 6 Risk 7 Risk 8 Risk 9 Risk 10 Risk

ID

IDENTIFY
Cause or Source Business Process

NTIFY
Category Link to Document Document Type

ASSESSMENT
Existing Controls Likelihood Consequence Risk Priority V High Almost Certain Major Likely Possible Possible Possible Possible Unlikely Unlikely Rare Rare Moderate Moderate Moderate Minor Minor Minor Minor Negligible Negligible
High Medium Medium Medium Medium Low Low Low Low

ASSESSMENT
Assessment of Existing Controls Action

ACTION PLAN

ACTION PLAN
Action Type Responsibility By When Residual Risk Rating

Monitoring
Key Risk Indicators Reporting/Monitoring Last Reviewed

ONGOING REVIEWS

ONGOING REVIEWS
Review Frequency (# Months) Next Review Due Responsibility

Risk Reporting

AS AT

27-Apr-13

Adequate V High High Medium Low Totals 0 0 0 0 0 Risk Priority

Assessment of Existing Controls Opportunities for Inadequate No Assessment Improvement 0 0 1 0 0 1 0 0 4 0 0 4 0 0 10

Risks - # by Priority
Totals 1 1 4 4 10
5 4 3 2

Almost Certain Likely Possible Unlikely Rare Totals Colour Code

Catastrophic 0 0 0 0 0 0 V High High Medium Low

Major 1 0 0 0 0 1

Consequence Moderate 0 1 2 0 0 3

Minor 0 0 2 2 0 4

Negligible 0 0 0 0 2 2

Totals 1 1 4 2 2 10

0 V High High Medium Low

Likelihood

Business Category Asset Management Infrastructure Management Finance Clinical Governance Regulatory Compliance Service Delivery Corporate Governance Operational Market / Environmental Strategic

Risk Category Business Continuity Liability Environmental Financial Political OH&S Infrastructure, Assets & Systems Reputation

Controls Adequate Opportunities for Improvement Inadequate

Document Type Strategic Plan Business Continuity Plan OH&S P&P's Other

Action Type Accepted Reduced (eg. P&P, Training) Transferred (eg. Insurance) Avoided

Likelihood Almost Certain Likely Possible Unlikely Rare

Consequence Negligible Medium Medium Low Low Low

Consequence Minor Medium Medium Medium Low Low

Moderate High High Medium Medium Medium

Major V High High High Medium Medium

Catastrophic V High V High High High Medium