View

List Name

Selected RecordsJSON{"data":[["","","Row IDs (hidden)","Number","Title","Description","Risk Owner","Next Review Date","Status","KRI Description","Risk Rating","Indicator","Threat/Cause","Summary of Additional Controls / Actions","Preventive Controls","Consequence","Mitigating Controls"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","80e7b4459d3ff881e0b0808f215f08c215e2f59c","ERM-00006","Unsafe Work placements","Serious injury / Fatality to clients / participants as a result of work placement.","Greg Luck","31-03-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","WHS policies / procedures not adequately designed / implemented at worksites where WFA clients are placedClients not trained adequately to undertake work at placements","","Remote Service & Home Visit Safety Risk Assessment (Rehab Management); Aimbig: Risk Assessments prior to work placements;","Serious harm / death to client during work placement","Incident Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","9c01ecbcac5946cf7e55d245eb00b581dd7735a6","ERM-00007","Choking / aspiration","Serious injury / fataility due to participant with dysphagia choking / aspirating during or in connection with service delivery (Livebig)","Juliet Middleton","31-03-2025","Approved","No. of incidents related to client aspiration / choking","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Vulnerable participant baseHigh-risk participants requiring specialist support for dysphagiaParticipant risk not identified on support planPoor systems for identifying and managing Participants risks","","Mealtime Management & Dysphagia Policy & Procedure; Clinical Team Leaders provide practice support;","Death / Significant harm due to client choking / aspiration","Incident Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","bfc9a14f4a8bf55a0d27f7b271106d3103adda29","ERM-00009","High staff turnover","High staff turnover resulting in high cost of recruiting, staff burn-out, low rates of productivity, loss of intellectual property, disruptions to service delivery, inability to meet strategic objectives, reputational damage.","Julie Stuart","30-06-2025","Approved","Lead indicator: Staff engagement ratesLag indicator: Staff Retention RatesExit interview data and analysis","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Position profiles inaccurate/unclear to suport effective recruitment processesPoor staff induction/onboarding processes \"Green Leader\" - capability and competency gaps in people leadersPressure on talent acquisition specialists to meet targets leading to inappropriate selection of candidates.Low staff engagement","individualised onboarding program being developedIntroduction of new HRISIntroduction of LinkedIn Learning","Specialists- Talent Acquisition Specialists; Gracias Recognition Program; Onboarding and induction program; Position Profiles; Specialists - Leadership and Organisational Development; Engagement Survey and Action Plans; LinkedIn Learning;","Inability to fill positions","Specialists- Talent Acquisition Specialists"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","d1d04d78d07ef35b4d11064228cd3a72ce0c1eb8","ERM-00011","Loss of key pesonnel","Loss of key personnel leading to significant gaps in corporate knowledge, compliance breaches, staff burnout, low productivity, financial loss.","Julie Stuart","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","No system for identifying and planning for the loss of lean teams and critical roles (single point of failure)Key person dependencyNo succession planningSystems and processes are not adequately documented and shared to support key personnel loss/failureResource limitations to support key functionsInformation systems not adequately managed to sustain corporate knowledge (use of personal drives, poorly organised data management systems).Staff burn out","Succession Planning (CPO, FY25)Implementation of Engagement Action Plans (across the organisation)","Professional Development Entitlement; Manager Supervision; Employee Assistance Program (EAP); Onboarding and induction program; Gracias Recognition Program; Engagement Survey and Action Plans; Career and Development Plans;","Loss of key personnel could lead to compliance breach","Specialist - Compliance Team"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","d1d04d78d07ef35b4d11064228cd3a72ce0c1eb8","ERM-00011","Loss of key pesonnel","Loss of key personnel leading to significant gaps in corporate knowledge, compliance breaches, staff burnout, low productivity, financial loss.","Julie Stuart","30-06-2025","Approved","","","","","","","Loss of key personnel could lead to financial loss (lack of appropriate resources to meet demand)","Analytical review of P&L (actual vs budget)"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","9608d76e64bcf9cd7779f6a74be1fa04201a16f1","ERM-00012","Pyschosocial injuries","Psychological injuries/claims resulting in harm to staff, increased cost of claims, business disruption, reputational damage.","James Foot","31-03-2025","Approved","EAP useageNo. / Type / location of staff grievancesWorkers Compensation Claims due to Psychological injuries","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Changes to legislative and regulatory framework that increases onus on employers to proactively manage psychosocial hazards in the workplacePoor management practices due to inexperienced managers, poor education/training of new and existing managersLack of visibility on regulatory requirements in policy, procedure and educationUnderreporting of incidents that could impact staff psychological safety (i.e. incidents of verbal and physical aggression)Poor systems, processes and practices related to injury management and Recovery at Work.Lack of awareness about mental health issues.Exposure to psychosocial risks such as burnout, unclear role expectations, exposure to occupational violence, working in isolation.","","Employee Assistance Program (EAP); Wellbeing Hub; Return to Work and Injury Management Program; Mental Health Policy;","Significant injury / fatality due to pscyhological injury","Employee Assistance Program (EAP); Incident Management Framework; Return to Work and Injury Management Program;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","6832743b38ca7274ba152a08dda0f4026b80ec3d","ERM-00013","Motor vehicle accidents","Serious Injury/fatality resulting from a motor vehicle accident.","James Foot","30-09-2025","Approved","% Compliance with driver safety e-learningNo. of MVA incidents per quarter","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Fleet vehicles (including grey fleet vehicles) are not managed appropriately including the implementation of proactive/responsive maintenance systemsWork-related driving is not being undertaken safely (poor adherence to road rules)","Motor Vehicle Policy & Procedure implementation including identifying all staff who drive a vehicle as part of their work and validating driver licence details.","Specialist - Fleet Manager; Learning Module - Driver Safety; Fleet Vehicle Quarterly Inspections; Motor Vehicle & Driver Safety Policy; Driver Licence validation;","Fatality/Significant Injury","Incident Management Framework; Workers Compensation Insurance;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","482454c1eb71871b6654f3e398cfc141079b132a","ERM-00014","Unsafe service environrments (Arriba sites)","Staff / Contractor injury/fatality due to unsafe service environments and unsafe practices (Arriba Sites)","James Foot","31-03-2025","Approved","% compliance with WHS training% site compliance with fire safety complianceNo. of incidents related to environmental safety% closed hazard reports","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Unsafe service environment and unsafe WHS practices.Inadequate fire and emergency safe systemsInadequate education/training for staffCommunity Setting - minimal staff supervision","WHS Critical Risk Action Plan roll out","Incident Management Framework; Fire Safety Systems; ISO 9001 Certification; Learning Module - Emergency Management; WHS Site Inspections;","Staff/Client injury or fataility","Incident Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","954e465b63dcbb7a7ba1ec3c8d15be06ba8eed31","ERM-00015","Unsafe service environments (Community)","Staff / Contractor injury/fatality due to unsafe service environments and unsafe practices (Community)","James Foot","31-03-2025","Approved","% compliance with WHS training% site compliance with fire safety complianceNo. of incidents related to environmental safety% closed hazard reports","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Unsafe service environment and unsafe WHS practices.Inadequate fire and emergency safe systemsInadequate education/training for staffCommunity Setting - minimal staff supervisionPoor systems for identifying and mitigating risks in community settings","","Incident Management Framework; Pre-visit Home Risk Assessments;","Staff fatality / serious injury","Incident Management Framework; Workers Compensation Insurance;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","3148e264541e9d99d92d11a1174f7d2dfcc31298","ERM-00016","Ineffective leave management","Ineffective leave management leads to high costs, inaccurate staffing and staff disengagement.","Julie Stuart","30-06-2025","Approved","Leave liability - No. of staff with 'excessive leave'","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor systems for managing leave and payrollPoor workforce planningSingle point of contact","","","Staff unavailable in peak / holiday periods",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","3148e264541e9d99d92d11a1174f7d2dfcc31298","ERM-00016","Ineffective leave management","Ineffective leave management leads to high costs, inaccurate staffing and staff disengagement.","Julie Stuart","30-06-2025","Approved","Leave liability - No. of staff with 'excessive leave'","","","","","","Inequitable leave approvals","Workforce planning"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","3148e264541e9d99d92d11a1174f7d2dfcc31298","ERM-00016","Ineffective leave management","Ineffective leave management leads to high costs, inaccurate staffing and staff disengagement.","Julie Stuart","30-06-2025","Approved","Leave liability - No. of staff with 'excessive leave'","","","","","","Large amount of leave liability","Leave liability reporting"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","c1d6cf184ba03527c94df52b16018b01c353385c","ERM-00017","Breach of Modern Awards","Breach of Modern Awards resulting in substantial civil penalties, back-pay liability, reputational damage, workforce unrest, reputational damage.","Julie Stuart","31-03-2025","Approved","External Review results and completion of corrective actionsNo. of Fair Work Claims/Cases","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor governance in relation to employment contracts and payrollInadequate checks and balances for ensuring compliance with Modern AwardsPoor data / information management governance to identify previous activities undertaken in response to Award changesLack of governance (roles and responsibilities not clearly understood and articulated).","","Employment Contracts; HRIS System;","Compliance Breach",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","ba0e4addfe467c41242a226cc53e6d2b217f415d","ERM-00019","Legislative and regulatory compliance breach","Legislative and regulatory compliance breaches result in criminal offences, financial penalties, contract loss, reputational damage.","James Foot","30-06-2025","Approved","External Review results and completion of corrective actionsNo. of Fair Work Claims/CasesIncidents of non-conformance","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor visibility on legislative and regulatory requirements across all areas of the businessStaff onboarding program is inadequate for assuring staff are competent to undetake their roles independently.Policies do not reflect current legislative and regulatory requirementsManagement/staff are unaware of their legislative/regulatory responsibilities Working across multiple jurisdictions and understanding legal and regulatory requirements for each jurisdiction and staying up to date (WHS, Child Protection,","Legislative Alert Process to be mapped","Continuous Professional Development and Supevision Policy and Procedure; ISO 9001 Certification; ISO 27001 Certification; Internal Audit Program; Organisational Structure - Finance Department; Specialists - Qualified Accountants; IT Third Paty Management Policy; Quality Assurance Framework (QAF) Certification; Industry Information Bulletins - AFR, Accounting and Tax (e.g. Accru Fesles, PKF and HLB Mann Judd); Legislative Alert Service;","Loss of Contract","Customer Relationship Managers; Internal Audit Program;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","9a2f7ca4984d09ae2e1bc1c04160220786806a95","ERM-00020","Failure to achieve accreditation / certification","Failure to achieve and maintain certification requirements including ISO 9001, ISO 27001, NDIS Certification, QAF, National Standards for Disability Services (NSDS) Right Fit for Risk, HWCA Principles of Practice","James Foot","30-09-2025","Approved","% compliance with internal audit % compliance with external audit","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor monitoring of ongoing compliance with certification requirementsStaff onboarding program is inadequate for assuring staff are competent to undertake their roles independently.Staff do not understand certification requirements and their role in complianceCorrective actions for non-compliance are not undertakenManagers fail to monitor and manage certification requirementsLack of expertise in specific specialised areas across internal audit team (i.e. privacy, legal, ISO27001, Right Fit For Risk)","Consider how technical matters that relate to accreditation and certification (i.e. legal matters, privacy, IT,","Internal Audit Program; Policies and procedures that align with contract requirements; Manager Supervision; Onboarding and induction program; Mandatory Education/training program; Specialist - Compliance Team; Ongoing operational management of staff performance; Networks to ensure we keep up with certification requirements;","Loss of certification / accreditation","Internal Audit Program"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a0e9a88d3aad8bab8e0eafcde6c7c5d38060d308","ERM-00021","Fraudulent acts","Fraudulent acts by staff members resulting in loss of revenue, contractual breach, legal action, financial penalties","Glenn Meekin","30-06-2025","Approved","% Compliance with mandatory Fraud trainingNo. / Type of Fraud incidents/allegations recorded","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","High risk areas of the business not closely monitored for fraudulant activity (payroll and accounts payable)Sub-optimal probity processes (employees and employers)Lack of adherence to policy and procedurePoor contract management processes and practicesWage subsidy fraud vulnerabilityNo / ineffective vetting of suppliersDe-centralised procurement processes","","Delegations of Authority Policy; Learning Module - Fraud Control; Code of Conduct; Manager Supervision; Criminal Record History Checks; Recruitment and Selection Processes; Incident Management Framework; Learning Module - Whistleblower Policy; Group Purchasing Policy and Procedure; Travel and Entertainment Policy; Compleat Software with built-in delegations of authority; Segregation of Duties including manager approvals, accounts payable and finance approvers; Accounts Payable training and mentoring; Wage subsidy contract between Aimbig and Employer; Analytical review of P&L (actual vs budget); Dual authorisation on payments; Fraud Control Plan;","Loss of contract","Customer Relationship Managers; Fraud Control Procedure; Crisis Management Plan;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a0e9a88d3aad8bab8e0eafcde6c7c5d38060d308","ERM-00021","Fraudulent acts","Fraudulent acts by staff members resulting in loss of revenue, contractual breach, legal action, financial penalties","Glenn Meekin","30-06-2025","Approved","% Compliance with mandatory Fraud trainingNo. / Type of Fraud incidents/allegations recorded","","","","","","Criminal / Legal ramifications","Legal and Risk Function; Quality and Compliance Business Partners; Fraud Control Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a0e9a88d3aad8bab8e0eafcde6c7c5d38060d308","ERM-00021","Fraudulent acts","Fraudulent acts by staff members resulting in loss of revenue, contractual breach, legal action, financial penalties","Glenn Meekin","30-06-2025","Approved","% Compliance with mandatory Fraud trainingNo. / Type of Fraud incidents/allegations recorded","","","","","","Reputational Damage","Crisis Management Plan; Fraud Control Procedure; Crisis Communication Management Plan;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a0e9a88d3aad8bab8e0eafcde6c7c5d38060d308","ERM-00021","Fraudulent acts","Fraudulent acts by staff members resulting in loss of revenue, contractual breach, legal action, financial penalties","Glenn Meekin","30-06-2025","Approved","% Compliance with mandatory Fraud trainingNo. / Type of Fraud incidents/allegations recorded","","","","","","Financial Loss","Analytical review of P&L (actual vs budget); Fraud Control Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","52a3b80d3af4f48aa416d5ef44e809e1e50f5045","ERM-00023","Poor / uncontorlled procurement and supplier management","Poor / uncontrolled procurement and supplier management practices results in safety risks, financial loss, regulatory and contractual breach and reputational loss","Glenn Meekin","30-06-2025","Approved","Supplier costs v forecasts","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","No central repository for supplier information to allow visibility on number/type suppliersDe-centralised procurment processes","","Group Purchasing Policy and Procedure; Supplier and Employer Vetting Policy; Supplier Management Policy; Supplier Evaluation Form;","Financial Loss","Supplier and Employer Vetting Policy"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","f5c99ae968cde37cc0a4eb772238b7bdb1911e1f","ERM-00024","Failure with billing systems","Failure with billing systems leading to undercharging, overcharging.","Glenn Meekin","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Staff pressure to meet productivity targetsComplexity of billing rules","Review process for identifying correct billing contact (Livebig) to reduce invoicing error rate. Consider Internal Audit to identify where errors are occurring and how best to reduce the risk of invoicing errors.","Staff education and training","Client Complaints","Feedback and Complaints Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","fe4fc656cd83ea360346b373e2d9c66f20d94b61","ERM-00026","Failure of debtors to pay invoices","Debtors fail to pay invoices in a timely way leading to inability to manage cashflow, significant financial loss","Glenn Meekin","30-06-2025","Approved","Cashflow to Forecast Quarterly Trend","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor accounts receivable systemsFailure to chase outstanding invoicesPoor financial management","Review process for identifying billing contacts (Livebig) and consider internal audit ongoing.","Specialists - Qualified Accountants; Specialists - Accounts Receivable Team;","Depleted Cashflow","Specialists - Accounts Receivable Team; Monthly Reporting % Cashflow to forecast; ELT Monthly / Quarterly Reporting;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","86ed7725f52c47f582fc47c7356820b6d8c8676d","ERM-00027","Unauthorised access to system","System access risk: unauthorised physical or logical access to system resulting in unauthorised access, data loss, manipulation, theft or not being accessible for a period of time","James Foot","30-06-2025","Approved","% of phishing email actioned% critical vulnerabilities% critical vulnerabilities addressed within 0 daysNo. of security incidents% compliance with cybersecurity training","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Inadequate security measuresPoor segregation of dutiesInformation security breachTrusted insider threat","Develop Trusted Insider Threat Program","Code of Conduct; IT Roadmap; Cybersecurity Roadmap; IT System Security Solutions;","Privacy Breach","Privacy Breach Response Policy and Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","86ed7725f52c47f582fc47c7356820b6d8c8676d","ERM-00027","Unauthorised access to system","System access risk: unauthorised physical or logical access to system resulting in unauthorised access, data loss, manipulation, theft or not being accessible for a period of time","James Foot","30-06-2025","Approved","% of phishing email actioned% critical vulnerabilities% critical vulnerabilities addressed within 0 daysNo. of security incidents% compliance with cybersecurity training","","","","","","Contract Breach and Loss","Privacy Breach Response Policy and Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","563b7687d993f7dad565292ab7b7e87a0250e005","ERM-00029","Disclosure of personal/sensitive information","Confidentiality and Privacy Risk: Unauthorised disclosure of proprietary information or individuals personal information resulting in funding freeze, litigation, brand and eputation damage.","James Foot","30-06-2025","Approved","# Privacy Breaches","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Failure to monitor changes in Government PolicyFailure of security controlsCollusionInformation Security Breach","Explore additional security controls on Customer Management Systems","Learning Module - Data and Privacy Breaches; Privacy policy; Privacy Officer;","Health and Safety risks to staff and clients","Incident Management Framework; Privacy policy; Privacy Officer;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","366f627dbee288aea5ea35cb7ec79a3216037b8f","ERM-00030","System Reliability and Information Integrity Risk","Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate and/or untimely information","James Foot","30-09-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Software programming errorsUnauthorised changes to softwareData cleansing not performedPoor data qualityPoor data governance","Performance monitoring of data quality to be added as an agenda item to monthly meetings with CEO and Head of AI and Data GovernanceFull implementation of Data Governance Framework to be completed","Change Management Policy; Testing strategy and performance monitoring; Data Governance and Policy Framework; Technology installation standards; Performance monitoring;","Inability to monitor financial and operational performance","Specialist - Head of AI and Data Governance; Specialists - Qualified Accountants;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","366f627dbee288aea5ea35cb7ec79a3216037b8f","ERM-00030","System Reliability and Information Integrity Risk","Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate and/or untimely information","James Foot","30-09-2025","Approved","","","","","","","Creates inefficiencies throughout operational and corporate systems","Data Governance and Policy Framework; Specialists - Qualified Accountants;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","366f627dbee288aea5ea35cb7ec79a3216037b8f","ERM-00030","System Reliability and Information Integrity Risk","Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate and/or untimely information","James Foot","30-09-2025","Approved","","","","","","","Poor quality reporting leads to contractual breach","Data Governance and Policy Framework; Internal data validation processes;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","366f627dbee288aea5ea35cb7ec79a3216037b8f","ERM-00030","System Reliability and Information Integrity Risk","Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate and/or untimely information","James Foot","30-09-2025","Approved","","","","","","","Non-compliance with regulatory and contractual obligations","Internal data validation processes; Internal Audit Program;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","811d47194a76fdb31cbb9e38fc29d20ac6d9d5ba","ERM-00033","Pandemic, natural disaster, geopolitical conflict","Prolonged / extensive service disruption due to pandemic, natural disaster or geopolitical conflict impacting workforce and ability to deliver services in line with contractual obligatons and to meet organisational and strategic objectives.","James Foot","31-03-2025","Approved","% Completion of corrective actions related to crisis management exercise.","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","PandemicClimate change resulting in severe weather events geopolitical climate conducive to Australia being pulled into an international conflict","","Business Continuity Management Procedure; Crisis Management Plan; Personal Protective Equipment;","","Crisis Management Plan; Business Continuity Management Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","5dea21e92327dd378abe27019f9e72b8a5f52380","ERM-00034","Critical system outage","Critical system outage due to loss, deterioration or interruption of supply of critical services, support or resources and failure to recover critical IT processes following a non routine event resulting in business interruption.","James Foot","30-06-2025","Approved","No of information security incidents","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Inadequate business continuity plansPoor contract management systemsSevere weather event","Business Continuity Plans to be updated to include Business Impact and plan for prolonged service outage","Business Continuity Management Procedure; IT contracts include performance criteria and SLAs; Testing and measuring of contract compliance; Vendor management framework;","Prolonged system outage","Business Continuity Management Procedure; Crisis Management Plan;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","54386d878528002c2dce456e0b4f17d34f7e6e5d","ERM-00035","Key supplier failure/disruption","Key supplier withdrawn / disrupted causing service delivery interruption","James Foot","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor supplier managementInadequate business continuity plansSevere weather event","Business Continuity Plans to include plans for when key suppliers fail to supply key products/ sevices","Business Continuity Management Procedure; IT contracts include performance criteria and SLAs; Testing and measuring of contract compliance; Vendor management framework;","Service disruption","Business Continuity Management Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","1dc8ce361b6011030ab6af03506b62499ad505fc","ERM-00036","Inappropriate / damaging posts on social media","Staff and externals posting inappropriate / damaging content on social media leading to reputational damage","Louise Genge","30-06-2025","Approved","% negative posts","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Lack of awareness / understanding of social media policyDisaffected staff intentionally trying to damage brand through negative and/or inaccurate social media postingDissatisfied clients venting on social media","","Social Media Procedure; Social media monitoring service; Media and Public Relations Policy;","Negative posts on social media","Social media monitoring service"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","8677714c55166ac94a24eca93100b9f1006fcba5","ERM-00037","Damaging media coverage","Damaging and/or inaccurate media coverage that damages the Arriba Group brand/s","Louise Genge","30-06-2025","Approved","% Negative Social Media Posts","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Inaccurate reportage related to merger and acquisition activityRoyal Commissions that impact any or all of Arriba Group businesses","","Media and Public Relations Policy; Media / Social Media Monitoring; Social Media Procedure;","Reputational damage","Crisis Management Plan"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","e0e96043eeade37141bbeaf34a8b81a2aa08049f","ERM-00038","Inappopriate brand positioning","Inappropriate brand positioning causing reputational damage over an extended period of time","Louise Genge","30-06-2025","Approved","Social Media negative sentiment","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Brand guidelines not adequately defined or adhered to","","Media / Social Media Monitoring; Brand Guidelines; Marketing Plans;","Poor brand awareness leading to loss of market share and inability to attract talent","Brand Guidelines"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","e7bb5aee5f5d15d265d36e35837c60bcccf0f75a","ERM-00039","Incorrect Google listings","Incorrect Google Listings resulting in harm to clients, inaccess to emergency services and reputational damage","Louise Genge","30-06-2025","Approved","","Low","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: green;\"/>","Regular office address changes and difficulty making timely changes to googleIrregular review of google listings","Review Feedback and Complaints Management Framework to ensure complaints are reported and responded to effectively","Regular reviews of Google Listings; External Agency supports Listing Updates;","Incorrect Google Listings leading to customer dissatisfaction","Feedback and Complaints Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","712976821baba3b25bbb27f12d85502ca0b513f1","ERM-00040","Cybersecurity breach of website","Cybersecurity breach of website content resulting in flooding of CRM, bringing referral pipeline to a halt and/or brand damage","James Foot","30-06-2025","Approved","% Phishing email actioned% Critical vulnerabilities% Critical vulnerabilities adddressed within 30 days% Compliance with cybersecurity training","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Cybersecurity breachPhishing email that has been opened","","Antivirus software; Learning Module - Cyber Security Awareness; IT Security Solutions; IT Security Policies; System design; System Monittoring; System Maintenance / Patching;","Cybersecurity attack","Crisis Management Plan; Business Continuity Management Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","fed439f75e3e274c40eb07ed04922f5a721be5f4","ERM-00041","Selection and IT Governance","Selection of the IT solution that is misaligned with strategic objectives or insufficiently flexible and/or scaleable","James Foot","30-09-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Unqualified decision makersInadequate information supporting the selection decisionPersonal bias toward the vendorFailure to gain acceptanceUnconsultative decisions","","IT Roadmap; Enterprise architecture; IT Governance; IT Strategic Plan;","Inappropriate selection of hardware/software",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","ff1b3802df0fed6297783a55cef89792c62c0acb","ERM-00042","Failure in project benefit realisation","Project Risk: Failure in project benefit realisation due to risks assocated with the development, acquisition and deplaoyment of a new IT solution.","James Foot","30-09-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Insufficient in-house expertiseinadequate vendor supportResistance to change","","Change Management Policy; Project Management Framework and Methodology;","Project timeframes blow out and/or project fails to achieve objectives","Project Management Framework and Methodology"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","8cd13ff26047bf4dd4a7c32570f7c4ba9d8776c5","ERM-00043","Failure to undertake adequate due diligence for M&A","Failure to undertake adequate due diligence for M&A, overvaluing target company, poor integration processes and missed opportunities for synergies.","Marcella Romero","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Under-resourcing","","Strategic Plans; Legal and Risk Function; Merger & Acquisition Specialists;","",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","68ebe6685e3f71c7c517ad32e945414b621a719e","ERM-00044","Recycling and waste reduction","Inability to demonstrate commitment to environment through recycling and the reduction of waste.","Julie Stuart","30-06-2025","Approved","","Low","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: green;\"/>","Failure to get 'buy-in' from staff across the business to make an impact on recycling and waste reductionInfrastructure for recycling is not available at site offices","","","",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","1c99f9ee7602318f5c297d6291332985204f6ea6","ERM-00046","Unable to demonstrate diversity and inclusiveness in work force","Failure to maintain and develop diverse and inclusive workforce","Julie Stuart","30-06-2025","Approved","","Low","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: green;\"/>","No concerted effort to achieve diverse and inclusie workforce strategy","","","",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","914fad5d-1291-4101-b965-3ceb4fd131ad","ERM-00010","Occupational violence","Occupational violence results in serious injury / fatality to staff member.","James Foot","31-03-2025","Approved","No. of incidents related to occupational violence","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Staff ill-equipped / inexperienced in identifying risk, de-escalation and occupational violence awareness.Poor reporting culture - non-reporting of incidents leading to recurring episodes of workplace violenceLack of visibility on incidents involving occupational violence due to under-repoting , staff not rportitin, no sinle source of truth for incident recordsIncident management system does nto provide good business intelligence (location, triggers, root cause)Inadequate invesigation and corrective action processes","Momentum QMS Project to improve incident management framework including reporting and trend analysisDuress alarm product - look at alternative products to compare with WSG Alarm","Incident Management Framework; Learning Module - Mental Health First Aid; Learning Module - De-escalation and occupational violence awareness; Emergency SOS set up on mobile devices; Duress Alarms (Office-fitted); Employee Assistance Program (EAP); Onboarding and induction program;","Serious harm/ death of staff member due to occupational violence","Incident Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","37b593bd-df6a-42a5-8962-574486b86b10","ERM-00008","Inability to attract talent","Inabiity to attract appropriately skilled, qualified and experienced staff to meet the operational and strategic needs of the organisation.","Julie Stuart","30-06-2025","Approved","Head count growth vs projectedStaff retention (first 6 months)Exit interview data and analysis","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Tight labour market, particularly for allied health staffInadequate resources to recruit the number and type of staff required to meet organisational needsPosition profiles inaccurate/unclear to support effective recruitment processesPoor workforce planning processes Low brand awarenessCompetition with NFPsNo staff mobility program","EVP ProjectUpdating Employee Referral Process (tailor to current needs/opportunities)","Recruitment and Selection Processes; Specialists- Talent Acquisition Specialists; Marketing campaigns; Recruitment Referral Reward Program; Industry Award Nominations; Social Media Strategy;","Inability to reach budget / growth targets",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","f0e3c6f63f907d80eb00835a6da1079cb2a1a6b1","ERM-00047","Participant Death or Injury (Significant Harm)","Client death or injury as a result of being exposed to significant harm in connection with service delivery (death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, use of an unauthorised restrictive practice","Juliet Middleton","31-03-2025","Approved","Client/Participant safety incidentsScreening check complianceMandatory Training safety","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Incomplete screening (including NDIS Worker Check, WWCC, CRC, Referee Checks)Inappropriate / negligent careInadequate education / training for staffLack of clinical governanceCommunity Setting - minimal staff supervisionLack of safeguarding policies, procedures, practices (including implementation of child safe principles)","Design and implement clinical governance framework (Quality and Compliance / Operations )Review and improve mandatory employment training and screening systemReview compliance with National Child Safe Principles","Working with Children Checks; Criminal Record History Checks; NDIS Worker Checks; Recruitment and Selection Playbook; Incident Management Framework; Clinical Supervision; NDIS Practice Standards Accreditation;","Significant harm to client in connection with our services","Incident Management Framework; Crisis Management Plan;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","5a762709-9774-496e-93f3-58de39765655","ERM-00005","Suicideality and/or self-harm","Client harm/death due to self-harm","Juliet Middleton; Greg Luck; Renee Thornton;","31-03-2025","Approved","No. and type of incidents related to client self-harm","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Vulnerability of clients - social isolation, underlying disability and poor mental health correlationLevel of staff knowledge / skill to respond to suicide ideation, threats / actual self-harm","","Incident Management Framework; Clinical Supervision; Suicide Risk Management Policy and Procedure; Manager Supervision;","Client suicide/significant harm","Incident Management Framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a115cf1c-0a9a-4cf0-86e5-3cdcdbe5c399","ERM-00003","Violence, abuse, neglect, exploitation","Serious harm to client / participant as a result of violence, abuse, neglect and/or exploitation by an Arriba Group staff member.","Juliet Middleton; Greg Luck; Renee Thornton;","30-06-2025","Approved","No. / type of client incidentsNo. / type of near missesNo. / type of client complaintsNo. of reportable incidents% mandatory training compliance% mandatory employment screening complianceCompliance with NSDS StandardsCompliance with NDIS Practice Standards","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Probity checks not adequately attended to including WWCCs, CRCs, NDIS Worker Checks, Reference ChecksLack of staff training about identifying and reporting signs of abuse, allegations, disclosures or suspicionsPolicies, procedures and information inadequate to provide sufficient information and education to staff about how to prevent, recognise and respond to allegations / disclosures / suspected / witnessed incidents of harm.A culture of under-reporting of incidents and complaints","Quality & Safeguard - Clinical and outcome frameworkRoll out background check compliance in line with mandatory matrix (CPO, 2025)Employee Check Compliance Matrix (FY 25)Review compliance with child safe principles (HoR FY25)","Incident Management Framework; Feedback and Complaints Management Framework; Working with Children Checks; Criminal Record History Checks; NDIS Worker Checks; Learning Module - National Principles for Child Safe Organisations; Code of Conduct; Aimbig Child and Youth Code of Conduct; Livebig Child Protection Policy and Procedure;","Harm to clients caused by violence, abuse, neglect, exploitation","Crisis Management Plan; Incident Management Framework;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","185a1d89-5795-4743-a683-446cc124195f","ERM-00004","Suboptimal client outcomes","Suboptimal client outcomes / significant failure to maximise client outcomes leading to client harm and reputational damage","Juliet Middleton; Greg Luck; Renee Thornton;","31-03-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Inappropriate / negligent careInadequate education/training for staffLack of cllinical governance and outcomes frameworkCommunity Setting - minimal staff supervisionStaff unqualified / uncredentialled to perform their roles.","Quality & Safeguard - Clinical Outcome Framework","Recruitment and Selection Processes; Manager Supervision; Clinical Supervision; Mandatory Education/training program;","Reputational Damage","Feedback and Complaints Management Framework; Media / Social Media Monitoring;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","bb8320d6-8285-4126-912b-73ec0a75f1a9","ERM-00002","Unsafe service environment and unsafe working practices","Client injury/fatality due to unsafe service environment and unsafe working practices (WHS)","Juliet Middleton; Renee Thornton; Greg Luck;","31-03-2025","Approved","No. / type of client incidentsNo. / type of near missesNo. / type of client complaintsNo. of reportable incidents% mandatory training compliance% mandatory employment screening compliance","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Unsafe service environment and unsafe WHS practices.Inadequate emergency systems (evacuation and lockdown procedures)Inadequate WHS and emergency education/training for staffCommunity Setting - minimal staff supervision and uncontrolled environments.Lack of clinical governance framework.Under-reporting of client complaints and incidents leading to lack of visibility of issues related to client safety and lost opportunity to respond to prevent harm.","WHS Action Plan Roll out (FY25)Design and implement Incident Management System","Incident Management Framework; Feedback and Complaints Management Framework; WHS Risk Management Procedure.pdf; Learning Module - Workplace Health and Safety; Specialists - WHS Manager and WHS Officer;","Serious harm to client/s and/or staff due to unsafe working environment","Incident Management Framework; Workplace Investigation;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","bb8320d6-8285-4126-912b-73ec0a75f1a9","ERM-00002","Unsafe service environment and unsafe working practices","Client injury/fatality due to unsafe service environment and unsafe working practices (WHS)","Juliet Middleton; Renee Thornton; Greg Luck;","31-03-2025","Approved","No. / type of client incidentsNo. / type of near missesNo. / type of client complaintsNo. of reportable incidents% mandatory training compliance% mandatory employment screening compliance","","","","","","Adverse media coverage and damage to brand","Crisis Management Plan"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","2e9e9661-20c2-49ff-a2f8-47a6b67afd0d","ERM-00018","Contractual breaches","Contractual breaches with Government and other key customers that leads to cancellation of contracts, risk of renewal of ternders, inability to attract new contracts, reputational damage.","James Foot","30-06-2025","Approved","WFA Performance DashboardDES Performance Dashboard","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Lack of visibility on contractual requirementsPolicies/procedures that do not reflect contractual requirementsPoor monitoring of performance against contractual requirementsPoor management of identified contractual compliance breachesLack of visibility on performancePoor literacy on contractual and performance requirements","Contract repository where contractual requirements are clearly identified and monitored.","Continuous Professional Development and Supevision Policy and Procedure; Policies and procedures that align with contract requirements; ISO 27001 Certification; ISO 9001 Certification; Internal Audit Program; Processes for communicating contractual requirement updates;","Compliance Breach and Loss of Contract","Customer Relationship Managers; Internal Audit Program; ISO 9001 Certification; ISO 27001 Certification;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","e4760b40-1ca5-4c0e-bf93-3c69b74dc241","ERM-00022","Loss of customer contracts","Loss of revenue due to loss of customer contracts / failure to maintain financial sustainability due to low revenue, inability to attract new business resulting in significant revenue loss","Glenn Meekin","30-06-2025","Approved","Performance Dashboards","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Significant breach of ContractFailure to attract maintain/attract new contracts Poor brand awarenessBusiness disruption eventHigh costs of doing businessGovernment policy changes due to NDIS Review, Senate enquiries, Disability Royal Commissioons","","Internal Audit Program; Tender Management Procedure; Accreditations and Certifications; Policies and procedures that align with contract requirements; Engagement with policy makers and government departments; Scenario planning; Tender pursuits;","Loss of contracts","Identify Merger and Acquisition oppportunities"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a33d4020-b4e2-4adc-b179-68640ba3bc71","ERM-00028","Unauthorised / inappropropriate use of AI","Unauthorised / inappropropriate use of Artificial Intelligence applications used by staff compromise data security, privacy breach, reputational damage.","James Foot","30-06-2025","Approved","No. and type of information security incidents","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Failure to implement AI Governance frameworkEmployees use of unauthorised AI platformsLack of employee awareness about AI risks related to privacy, bias, compliance breaches","","IT Acceptable Use Policy; Specialist - Head of AI and Data Governance; IT Policies and Procedures; AI Policy; Limited access to AI tools; AI Academy;","Privacy breach due to inappropriate use of AI tools","Crisis Management Plan; Incident Management Framework; Privacy Breach Response Policy and Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a33d4020-b4e2-4adc-b179-68640ba3bc71","ERM-00028","Unauthorised / inappropropriate use of AI","Unauthorised / inappropropriate use of Artificial Intelligence applications used by staff compromise data security, privacy breach, reputational damage.","James Foot","30-06-2025","Approved","No. and type of information security incidents","","","","","","Poor client/employee experience due to inadvertent inbuilt bias into tool","Broad consultation with business specialists; Product Testing and approval Process;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a33d4020-b4e2-4adc-b179-68640ba3bc71","ERM-00028","Unauthorised / inappropropriate use of AI","Unauthorised / inappropropriate use of Artificial Intelligence applications used by staff compromise data security, privacy breach, reputational damage.","James Foot","30-06-2025","Approved","No. and type of information security incidents","","","","","","Contract Breach/Loss due to inappropriate use of AI","Crisis Management Plan; Customer Relationship Managers;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","b2c2155d-3627-4801-81dd-8b10afd757fd","ERM-00032","Loss of client data","Loss of client data resulting in service disruption and reputation damage","James Foot","30-06-2025","Approved","% Critical vulnerabilities% Critical vulneabilities addressed within 30 daysNo. of information security incidents","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","System outageSupplier FailureCybersecurity attackHuman Error","Business Impact Analysis and Business Continuity Plan to be developed for the event of data loss (Head of Risk FY25)","Business Continuity Management Procedure; IT System Security Solutions; IT Acceptable Use Policy; IT Roadmap; Staff awareness training; Role based access control; multifactor authentication;","Business disruption","Business Continuity Management Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","4c308753-0068-4a2e-9e5d-7c61692f71b7","ERM-00031","Cybersecurity event","Cybersecurity Event Risk: Cyber Security event leading to unauthorized access, data loss, manipulation, theft, or systems not being accessible for a period of time leading to business interruption, privacy breach, adverse media, brand damage, and financial loss.","James Foot","30-06-2025","Approved","Phishing Email Compliance; Training compliance; performance against ISO27000 and Right Fit for Risk;","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Ransomware attacksEmail PhishingDenial of Service AttacksImpersonation EmailsStaff Working From HomeIdentity TheftData Breach / Data Leakage","","Learning Module - Cyber Security Awareness; Antivirus software; IT Security Policies; IT Security Solutions; System Monittoring; System design; Block email button / Phishing email button; Cybersecurity Staff Awareness Training; System maintenance/Patching; Phishing Simulations;","Adverse Media Coverage","Crisis Management Plan; Business Continuity Management Procedure; IT Incident Response Procedure; IT Disaster Recovery Plan;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","4c308753-0068-4a2e-9e5d-7c61692f71b7","ERM-00031","Cybersecurity event","Cybersecurity Event Risk: Cyber Security event leading to unauthorized access, data loss, manipulation, theft, or systems not being accessible for a period of time leading to business interruption, privacy breach, adverse media, brand damage, and financial loss.","James Foot","30-06-2025","Approved","Phishing Email Compliance; Training compliance; performance against ISO27000 and Right Fit for Risk;","","","","","","Loss of Contracts","Crisis Management Plan; Customer Relationship Managers;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","c98597602c32e2dc9cfda12c151a5f2c1fb81c74","ERM-00050","Child / Youth Safety","Harm to a child or young person while engaging with or in connection with our services","Juliet Middleton; Renee Thornton; Greg Luck;","31-03-2025","Approved","Compliance with pre & ongoing employment checks,","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Inappropriate staff conductLack of staff awareness of riskPoor recruitment and selection processesUnsafe workplace environmentsLack of child-friendly feedback mechanisms","Complete gap analysis against National Child Safe PrinciplesImplement strategies for adherence to principlesComplete gap analysis against Queensland Child Safe StandardsImplement strategies for adherence to principles","Code of Conduct; Feedback and Complaints Management Framework; Incident Management Framework; Child Protection Policy and Procedure (Livebig); Aimbig Child and Youth Code of Conduct; Working with Children Checks; Mi Casa Child & Youth Resource Page;","Staff misconduct resulting in harm to child/young person","Incident Management Framework; Feedback and Complaints Management Framework;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","931ddcdf1ae85b24ff2135a9a2251751002d377b","ERM-00054","Trusted Insider Threat","The potential danger posed by an employee, contractor, or other individual within an organization who is considered trustworthy and has authorized access to sensitive information or systems, but could potentially misuse that access to harm the organization, either intentionally or unintentionally, due to negligence or malicious intent; essentially, it's the risk that someone the organization trusts could become a security threat by exploiting their privileged access.","James Foot","30-06-2025","Approved","Staff Awareness Training statistics, security incidents, monitoring activities","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Disgruntled staff memberInappropriate access to systemsData breaches by leaking confidential informationSystem sabotage or disruptionIntellectual Property TheftOffboarding delayUnintentional disclosure or negligence","","Cybersecurity Staff Awareness Training; Code of Conduct; Privacy policy; Privacy Breach Response Policy and Procedure; Offboarding process; IT Acceptable Use Policy; user access controls including the principle of least priviledge; User monitoring and anomaly detection; Trusted Insider Threat program; Data Leakage Prevention;","Cybersecurity Breach","Crisis Management Plan"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","931ddcdf1ae85b24ff2135a9a2251751002d377b","ERM-00054","Trusted Insider Threat","The potential danger posed by an employee, contractor, or other individual within an organization who is considered trustworthy and has authorized access to sensitive information or systems, but could potentially misuse that access to harm the organization, either intentionally or unintentionally, due to negligence or malicious intent; essentially, it's the risk that someone the organization trusts could become a security threat by exploiting their privileged access.","James Foot","30-06-2025","Approved","Staff Awareness Training statistics, security incidents, monitoring activities","","","","","","Contractual Breach or Loss","Crisis Management Plan"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","8c113f60a4bb84ffa220860031f50bde29396d9a","ERM-00051","Infectious Disease","Staff / Client illness / fatality due to exposure to infectious disease","Renee Thornton; Greg Luck; Juliet Middleton; James Foot;","31-03-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Poor Access to PPEPoor infection control processes and practicesLack of staff education/training on infectious disease and infection prevention","","Learning Module - Infection Control; PPE supplier; Infection Control Procedure;","Spread of infection between staff and clients","Crisis Communication Management Plan; Business Continuity Management Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","ddda15ba-4f53-4a22-a248-dff84a8aa4af","ERM-00045","Modern Slavery in operations or supply chains","Modern Slavery identified in our operations and/or supply chains","James Foot","31-12-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","No evaluation of operations or suppliersStaff unable to identify and/or respond to suspected modern slavery concernsRisks Not identifed","Map suppliers (contracted), identify whether there is clear code of conduct / clause that includes identifying and reducing modern slavery risks.","Modern Slavery Statement; Supplier Code of Conduct; Modern Slavery Policy & Procedure; Modern Slavery e-learning module;","Modern Slavery is present in operations/supply chains","Modern Slavery Statement"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","ddda15ba-4f53-4a22-a248-dff84a8aa4af","ERM-00045","Modern Slavery in operations or supply chains","Modern Slavery identified in our operations and/or supply chains","James Foot","31-12-2025","Approved","","","","","","","Loss of customer contracts","Communication of Arriba Group Modern Slavery Commitments"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","9af5a729e74574d7dfdee1511fce6f565f2edb7b","ERM-00052","Inappropriate use of branded apparel","Inappropriate activities while wearing branded apparel resulting in reputational damage","Louise Genge","30-06-2025","Approved","","Low","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: green;\"/>","Inappropriate/criminal behaviour conducted in Arriba branded clothingInappropriate/criminal behaviour conducted by staff Arriba staff in the course of providing services","Develop procedure to address post-employment and correct use of branded apparel.","Code of Conduct","",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","70886d2711abf482b1d2fc0695372b13b1940028","ERM-00053","Meeting key stakeholder expectations in relation to ESG","Failure to meet key stakeholder (clients, staff, customers, governing bodies) expectations in relation to ESG commitments and initiatives","Julie Stuart","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Lack of clarity around our ESG commitments and intiativesUnachievable commitments due to external factors (i.e. labour market)Poor monitoring of our ESG commitments and performanceLack of visibility on ESG commitments (what have we committed to in tenders? what is in contracts? etc.)Cost of meeting commitmentsPoor communication of commitments","Review ESG Policy to develop realistic, achievable targets, Define commitments and who is Accountable, Responsible, etc., measure progress, communicater commitments and progress, Create central repository for ESG documents, recommence committee, etc.","Employee Assistance Program (EAP); ESG Committee; ESG Project Lead; National Indigenous Steering Committee; Supply National Target; Mi Casa ESG Page; Empowered Newsletter; ESG Policy;","Loss of contracts","ESG Dashboard"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","7ca199ca-ecdd-447e-b614-3297fbcffe51","ERM-00049","WFA Employment Fund Transport Purchase","Client injury/fatality related to WFA Employment Fund Purchase related to transport such as bikes or e-scooters","Greg Luck","30-06-2025","Approved","Client Safety Incidents","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","High risk transport purchases such as e-scootersBikes purchased without safety equipmentLack of guidance for staff about WFA Employment Fund purchasesLack of awareness by staff in relation to WFA Employment Fund purchases","Refer to WFA Employment Fund Report Review Recommendations","Delegations of Authority Policy; Employment Fund Request/Approval processes; Employment Fund e-learning module; WFA Employment Fund Policy;","Client injury/fatality","WFA Employment Fund Policy & Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","7ca199ca-ecdd-447e-b614-3297fbcffe51","ERM-00049","WFA Employment Fund Transport Purchase","Client injury/fatality related to WFA Employment Fund Purchase related to transport such as bikes or e-scooters","Greg Luck","30-06-2025","Approved","Client Safety Incidents","","","","","","Loss of customer contract","WFA Employment Fund Policy & Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","7ca199ca-ecdd-447e-b614-3297fbcffe51","ERM-00049","WFA Employment Fund Transport Purchase","Client injury/fatality related to WFA Employment Fund Purchase related to transport such as bikes or e-scooters","Greg Luck","30-06-2025","Approved","Client Safety Incidents","","","","","","Litigation as a result of Client injury/fatality","WFA Employment Fund Policy & Procedure"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","3781ec61a1b266fe7fee8a3c04aa784b2bf7a033","ERM-00055","Climate Change (severe weather) threats","Climate Change events impact client and staff safety, cause service disruption and financial loss","Renee Thornton; Greg Luck; Juliet Middleton;","30-06-2025","Approved","Service ClosuresIncidents","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Severe weather","","Crisis Management Plan; Crisis Communication Management Plan; Business Continuity Management Procedure; Emergency and Disaster Management Plan; Empowered and other Communication Methods; Duress Alarms;","Service Disruption","Crisis Management Plan; Crisis Communication Management Plan; Business Continuity Management Procedure; Incident Management Framework;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","dce27ed0aa1276b3dfb7aa1600cb986ed89d97eb","ERM-00056","Social Media Scams","Social Media Scams (and other eScams) where malicious actors impersonate an Arriba Group entity to elicit personal or sensitive information from actual or potential employees, clients/participants, etc.","Louise Genge","30-06-2025","Approved","No. of incidents of fake posts identified","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Commercially sensitive information potentially out in public spherePoor monitoring of social mediaSocial Media site unable to/unwilling to pull down fake contentStaff / participants not able to identify fake from real postsStaff not aware of how to report fake posts","","Media / Social Media Monitoring","Clients/staff provide personal/sensitive data to malicious actors",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","a15411a2e35ffad73a6dcadd4e34654c82982201","ERM-00057","Third Party Risk Outsourced Infrastructure and Managed Services","Loss, deterioration or interruption of supply of services, support or resources","James Foot","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Lack of, or incorrect contract management systemSupplier goes bust","","Contracts include performance criteria and SLAs; Testing and measuring of contract compliance; Active Vendor Management; IT/IS Acquisitions Procedures;","Suppliers fail to meet Service Level Agreements","Vendor management framework"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","0a91983201954c1d70eff4642a60525412cdb9d3","ERM-00058","Third Party Risk Outsources Software","Loss, deterioration or interruption of supply of services, support or resources","James Foot","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Lack of, or incorrect contract management systemSupplier goes bustSupplier performs poorly","","IT contracts include performance criteria and SLAs; Testing and measuring of contract compliance; Active Vendor Management; IT/IS Acquisitions Procedures; Enterprise SaaS Applications;","Business interruption, Loss of information","Contracts include performance criteria and SLAs; Testing and measuring of contract compliance; Active Vendor Management; IT/IS Acquisitions Procedures; Enterprise SaaS Applications;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","0bbaf5aeed29b1a950f566e4c2578f8ca1188194","ERM-00059","Disaster Recovery Risk","Failure to recover critical Arriba Group or IT dependent processes following a non-routine event","James Foot","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Inadequate plansInadequate disaster recovery solutionPlans not tested","","Enterprise SaaS Applications; Site Recovery Design; High Availability Design; Clear back-up strategy; System documentation; Failure / recovery testing for core applications within the IT environment;","Business interruption, brand and reputation damage, loss of data","Site Recovery Design; Clear back-up strategy;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","5e86b4e81a60b2283f7bbb23c58c9270bb9620f0","ERM-00060","Business Continuity Risk","Failure to recover critical IT processes following a non-routine event","James Foot","30-06-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Inadequate Business Continuity Plans","Review and revise Arriba Group Business Continuity Plan","Business Continuity Management Procedure; Crisis Management Plan; BCP Testing;","","BCP Testing"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","746b682929fe059b7b3a33087e94964db9b779bb","ERM-00061","Third Party Risk Outsourced Software","Loss, deterioration or interruption of supply of services, support or resources","James Foot","30-09-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Lack of, or incorrect contract management systemSupplier goes bustSupplier performs poorly","","Testing and measuring of contract compliance; Contracts include performance criteria and SLAs; Active Vendor Management; IT/IS Acquisitions Procedures; Enterprise SaaS Applications;","System outage resulting in interruption to services","IT Disaster Recovery Plan; Business Continuity Management Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","c1dfe2de1eaf6ec6595b61db3cc5bf0ec086a786","ERM-00062","Third Party Risk","Loss, deterioration or interruption of supply of critical services, support or resources","James Foot","30-09-2025","Approved","","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Lack of, or incorrect contract management","","Contracts include performance criteria and SLAs; Testing and measuring of contract compliance;","Business interruption and increased costs",""],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","120ed9c424493356856b807bc1a2be4a0d2144d7","ERM-00063","System Availability","Unavailability to the system when needed","James Foot","30-04-2025","Approved","Security Incidents","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Hardware/software failureUnscheduled maintenanceVirusesMalicious acts","","Antivirus software; Spares; Preventative Maintenance; Standards for technology installation;","Business Interruption","Business Continuity Management Procedure; IT Disaster Recovery Plan;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","670d3fe3bb097d6f4e7da786d675c00d45f5dd97","ERM-00064","Hardware/Software","Failure of Hardware/Software to perform properly","James Foot","30-09-2025","Approved","Security Incidents","Medium","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: yellow;\"/>","Natural wearEnvironmental damageFires and FloodsViruses and malicious acts","","Preventative Maintenance; Equipment Replacement and Refresh Strategy; Tier 4 Data Centres; Antivirus software; Standards for technology installation;","Business interruption","IT Disaster Recovery Plan; Business Continuity Management Procedure;"],["<a style=\"display: block;padding: 10px 10px;background-image: url('/theme-resources/assets/pages/img/openRecordFromView.png');text-decoration: none;background-repeat: no-repeat\"onclick=\"\"> </a>","<img src='/theme-resources/assets/admin/pages/img/Unchecked.png' style='height: 25px; width: 25px;'/>","eb5f660a6a4836b31f934901fbf7b9378642a44f","ERM-00065","WorkSafe Victoria NES contract loss","Underperformance with contractual performance benchmarks related to New Employer Services (NES) placement and Return to Work sustainability scorecard results in loss of registration for NES and reputation damage","Renee Thornton","31-07-2025","Approved","","High","<div style=\"border-radius: 50% !important; margin: 5px; height: 30px; width: 30px; background: orange;\"/>","Not meeting lower benchmark for placing of workers in to new employment and sustaining of that work for 3 monthsLack of job brokerage services on filesPoor consultant performanceStaff retentionPoor client engagement during initial phase of induction","Placement and sustainability rates (PowerBi Dashboard)","Performance Improvement Plan; New position - Job Broker; Performance Improvement Working Group;","Loss of registration to provide NES in Victoria",""]],"columns":[{},{},{},{},{},{},{},{"type":"date","dateFormat":"DD-MM-YYYY","datePickerConfig":{"firstDay":0,"numberOfMonths":3}},{"viewMeta":{"statusOptions":{"Draft":["Draft","Approval"],"Approval":["Approval","Approved"],"Approved":["Approved"]}}},{},{},{},{},{},{},{},{}],"isPaged":false,"dontSort":false,"isExternal":false}

Search this List:

Sort results

Current Page
Total Pages	Total Rows
List Setting	Search by columns	Select Records
Parent Field
Parent Document Full Path
Parent Section Order	Parent Grid Order
Parent Section Name	Parent Grid name