Risk Matrix

Consequence Rating Table Risk Action Table

(Where there are multiple types of impacts, use the highest rating for scoring risk) Overall Immediate Response
INSIGNIFICANT MINOR MODERATE MAJOR CRITICAL Assessed to WHS Risk Oversight /
IMPACT TYPE: (potential RAS breach within 1 year) MRL at Recommended Action (Refer to WHS Risk Reporting
STRATEGIC  Negligible but has <5% of critical KPIs have a  5% to <15% of critical KPIs have  15%-25% of critical KPIs have a  >25% of critical KPIs have a Enterprise Management Procedure for level
Level specific action requirements)
Critical KPIs are a potential to adversely negative variation a negative variation negative variation negative variation
subset of UQ KPIs impact UQ critical KPI/s Extreme  If the MRL indicates a potential breach of Task must not Vice
Senate approved RAS, advise ERS proceed. Appropriate Chancellor,
REPUTATION  Negligible impact. Ad hoc  Adverse local and social  Adverse capital city media  Adverse and sustained State  Prolonged and adverse national immediately. and prompt action VCRCC &
Key stakeholders: mentions or rumours of a media coverage for a brief coverage media coverage; public and/or global media coverage,  Develop a Risk Management Action Plan and must be taken to SR&AC
 Students negative event on social time  Students and staff (including perception of UQ suffers undermining public confidence in implement proposed controls/treatments as reduce the risk to an
 Staff media.  Small pockets of student staff unions) publicly express  Calls for management reform UQ soon as practicable to lower the MRL to an acceptable level.
 Alumni protests. their disapproval and including removal of some  Major student uprising; calls for
 Government; all acceptable TRL.
levels
disappointment at UQ. executives government intervention;  Confirm effectiveness and timely
 Unions  Key stakeholders threaten to executives publicly chastised by implementation to ERS as per agreed action
 Community remove their association with community leaders plan.
and support for UQ.  Key stakeholders disassociate Task can only proceed Relevant
High  If MRL within RAS, accept risk and document
themselves from UQ. in extraordinary USMG
the reasons.
CULTURE /  Some non-management  Instances of management  Widespread staff perception that  Management displaying and/or  UQ Values/Code of Conduct  If outside of RAS, develop a Risk circumstances** and member
staff unaware of and/or not decisions or behaviour management does not always tolerating behaviour that is visibly and significantly Management Action Plan and implement provided there is (the risk
UQ VALUES
behaving in accordance inconsistent with UQ Values prioritise UQ Values; inconsistent with UQ Values; compromised; proposed controls/treatments as soon as authorization by may be
with UQ Values. and ‘One-UQ culture. practicable to lower the MRL to the TRL. relevant Head of reported by
 Noticeable reduction in staff  Widespread low staff morale;  Prolonged and significant
 Confirm effectiveness and timely Function* and a plan is ERS to
morale. Valued staff consistently leaving adverse impact on UQ culture;
implementation to ERS as per agreed action in place to promptly VCRCC,
UQ.  Inability to retain and/or attract
plan. reduce the risk to an VCC and
critical staff. acceptable level. SR&AC)
COMPLIANCE  Breach of local standard  Ad hoc, as opposed to  Breach of any laws/licenses,  Prosecution;  Prosecution with potential for Medium  If MRL within RAS, accept risk and document Task can proceed Relevant
operating procedures but systemic, breaches of policies including a notifiable breach  UQ fined ≤$1M; executives to be jailed the reasons. upon approval of the USMG
not of any mandatory and procedures but not of laws resulting in recommendations  UQ fined >$1M;  If outside of RAS, develop a Risk risk assessment by member
 Show cause notice from
policies or procedures. or regulations. and active monitoring by Management Action Plan and implement relevant Line Manager and
regulator;  Loss of critical
regulator/s; proposed controls/treatments as soon as or Supervisor is relevant
 Enforceable undertaking; licence/accreditation;
 Instances of breach of practicable to lower the MRL to the TRL. received. Head of
 Significant and systemic breach  Significant and systemic breach Implementation of a Function*
Operational policies.  Regularly review existing controls for
of Academic policies. of Governance policies. review cycle to review
effectiveness and introduce new or changed
controls if cost is justifiable. the risks and mitigate
HEALTH AND  Near miss event  First Aid injury or illness  injury or illness requiring  Serious injury or illness  Permanent impairment
further wherever
SAFETY  No first aid or medical  Instances of safety practices medical intervention or requiring hospitalisation  Fatality / fatalities  Develop and implement action plan, if new or possible.
(Physical & treatment required inconsistent with safety, policy treatment  Permanent impairment with changed controls are proposed, followed by
Psychological, including and procedures at the local  Reversible, temporary moderate functional restriction. re-assessment of new risk level after
Personal Security) level impairment implementation.
 Management displaying or
 Hazardous substance release  Widespread staff perception tolerating unsafe behaviour at Low Task can proceed Relevant
 Maintain and monitor existing controls to
that is contained management does not always UQ. upon approval of the Line
ensure they continue to be effective;
priortise safety  Hazardous substance release risk assessment by Manager or
 Monitor internal and external changes in the
 Hazardous substance release that has the potential to cause portfolio’s environment. relevant Line Manager Supervisor
that has the potential to cause serious health effects or Supervisor is
moderate adverse health effects received.   

FINANCIAL  Adverse impact of;  Adverse impact of;  Adverse impact of;  Adverse impact of;  Adverse impact of; At each organisational level (e.g. faculty, institute, school, controlled entity, project, function, division, team),
(Note 1) Measured as <$500K $500K to <$10M $10M to <$25M $25M - $50M >$50M management has to identify their portfolio’s or project’s top risks and demonstrate the effective management of these
adverse impact on risks.
budgeted annual EBIT * Relevant Head of Function; Head of school, Institute Deputy Director or Division Director
** Extraordinary circumstances are opportunities for the University that align with its strategic mission and RAS.
OPERATIONS  Insignificant impact on  Minor and brief impact on  Minor and brief impact on core  Significant impact on core  Significant, irrecoverable impact
(Note 1) operations; issue/s quickly non-critical operations; functions or critical operations; functions or critical operations; on core functions or critical Note 1; to provide meaningful risk ratings for risk assessments other than at UQ level (e.g. faculty, institute, school,
resolved  Loss or damage to non-critical  Significant damage to non-  Significant damage to critical operations function, division, project), the ‘Financial’ and ‘Operations’ impact levels may be adjusted to better reflect the
assets critical assets; assets  Business interruption leading to seriousness of the risks. Furthermore, lower level specific impact types with corresponding consequence levels,
other ‘critical consequence 5’ may be introduced to provide more granular information.
 Some damage to critical assets
impact(s) If lower level specific impact types and/or adjusted consequence levels for Financial and/or Operations impact types
have been used, the total risk rating needs to be reported by stating the organisational level of the assessment
 Major loss/destruction of critical
before the risk rating; e.g. Faculty-High, Project-Medium, School-Extreme, etc.
assets

Insignificant [1] Minor [2] Moderate [3] Major [4] Critical [5] Likelihood of the risk materialising Definition Probability
Risk Level Calculator

Medium Medium High Extreme Extreme 5 Very High Almost certain; extremely likely > 90%

Likelihood Table
Low Medium High High Extreme 4 High Very Likely; will probably occur 60% - 90%

Low Low Medium High Extreme 3 Medium Likely to happen 40% - 59%

Low Low Medium Medium High 2 Low Possible but unlikely 10% - 39%

Low Low Low Medium High 1 Very Low Conceivable but extremely unlikely <10%

Senate approved 25/02/2019 via Enterprise Risk Management Framework