| Risk | Causes | Controls | Control Criticality | Control Effectiveness | |
| Inappropriate/unauthorised release of emergency warning to the public | Lack of/ineffective training/familiarity with the system | Training course provided to all employees on system | 5 | Assumed partially Effective | |
| Competency testing of employees including scenario testing | 5 | Assumed partially Effective | |||
| Detailed change management plan, including familiarisation requirements, for any upgrades to the system | 5 | Assumed partially Effective | |||
| Self-explanatory/simple categorisation of drills | 5 | Assumed partially Effective | |||
| Inappropriate/confusing categorisation of actions within the system | Categorisation chart maintained at each work station | 3 | Unsure of whether this is the case or not. If not, it may be a potential new control | ||
| Simplified Graphic User Interface | 3 | Assumed non-existent (opportunity for new control) | |||
| Explanatory notes available within the system when hovering over the link | 3 | Unsure of whether this is the case or not. If not, it may be a potential new control | |||
| Lack of/ineffective regular testing of the system | Test program for internal systems testing | 5 | Assumed partially Effective | ||
| Test program for external/public systems | 5 | Assumed partially Effective | |||
| Test procedures and checklists for each type of test | 5 | Assumed partially Effective | |||
| Lack of/ineffective verification system prior to release of warning | System design includes verification of selection from drop-down menu | 5 | Assumed mostly Effective | ||
| For initiation of public "non-drill" warning, additional verification required | 5 | Assumed non-existent (opportunity for new control) | |||
| Supervisor to release "non-drill" warning with verification code | 5 | Assumed non-existent (opportunity for new control) | |||
| Software failure | Software maintenance program | 5 | Assumed Effective | ||
| Software testing | 5 | Assumed Effective | |||
| External cyber attack | Firewalls | 5 | Assumed Effective | ||
| IT Security Policy | 5 | Assumed Effective | |||
| Penetration testing program | 5 | Assumed Effective | |||
| Disabling of external storage device capability | 5 | Assumed Effective | |||
| Regular training/updates/bulletins in relation to cyber-security threats | 3 | Assumed Effective | |||
| Lack of/ineffective warning protocols built into the system | Audible alarm connected to "non-drill" initiation of warning system | 5 | Assumed non-existent (opportunity for new control) | ||
| Alarm initiated on Supervisor's computer as well as employee's | 5 | Assumed non-existent (opportunity for new control) | |||
| Supervisor to release "non-drill" warning with verification code | 5 | Assumed non-existent (opportunity for new control) | |||
| Deliberate action by an employee | Background checking of employee upon hiring | 5 | Assumed Effective | ||
| For initiation of public "non-drill" warning, additional verification required | 5 | Assumed non-existent (opportunity for new control) | |||
| Supervisor to release "non-drill" warning with verification code | 5 | Assumed non-existent (opportunity for new control) | |||
| Lack of/ineffective supervision | Policy requiring Supervisor "on the floor" at all times | 4 | Assumed partially Effective | ||
| For initiation of public "non-drill" warning, additional verification required | 5 | Assumed non-existent (opportunity for new control) | |||
| Supervisor to release "non-drill" warning with verification code | 5 | Assumed non-existent (opportunity for new control) | |||
| Lack of attentiveness by employee | Rostering policy | 4 | Assumed Effective as fatigue does not appear to have played a part in this incident | ||
| Fatigue Management Plan | 4 | Assumed Effective as fatigue does not appear to have played a part in this incident | |||
| System designed for one person to be able to release warning | For initiation of public "non-drill" warning, additional verification required | 5 | Assumed non-existent (opportunity for new control) | ||
| Supervisor to release "non-drill" warning with verification code | 5 | Assumed non-existent (opportunity for new control) | |||
| Audible alarm connected to "non-drill" initiation of warning system | 5 | Assumed non-existent (opportunity for new control) | |||
| Alarm initiated on Supervisor's computer as well as employee's | 5 | Assumed non-existent (opportunity for new control) | |||
| Lack of/ineffective handover on shift change | Handover procedure | 4 | Assumed Effective as fatigue does not appear to have played a part in this incident | ||
| Lack of verification of source of information prior to warning being issued | Source verification policy | 5 | Assumed Effective | ||
| Source verification procedure | 5 | Assumed Effective | |||
| For initiation of public "non-drill" warning, additional verification required | 5 | Assumed non-existent (opportunity for new control) | |||
| Supervisor to release "non-drill" warning with verification code | 5 | Assumed non-existent (opportunity for new control) |