RISK ASSESSMENT FORM – Key Solution Pte Ltd Approved by: Director Reference Number:

Conducted by: Brian

Date conducted: 05 Oct 2015
Reference Procedure:
KEY-QMS-02_F-01
Signature: BRIAN RA-0001

Next Review Date: 04 Oct 2016

Risk Identification Risk Evaluation Risk Control
Ref Process / Possible Implementation
Risk Existing Risk Controls I P RPN Additional Controls I P RPN Remarks
Function Impact Person

− Customer Service
agents are given a − Briefing given to the
briefing by the staff every morning.
Answering
team lead on how − Provide proper
customer’s
to manage the training to the front- Head of
enquiring, and Rudeness / Complaints
customers line staff.
1 taking orders by Bad customer from the
− All the
3 2 6 3 1 3 Customer
− Corrective action has
Customer services consumer. Services
telecommunicatio to be taken
Services
n with the immediately upon
Department
customer will receiving any
recorded for complaints
training purposes.
− Customer Service
agents are given a
− Corrective action has
briefing by the Head of
to be taken
Cancellation Loss of team lead.
of order Business − Customer
3 1 3 immediately upon 3 1 3 Customer
receiving any Services
feedback will be
complaints
obtained at for
every order.

− Based on the
Complaints − Annual evaluation
feedback obtained Head of
from the on the staff
Staff not from customer,
competent
customer − Provide training to 3 2 6
provide proper
3 1 3 Customer
Loss of ensure the Services
training to the
Business competency
workers.

Low Risk
Probability / : 1-3
Rare Remote Occasional Frequent Almost Certain Risk level
MediumImpact
Risk : (1)
4-12 (2) (3) (4) (5)
Catastrophic
High Risk (5) : 5
13-25 10 15 20 25 Low Risk
Major (4) 4 8 12 16 20
Moderate (3) 3 6 9 12 15 Medium Risk
Minor (2) 2 4 6 8 10
Negligible (1) 1 2 3 4 5 High Risk
RISK ASSESSMENT FORM – Key Solution Pte Ltd Approved by: Director Reference Number:
Conducted by: Brian
Date conducted: 05 Oct 2015
Reference Procedure:
KEY-QMS-02_F-01
Signature: BRIAN RA-0001

Next Review Date: 04 Oct 2016

Risk Identification Risk Evaluation Risk Control
Ref Process / Possible Implementation
Risk Existing Risk Controls I P RPN Additional Controls I P RPN Remarks
Function Impact Person
− Ensure material
control before − Corrective action has
Poor quality Complaints delivery by the to be taken
Delivering of Project
2 of product / from the operation team 3 2 6 immediately upon 3 1 3
Product Manager
faulty product customer − Provide training to receiving any
ensure the complaints
competency
− Operation team
are given a
briefing by the − Based on the
Poor quality
team lead before feedback obtained
of product /
Loss of delivery / from customer, Project
poor 3 2 6 3 1 3
Business installation of provide proper Manager
customer
product. training to the
service
− Provide training to workers.
ensure the
competency
− The development
Drop in team to look for
− Based on the
Business new opportunities
feedback obtained
Delay in to bring in more Project
3 2 6 from customer, 3 1 3
delivery Complaints courses and also Manager
corrective action will
from the to sell the existing
be taken immediately
customers courses to the
new markets
− The Documents
and other − Employees are
Non-
Loss of authority related reminded to follow all
compliance
Business and information to be the rules and Project
with local 3 2 6 3 1 3
Closure of the kept updated. regulation while Manager
legal
company − The grievance performing their
regulations
from the duties
client/suppliers to
Low Risk
Probability / : 1-3
Rare Remote Occasional Frequent Almost Certain Risk level
MediumImpact
Risk : (1)
4-12 (2) (3) (4) (5)
Catastrophic
High Risk (5) : 5
13-25 10 15 20 25 Low Risk
Major (4) 4 8 12 16 20
Moderate (3) 3 6 9 12 15 Medium Risk
Minor (2) 2 4 6 8 10
Negligible (1) 1 2 3 4 5 High Risk
RISK ASSESSMENT FORM – Key Solution Pte Ltd Approved by: Director Reference Number:
Conducted by: Brian
Date conducted: 05 Oct 2015
Reference Procedure:
KEY-QMS-02_F-01
Signature: BRIAN RA-0001

Next Review Date: 04 Oct 2016

Risk Identification Risk Evaluation Risk Control
Ref Process / Possible Implementation
Risk Existing Risk Controls I P RPN Additional Controls I P RPN Remarks
Function Impact Person
be address as
soon as the
complaints are
received.
− Complaints or
issues highlighted
by the authorities
to be resolved
immediately
Finance Functions
− Customers with bad
Disruption in debts are regularly
the cash flow followed for the
Receive payment Bad debts due − Customers with
in the repayment of the bad Finance
3 from the to non- bad debts record 3 2 6 3 1 3
company debts. manager
customers repayment of will be blacklisted
leading to − Debt collectors to be
losses contact whenever
required
− Make sure the
conformance − Communicate to the
Return of
product is operation team to
non- Loss of Project
returnable from 2 2 4 conduct an inspection 2 1 2
conformance revenue manager
the supplier to before accept the
product
claimed back the return product
cost
Administration
Disruption on − Backups to be − Systems are IT
Daily operation taken at regular Manager to conduct
4 administrative System failure (order intervals to 3 2 6 system inspection to 3 1 3 IT manager
operation sequence prevent the loss of ensure the system
cannot be data always updated and in
Low Risk
Probability / : 1-3
Rare Remote Occasional Frequent Almost Certain Risk level
MediumImpact
Risk : (1)
4-12 (2) (3) (4) (5)
Catastrophic
High Risk (5) : 5
13-25 10 15 20 25 Low Risk
Major (4) 4 8 12 16 20
Moderate (3) 3 6 9 12 15 Medium Risk
Minor (2) 2 4 6 8 10
Negligible (1) 1 2 3 4 5 High Risk
RISK ASSESSMENT FORM – Key Solution Pte Ltd Approved by: Director Reference Number:
Conducted by: Brian
Date conducted: 05 Oct 2015
Reference Procedure:
KEY-QMS-02_F-01
Signature: BRIAN RA-0001

Next Review Date: 04 Oct 2016

Risk Identification Risk Evaluation Risk Control
Ref Process / Possible Implementation
Risk Existing Risk Controls I P RPN Additional Controls I P RPN Remarks
Function Impact Person
track) − Hardcopy which good conditions
documented the
order number will
be kept by the
project manager
to track the order
− Data Backup to be
taken at regular
intervals to
− An alternate method
prevent the loss of
of the contacting
valuable data.
clients has to be
Loss of − All the clients to
initiated once the
Hacking of the potential be informed
attack is deducted.
website and client and about the website 3 1 3
− Powerful system
3 1 3 IT manager
email disruption of attack as soon as
firewalls to be
business the attack is
installed to prevent
detected.
the hackers from
− Rebuilding of the
hacking the website.
website to be
initiated
immediately
− The Staffs are
− Powerful antI-
requested not to open
Virus and Virus software has
the “SPAM” emails
other Loss of to be installed in
unless it is absolutely
malware valuable data the systems to 2 2 4
necessary.
2 1 2 IT manager
attacks on the and clientele. prevent any kind
− The Anti-Virus
email of virus and
installed has to be
malware attack
frequently updated.

Low Risk
Probability / : 1-3
Rare Remote Occasional Frequent Almost Certain Risk level
MediumImpact
Risk : (1)
4-12 (2) (3) (4) (5)
Catastrophic
High Risk (5) : 5
13-25 10 15 20 25 Low Risk
Major (4) 4 8 12 16 20
Moderate (3) 3 6 9 12 15 Medium Risk
Minor (2) 2 4 6 8 10
Negligible (1) 1 2 3 4 5 High Risk