[go: up one dir, main page]
Scribd
Upload
107 views1 page

Risk Code

The document outlines the risk management process as specified in the AS/NZ Standard 4360:2004. It defines types of risks and provides tables to rate likelihood and impact of risks and determine risk levels using a risk analysis matrix. Statuses for issues and risks are also defined.

Uploaded by

christian_stgo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
107 views1 page

Risk Code

The document outlines the risk management process as specified in the AS/NZ Standard 4360:2004. It defines types of risks and provides tables to rate likelihood and impact of risks and determine risk levels using a risk analysis matrix. Statuses for issues and risks are also defined.

Uploaded by

christian_stgo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

AS/NZ Standard 4360:2004 Risk Management

Each risk has been rated in terms of its resulting likelihood of occurrence and the potential impact, using the rating system specified in AS/NZ STANDARD 4360:2004
Risk Management. These are explained in the tables below.

Table 1 - Types of Issues/Risks


Type

Strategic
Financial
Regulatory (Compliance)
Management
Operational (Technical)

Description

Related strategic mission and objectives.


Related to economic impact (costs, revenues, budgets).
Related to legal and contractual obligations. Political legislative impacts.
Related to decision making, resources, policies, etc.
Related to ICT delivery, support or management services.

Table 2 - Qualitative Measure of Consequences of Likelihood


Level

Descriptor

A
B
C
D
E

Almost certain
Likely
Possible
Unlikely
Rare

Description

Is expected to occur in most circumstances.


Will probably occur in most circumstances.
Might occur at some time.
Could occur at some time.
May occur in exceptional circumstances.

More than once per year


1 in 1 - 3 years
1 in 3 - 5 years
1 in 5 - 10 years
1 in 10 years

Table 3 - Qualitative Measure of Consequences of Impact


Level

Description

Example detail description

Insignificant

Minor

Moderate

Major

Catastrophic

No injuries, low financial loss, no risk to reputation.


Minor First aid treatment, on-site release
immediately contained, medium financial loss, some
customer dissatisfaction.
Medical treatment required, on-site release
contained with outside assistance, high financial
loss and public visibility.
Major Extensive injuries, loss of production
capability, invocation of disaster recovery with no
detrimental effects, major financial loss.
Death, off-site with detrimental effect, huge financial
loss.

Table 4 - Quantitative Measure of Consequences of Impact


Level

Description

1
2
3
4
5

Insignificant
Minor
Moderate
Major
Catastrophic

Example detail description

Nil Negligible
Under 500K
Between $500k - $5m
Between $5m - $20m
Above $20m

Table 5 - Qualitative Risk Analysis Matrix


Consequences
Insignificant

Minor

Moderate

Major

Likelihood:

A (almost certain)

H
M
L
L
L

H
H
M
L
L

E
H
H
M
M

E
E
E
H
H

E
E
E
E
H

B (likely)
C (possible)
D (unlikely)
E (rare)

Key

E
H
M
L

Description

Extreme Risk: Immediate action required to mitigate the risk.


High Risk: Action should be taken to compensate for the risk.
Moderate Risk: Action should be taken to monitor the risk.
Low Risk: Routine acceptance of the risk.

Table 6 - Issues/Risks status types


Type

Open
Closed
In progress
Monitoring
Resolved

Description

New item identified and awaiting action.


Item closed e.g. no longer a concern, rejected, etc.
Item undergoing treatment/mitigation activities.
Treatment/Mitigiation activities complete and being monitored.
Item resolved through treatment/mitigation actions and resolution
accepted by stakeholders.

Catastrophic

You might also like