looking at different risk assessment

Guidelines and Sample headings

It is suggested to come up with your own report structure and this understanding can be built easily while looking at different risk assessment reports time to time shared as supporting readings and material.


Here is one of the sample format of the reports.


Hint: Students can use case study and assume different things or can select any organization from UK where some basic information is available w.r.t organizational context and complete the assessment. If any one want to select the organization and if organization structure is available student can use it else, they can assume and can draw the diagram by using directors’ information




  1. Introduction (What is intention, what is objective needs to achieve in few lines such as 4 to 6)
  2. Organizational Context
    1. Strategic Objectives (of the organization)
    2. Current Requirements (current requirements/expectation)
    3. Internal Context (w.r.t IS)
    4. External Context (how they communicate externally)
    5. Organizational Structure Including roles (useful to add if not available you can suppose in the case of case study)
  3. Risk Assessment
    1. Asset Identification
    2. Treat Modelling
    3. Risk Identification (a,b can be combined to C)
    4. Risk Appetite
      1. Risk Analysis
      2. Risk Evaluation
    5. Risk Controls (focus on the domains mentioned in the assessment)
      1. IT Controls
      2. Equipment Controls
      3. Logistic Controls
    6. Risk Management (if needed not compulsory)
      1. Monitoring
      2. Communication
    7. References