Scribd
Upload
24 views

Risk Rating Matrix: Consequence

This document presents a risk rating matrix to assess risks across different consequence categories on a scale of 1 to 5. The categories include impacts on people, information, property, economic factors, reputation, and organizational capability. For each category, descriptions are provided for what would constitute a rating of 1 to 5. The matrix can then be used to systematically evaluate risks based on the probability and consequence levels to inform risk prioritization and decision making.

Uploaded by

Benedict Kwarteng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views

Risk Rating Matrix: Consequence

This document presents a risk rating matrix to assess risks across different consequence categories on a scale of 1 to 5. The categories include impacts on people, information, property, economic factors, reputation, and organizational capability. For each category, descriptions are provided for what would constitute a rating of 1 to 5. The matrix can then be used to systematically evaluate risks based on the probability and consequence levels to inform risk prioritization and decision making.

Uploaded by

Benedict Kwarteng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

MN

CONSEQUENCE

Injury requiring treatment by medical practitioner


PEOPLE Minor injury or First aid treatment Major Injury/ hospitalization Single death and/or multiple major injuries Multiple deaths
and/or lost time from workplace

Compromise of information otherwise available in the Minor compromise of information sensitive to internal Compromise of information sensitive to the Compromise of information sensitive to
INFORMATION Compromise of information with significant impact.
public domain. or sub-unit interests. organization's operations. organizational interests.

RISK RATING MATRIX PROPERTY Minor damage or vandalism to asset. Minor damage or loss of <5% of total assets Damage or loss of <20% of total assets Extensive damage or loss <50% of total assets. Destruction or complete loss of >50% of assets.

1% of budget (organizational, division or project


ECONOMIC 2-5% of annual budget 5-10% of annual budget >10% of budget >30% of project or organizational annual budget.
budget as relevant)

Local mention only. Quickly forgotten. Freedom to Scrutiny by Executive, internal committees or internal Persistent intense national public, political and International concern, Governmental Inquiry or
Persistent national concern. Scrutiny required by
REPUTATION operate unaffected. Self-improvement review audit to prevent escalation. Short term local media media scrutiny. Long term 'brand' impact. Major sustained adverse national/ international media.
external agencies. Long term 'brand' impact.
required. concern. Some impact on local level activities. operations severely restricted. 'Brand' significantly affects organizational abilities.

Impact on the organization resulting in reduced Protracted unavailability of critical skills/people.


Minor skills impact. Minimal impact on non-core Some impact on organizations capability in terms of Breakdown of key activities leading to reduction in
performance such that targets are not met. Critical failure(s) preventing core activities from being
CAPABILITY operations. The impact can be dealt with by routine delays, systems quality but able to be dealt with at performance (eg. Service delays, revenue loss, client
Organizations existence is not threatened, but could performed. Survival of the
operations. operational level. dissatisfaction, legislative breaches).
be subject to significant review. project/activity/organization is threatened.

1 2 3 4 5

Chance Probability Frequency Insignificant Negligible Moderate Extensive Significant

Has occurred 9 or 10 times in the past 10 years in


Is expected to occur in most
circumstances.
>95% this organization or circumstances are in train that
will almost certainly cause it to happen.
E Almost Certain 6 7 8 9 10

Occurred more than 7 times over 10 years in this


Will probably occur in most
circumstances
>65% organization or in other similar organizations have
such that it is likely to happen in the next few years.
D Likely 5 6 7 8 9
LIKELIHOOD

Has occurred in this organization more than 3 times


in the past 10 years or occurs regularly in similar
Might occur at some time >35%
organizations or is considered to have a reasonable
C Possible 4 5 6 7 8
likelihood of occuring in the next few years.

Has occurred 2 or 3 times over 10 years in this


Could occur at some time <35%
organization or similar organizations.
B Unlikely 3 4 5 6 7

May occur only in exceptional Has occurred or can reasonably be considered to


circumstances
<5%
occur only a few times in 100 years
A Rare 2 3 4 5 6

Management Responsibilities
Very High (VH) Immediate action required by the Executive with detailed planning, allocation of resources and regular monitoring.

High (H) High risk, senior management attention needed.

Medium (M) Management responsibility must be specified.


Low (L) Monitor and manage by routine procedures.
Very Low (VL) Managed by routine procedures.

Risks
1 Minor injury as a result of staff
2 Financial loss from espionage by competitors seeking sensitive information
3 Loss of life of personnel

Costs Effectiveness of existing controls to mitigate risk


$ <$10,000 Very Low (VL)
$$ <$100,000 Low (L)
$$$ <$1,000,000 Medium (M)
$$$$ <$10,000,000 High (H)
$$$$$ <$100,000,000 Very High (VH)

A Inherent Risk
B Risk 12 months ago Its shown in 'Bold Italic' when this risk has eventuated like
C Current assessed risk current happenings.
D Expected residual Risk

You might also like