HOW TO FILL UP THE INTEGRATED RISK MANAGEMENT FORM 1

1. Column 1 - Reference: refers to the document, process, program, or activity which is the
basis of the risk owner in the conduct of the risk assessment. It includes the study and
consultation or communication made with stakeholders.
2. Column 2 - Objective: refers to the specific objective of a program, project or activity
either strategic or operational, that the risk assessment seeks to address, which is
contained in the reference. It includes the external and internal context of the program,
project or activity, the integrated risk management context, and the risk criteria.
3. Column 3 The Risk: refers to the identified risk/s that would affect the objective of the
risk owner. It is ideally identified in terms of: Something happens leading to outcomes
expressed in terms of impact on objectives.
4. Column 4 How can it happen? refers to the root cause or proximate cause/s of the risk.
5. Column 5 What can happen? refers to the effect or possible effects of the risk and its
cause/s.
6. Column 6 Integrity aspect: refers to the determination of any ethical aspect relative to
the conditions of risk affecting any objectives or level of consequence of the risk. This
column is optionally checked depending on the identified risk.
7. Column 7 Assessment: contains two (2) sub-columns referring to the likelihood of
occurrence of the risk and the possible consequence/s associated with the identified risk.
Table 1 IRM Qualitative Measures of Likelihood and Table 2 IRM Qualitative Measures
of Consequence are used for this column.
8. Column 8 Level of Risk Rating: refers to the evaluation of the identified risk which
involves comparing the level of risk, after combining the likelihood level and consequence
level. Table 3- IRM Level of Risk Rating is used for this column.
9. Column 9 Details of Existing Controls: list the identified internal or external controls
(i.e. policies, laws, rules and regulations) applicable to the risk, if any.
10. Column 10 Adequacy of Existing Controls: is the evaluation done on the existing
controls, if any, to determine whether or not these are well designed and can adequately
address the risk. Annex B Assessment Criteria of Control Activity is useful for this column.
11. Column 11 Implementation of existing controls: describes the parameters or situations
in the implementation of the existing controls, if any.
12. Column 12 Reassessment: is filled-in AFTER taking into consideration the effect of
existing controls relative to the project, process or activity and its specific objective covered
by the risk analysis. A reassessment of likelihood and consequence levels is conducted,
and the level of risk rating determined.
13. Column 13 Level of Risk Rating: please refer to Column 12.
14. Column 14 Further Treatment Required: this column answers the question of whether
or not the Risk Treatment applied needs further action. If YES, a risk priority code (Column
15) is assigned to determine the person accountable and responsible for such
action/treatment. If NOT, the documented process should be monitored and periodically
reviewed.
15. The whole integrated risk management process should be documented and stored in a risk
management database and should be regularly and effectively monitored.