Risk Assessment Matrix

In: Business and Management

Submitted By midautumn
Words 343
Pages 2
Risk Assessment Matrix (High-Medium-Low)
The following Matrix can be used to help determine the risk ranking of a finding and its associated recommendations. Classification of high, medium or low usually occurs because of a combination of factors. The problem noted and or failure to implement a recommended solution could have the following impact:
High Medium Low
Potential significant life/ safety threat. Remote life or safety threat. No life or safety threat.
Potential exposure of large volume PII or other confidential data. Potential exposure of any amount of confidential data. No confidential data.
Impact on financial statements is material (PWC SAS-112 financial risk is rated high). Reportable financial statement impact. (PWC or SAS 112 medium risk ranking). No financial statement impact. (PWC or SAS 112 low risk ranking).
Potential campus wide impact:
1. Major administrative computing system internal control weakness.
2. Potential for mission critical process or system failure or breach. (e.g.: inability to timely register students or pay employees). Departmental or unit only impact. Small subsection of people or transactions affected.
Large dollar amounts or highly liquid assets at risk (cash). Medium dollar amount at risk or assets not liquid or convertible to cash. Low dollar amount at risk.
Lack of major control step. Significant control weakness creates potential for fraud. Other compensating controls exist. Several other compensating controls. This is a minor control feature.
Public trust loss if bad effect occurs. Some impact on public trust or Regental concern. Unlikely public interest.
Potential for wide spread violation of law, grant or contract or actual violation has occurred. Potential weakness could lead to violation of policy or procedure. Recommendation is mainly an improvement in controls.
Significant lack of reporting or…...

Similar Documents

Risk Assessment

...Practical Risk Assessment The following example is an activity that could be carried out at work – but which most people will do at home – changing a lightbulb. I have chosen this as it is an example of an activity that most people can relate to, wether we live in a house or a bungalow. The fluorescent light is on the ground floor of an office block. It is four o’clock on a December afternoon and must be changed. Assume there are no controls in place other than those listed below. The ladder has to be placed in one of the fire escape routes for the room. Hazards Use this box to list all the hazards identified in the activity. The tick box list includes some of the more common hazards that may be encountered when doing your risk assessment. It also provides space to allow you to add your own. In this example we have identified a number of hazards that could be present in this activity. The main ones are concerned with electricity cuts burns working at height working in the dark. These should be written in the hazards section of the form, you will see that we have identified some of the problems associated with those hazards. Those at risk All those exposed to the risk should be listed here. It is important to list everyone who could be harmed as all may influence how you may intend to control the risks. You may decide that you require different controls for others not carrying out those activities. Current Control Measures Use this box to list the......

Words: 782 - Pages: 4

Risk Matrix

...Risk Matrix Project Name: EOLM Project, NearlyFree.com Risk # |Risk |Probability |Importance |Impact |Response to Risk |Action Plan |Person Responsible |Status | |01 |Reprogramming overruns will delay the project from meeting its target release. |Medium |High | |Mitigate |During the unit testing, thoroughly test each module to ensure each section is complete. |Project Manager and Alice Yee (Software Specialist) | Open/Working | |02 |Insufficient talent or reliability, the project will be set back a great deal. |Low |High | |Avoid |Weekly status reports to IT program manager with weekly one on one session. |Project Manager and Project Sponsor | Open/Working | |03 |The tight time frame could be substantially thrown off with additional programming and testing needed to accommodate added tasks. |High |High | |Mitigate |Weekly status reports to PM to ensure all tasks are on track to begin testing. |Project Manager and Project Sponsor | Open/Working | |04 |Business requirements not fully defined and approved |Medium |High | |Mitigate |Work with business to define all business and system requirements early in project to system design. |Team One PM | Open/Working | |05 |Project Manager has limited project management experience |Medium |Medium | |Accept |Weekly status reports to IT program manager with weekly one on one session. |Team One PM | Open/Working | |06 |Project budget ($25,000) and project duration (120 days) was proposed prior to project......

Words: 366 - Pages: 2

Risk Assessment Matrix

... |…of completion of risk assessment form | | | | | | | | | | | | | | | | | | | | | | |Reference No.: | | | | | | |Potential Risk Factors |Probability of Risk Arising (H/M/L) |Impact (H/M/L) |Risk Indicators |Control Mechanisms |Named Risk Lead | |Financial |Funder/commissioner problems: Funders’ insolvency? Failure to deliver promised funds? Last minute budget changes – under-funding? Matched funding not available? No infrastructural support? Funding delays in monies being delivered? Funders’ linking funding to deliverables. |Estimate: High Medium Low | |Information from any source accounting for risk. |Outline proposal......

Words: 1000 - Pages: 4

Risk Assessment

...Risk Assessment Risk Assessment Holly Regan SCI/275 August 3, 2014 Stacy Murphy Risk Assessment The chosen case study from the text is in relation to human exposure to asbestos and the health risks this chemical compound imposes. According to Shultz (2012), low levels of asbestos exposure, even for short periods of time, can cause lung cancer among asbestos insulation workers with a death rate four times the expected rate. Lung cancer in asbestos workers who smoke is ninety-two times greater than in those who don’t, providing a vivid example of synergism. (The ratio of the number of observed to the number of expected deaths times 100) Asbestos is a combination of minerals that are native to the environment comprised of silicate compounds which are resistant to heat, chemicals, fire and conducts no electricity. There are two major groups of asbestos minerals, serpentine and amphibole. The serpentine group contains Chrysotile, which is the most mined and commercially used in North America since the 1800’s. Asbestos is used in the building and construction industry for insulation and roofing, the shipbuilding industry to insulate steam and hot water pipes, and the automotive industry for brake and clutch pads; among many other categorical uses, (The National Cancer Institute at the National Institutes of Health, 2009). The factors of acceptable risk for the chemical asbestos are 1) acceptable if risk is not greater than those created by......

Words: 453 - Pages: 2

Risk Assessment

...Risk Assessment The city council of Genericville faces a challenging decision that could impact the city both economically and environmentally for years to come. Genericville’s main source of income is from tourism, which is being threatened by the increasing mosquito population and the West Nile Virus. The councilors have been asked to vote on a proposed plan to deal with this increasing threat. On one hand, the decision can be made to spray a potentially harmful chemical on the neighboring wetlands to reduce the threat of the spread of the West Nile Virus; on the other hand, a plan can be enacted that calls for a thorough educating of the Genericville population on how to avoid contact with mosquitoes and reducing their breeding grounds. After performing a risk assessment for human exposure to malathion, the proposed chemical, the risk of not taking action against the mosquito population was much higher than the risk associated with spraying malathion. Based on the information presented by the Agency for Toxic Substances and Disease Registry, malathion has no direct links to be a carcinogen. Malathion is not known to cause birth defects in humans under common use (Agency for Toxic Substances & Disease Registry, 2005). In laboratory tests, the chemical has been proven to cause some minor irritations of the eyes and skin as well as complications with respiratory and gastrointestinal systems. These effects are a result of contact with airborne vapors,......

Words: 712 - Pages: 3

Risk Assessments

...Risk Assessment Tammie Clayton SCI/275 June 17, 2015 Richard Dunsheath Risk Assessment The case study I chose was “Asbestos: How great a Danger”? Asbestos is the generic name for several naturally occurring silicate mineral fibers. These fibers which are used as a heat insulator can easily be dislodged and may be inhaled in the lungs, where they remain for life (Bateman, 2011). They produce three disorders: pulmonary fibrosis, lung cancer and mesothelioma. Asbestos is referred to as a unique fiber. Asbestos is used as a heat insulation on ceiling and pipes in factories, schools and other buildings and sprayed on walls. It has also been used in things such as brake pads, brake linings, hair dryers etc. Everything we do puts humans and the environment at risk. The acceptability of risk is also influenced by perceived benefit. Asbestos underwent a complicated road from being an industrial commodity and must have, to being a huge risk, being one of the most dangerous fibers. There has been a call for a total ban on the use of asbestos due to the current health risk. Asbestos use is seen as not acceptable, controlled use is not possible and safer substitutes are available. In this case study, the benefits do not outweigh the cost. One may save money using asbestos, but the cost to seek healthcare for the individual affected is far more costly. In expressing...

Words: 453 - Pages: 2

Cmgt 442 Week 3 Individual Assignment Risk Assessment Matrix Cmgt442 Week 3 Individual Assignment Risk Assessment Matrix

...Individual Assignment  Outsourcing risks    Prepare a 6-10 slide narrated PowerPoint presentation that identifies the possible risks to an organization in each of the following outsourcing situations: The use of an external service provider for your data storage. The use of an enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking. The use of a vendor to support your desktop computers. The use of a vendor to provide network support.   The presentation will include a risk mitigation strategy for each situation. One mitigation strategy, because of personnel and facility limitations, cannot be proposed, because it eliminates the outsourcing by bringing the situation in house.   CMGT 442 Week 1 Supporting Activites   CMGT 442 Week 1 Supporting Activity Risks of Undigitized Data What special issues must be considered for corporate data which are not fully digitized? What are the risks associated with the loss of these data? What recovery procedures do you recommend for these situations?      CMGT 442 Week 1 Supporting Activity  Research   Find a current article about outsourcing and discuss its relevance to this week's individual assignment.       CMGT 442 Week 2 Individual Assignment Risk Information Sheet   The Stevens Company is converting from the SQL Server database to the Oracle® database.    Using the sample shown below, create a Risk Information Sheet for at least five risks that might be......

Words: 957 - Pages: 4

Risk Assessment

... Subject: Risk Assessment in Business Plans Report of: City Treasurer Summary The Subgroup requested a review of the risk management components of service business plans. This report provides a review of the current completeness and content of risk assessments, synthesizing emerging themes and providing a comparison with the quality of content in previous years. Recommendations Members are requested to comment on the report. Wards Affected: All Contact Officers: Richard Paver City Treasurer 0161 234 3564 E-mail richard.paver@manchester.gov.uk Tom Powell Head of Audit and Risk Management 0161 234 5273 E-mail t.powell@manchester.gov.uk John Gill Risk Manager (Strategy) 0161 234 5272 E-mail J.Gill1@manchester.gov.uk Background documents (available for public inspection): None 1. Introduction 1.1. Thirty Heads of Service are required to produce and update service business plans on an annual basis. The deadline for the receipt of the latest draft plans was 14 October 2010. In order to provide effective support and challenge to Heads of Service in further developing their plans, a team of specialist officers was established to critique the main sections of the delivery plan which were: • Performance. • Transformation. • Finance. • Workforce. • Equalities. • Risk Management.......

Words: 1977 - Pages: 8

Risk Assessment

...Risk Assessment and Mitigation Techniques Any solution will have inherent risk, the key is to identify and explore the consequences of the risks so mitigation can be incorporated into the implementation plan through contingency plans. Lawrence Sports faces several risks in attempting to implement a working capital policy. The first risk is the extension of credit to customers. If Lawrence Sports is too liberal with extending credit they will be faced with the need to borrow money to meet the target cash balance. On the contrary, if Lawrence Sports has a strict credit policy, sales may suffer as a result. The mitigation of this risk is for Lawrence Sports to have a conservative credit policy and consistent implementation with every customer. The second risk is the implementation of the electronic payments. Lawrence Sports can not coerce Mayo Stores, Gartner Products or Murray Leather Works to convert to a new system which Lawrence Sports may implement. In addition, an aggressive attempt to implement the EFT could cause a sever rift in business relations which could cripple the company. To mitigate this risk, Lawrence Sports could communicate early on with customers and vendors about their intention to convert systems and providing explanation of the numerous benefits of implementing an electronic payment system. Lawrence Sports can also offer a higher discount on transactions for a limited period for using the electronic payment process. Cash budgeting may cause shockwaves......

Words: 681 - Pages: 3

Assessment Matrix

...Assessment Matrix Grand Canyon University SPE-359 | Norm Referenced | Criterion Referenced | Descriptions | * Norm referenced tests are most often used for placement * Designed to create distinctions amongst students * Tests are scored as a percentage or percentile ranking(EdGlossary, 2015) | * Criterion tests are better known as Standardized tests * Designed by a specific committee of experts * Tests are scored as percentages. * Teachers create this type of test to determine content retention. (EdGlossary.2014) | Purpose | * These tests are to determine where a student ranks amongst peers. * Compare students to peers of the same age or grade level * Used for placement such as college or academic grouping(EdGlossary.2015) | * These tests are designed to determine if a student has achieved a specific goal or skill. * Identify any learning disabilities. * Identify any gaps among students of different groups. * To hold teachers accountable.(EdGlossary.2014) | Content | These tests are typically based on national standards.(EdGlossary.2015) | These tests measure a broad skill area based on text books or specific criterion chosen by the school district (EdGlossary.2014). | Characteristics | Often use multiple choice format. Some may include open ended questions or short answer questions (EdGlossary.2015). | Typically tests with multiple choice questions to determine content knowledge and scored by a percentage......

Words: 470 - Pages: 2

Risk Assessment

...Risk Assessment SCI/275   Malathion is something that is being taken into consideration by the City Council of Genericville it is an insecticide spray that will help to control the West Nile Virus and the further spread of the virus. This is a risk assessment on the use of a spray called Malathion in the city of Genericville. There are several steps that are involved in this first is hazard identification and that is the effects that it will have on the health of the humans who are going to be exposed to the spraying of the Malathion. The second is what is called dose response; this is the amount on spray that would be needed to cause any health effects. The third deals with the exposure to all the humans and also based on the total amount of spray that was used and also how long the exposure to the insecticide will last. The final step is what I would call risk characterization which would be used to help determine that if any or certain humans that live in the city would be prone to any health risks that would associated with the use of Malathion. The result of this assessment is that the city of Genericville should really use the insecticide spray called Malathion to help in reducing the spread of the West Nile Virus. There are many sides to this and they include the social, economic, and the political sides of any arguments that have to be considered with the use of the insecticide spray. The West Nile Virus is a very huge concern in the area and that is......

Words: 1146 - Pages: 5

Risk Assessment

...Risk Assessment A risk assessment is something that is produced to help carry out a risk assessment of what might cause harm to the service users and what needs to be carried out in order to avoid the risks from taking place . It is something by law that is expected for all the workplace to carry out. This links in with the HSAWA as every workplace when opening up a business they need to follow the rules and regulation in order to keep the environment safe as well as the employees. When creating risk assessments it’s about producing a table of which identifies all the possible hazards that could take place in the workplace. Every workplace must produce a risk assessment and by creating this you are pointing out all the risk that could take place but also putting in place steps to prevent it from happening. The process of doing risk assessments is to identify hazards and state what they are but also analysing the hazard as to what risks are involved with that hazard and what harm it could bring. Finally, stating the steps that need to be taken in order to eliminate or to control the hazard from occurring. Doing a risk assessment is really important they form an essential part because doing a risk assessment is the key to a good occupation because they help they help to create awareness of the hazards and risks. The aim of having a risk assessment is the process of trying to remove hazards and remove the risk that it accompanies and adding precaution to stop the risks from......

Words: 2044 - Pages: 9

Risk Assessment

...Risk Assessment In the risk assessment that there were two case studies which are similar however still have their differences in certain ways. The following assessment will identify ways in which the two cases are similar and how they differ. The principle of a risk assessment is to evaluate a scenario and suggest an idea or possible remedy in regards to the scenario involved. In reference to the assessment defined the two individuals are interesting when it comes to their activities and the situation involving the justice system. As this paper presumes it will identify the issues more in-depth and create ideas that may assist in restricting the scenario. Evaluation of Case Study Colleen The first case that will be defined is involving Colleen. The case study identified that she (Colleen) came from a broken family which be an influence when it comes to possible juvenile issues. By the time a juvenile reaches the age of 12 it is a prime point in their young teenage years in which they are in need of strong parenting. It is clear that there are often exceptions to each situation and that in some cases having both parents may not be an option due to unforeseen events. In the scenario involving Colleen, she displayed signs of juvenile delinquency when she admitted to running away from home. She clearly defined that over a course of years and on several occasions she made the choice of running away, and chose to become involved with the wrong crowd. Sarah Brown defines......

Words: 1689 - Pages: 7

Risk Matrix

...Huntsville Plant | Construction Project – Risk Matrix | | Contents Exhibit:1 3 Risk Matrix: Huntsville Plant Construction Project 3 Overview 4 Economic Culture and Funding 4 Labor Condition 4 Works Cited 6 Exhibit:1 Risk Matrix: Huntsville Plant Construction Project Identification |   |   | Response Plan | Risk | Consequence | Probability | Impact | Trigger | Resp. | Response | Economic Culture | Financial Market | Effect on supply industry | Physical resources cost/availability of raw materials | Delay in project schedule | PM | Research and locate alternative physical resources | Labor Conditions | Trade Union Strike | Lack personnel skill sets & experience | Inadequate balance of resources and expertise | Unable to comply with deadlines | PM | Create a project labor agreement to prevent interruption and prevent delay | Funding | Over Allocated Funds | Cost control | Inadequate funding for unforeseen circumstances | decrease flexibility and poor response time | PM | Level resources by change task dependencies of over allocated resources | Overview The goal of the risk management efforts identified in the matrix is to avoid potential project risk. A qualitative assessment has helped to prioritize identified risks by estimating probability and impacts, exposing the most significant risks; but this deals with risks faced by the project whole. In order to understand which areas of the project might require special attention,...

Words: 454 - Pages: 2

Risk Assessment

...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies......

Words: 4331 - Pages: 18