Risk parameters (consequence) Corruption Risk Management Factor Consequences Insignificant Minor Moderate Major Catastrophic Example Risk Appetite Image/ reputation Not substantiated, low impact, no news item Substantiated, low impact, low news profile Substantiated, public embarrassment, moderate news profile Substantiated, public embarrassment, high news profile, third party action Substantiated, public embarrassment, highly widespread news profile, third party action Financial loss Additional costs/ funding/ wastages/ revenue < 5% of initial funds Between 6 to 15% Between 16 to 25% Between 25 to 40% Above > 41% Legal/ compliance Minimal penalties Moderate fines Substantial penalties Substantial, may include criminal charges Major scrutiny and investigation Stakeholder - customers Minimal customer Complaints and recovery costs. Minimal decline in customer relationships and some recovery costs. Loss or decline of customer relationships and moderate recovery costs Strained key customer relationships and significant recovery costs and threat to future growth. Loss of major customer relationships and serious threat to future growth. Risk consequences/ management effort Negligible effects Impact can be readily absorbed through normal activity STRATEGIC VIEW: NORMAL IMPACT ASSOCIATED WITH PROGRAM PLANNING & OPERATIONS Normal administrative difficulty. An adverse event which can be absorbed with some management effort DELAY IN FULFILLING THE MANDATE OF THE INSTITUTION A serious event which requires additional management effort DELAY IN ACCOMPLISHING PROGRAM OR PROJECT OBJECTIVES Project re-design, re-approval and re-do required. Fundamental rework before objective can be met. A critical event which requires extraordinary management effort. STRATEGIC PLAN REQUIRES MAJOR REVAMP, APPROVAL, PROGRAM RE-WORK Project or program irrevocably finished, objective will not be met. Disaster with potential to lead to “collapse “ STRATEGIC VIEW: MANDATE OF THE ORGANISATION OR ORGANISATION ITSELF, IS FINISHED Risk Assessment Process Likelihood Almost certain The event is expected to occur in most circumstances, e.g. approximately 95% chance of occurring in the next 12 months Likely The event will probably occur in most circumstances, e.g. approximately below 95% but above 50% chance of occurring in the next 12 months Moderate The event might occur at some time, e.g. approximately below 50% but above 25% chance of occurring in the next 12 months Unlikely The event could occur at some time, e.g. approximately below 25% but above 5% chance of occurring in the next 12 months Rare Event may occur only in exceptional circumstances, e.g. approximately below 5% chance of occurring in the next 12 months Risk rating Control effectiveness Satisfactory Controls are strong and operating properly providing a reasonable level of assurance that objectives are being achieved. Some weaknesses Some control weakness/inefficiencies have been identified. Although these are not considered to present a serious risk exposure, improvements are required to provide reasonable assurance that objectives will be achieved. Weak Controls do not meet an acceptable standard, as many weaknesses/inefficiencies exist. Controls do not provide reasonable assurance that objectives will be achieved.