Management Dashboard - Issues & Risks

Issue Status
Issue Summary Risk Summary
Open 0 Open 0 Open Closed In Progress Monitoring Resolved

Closed 0 Closed 0
In Progress 0 In Progress 1
Monitoring 0 Monitoring 0
Resolved 0 Resolved 0
Low Impact 0 Low 0
Med Impact 0 Moderate 1
High Impact 0 High 0
Low Priorit 0 Extreme 0
Med Priorit 0 Total Risks 1 Risk Status
High Priorit 0
Open Closed In Progress Monitoring Resolved
Total Issues 0

Issue Type Summary Risk Type Summary

aaaa 0 aaaa 0
bbbb 0 bbbb 0
cccc 0 cccc 0
ddd 0 ddd 0
100%
eee 0 eee 0

Risk & Issue Types Total Risk Ratings

1 1.2

0.8 1
0.8
0.6 Risk Type
Issue Type 0.6
0.4
0.4
0.2 0.2
0 0
aaaa bbbb cccc ddd eee Low Moderate High Extreme

Last Review Date: 21-02-2014 Record Number: 00676480

 Cloud Computing Risk Log
Risk Last
Ref Risk Date Action Impact Risk Current
Risk Control Area Issue Likelihood Rating Likelihood Impact Mitigation Reviewe
No Type Logged Owner Rating Rating Status
Actions d
Lack of effective internal
information security governance,
Governance & Enterprise Risk risk management and compliance,
R1 Strategico 1/1/2021 D Unlikely 3 Moderate M In Progress
Management and alignment with the provider
own security governance

R2 <select> <select> <select> N/A <select>

R3 <select> <select> <select> N/A <select>

R4 <select> <select> <select> N/A <select>

R5 <select> <select> <select> N/A <select>

R6 <select> <select> <select> N/A <select>

R7 <select> <select> <select> N/A <select>

R8 <select> <select> <select> N/A <select>

R9 <select> <select> <select> N/A <select>

Page 2 of 6
 Risk Last
Ref Risk Date Action Impact Risk Current
Risk Control Area Issue Likelihood Rating Likelihood Impact Mitigation Reviewe
No Type Logged Owner Rating Rating Status
Actions d

R10 <select> <select> <select> N/A <select>

R11 <select> <select> <select> N/A <select>

R12 <select> <select> <select> N/A <select>

Page 3 of 6
 Cloud Computing Issues Log
Ref Date Assigned
No Issue Type Logged Issue Control Area Description Impact Priority Last Update Allocation Details/Update To Status Deadline
I1 <select> <select><select> <select>
I2 <select> <select><select> <select>
I3 <select> <select><select> <select>
I4 <select> <select><select> <select>
I5 <select> <select><select> <select>
I6 <select> <select><select> <select>
I7 <select> <select><select> <select>
I8 <select> <select><select> <select>
I9 <select> <select><select> <select>
I10 <select> <select><select> <select>
I11 <select> <select><select> <select>
I12 <select> <select><select> <select>
I13 <select> <select><select> <select>
I14 <select> <select><select> <select>
I15 <select> <select><select> <select>
I16 <select> <select><select> <select>
I17 <select> <select><select> <select>
I18 <select> <select><select> <select>
I19 <select> <select><select> <select>
I20 <select> <select><select> <select>
I21 <select> <select><select> <select>
I22 <select> <select><select> <select>
I23 <select> <select><select> <select>
I24 <select> <select><select> <select>
I25 <select> <select><select> <select>
I26 <select> <select><select> <select>
I27 <select> <select><select> <select>
I28 <select> <select><select> <select>
I29 <select> <select><select> <select>
I30 <select> <select><select> <select>
I31 <select> <select><select> <select>
I32 <select> <select><select> <select>
I33 <select> <select><select> <select>
I34 <select> <select><select> <select>
I35 <select> <select><select> <select>
I36 <select> <select><select> <select>
I37 <select> <select><select> <select>
I38 <select> <select><select> <select>
I39 <select> <select><select> <select>
I40 <select> <select><select> <select>
I41 <select> <select><select> <select>
I42 <select> <select><select> <select>
I43 <select> <select><select> <select>
I44 <select> <select><select> <select>
I45 <select> <select><select> <select>
I46 <select> <select><select> <select>
I47 <select> <select><select> <select>
I48 <select> <select><select> <select>
I49 <select> <select><select> <select>
I50 <select> <select><select> <select>

Table 1 - Types of Issues/Risks

Type Description
Strategic Related
Related strategic mission and objectives.
Related toto economic impact (costs,
legal and contractual revenues,
obligations.
Financial budgets).
Political
Regulatory (Compliance)or legislative impacts.
Related to decision making, resources,
Management policies, to
Related etc.
ICT delivery, support or
Operational management services.
EU-OSHA Risk Management

Each risk has been rated in terms of it’s resulting likelihood of occurrence and the potential impact, using the rating system specified in EU-OSHA
Risk Safety Assessment These are explained in the tables below.

Table 1 - Types of Issues/Risks

Type Description
aaaa Related strategic mission and objectives.
bbbb economic
Related to legal impact (costs,
and contractual revenues,Political
obligations. budgets).legislative
cccc impacts.
dddd Related to decision making, resources, policies, etc.
eeee Related to ICT delivery, support or management services.

Table 2 - Qualitative Measure of Consequences of Likelihood

Level Descriptor Description
A Almost certain Is expected to occur in most circumstances. More than once per year
B Likely Will probably occur in most circumstances. 1 in 1 - 3 years
C Possible Might occur at some time. 1 in 3 - 5 years
D Unlikely Could occur at some time. 1 in 5 - 10 years
E Rare May occur in exceptional circumstances. 1 in 10 years

Table 3 - Qualitative Measure of Consequences of Impact

Level Description Example detail description
No injuries, low financial loss, no risk to
1 Insignificant
reputation.
Minor First aid treatment, on-site release
2 Minor immediately contained, medium financial loss,
some customer dissatisfaction.
Medical treatment required, on-site release
3 Moderate contained with outside assistance, high
financial loss and public visibility.
Major Extensive injuries, loss of production
capability, invocation of disaster recovery
4 Major
with no detrimental effects, major financial
loss.
Death, off-site with detrimental effect, huge
5 Catastrophic
financial loss.

Table 4 - Quantitative Measure of Consequences of Impact

Level Description Example detail description
1 Insignificant Nil – Negligible
2 Minor Under 500K
3 Moderate Between $500k - $5m
4 Major Between $5m - $20m
5 Catastrophic Above $20m

Table 5 - Qualitative Risk Analysis Matrix

Consequences
Insignificant Minor Moderate Major Catastrophic
Likelihood: 1 2 3 4 5
A (almost certain) H H E E E
B (likely) M H H E E
C (possible) L M H E E
D (unlikely) L L M H E
E (rare) L L M H H

Key Description
E Extreme Risk: Immediate action required to mitigate the risk.
H High Risk: Action should be taken to compensate for the risk.
M Moderate Risk: Action should be taken to monitor the risk.
L Low Risk: Routine acceptance of the risk.

Table 6 - Issues/Risks status types

Type Description
Open New item identified and awaiting action.
Closed Item closed e.g. no longer a concern, rejected, etc.
In progress Item undergoing treatment/mitigation activities.
Monitoring Treatment/Mitigiation activities complete and being monitored.

Resolved Item resolved through treatment/mitigation actions and resolution

accepted by stakeholders.
Document Control

Date Version Name and Position Review type/status or amendments

Provided by
KineticIT under Final version - customised
7/7/2009 1.00
contract to the Dept original Issue-Risk log template.
of Finance

Customised for DoF project

9/11/2013 1.10 Updated and rebadged
management.

Modified - increased issues and

9/18/2013 1.20 Jack Hondros
risk items.
Additional content provided by
Greg Stone - Chief Technology
Officer, Microsoft Australia,
Pierre Noel - Chief Security
12/13/2013 1.30 Jack Hondros
Advisor, Microsoft Asia and
James Kavanagh - Chief
Security Advisor, Microsoft
Australia.