Likelihood Ratings
The table below describes the five ratings that can be selected to show how likely it is that a risk wil occur.
LIKELIHOOD
LIKELIHOOD OF RISK OCCURING
RATINGS
Almost Certain
The risk is expected to occur within a 12 month planning time frame
Likely
The risk wil probably occur within a planning cycle or on an ad hoc basis
Possible
The risk may occur within the foreseeable future
Unlikely
The risk may occur at some time but not likely to occur in the foreseeable future
Rare
The risk wil only occur in exceptional circumstances or as a result of a combination of unusual events
Control Effectiveness Ratings
The table below describes the ratings that can be selected to show the level of effectiveness of the individual controls identified.
EFFECTIVENESS
DESCRIPTOR
RATINGS
Highly Effective
The controls are highly effective in reducing risk on al occasions.
Effective
The controls have some level of effectiveness in reducing the level of risk on most occasions.
Ineffective
The controls are ineffective in reducing the level of risk.
Risk Treatment Level - Level of Treatment Required
The table below describes the minimal action required for the risk rating.
RESIDUAL RISK
LEVEL OF ACTION REQUIRED
RATING
The risk cannot be justified and must be mitigated or avoided. The risk should only be accepted if the
Extreme
program or project relates to a key objective or strategic outcome of the department. Quality control
measures must be implemented and managed by the relevant Division. Regular review and reporting of the
risk needs to be provided to Senior Executive and al relevant stakeholders.
The risk may be acceptable to the department if the possible benefits of the activity outweigh the
High
consequences of the associated risks. Quality contol measures must be implemented and managed by the
relevant Division. Regular review and reporting of the risk needs to be provided to relevant stakeholders and
to Senior Executive at their discretion.
The risk may be acceptable to the department if the possible benefits of the activity outweigh the
Medium
consequences of the associated risks. Regular review and reporting of the risk needs to be provided within
the relevant Division and to affected stakeholders.
Minor
Minor risks are general y acceptable to the department but must be monitored to ensure that the risk rating
does not change.
Low
Low risks are general y acceptable to the department but must be monitored to ensure that the risk rating
does not change.
Risk Assessment
Contract and Service
Offshore Service Delivery
ISPR
Contract
Risk Type
The Cause of Failure
Risk Impact
Existing DIBP Controls
Effectiveness
Residual
Risk Treatment Level
Future Controls
Risk after all
Person/s
Target date for
Action to be taken
Reference
Responsibility Risk
(excluding Excusable Performance
Risk
proposed
responsible for
implementation
on risk realisation
Likelihood
Consequence
Risk Rating
Likelihood
Consequence
Risk Rating
3.2 Domestic violence is not Physical Security
1. Families are not provided with support
1. Injury/death of a transferee.
1. Forums are maintained and attended by DIBP that
Mark Painting, AS
Apr-15 Agreed process under
s. 47G(1)(a)
prevented or
Risk
and outlet for tensions.
permit communications between Service Providers
Contract and Services
the PMF and the
addressed.
2. Significant scrutiny.
about specific transferees (eg. IMP reviews, PSP
Management Branch
contract to be followed.
2. Insufficient security monitoring
meetings, BMP meetings).
undertaken.
3. Increased tensions within the site.
2.
s. 33(a)(iii), s. 47G(1)
3. Vulnerable cohorts are not identified.
4. Mental health implications.
(a)
4. PSP is unavailable to abusers and
5. Duty of Care not met.
victims.
3. Isolation rooms are available when staff identify
5. Staff are not trained to recognise
transferees with behavioural issues.
symptoms of violence, abuse or neglect.
4. BMPs provide the opportunity to manage and
6. Awareness is not raised amongst adults.
monitor behaviour of individuals with multiple service
providers.
7. Cultural differences are not managed by
staff.
5. Reporting requirements in relation to domestic
violence are closely scrutinised by DIBP. Over-
reporting is encouraged.
3.6 Information security
Information
1. Information equipment or
1. Privacy legislation and obligations are breached.
1. Information security procedures have been
Mark Painting, AS
Nov-14 Agreed process under
requirements are
Management
infrastructure is faulty, insecure or
requested (through contractual power) and will be
Contract and Services
the PMF and the
breached.
inadequate.
2. Significant scrutiny and audit.
reviewed.
Management Branch
contract to be followed.
2. Personnel do not abide by information 3. Significant negative media attention.
2. ISPR has a high abatement amount and a low
security procedures.
threshold for failures.
4. Contract termination.
3. Information security procedures are
inappropriate (insecure, ineffective, or
5. Official information is tampered with, lost, or
insufficient).
disclosed.
4. Firewall breached allowing external
6. Migration pathways, safety, psychological comfort
access to systems.
of transferees impacted.
8.3 Day to day
Asset/Property
1. Resources and equipment misused or
1. Commonwealth resources used inappropriately.
1. ISPR requires the SP to implement and maintain an
Mark Painting, AS
May-15 Agreed process under
s. 47G(1)(a)
management of P&A
Management
overused.
equipment maintenance roster.
Contract and Services
the PMF and the
equipment not
2. Excessive cost incurred, unnecessay expenditure.
Management Branch
contract to be followed.
undertaken.
2. Climate on site leads to faster breakdown
2. Security SP undertakes a risk assessment on each
of equipment.
3. P&A unable to take place or reduced in variety,
P&A, and does not approve P&A where the risk is too
incurring insufficient P&A risks.
high.
3. Equipment doesn't have appropriate
storage facilities.
4. Injury (eg faulty gym equipment).
4. No roster of maintenance is
5. Controlled items released into site (eg scissors).
implemented.
9.1 Inappropriate public
Reputation & Public 1. Statements aren't cleared through DIBP. 1. Significant scrutiny.
1. Contract stipulates process for clearance of public
Mark Painting, AS
Dec-14 Agreed process under
statements are made.
Image
statements.
Contract and Services
the PMF and the
2. SP personnel not aware of or purposely 2. Negative media attention and poor public perception
Management Branch
contract to be followed.
in breach of contractual requirements in
of DIBP/policies.
2. Individual personnel found to be in breach
relation to public statements.
subjected to an appropriate/accountable investigation
3. Policy implicated and threatened.
and dismissal process, which is reported to the SDM.
3. SP unclear about their legal obligations.
4. Potential privacy breach/release of Official
3. SP have confidentiality agreements in place with
4. SP or individuals opposed to the policy
Information.
staff.
and makes this known - conflict of interest.
Agreed process
under the PMF
and the contract
to be followed
A
Commonwealth Funds Budget Process /
1. Value for Money is not achieved.
1. Value for Money not achieved.
1. Procurement guidelines are being updated and
Mark Painting, AS
Ongoing
Agreed process under
s. 47G(1)(a)
are used
Management
circulated to Service Providers.
Contract and Services
the PMF and the
inappropriately.
2. Poor communications between SP and
2. Scrutiny attracted and media attention drawn.
Management Branch
contract to be followed.
DIBP Procurement.
2. Financial reporting and audit structures are in place
3. Budget and Demand Driven Model exceeded.
to regulate spending.
3. Delegations not in place.
4. Services not adequate for transferees.
3. Delegations are clearly documented and
4. Record keeping processes are not
understood, delegates undergo mandatory training.
sufficiently robust.
5. Future budget implications.
4. Clear communication protocols exist for
5. Clear instructions not provided to SP.
progressing purchases.
6. Double billing takes place between
sources of expenditure (fixed fees, OPEXs,
Additional Services).
