After examining the system element risks during the audit and collecting evidence as to how well the organisation is managing (treating) the risk the results of the risk assessment is recorded using this form.
It may be useful to record audit findings connected to the risk being assessed prior to as the finding will contain a record of the evidence regarding the element risk, but note that the audit report must be commenced before a finding can be raised.
Assessing the Risk
The form is available through the 'Audit -> Assess System Risks' menu item.
- Select the Audit number from the drop down list. The audit number can be located by opening the audit statistics menu item and locating the audit ID number (first column). The selection of the audit number retrieves the information from the database and pre populates the system and loads elements into the dropdown list.
- Select the appropriate system element from the Element list which in turn loads the element risks scoped for assessment into the Risk number drop down list.
- Select the appropriate risk nunber from the list which then populates the risk description box and retrives the untreated risk values from the database.
- Select the asessent date. The default setting is todays date, however for consistency and ease of matching risk assessments with audits all risks assessments should be given the actual start date of the Audit.
- Consider the evidence gathered during the audit and with reference to the likelihood propability and historical chart determine the likelihood of this occurring on a scale of Extremely Rare(0) to Almost Certain (5). If in doubt discuss your evidence with other audit members.
- Open the Consequence Word Picture table (lower image). Consider the evidence gathered during the audit and with reference to the word pictures contained within the table determine what the treated consequence value should be on a scale of Insignificant (0) to Catstrophic (5). Consider all 4 consequence factors (Safety/People and Organisational for example) and make a judgement based on the evidence at hand as to where best to assign the consequence value.
- When the deterination of Likelihood and Consequence has been make click once on the matrix where the two values coincide. Eg a Likelihood value of 4 and a Consequence Value of 3 click on the 7. This will trigger the system to draw a line from the untreated result to the new treated result as shown in the top image.
Note: The treated risk overall value cannot be higher than, but may be equal to the untreated overall risk value.
- Set the recommended review period
- Review the entire form and make any amendments if required.
- Click the 'Save Risk Assessment' button to update the risk information in the database.
- Repeat as required for any scoped additional risks.