Form Number (3)
Effective from 30/4/2020
| Risk Assessment as of [DATE] | ||||||
| Identified Risks and Schemes | Likelihood | Significance | Risk Rating | Controls Effectiveness Assessment | Residual Risks | Risk Response (List an action plan on how each residual risk will be mitigated) |
| Insurance risk | ||||||
| Credit risk | ||||||
| Market risk | ||||||
| Operational risk | ||||||
| Regulatory risk | ||||||
| Contagion and related party risk | ||||||
| Financial crime risk | ||||||
| Cyber risk | ||||||
| Strategic risk | ||||||
| Regulatory Risk | ||||||
| Likelihood | ||||
| Rating | Based on Annual Frequency | Based on Annual Probability of Occurrence | ||
| Descriptor | Definition | Descriptor | Definition | |
| 5 | Very frequent | More than twenty times per year | Almost certain | >90% chance of occurrence |
| 4 | Frequent | Six to twenty times per year | Likely | 65% to 90% chance of occurrence |
| 3 | Reasonably frequent | Two to five times per year | Reasonably possible | 35% to 65% chance of occurrence |
| 2 | Occasional | Once per year | Unlikely | 10% to 35% chance of occurrence |
| 1 | Rare | Less than once per year | Remote | < 10% chance of occurrence |
| Significance | |
| Rating | Descriptor |
| 5 | Catastrophic |
| 4 | Major |
| 3 | Moderate |
| 2 | Minor |
| 1 | Incidental |
| Control Effectiveness | |
| Control Risk Rating | Description |
| 5 | Very effective (reduces 81-100% of the risk) |
| 4 | Effective (reduces 61-80% of the risk) |
| 3 | Moderately effective (reduces 41-60% of the risk) |
| 2 | Marginally effective (reduces 21-40% of the risk) |
| 1 | Not effective (reduces 0-20% of the risk) |
| OVERALL ASSURANCE | |
| FULL " Very effective" | Full assurance that the system of internal control is designed to meet the organisation's objectives and controls are consistently applied in all the areas reviewed |
| SIGNIFICANT " Effective" | Significant assurance that there is a generally sound system of control designed to meet the organisation's objectives. However, some weakness in the design or inconsistent application of controls put the achievement of particular objectives at risk. |
| LIMITED " Moderately effective" | Limited assurance as generally moderate sound system in the design or inconsistent application of controls put the achievement of the organisation's objectives at risk in the areas reviewed. |
| Very LIMITED " Marginally effective" | Limited assurance as weaknesses in the design or inconsistent application of controls put the achievement of the organisation's objectives at risk in the areas reviewed. |
| NO ASSURANCE | No assurance as weaknesses in control or consistent non-compliance with key controls could result (have resulted) in failure to achieve the organisation's objectives in the areas reviewed. |
Residual Risks for individual findings | |
| High | Active management attention required as a high priority. Controls are not adequate to address the associated risk. |
| Medium | Active management attention required as a moderate priority. Controls are not adequate to address the associated risk. |
| Low | Active management attention not required on priority. Controls are more or less adequate to address the associated risk. |