You are on page 1of 139

CHC60308

Advanced Diploma of Community Sector Management

BSBRSK501A
Manage Risk
Learning Resource

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 1 of 135
Enquiries
Enquires about this and other publications can be made to:

Drew Dwyer

Contact our office:


Frontline Care Solutions
P.O. Box 1088
Coolum Beach QLD 4573
Phone: (07) 5351 1188
Email: admin@frontlinecaresolutions.com
Website: www.frontlinecaresolutions.com

Copyright This work is copyright. Apart from any use as permitted under the
Copyright Act 1968, no part may be reproduced by any process without prior written
permission of the author Drew Dwyer Frontline Care Solutions.

CHCORG605A Manage Human Resources in a Community Sector Organisation

Produced by Frontline Care Solutions Drew Dwyer December 2011

Issue 01 V1 12/12/2011

Page 2 of 166
Table of Contents
How to study this unit .............................................................................................................................. 4
Element 1: Establish risk context ............................................................................................................ 7
Risk management context....................................................................................................................... 7
Risk management policy and plan ........................................................................................................ 12
Risk management, Legal compliance and Standards .......................................................................... 13
Common law ......................................................................................................................................... 13
Legal obligations of employment .......................................................................................................... 15
Freedom of Information legislation........................................................................................................ 17
Insurance............................................................................................................................................... 18
Standards .............................................................................................................................................. 20
The Australian Council on Healthcare Standards (ACHS) ................................................................... 22
National standards for Infection control ................................................................................................ 22
Project management and scope for risk management ......................................................................... 25
The scope document and its components ............................................................................................ 27
Internal and external stakeholders ........................................................................................................ 30
Political, economic, social, legal, technological and policy context ...................................................... 32
Review strengths and weaknesses of existing arrangements .............................................................. 43
Conducting a SWOT Analysis............................................................................................................... 44
Documenting critical success factors .................................................................................................... 46
Creating a supportive work environment .............................................................................................. 46
Individual or Team approach................................................................................................................. 47
The importance of training .................................................................................................................... 48
Communicate with relevant parties about the risk management process and invite participation ....... 49
Encouraging participation...................................................................................................................... 51
Element 2: Identify risks ........................................................................................................................ 54
Inviting relevant parties to assist in the identification of risks ............................................................... 58
Risk identification Techniques............................................................................................................... 59
Identifying control measures for risks ................................................................................................... 64
Element 3: Analyse risks....................................................................................................................... 69
Analyse risk likelihood and consequences ........................................................................................... 69
Risk Reporting Matrix ............................................................................................................................ 71
Assess impact or consequence if risks occur ....................................................................................... 72
Ranking risk and setting priorities ......................................................................................................... 74
Element 4: Select and implement treatments ....................................................................................... 79
Determining and select most appropriate options for treating risks...................................................... 79
Action plans for implementing risk treatment ........................................................................................ 82
Risk treatment plan ............................................................................................................................... 84
Keys to risk treatment action plan: ........................................................................................................ 84
Risk registers ........................................................................................................................................ 87
Communicate risk management processes to relevant parties ............................................................ 89
Diversity of workers ............................................................................................................................... 89
Documenting risk management processes ........................................................................................... 90
Incident reporting .................................................................................................................................. 95
Storage of OHS information .................................................................................................................. 97
Monitor treatment plans ........................................................................................................................ 99
Evaluating and monitoring risk management...................................................................................... 100
Bibliography ........................................................................................................................................ 103
Assessment tasks ............................................................................................................................... 104

CHCORG605A Manage Human Resources in a Community Sector Organisation

Produced by Frontline Care Solutions Drew Dwyer December 2011

Issue 01 V1 12/12/2011

Page 3 of 166
How to study this unit

You will find review learning activities at the end of each section. The learning
activities in this resource are designed to assist you to learn and successfully
complete assessment tasks. If you are unsure of any of the information or activities,
ask your trainer or workplace supervisor for help.

The participant will be required to demonstrate competence through the following


means:
Methods of assessment
Observation in the work place
Written assignments/projects
Case study and scenario analysis
Questioning
Role play simulation
Learning activities
Class discussion and group role-plays
Assessment tasks

Consult your
coach or trainer
Asking for help

If you have any difficulties with any part of this unit, contact your facilitator. It is
important to ask for help if you need it. Discussing your work with your facilitator is
considered an important part of the training process.

Name of facilitator: Phone number:

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 4 of 135
BSBRSK501A Manage risk
Welcome to the unit BSBRSK501A Manage risk, which form part of the Business
Services Training Package and Community service training package. This unit
describes the performance outcomes, skills and knowledge required to manage risks
in a range of contexts across the organisation or for a specific business unit or area.
The unit has been designed to be consistent with AS/NZS 4360:2004 Risk
management.

Prerequisite: None

Employability Skills: This unit contains Employability Skills

Application:
This unit addresses the management of the risk across the organisation or within a
business unit or area. It does not assume any given industry setting. This unit applies
to individuals who are working in positions of authority and are approved to
implement change across the organisation, business unit, and program or project
area. They may or may not have responsibility for directly supervising others.

WHAT YOU WILL LEARN

ELEMENT PERFORMANCE CRITERIA


Element 1: Establish risk context
1.1 Review organisational processes, procedures
and requirements for undertaking risk
management
1.2 Determine scope for risk management
process
1.3 Identify internal and external stakeholders
and their issues
1.4 Review political, economic, social, legal,
technological and policy context
1.5 Review strengths and weaknesses of existing
arrangements
1.6 Document critical success factors, goals or
objectives for area included in scope
1.7 Obtain support for risk management activities
1.8 Communicate with relevant parties about the
risk management process and invite
participation
Element 2: Identify risks
2.1 Invite relevant parties to assist in the
identification of risks
2.2 Research risks that may apply to scope
2.3 Use tools and techniques to generate a list of
risks that apply to the scope, in consultation
with relevant parties

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 5 of 135
Element 3: Analyse risks
3.1 Assess likelihood of risks occurring
3.2 Assess impact or consequence if risks occur
3.3 Evaluate and prioritise risks for treatment
Element 4: Select and implement
4.1 Determine and select most appropriate
treatments
options for treating risks
4.2 Develop an action plan for implementing risk
treatment
4.3 Communicate risk management processes to
relevant parties
4.4 Ensure all documentation is in order and
appropriately stored
4.5 Implement and monitor action plan
4.6 Evaluate risk management process

Page 6 of 135
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care
Solutions
Element 1: Establish risk context

Risk management context


Risk management is an integral part of good management practice that should be
embedded within all business processes. A risk is defined by the Australia/New
Zealand Standard for Risk Management (AS/NZS 4360:2004) as the possibility of
something happening that impacts on your objectives. It is the chance to either make
a gain or a loss. It is measured in terms of likelihood and consequence.

As a manager dealing with risk, there are three important things for you to
remember:
1 Risk refers to a future event
2 Risk normally arises from an organisations market, the economy that influences
it, and its environmental context (culture, politics and place). Risk assessment
involves the identification, and then the assessment, of that risk
3 The risk assessment process should be conducted in the context of the risk and
of the organisation, market, economy or country which is subject to the risk.

Once you have identified the risk, it is important to then identify the strategic,
organisational and risk management context in which the assessment and
treatment will occur. The term strategic context m e a n s the organisations current
and future planning, its goals, and objectives. Organisational context means the
type of organisation, the way it is managed, including its management structure, the
way it organises what it does and what it produces. Risk must also be assessed
against the relevant criteria or particular standards in relation to that risk.
In establishing the context you need to also identify the stakeholders; these are the
individuals who may affect, of be affected by, any of your decisions on risk
management. Stakeholders include employees, volunteers, visitors, insurance
organisations, government and suppliers. Each stakeholder will have different needs,
concerns and opinions; it is important to communicate with the stakeholders during
the risk management process.

Page 7 of 135
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care
Solutions
The diagram below provides a representation of the risk management process.

The Risk assessment process is explained in more detail below:


1. Establishing the risk management context: the objectives of the part of the
organisation to which the risk management process is being applied are
specified and the criteria against which risk is to be examined are decided.
2. Identifying the risk: risks are identified; if a potential risk is not identified at this
point, it is excluded from further consideration.
3. Analysing the risk: information is used systematically to identify sources of risk.
The purpose is to provide a basis for risk evaluation, risk treatment and risk
acceptance. It includes the process of risk estimation, whereby a degree of
magnitude is assigned to the risk. This is accomplished by determining the
likelihood and the consequences of particular risks.
4. Evaluating the risk: estimated risks are compared to the risk criteria. Priorities
are set, and decisions made as to whether to accept the risk(s).
5. Treating the risk: options are identified, evaluated and selected. Plans are
prepared and implemented.
6. Monitoring and reviewing the risk management implementation program: the
risk management process is evaluated for its effectiveness. Throughout the
entire process communication and consultation should occur between internal
and external stakeholders. Adequate records should be kept to satisfy an
independent audit.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 8 of 135
One

Risks
1. Describe a risk that you and your family might face in the coming year. What
steps will you take to safeguard yourself from it?

2. Now, describe a risk you might take that you expect will result in some positive
outcome for you. How might you prepare for this risk?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 9 of 135
Risks and possible responses
Below are examples of risks in community organisations and possible responses to
those risks. The list of risks is not comprehensive .

AREA OF RISK EXAMPLES RESPONSE TYPE OF RESPONSE


The governing body Training and Reduce risk through
Governance may not meet its orientation changed practice
responsibilities Directors insurance Transfer risk
The organisation
may lose its way in a Reduce risk through
Strategic directions Strategic planning
constantly changing changed work practice
environment

Recruitment and
Staff may not be selection
Reduce risk through
Professional risks professionally procedures
changed work practice
competent Orientation program
Supervision

Clients may receive


an inappropriate Professional
Transfer risk
service causing indemnity insurance
harm
Clients homes may Don't do home visits
Avoid risk through not
be the site of where there is a risk
providing service
potential violence of violence
Staff may not
understand what
Organisational Reduce risk through
they need to do in a
manual changed work practice
given set of
circumstances
Occupational
Office equipment health and safety Reduce risk through
Physical risks
may be unsafe committee and changed work practice
processes
Staff or clients may
be involved in a car Insurance Transfer risk
accident
Register of all
Legal requirements Avoid risk through
Legal relevant legislation
may not be met compliance
Compliance plan
Finances may be
insufficient to meet Reduce risk through
Financial risks Financial planning
operational changed work practices
expenses
Financial systems Reduce risk through
Fraud
Audit changed work practices

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 10 of 135
Fraud Insurance Transfer risk
Provision of fire
Reduce risk through
extinguishers;
Property Fire changed work practices
marked exists
Transfer risk
Insurance
Earthquake Insurance Transfer risk
Tree damage to
Tree maintenance Reduce risk through
Environmental buildings from fallen
plan changed work practices
trees or branches
Tree damage during
Insurance Transfer risk
storm
Earthquake Insurance Transfer risk
The community B-B-
Halls on stand-by Contingency planning
Q will be rained out

BSBRSK501A Manage risk Page 11 of 135


March 2012 Author_ Drew Dwyer Frontline care Solutions
Risk management policy and plan

A risk management policy clearly identifies your organisations approach and


attitude to risk management and the expected roles and responsibilities of
individuals and committees, integrated with your overall policies and practices.
It covers the following:
Objectives of the policy and the rationale for managing risk
Scope and coverage of the risk management policy
Links between the risk management policy and organisational objectives, goals,
policies and the nature of its business
Accountabilities and responsibilities for managing risk and risk coordination
Organisations risk appetite, or risk aversion
Process, methods and tools to be used for managing risk
Resources available to assist those accountable or responsible for managing risk
Reporting protocols and the level of documentation required for various
organisational levels, management and the board
Way in which risk management performance and indicators will be measured
and reported
A commitment to periodic review and verification of the policy and framework,
and its continual improvement.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 12 of 135
Risk management, Legal compliance and Standards

A key consideration in organisational risk management is the legal or statutory


context in which we operate. What laws apply; in what circumstances? Do we need
to address both Commonwealth and State legislation?

Common law
Common law is 'case law' evolved over time from precedents set by cases that
have come before the courts. Common law is the source of legal duties and
obligations. Employer-employee responsibilities under common law are outlined
below.
Employer duties and obligations:
To pay employees wages and reasonable expenses incurred in the course of
employment.
To provide work in circumstances where payment is directly related to
employment.
To take reasonable care for the health and safety of employees.
To indemnify an employee for losses incurred by the employer, while performing
duties under the Contract of Employment.
Employee duties and obligations:
To work in a skilful and competent manner.
To obey the employer's lawful demands.
To provide faithful service, which includes prohibition on disclosing confidential
information; accounting for and protecting the employers property; giving
complete attention to performing the work.
Further, the benefit of discoveries or inventions developed by employees during the
course of their employment must be given to the employer. This should be explained
to the person at the interview stage.

Page 13 of 135
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions
Under common law, some of the implications for recruitment, selection, and
induction could be:
Accurate information is given to potential employees on wages and payment of
expenses
Accurate information is given to applicants on the conditions of employment
and conditions of work
Assurance is given that the work matches the job as advertised
OH&S issues are addressed at induction
Opportunities for asking questions and seeking feedback are provided to new
employees at induction
A contract of employment is understood and signed by both employer and
employee
The job skills, knowledge, and attributes are detailed for potential applicants to
examine before applying for a job
Job responsibility is detailed for potential applicants to examine before applying
for a job.
Contract Law
Contract law encompasses any laws or regulations directed toward enforcing
certain promises. In Australia contract law is primarily regulated by the 'common
law', but increasingly statutes are supplementing the common law of contract -
particularly in relation to consumer protection.
Trade practices legislation 1974
You need to be aware of the provisions in two pieces of legislation: the Trade
Practices Act 1974 and the Australian Securities and Investment Commission (ASIC)
Act 2001. These Acts regulate the behaviour of individuals and companies when it
comes to providing products or services to consumers. This means that they have a
direct impact on both you and VFS.
The Trade Practice Act 1974 deals with:
Actions, which may breach the exclusive dealing provisions
Unconscionable conduct in relation to the supply of products or services
Misleading or deceptive conduct in relation to the supply of products or services
False representation in relation to the supply of products or services
Harassment and coercion in connection with the supply of products or services to
customers.
The examples used below are based on actual breaches as determined by the
Court and others are included to illustrate actions you should avoid in order to
ensure compliance with the Acts.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 14 of 135
Environmental laws
Some businesses will be affected by environmental laws. There are different laws
nationally, statewide and locally. Some local councils have strict guidelines
concerning the image of the local environment. Any proposed building design must
take into account council guidelines when applying for building permits.
Environmental pollution can be physical, visual or aural. Air pollution causing
outbreaks of disease (Legionnaires Disease for example) and car emissions are a
number of 'invisible' environmental hazards that are under strict legislative guidelines in
order to control them.
Spam Act 2003
Australias anti-spam legislation the Spam Act 2003 covers email, instant messaging,
SMS (text messages) and MMS (image-based mobile phone messaging) messages of
a commercial nature. It does not cover faxes, internet pop-ups or voice
telemarketing. Telemarketing calls are covered by the Do Not Call Register.
Under the Spam Act, it is illegal to send, or cause to be sent, 'unsolicited commercial
electronic messages' that have an Australian link. A message has an Australian link if it
originates or was commissioned in Australia, or originates overseas but has been sent
to an address accessed in Australia. The legislation sets out penalties of up to
$1.1 million a day for repeat corporate offenders.
The main Acts associated with anti-spam legislation are available at:
Spam (Consequential Amendments) Act 2003
Spam Regulations 2004
Telecommunications Act 1997
Exemptions
The following organisations are exempt from the Spam Act:
Government bodies
Registered political parties
Charities
Religious organisations
Educational institutions (for messages sent to current and former students).
Legal obligations of employment
The main sources of legal obligation that you need to be aware of when starting
work are:
Employment contracts
Common law
Statutory law (Acts)
Industrial Awards and Workplace Agreements.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 15 of 135
Employment contracts
A contract is a legal undertaking for any number of reasons, whether it is a marriage
contract, a business contract, or a mortgage contract. A contract may be formal
written documents, or a formal verbal agreement. Written contracts are clearer, more
able to be verified, and therefore, safer and easier to uphold. While verbal contracts
are legal, they need to be proven to be true and valid agreements. This may not be
easy to do.
In the light of EEO (equal employment opportunity), anti-discrimination, and
industrial relations legislation that impact on the employment relationship between
employers and employees, your employment contracts need to be written documents.
They should be easy to understand, with a minimum of legal jargon, and able to be
read and understood by both parties to the agreement, then signed and dated, and
a copy retained by each party. If you have, or have had an
employment contract, you might think about whether it met all of these criteria.
Employment contracts under the Workplace Relations Act 1996 can be either
individual employment contracts or collective contracts. The choice is a matter of
need and negotiation between the parties involved.
Employment contracts may cover:
Benefits
Bonuses
Confidentiality agreement
Discipline policy and procedures
Duties
Hours
Intellectual property
Leave entitlements
Overtime requirements
Promotion policy and procedures
Salary/wages
Superannuation
Supervision
Work location

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 16 of 135
Freedom of Information legislation
Freedom of Information (FOI) laws form part of our democratic system. It allows the
public to know the facts behind government decision-making and enables
Australians to vote in a more informed way. Another important function of the
Freedom of Information Act is to enable people to have access to, and control of
information that they have provided, such as to researchers.
Personal information on individuals may be held by the following organisations:
Immigration and Ethnic Affairs may keep personal records for migrants and
refugees
Centrelink keeps personal records for people on pensions or unemployment
benefits
The Health Insurance Commission (HIC) keeps personal records relating to claims
for Medicare and medicines available under the Pharmaceutical Benefits scheme
Taxation office
Community Services Act 2007
The Community Services Act 2007 and the Community Services Regulation 2008
began operating on 31 March 2008. The Act and Regulation set out new laws about
services funded by the Department of Communities. They provide an up-to-date
legal foundation for supporting the work of community organisations and ensuring
Queenslanders have access to high-quality, safe and accountable community
services.
The new laws were developed as part of the Strengthening Non-Government
Organisations strategy. They are designed to:
Provide greater transparency and certainty about how the Department of
Communities give funding and other assistance to community organisations
Ensure services meet the needs of Queenslanders and their families and
communities
Clarify how the department and community organisations can work together to
build sustainable communities.
Leading up to the implementation of the new legislation, the Department of
Communities distributed information throughout the community services sector to
ensure organisations understood the processes and requirements of the new laws.
Over 400 service providers from around Queensland attended the information
sessions. Systems and practices have also been established within the department
and the sector to prepare for and support implementation of the Act.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 17 of 135
Workplace Health and Safety Act 1995 (QLD) (amended 2009
Workplace Health and Safety Act is about making workplaces and work practices
safer for everyone. The Act sets out the laws about health and safety requirements
affecting most workplaces, work activities and specified high risk plant in
Queensland. It seeks to protect your health and safety and the health and safety of
everyone at a workplace, while undertaking work activities or using specified high
risk plant.
The Act establishes a framework for preventing or minimising exposure to risk by:
Imposing workplace health and safety obligations on people who may affect
the health and safety of others by what they do, or fail to do
Establishing benchmarks for industry through the making of regulations and
codes of practice
Establishing a workplace health and safety board that encourages industry
participation and cooperation
Appointing workplace health and safety officers to help employers and principal
contractors manage workplace health and safety
Encouraging workplaces to have workplace health and safety committees
involving workers and management
Supporting worker involvement through the establishment of workplace health
and safety representatives in the workplace
Appointing accredited providers to assist industry in managing particular risks
Appointing inspectors to monitor and enforce compliance with the act.

Insurance
Insurance is a service where a registered provider agrees for a price (premium) to
take on the risk that something might go wrong during the normal operation of an
organisation. As a manager you need to be sure you understand which situations
are covered by any insurance policy - escape clauses are common.
The most common types of insurance are the following.
Public liability: for general mishaps in and around where your business operates.
Product liability: for injuries caused by a problem with products you manufacture,
modify and sell.
Professional indemnity: for loss or injury resulting from advice provided by you.
Equal opportunity Act 1986
Linked with, but separate from Anti-discrimination Legislation, are Equal opportunity
(EEO) measures. These provide us with the means to stop discrimination before it
starts. The best known EEO measure is equal employment opportunities for women or
affirmative action. This ultimately seeks to remove discrimination against women in
the w workplace through actions designed to eliminate the present effects of past
discrimination.
Equal opportunity and anti-discrimination legislation exists in most States and
Territories in Australia. There is also Commonwealth Legislation that covers all
Australians; this is the Equal Opportunity Act 1986. The Act was drafted as means of
promoting diversity and opportunity within Australian workforce, based on the
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 18 of 135
individuals abilities and potential.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 19 of 135
N.S.W Health Records and Information Privacy Act 2002
This Act applies to all organisations which provide a health service or which hold
health information about individuals, irrespective of size, or whether they are
privately, government or community operated. It recognises the sensitive nature of
health information, and places additional protections on the handling of information,
including enforcement mechanisms for breaches of privacy standards.
This Act focuses on the collection and handling of personal health information about
individuals involved in your service, which would include health information relating
to employees, as well as that relating to older people, and their families, and others
involved in your service (e.g. committees of management, volunteers).
Health Records Act 2001(VIC)
The Health Records Act 2001 (the Act) creates a framework to protect the privacy of
individuals' health information. It regulates the collection and handling of health
information. The Act:
Gives individuals a legally enforceable right of access to health information
about them that is contained in records held in Victoria by the private sector;
and
Establishes Health Privacy Principles (HPPs) that will apply to health information
collected and handled in Victoria by the Victorian public sector and the private
sector.
The access regime and the HPPs are designed to protect privacy and promote
patient autonomy, whilst also ensuring safe and effective service delivery, and the
continued improvement of health services.
The HPPs generally apply to:
All personal information collected in providing a health, mental health, disability,
aged care or palliative care service; and
All health information held by other organisations.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 20 of 135
Standards
Standards give guidelines for risk control, which are usually more descriptive and
extensive than those in regulations. Standards may be national standards
(developed by Safe Work Australia), Australian Standards, or standards developed
by industry bodies. Guidance information published by the OHS regulator may also
be considered as standards.
Risk management Standard: AS/NZS 4360
Because risk management encompasses a series of management techniques and
procedures, it is appropriate to have a standard to guide performance. In Australia
this is the Australian/New Zealand Standard for Risk Management AS/NZS 4360:1999.
The Standard provides a cross-industry consensus on the elements of the risk
management process. It was developed by a group representing a number of fields,
including information technology, engineering, insurance, local government and
government departments and instrumentalities, as well as the risk management
industry. It was produced to provide a generic approach to coordinated
implementation of risk management. The result is a standard that is seen as relevant
across a number of industries and professions.
The Standard defines risk as the chance of something happening that will have an
impact upon objectives. Risk, is measured in terms of consequences and likelihood (AS/NZS
4360 1999, p. 3). Unlike other definitions, which had their origins in the insurance
industry, this definition allows for risks to be positive opportunities and/or negative
threats.
International standard on risk management
ISO 31000 is the first international standard on risk management that clearly and
explicitly sets out the principles and framework for managing risk. A revised AS/NZS
4360 risk standard would most likely adopt the contents of ISO 31000.
ISO 31000 consists of three major parts:
1. Principles for managing risk (Clause 4)
2. Framework for managing risk (Clause 5)
3. Process for managing risks (Clause 6).

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 20 of 135
To be most effective, workers should adhere to the following 11 principles for
managing risk (Clause 4 of ISO31000):
Risk management creates value
Risk management is an integral part of the workplace processes
Risk management is part of decision making
Risk management explicitly addresses uncertainty
Risk management is systematic, structured and timely
Risk management is based on the best available information
Risk management is tailored
Risk management takes human and cultural factors into account
Risk management is transparent and inclusive
Risk management is dynamic, iterative and responsive to change.
Risk management facilitates continual improvement and enhancement of the
organisation.
To be successful, risk management should function within a framework for managing
risk that provides the necessary foundations and organisational arrangements that will
embed risk management throughout the organisation. At all levels and integrate risk
management process within its overall governance, management, reporting
processes, policies, philosophy and culture. This foundation can assist workers in
managing risk effectively through the application of the processes for managing risk
at varying levels and within specific contexts of the organisation.
Australian Standards: have been developed to provide minimum levels of
performance or quality for a specific hazard, work process or product.
Professional Codes of Practice and Regulations: support the provisions of the Act/s
and are equally as legally binding for both employers and workers. Codes of
Practice give you practical guidance on how to comply with the law.
Health care codes of practice
The health care industry codes of practice include:
Australian Standards (http://www.standards.com.au/)
AS 2182, Sterilisation, disinfection for cleaning hospital equipment.
Sterilisers, steam, portable, bench type.
AS 4815, Office-based health care facilities, not involved in complex patient
procedures and processes. Cleaning, disinfecting and sterilising reusable medical
and surgical instruments and equipment, and maintenance of the associated
environment.
AS 4187, Cleaning, disinfecting and sterilising reusable medical and surgical
instruments and equipment, and maintenance of associated environments in
health care facilities
Regulations: set out the general principles that must be followed by employers to
make sure that workplaces are healthy and safe for everyone.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 21 of 135
The Australian Council on Healthcare Standards (ACHS)
The ACHS is an independent, not-for-profit organisation, dedicated to improving the
quality of health care in Australia through continual review of performance,
assessment and accreditation. Established in 1974, the ACHS has maintained its
position as the leading independent authority on the measurement and
implementation of quality improvement systems for Australian health care
organisations. It is recognised internationally and was the third health care
accreditation agency to be established worldwide after the Joint Commission on
Accreditation for Healthcare Organizations, USA and the Canadian Council on
Health Services Accreditation.
National standards for Infection control
National standards provide the basis for infection control policy and practice in all
health care settings. They are developed by health care professionals from national
and state health authorities, professional associations and relevant
equipment/material manufacturers in Australia and New Zealand.
Each individual standard has a descriptor that:
Shows whether it is an Australian or an Australian/New Zealand Standard
Gives its unique number and year
Tells what it is about.
For example: AS/NSZ 3816 (1998) is the Australian/New Zealand Standard 3816, set
down in 1998 and entitled 'Management of clinical and related wastes'.
In summary, the standards relevant to infection control in health care settings relate
to:
Packaging items for sterilisation (including packaging materials)
Environmental cleaning
Reprocessing instruments and equipment
Infrastructure (clean air and water supply, spa pools, drainage)
Equipment (washbasins, flusher/sanitisers, washer/disinfectors, refrigeration)
Chemicals (cleaners, disinfectants)
Waste disposal
Sharps and other safety issues, including personal protective equipment (masks,
eye protectors, gloves and gowns)
Linen.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 22 of 135
Two
Standards
Spend some time navigating through the Standards Australia website
www.standards.org.au and then respond to the following questions.

1. What standards are relevant to your organisation/industry sector?

2. What standard(s) is relevant to quality service delivery?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 23 of 135
3. What standards are relevant to risk management in general?

4. What standards are relevant to specific risk management items; for example,
standards in relation to health care, aged care, disability, sport and recreation or
public sector management.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 24 of 135
Project management and scope for risk management

Project management is the use of knowledge, skills, tools and techniques to a


diverse array of activities in order to meet the outcomes of the particular project. A
project is a temporary endeavour undertaken to achieve a set goal. To put it
another way, project management is concerned with the overall planning and co-
ordination of a project from initiation to completion.
The project management team aims to meet all stakeholder requirements and
ensure completion on time, within budget and to agreed quality standards. Whilst
the processes of all project management are essentially the same, not all projects
look the same. A project can be as massive as building the tallest high rise in the
southern hemisphere and as ordinary as planning the familys next Christmas
vacation.
Project management knowledge and practices are often understood in terms of
their component processes. These processes can be placed into five groups:
1 INITIATING,
2 PLANNING,
3 EXECUTING,
4 CONTROLLING and
5 CLOSING.
During each phase, you need to use the principles of general management needed
for that phase. This usually involves using a set of controlled steps and procedures to
ensure that each phase is completed satisfactorily. The following table shows the
main activities that are required in each of these five general phases of a project life
cycle.
They usually are grouped into:
Planning processes, and
Implementation processes.
At the end of the plan phase, when the project plan has been approved, we then
start the work-related tasks that help us to meet the projects goals. These goals are
sometimes referred to as deliverables.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 25 of 135
Major activities that occur during each project phase

INITIATE PLAN ORGANISE CONTROL CLOSE

Define the Develop Obtain Lead and Complete final


overall detailed necessary support the deliverables
project goal task list resources team
Identify all Estimate all Recruit Establish Obtain stakeholder
stakeholders, task times necessary control acceptance and
their needs and all costs personnel tools and signoff
and methods
expectations
Identify the Arrange Organise and Monitor the Write and issue final
project best lead the project report, close the
objectives sequence project team plan and accounts, hand
of all tasks make any over project files
necessary
corrective
actions
Identify initial Develop Assign all Assess and Release all
work and workable project tasks implement resources
resources schedule change
and basic and identify
milestones critical
milestones
Identify all Write Communicate Prepare Evaluate the
constraints, detailed with and project
assumptions project plan stakeholders distribute
and risks and obtain and all status
approval necessary reports
from parties
stakeholders

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 26 of 135
The scope document and its components
A scope document shows the scope, or extent, of a project. Lets look at the key
sections and an example of a project scope document.
The things you will find in a project scope document

The scope document includes the following key sections:


Key sections of a scope document

SECTION DETAILS
Scope statement This clearly states the project goal, objectives and deliverables.
If it is not specified in the scope statement then it is outside the
scope of the project and is not relevant. Project tasks should
only address work that is relevant to the project goal and
objectives.
Project constraints These are any limiting factors that prevent the project from
moving in a particular path. Examples include:
You have dependent tasks that impact on specific areas of
the project, for example, tasks that cannot begin unless
another one has started, such as the design of a system that
cannot begin until the specifications have been identified.
You have a deadline that cannot be changed.
The implementation work for the network upgrade can only
be done on the weekend, when staff are not at work.
Assumptions These are aspects that the project manager builds into the
scope document to allow for any uncertainties that may occur.
Examples of assumptions include:
Fifteen new personal computers need to be purchased for
the project.
All staff needs yearly training in OHS.
All resources for the project will be sourced from outside of
the company.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 27 of 135
Tasks list You need to specify a list of tasks (and deliverables) to be
achieved during the project. They are all the activities that need
to take place to bring the project to completion. The
deliverables include all the documentation, reports, contracts
and products that need to be produced and signed-off by
those in authority.
Estimates (cost, You need to make initial estimates in relation to cost, time and
time and human human resource requirements. These identify the boundaries of
resources) the project to enable you, the project manager, to expand into
the more detailed estimates that are needed to develop the full
project plan.
Contract statement This will include the names of those authorised to initiate contract
work, sign contracts and completion acceptances. It also
includes any contractual limitations and penalty statements for
possible contract variations. (Variations and penalties apply
equally to the client and providers.)
Risk associated with project management
Risk management is an important part of project management. Although often
overlooked, it is important to identify as many risks to your project as possible and be
prepared if something bad happens.
Here are some examples of common project risks:
Time and cost estimates too optimistic
Customer review and feedback cycle too slow
Unexpected budget cuts
Unclear roles and responsibilities
Stakeholder input is not sought or their needs are not properly understood
Stakeholders changing requirements after the project has started
Stakeholders adding new requirements after the project has started
Poor communication resulting in misunderstandings, quality problems and rework
Lack of resource commitment
Risks can be tracked using a simple risk log. Add each risk you have identified to your
risk log and write down what you will do in the event it occurs and what you will do
to prevent it from occurring. Review your risk log on a regular basis adding new risks
as they occur during the life of the project. Remember, when risks are ignored they
don't go away.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 28 of 135
Three

Risk management

(Quiz)

a) A risk is defined as a situation, problem or activity that would TRUE


have an impact on the progress of a program, sub- program FALSE
or project if it were to actually happen.
b) Risk identification typically begins with identifying the scope TRUE
of the risk management activity.
FALSE

c) Your risk management plan neednt be documented. TRUE


FALSE

d) Influence diagrams typically are similar to a project network TRUE


diagram or Microsoft Project PERT charts.
FALSE

e) Risks should not be a normal part of business if well planned. TRUE


FALSE

f) Effective management of risk will help with the management TRUE


of innovation and improve performance. FALSE

g) A facilitated workshop is a structured approach that enables a TRUE


group of people to work together to reach a predetermined
FALSE
objective.

h) When writing a risk management plan always use the TRUE


services of a risk management consultant.
FALSE

i) Risk identification is the process of recognising the TRUE


opportunities opened up by each activity or phase of the
FALSE
project and clarifying where the risk lies.

j) Risk management starts with risk analysis. TRUE


FALSE

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 29 of 135
Internal and external stakeholders

Risk management cannot be managed in isolation. Risk identification will require


presentation and justification to various project stakeholders. Stakeholders are
defined as those who have a specific interest in a given issue or decision. The group
can include the general public.

Stakeholders in workplace OHS include:


Managers
Supervisors
Health and safety and other employee representatives
OHS committees
Employees and contractors
The community.

There are normally two types of stakeholders: internal and external.


Internal stakeholders: are those involved in the decision making process
External stakeholders: are most often affected by the potential outcome of the
project, either directly or emotionally.

The involvement of both stakeholder groups can be essential to achieving project


goals and objectives and can contribute substantially to safety.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 30 of 135
Four
Stakeholders
Reflect on a project that you are involved in or one of your daily work tasks.
1. Who are the stakeholders?

2. How can you identify them?

3. What could happen if the needs or concerns of some or all of these stakeholders
are overlooked?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 31 of 135
Political, economic, social, legal, technological and policy
context

What does the term risk mean to you? For some, it means hazards to human health
and the environment. For others it might mean risks to their personal safety through
acts of terrorism or as a result of a bushfire. Others will take risks to gain an
advantage or to make more money from their investments. Some will even see risk-
taking as facing a challenge that results in thrills and satisfaction, such as through
high-risk sports.

In our day-to-day lives we undertake a range of measures to guard against risks that
may impact adversely on our lives. We insure against some forms of property and
financial risk. We install alarms to protect ourselves against the risk of burglars.

Well now look at some specific risk areas.

Commercial and strategic risks


Arising from:
Competition
Market demand levels
Growth rates
Technological change
Stakeholder perceptions
Market share
Private sector involvement
New products and services and
Site acquisition.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 32 of 135
Economic risks
Arising from:
Discount rate
Economic growth
Energy prices
Exchange rate variation
Inflation
Demand trends
Population growth and
Commodity prices.

Contractual risks
Arising from:
Client problems
Contractor problems
Delays
Insurance and indemnities and
Joint venture relations.

Financial
Arising from:
Debt/equity ratios
Financing costs
Taxation impacts
Interest rates
Investment terms
Ownership
Residual risks for government and
Underwriting.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 33 of 135
Poverty
Arising from:
Weak governance
Remoteness
Low incomes
Gender inequalities
Social and ethnic inequalities
Low education
Poor infrastructure
Weak institutions
Inadequate policy framework and
Human rights infringements.

Environmental
Arising from:
Amenity values
Approval processes
Community consultation
Site availability/zoning
Endangered species
Conservation/heritage
Degradation or contamination
Environmental emergencies and
Visual intrusion.

Political risks
Arising from:
Parliamentary support
Community support
Government endorsement
Policy change
Sovereign risk and
Taxation.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 34 of 135
Social
Arising from:
Community expectations and
Pressure groups.
Activity initiation
Analysis and briefing
Functional specifications
Performance objectives
Innovation
Evaluation program and
Stake holder roles and responsibilities.

Procurement planning
Arising from:
Industry capability
Technology and obsolescence
Private sector involvement
Regulations and standards
Utility and authority approvals
Completion deadlines and
Cost estimation.

Procurement and contractual


Arising from:
Contract selection
Client commitment
Consultant/contractor performance
Tendering
Negligence of parties

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 35 of 135
Some of these risks are explained more detail in the following section

Commercial and legal relationships

The identification of risks arising from legal relationships are usually dealt with and
communicated through the organisation by those involved in legal issues within the
organisation, for example, by the company secretary. Legal risk might also include,
for example adverse comments made by a staff member that could result in
defamation proceedings being taken against the organisation.
A commercial relationship is an agreement between organisations where exchange
of money, financial credit or debit, or exchange of something of value occurs to
support the agreement. One or more of the parties to the agreement should be
commercial entities or organisations. Commercial relationships may be informal or
formal. There is risk associated with either form.
Informal relationships are those which are not supported by any form of written
agreement, between the parties. They are often agreements reached by mutual
acceptance that a particular situation exists. A formal agreement is reached by
negotiation, the result of which is a formal contract or exchange of letters. Such
agreements in a commercial sense are often reached using standard form
documents, eg leases, agreements regarding payment, etc.
Risk arises where:
Part or parts of the agreement are subject to competing forces
There is error
There is misunderstanding or no understanding
Performance issues of the contract itself are subject to variance or scrutiny
Performance issues include, for example, the requirement to perform elements of
a contract in particular ways, for example:
Having employees security cleared by a supplier before entering the premises
Having certain quarantine and health issues completed by the organisations
employees prior to contact with a suppler or customer.
Clear risk arises where an organisation commits to a contract and then finds itself in
difficulty in the performance of some or all of its terms and conditions, thus risking
financial or reputation damage. Risk in commercial and legal relationships exists
where employees commit the organisation to an agreement by error or without
knowing that their discussions with a supplier or customer, oral or written, actually
constitute a valid agreement or contract. The creation of a commercial relationship
is often evidenced by a contract or by the exchange of documents. If there is no
consultation with the organisations legal representatives, then a risk has been
created.
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 36 of 135
Economic circumstances and scenarios

When changes directly impact on an organisation, sound financial management


and financial and economic awareness are needed. A good example is the regular
review of interest rates by the Reserve Bank organisations sensitive to the effects of
changes in interest rates need to monitor trends and possible changes very closely.
If your organisation is affected by changes in interest rates, then you need to be
able to address and anticipate possible risks by methods such as scenario planning
which involves estimating and predicting the effect of variations in interest rates on
your operations.
Similarly organisations with high staff turnover and high staff numbers need to be
constantly aware of the unemployment figures that are published regularly by the
government. For instance, many organisations that employ travellers in part-time
positions are aware of the annual trends of the inflow of travellers and students.
Organisations thinking of opening new plants or branch offices need to be aware of
the employment or unemployment characteristics of the geographic and socio-
economic area they are intending opening in. Economic upturns or downturns can
directly affect some industries more than others. It is believed that one of the first
industries to be adversely affected by a downturn in economic activity is the taxi
and hire car industry. A person who owns either a single or multiple taxis should be
aware of the risk issues affecting his or her business arising from an economic
downturn.
The home building industry is another industry that is immediately affected by either
downturns or upturns in economic activity in Australia, and companies in this industry
must be aware of the risks associated with changes in activity.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 37 of 135
Financial risk

A ratio analysis is a good risk assessment and management tool used in financial
operations. Ratios (which express the relationship between two quantities) are used
throughout the financial operations of large companies and companies open to
constant scrutiny, for example companies listed on the stock exchange.
They are also used in organisations of all sizes to monitor profit levels against
variables.
For example: you can use the operating expense ratio to monitor the expenses of
running an organisation. It is easy for small to medium sized organisations to focus on
expenses associated with the purchase and production of stock, but you should not
ignore the expenses associated with actually running or administering the company.
Organisations that find themselves expanding often fail to notice that the cost of the
administration is growing at a greater rate than the revenue; this in turn depletes the
organisations resources. The operating expense ratio divides the operating
expenses, i.e. rent, office expenses, vehicle costs, by the sales total and is viewed as
a percentage figure. So if the result is 34%, it means that 34% of the sales revenue
needs to be allocated to operating expenses, which are separate from those
related to the buying and making of stock for sale.
The profit and loss statement of a company can be interpreted by the use of ratios
such as the current ratio, which relate to the liquidity of the organisation. The current
ratio looks to the short-term ability of the business to pay its debts, eg 2:1. The formula
for the current ratio is current assets divided by current liabilities.
The liquidity ratio looks at the immediate liquidity of the organisation. It is arrived at
by dividing the current assets less stock (known as inventory) by the current liabilities
less overdraft. Many of these ratios can be further interpreted by looking at the
industry benchmark, or by comparison of previous quartersor yearsresults.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 38 of 135
The Great Depression

One well known example of financial risk and downturn is the Great Depression. The
Great Depression (also known as the Great Slump) was a dramatic, worldwide
economic downturn beginning in some countries as early as 1928. The beginning of
the Great Depression in the United States is associated with the stock market crash
on October 29, 1929, known as Black Tuesday.
The depression had devastating effects in both the industrialized countries and those
which exported raw materials. International trade declined sharply, as did personal
incomes, tax revenues, prices, and profits. Cities all around the world were hit hard,
especially those dependent on heavy industry. Construction was virtually halted in
many countries. Farming and rural areas suffered as crop prices fell by 40 to 60
percent.
Human behaviour

Human behaviour is a risk in any organisation, but increases in service organisations


where the performance of individual employees and stakeholders directly impacts
on the organisations success.
In addition, the results of decisions taken on changes to cultural, organisational or
procedural processes are often seen in changes in behaviour. These changes may
be directly observable such as strikes, delays, meetings of employees obviously
demonstrating a negative reaction to the change or proposed change. As a
manager or team leader, you must report negative reactions or negative views on
issues where the organisation is changing or not changing.
There is also risk of indirect reaction to the change, for example increased stress,
increased sick leave taken, or workers compensation claims made. If we take this
into the human resource context, labour turnover and absenteeism are indicators of
covert conflict which impact on productivity. Risk also arises from the profile of the
labour force and the HR strategy related to remuneration and performance
management.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 39 of 135
Terrorism

The terrorist attacks by Muslim extremists on the Twin Towers in New York and the
Pentagon on 11 September 2001, and the bombing of the Sari Club and Paddys Bar
in Bali in October 2002, resulted in over 4000 deaths.
Although it could be argued that these attacks could not have been prevented, in
hindsight authorities had some warning and could have more closely monitored the
activities of identified extremists in the United States and, in the case of Bali, passed
on warnings of potential attacks to tourists travelling in Bali. As a result of these
attacks, governments and industries (such as the aviation industry) have stepped up
security and developed new procedures for monitoring and treating future terrorist
attacks (including the use of chemical weapons) both at home and abroad.
Natural events

Natural events caused by weather and geography can constitute risks. They may be
dramatic such as earthquake, erosion, landslide or water encroachment, or they
may be more common such as rain, hail and snow storms. They are often predicted
by third parties, for example meteorological organisations.
The risk can be addressed through such things as maintenance of buildings,
structural elements of buildings, safety clothing, instructions on what to do in the
event of fire or earthquake, provision of facilities in the event or rain and snow and
avoidance procedures.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 40 of 135
Political circumstances

Changes in political environments at local, state and federal level constitute


potential risk issues. It is important that organisations whose operations either depend
on government support or regulation, monitor changes and developments at the
crucial political level. For example, building companies need to monitor changes in
local government regulation and independent council decision making processes.
Similarly, if your organisation has government bodies as clients, suppliers or
stakeholders, then you need to monitor areas with potential impact on your
operations. If your organisation habitually seeks or is provided with government
funding, then you need to constantly assess the risks associated with changes to the
funding packages, including their applicability and base makeup. Changes can
occur not just with a change of government but a change of policy. Such changes
are published in specialist government publications which are often not known to
the organisations that benefit from the funding.
Technology and technological issues

The introduction of new technology often directly affects the competitive position of
both users and non- users of that technology. Often governments or semi-
government bodies insist on changes based on new technology this often means
that further technological advances are needed to ensure compliance with the
new standards.
You need to assess the risk involved in any new technology against your scenario
impact statements. Testing your product against future scenarios and predicting
changing results is a significant area of risk identification. Where the risk arises from
the use of substances, statements of risk by suppliers or manufacturers should be
recorded and suppliers/manufactures should provide demonstrations or information
on the potential risks in the storage, use or application of their product, plus how to
properly perform these functions to avoid risk.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 41 of 135
Five
Risks
What are the greatest risks to your section, team, division or organisation? This may
be a continuous risk, or possible individual risks. What steps are taken to identify those
risks?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 42 of 135
Review strengths and weaknesses of existing arrangements

It is important to remember that many organisations view risk in different ways. Some
have risk as part of their culture, for example, airlines address risk in a number of
areas as part of their most basic of operations. Here risk control and management is
a dominant factor in the organisation and it attracts and expends much of the
resources of the organisation.
Other organisations that are involved in less obviously risky processes, may view risk
identification and management as of low importance. However, it is often easy to
find risk issues that, although they do not directly impact on the organisation, they
create processing or production slowdowns or problems. Sometimes this is
accepted and nothing is done about implementing an active, positive system to
address and change it. In fact, such situations are as much a part of a risk
management process as those in more obviously high risk operations, such as an
airline. Once you have identified the risk, there are two general approaches that
you can choose from to begin the decision making process.
Will you:
Control the risk? That is, take ownership of it, and directly implement strategies to
take the risk and deal with it
Transfer the risk? That is, remove the risk from the organisation or the process
within the organisation.
Removal may include outsourcing, having a specialist supplier conduct the process,
or having a specialist supplier, or contractor take ownership of it within the parent
organisation. Alternatively the solution may be to change a process or system in
such a way as to remove the risk. This change may be imposed on the organisation
by regulatory authorities, for example in the case of the risk associated with
dangerous material or machines. Or it may simply be a better financial decision.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 43 of 135
Conducting a SWOT Analysis
Conducting a SWOT Analysis to determine the best control measures for risk is a
common approach. Organisations use this tool to identify their internal strengths and
weaknesses and external or environmental threats and opportunities. The analysis
allows an organisation to answer the question: where are we now?

When analysing the best control measures for risk, the SWOT questions become:
What are the strengths of this control measure?
What are the weaknesses of this control measure?
What are the opportunities provided by using this control measure?
What are the threats involved in using this control measure?

In a broad sense, the SWOT analysis can comprise five major categories and can be
compiled using the following matrix:

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 44 of 135
Six
SWOT analysis
Think of your organisation, and the risks that you are likely to face on a day-to-day
basis. Do this by listing your organisations strengths, weaknesses, opportunities and
threats. Then discuss and compare your answers with others in your group.

Strengths

Weakness

Opportunities

Threats

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 45 of 135
Documenting critical success factors
Risk management, like other aspects of project management, will need success
criteria. Without these you wont know if the project has ended. When putting
together a project management plan, if key points or activities on that plan do not
have success criteria, then it will be hard to assess how easily they can be met i.e.
where the risk areas are.
Once criteria have been identified the project management team will need to
agree how they are measured. If the objectives are not clear, criteria for its
completion cannot be set. Even if the objective and success criteria are clear the
measurement may not be easy.
Any difficulty in setting objectives and criteria will result in higher risk as there will be
a lack of confidence in completion. How do we find out the exact nature of the
objective, criteria and measurement techniques? There is no short cut, we have to
ask the people that know (for objectives) and agree criteria and measurement
techniques with them.

Creating a supportive work environment


A supportive work environment is a key component of continuous learning. Valuing
learning from experience, sharing best practices and lessons learned, and
embracing innovation and responsible risk-taking characterize an organization with
a supportive work environment. An organization with a supportive work environment
would be expected to:
Promote learning
By fostering an environment that motivates people to learn
By valuing knowledge, new ideas and new relationships as vital aspects of the
creativity that leads to innovation; and
By including and emphasizing learning in strategic plans.
Learn from experience
By valuing experimentation, where opportunities are assessed for benefits and
consequences
By sharing learning on past successes and failures; and
By using "lessons learned" and "best practices" in planning exercises.
Demonstrate management leadership
By selecting leaders who are coaches, teachers and good stewards
By demonstrating commitment and support to employees through the provision
of opportunities, resources, and tools; and
By making time, allotting resources and measuring success through periodic
reviews (e.g., learning audits).

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 46 of 135
Individual or Team approach
Safety culture is described as the attitudes, values, norms and beliefs which a
particular group of people share with respect to risk and safety. All workers are the
key to a successful safety culture. Risk Management will only work if all team
members are committed to the process. The first step in the process of risk
identification is to form a risk management team, as per direction of the governing
group.
However in some smaller organisation the responsibility of risk identification is
allocated to one worker or contracted to an external risk management team. A
team approach works better because the diversity of skills that various staff have will
strengthen the risk management process.
The skills mix in an organisation may include:
Financial expertise
OH&S expertise
Emergency services expertise
HR expertise
Legal knowledge
Board or management committee
Industry Expertise
Staff representation
Board or management committee representation (governance)
Staff representation from the ground up
Management
Volunteer representation
Other specialist expertise, depending on the work context for example:
appropriate responses to violent/potentially violent clients, hazardous chemicals,
etc.
Whether the process is driven by a risk management team, more common even in
smaller organisations with few staff; or an individual, the role is as follows:
Identifying risks
Identifying exposures
Documenting risks
Developing an action plan
Putting it into practice
Monitoring
Review

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 47 of 135
The importance of training

Risk management training is important in the workplace in order for employees to:
To understand the overall Management of Risk Process
To be able to apply a variety of techniques to determine and quantify potential
risks
To be able to develop alternative solutions and use a variety of techniques to
determine which one(s) to implement
To understand the importance of planning and implementing identified actions
Topics which should be covered during risk management training include:
What is 'Risk'?
Positive Risk taking
Business Risks versus project Risk
The 'Management of Risk' model
The steps in Risk analysis
Numeric versus discrete levels when estimating risks
Evaluating Risks
The steps in Risk management
Risk response and action planning
Risk assessment methods (advanced)
The people side of Risk
Putting it into practice
Another important part of the process of risk management is ensuring that managers
and employees can:
Recognise a hazard when they encounter one
Assess the risk that each hazard poses
Develop controls appropriate to the risk
Implement those controls; for example, carry out safe work procedures
accurately.
Each of these steps requires skills specific to the task and to the organisation. While
recruitment processes can deliver staff with some of these skills, others will need to
be developed during their employment with you, and will need to be refreshed or
increased as part of continuous improvement.
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 48 of 135
Communicate with relevant parties about the risk management
process and invite participation

Communication and consultation are essential elements of risk management. They


are critical at every step to ensure all the participants understand, are involved in,
and contribute to the process. The effectiveness of your Risk Management process
depends upon, amongst other things, involving the right people at the right time.
Communication is the sharing of information and viewpoints. Effective
communication has the following attributes:
It is multi-directional. Information, ideas and perspectives are shared across
functional areas, and senior management are receptive to the views of their
subordinates
It involves information and opinions. Other peoples perspectives are understood
and acknowledged. Factual information is gathered from all relevant sources. No
individual or department has a monopoly on the facts
It is interactive. Listening is as important as talking. Good communication involves
the sharing of information, opinions and experiences
It is respectful. It focuses on ideas and information, not personalities.
Communication is most effective in an environment where people are valued
and their viewpoints are respected
It engages the participants, promoting their understanding and ownership of the
outcomes.
Consultation is a process that uses communication to make effective decisions.
Importantly, consultation is not an outcome or an end in itself; it is a means by which
outcomes are achieved. Consultation gives stakeholders the opportunity to
influence decisions, however, it is not joint decision making, but rather an effective
way to receive useful input and ensure that all relevant viewpoints are taken into
account in identifying and evaluating risks. Communication and consultation are
essential to the overall risk management process as well as each individual step in
that process.
A well-structured approach to communication and consultation can provide the
following benefits:
Organisational coherence and a positive culture for risk management
implementation
Trust and understanding, resulting in better internal and external relationships
The risk management process becomes tangible: people know what it is and
how it works
Integration of multiple perspectives
Risk management embedded as an ongoing part of management and
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 50 of 135
organisational practice.
Each step of the Risk Management process relies on communication and
consultation to achieve its purpose. For instance, in setting the context, consultation
with internal and external stakeholders is essential to reach a thorough
understanding of the operating environment and to define the purpose and scope
of the exercise.
In risk identification, a diversity of input can prevent important risks being overlooked
and ensure that risks are accurately described. In the risk assessment process,
communication and consultation allows all perspectives to be considered in arriving
at a realistic level of risk. Risk treatment is more effective because treatment plans
are better understood and the monitor and review process depends upon effective
communication to ensure risk information is in use and current.
Communication and consultation does not mean asking everybody their opinion
about everything. When developing a strategy to implement a formal risk
management processes within you organisation, you may wish to consider the
following in relation to communication and consultation requirements:
Objectives: What are the specific aims and goals of involving different parties in
the process?
Participants: Who are the appropriate parties to be involved at each step of the
process?
Perspectives: What particular contribution or viewpoint is anticipated and
required from each participant?
Examples of consultation in the workplace include:
The development of OH&S policies and procedures including opportunities for
employees or their representatives to comment on proposed documents
The review of the policy and safe operating procedures and agreement to any
proposed changes to their content
Proposed changes to work practices or systems
The purchase of new equipment or consumables including chemicals
Providing relevant feedback during any monitoring or evaluation of changes
made to work practices, systems, equipment, etc.
Collaboration may include:
Recommendations on changes to work processes, equipment or practices
Listening to the ideas and opinions of others in the team
Sharing opinions, views, knowledge and skills
Identifying and reporting risks and hazards
Using equipment according to guidelines and operating manuals
Behaviour that contributes to a safe working environment that includes following
OH&S procedures.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 51 of 135
Encouraging participation
Participative arrangements may include:
Regular information sessions (using clear and understandable language) on
existing or new OH&S issues
Formal and informal OH&S meetings
Meetings called by health and safety representatives or OH&S committees
Other committees such as consultative planning and purchasing
Other means and processes for raising requests and concerns as well as
contributing suggestions and reports to management
Documented issue resolution processes
Easy access to relevant written workplace information.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 52 of 135
Seven
Consultation and stakeholder communication

Using the previous information, think about how you contribute to OH&S consultation
and management in your workplace now, and how you might be able to increase
your part in the processes that support ongoing quality improvement in this area.
1. What is your understanding of this term, consultation and is OH&S consultation
promoted in your workplace?

2. Think back over your work experiences and see if you can identify a time when a
work practice needed to be changed to make it safer. Think about how your
employer went about the process of determining what needed to be done,
what needed to change and how this information was communicated to all
levels of the organisation.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 53 of 135
3. Were the employees included in this process and what kind of input did they
have? If you jot down your thoughts around this issue it may clarify your
perspective on what consultation means to you.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 54 of 135
Element 2: Identify risks

Identifying hazards, undertaking risk assessment and implementing control measures


are the key aspects of risk management. The aim of OHS Risk Management is to
reduce the likelihood and consequence of a workplace incident that may result in
injury or disease. It is a planned and systematic process for controlling workplace
health and safety hazards through examination of all aspects of the work
undertaken.
Risk management is an integral part of good management practice and an
essential part of good corporate governance. In order for OHS risk management to
be effective, it should become part of an organisations culture. Ideally OHS risk
management should not be seen as a separate activity; rather it should be
embedded in an organisations processes and practices. Risk management lies at
the core of any occupational health and safety prevention program and the
success of any such program depends on successful implementation of this principle
for its success.
Hazard identification, risk assessment and risk control at workplace level may be
defined as the systematic application of management policies, procedures and
practices to the four-step process of:
1. Identifying the hazard
2. Assessing the risk
3. Controlling the risk; and
4. Monitoring and reviewing the risk management process.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 55 of 135
Eight
Identifying risks
Identify a risk in your organisation that is dealt with on a continuing basis. What are
the factors that determine?
1. When the risk is dealt with?

2. Who deals with it?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 56 of 135
3. The level and success of the management of the risk?

4. What are the cost factors involved in the identification and then the
management of each of these risks?

5. Risk identification tools: What procedures can you identify in your workplace that
are used solely as risk identification tools, or can serve as tools for the
identification of risk in addition to their usual operation?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 57 of 135
Inviting relevant parties to assist in the identification of risks
People who may be involved to assist in the identification of risks are:
Stakeholders those people or organisations who may be affected by, or perceive
themselves to be affected by an activity or decision. Stakeholders in workplace OHS
include:
Managers
Supervisors
Health and safety and other employee representatives
OHS committees
Employees and contractors
The community.
Key personnel are:
People who are involved in OHS decision-making or who are affected by
decisions.
OHS technical advisors are persons providing specific technical knowledge or
expertise in areas related to OHS and may include:
Risk managers
Health professionals
Injury management advisors
Legal practitioners with experience in OHS
Engineers (such as design, acoustic, mechanical, civil)
Security and emergency response personnel
Workplace trainers and assessors
Maintenance and trade persons.
OHS specialists persons who specialise in one of the many disciplines that make
up OHS including:
Safety professionals
Ergonomists
Occupational hygienists
Audiologists
Safety engineers
Toxicologists
Occupational health professionals.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 58 of 135
Risk identification Techniques

The terms hazard and risk tend to be used interchangeably, but risk
represents more than a hazard. Risk takes into account scale, consequences,
frequency, duration, extent, probability of occurrence, and time range. There
are some general tools that can be used to identify risk. These can be
incorporated within established risk management processes in any organisation
and include:
Inspections: walking through and conducting inspections of each task, location,
team, group or process within an organisation. This can be done by individual
managers or team leaders and supervisors. It can also be done by senior or
executive management.
Consultation: a process that allows evidence on unreported incidents to be
gathered, for example, injuries, machine breakdown. Again these meetings can be
held on a local or team or group or senior management level. The results of a
number of these meetings can then be incorporated in further meetings with
managers at different levels.
Safety or management audits: these can be conducted by individual managers or
team leaders and focus on their own or associated areas, or can be conducted by
members of the organisation who specialise in this area.
Testing: of plant and equipment in an operational context, or of staff in a service
area. This also can be accomplished as part of the local group or team approach or
can be part of a wider organisation-wide approach.
Scientific or technical evaluation or expert instruction in up-to-date methods (service
industry): these are usually provided by third parties or consultants and often form
part of the training process of the organisation.
Collection and evaluation of material: from suppliers, manufacturers, designers, and
from safety organisations, unions, interest groups and employer organisations.
Expert advice: engaging professional consultants and advisors, lawyers, engineers,
safety experts, process experts.
Seeking government or regulatory information and help: from government
departments, investigatory and regulatory bodies, royal commissions, commissions of
inquiry, coronial inquests, industrial commission hearings, statistical bodies and think
tanks.
Networking: with other members of the market, or users of similar machines or
processes.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 59 of 135
Benchmarking: is a process of seeking out and identifying the best practices of the
organisations competitors, where those best practices represent a higher quality
level or performance. The process means that the organisation, having identified the
best practice in the industry then uses that benchmark as the quality standard to
be obtained within its industry.
Of course the selection of individual tools and methods to identify risk is largely
dependent on the type of organisation, process and market. The type of tools you
use should also be chosen by taking into consideration the nature of the workforce
or membership of the organisation. So take care to ensure that the tool or method
selected is appropriate to the people using and reviewing the methods.
Brainstorming
The brainstorming process can take various forms, but one of the most effective is in
meetings of staff in an environment where there is freedom to experiment with ideas
and to express opinions. Brainstorming is usually a process of energetic interaction
with the goal of forming and discussing ideas and concepts in a round-table or
group dynamic. It allows examination of existing and emerging risk by using the
ideas and experience of fellow workers, managers, experts, other stakeholders and
the users of the process or service.
Brainstorming is a vibrant tool which is designed to open up the creative
imaginations of the participants and to encourage open debate concerning a wide
variety of possible alternatives to the existing or proposed systems and procedures
and services.
Audits and physical inspections
Regulatory based risk management procedures often include regular audits and
inspections, for example Occupational Health and Safety, activities of brokers and
traders on the Australian Stock Exchange register and the regulation of Registered
Training Organisations.
Many organisations have their own internal audit and inspection processes,
including:
Direct observation of activities by appropriate personnel
Judgments based on experience personal, local, or international
Surveys, questionnaires, interviews
System modeling and analysis
Process charting.
The fishbone diagram shown below provides a good example of a process chart,
sometimes called a cause and effect diagram. Each line or fishbone represents
an area that may have caused a problem. In this example they are organisational
practices, equipment, systems and environment. Other examples might
include human factors, procedures, hardware or management.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 60 of 135
Fishbone diagram

Scenario analysis
This is a process of examining options and competing scenarios based on an
assessment of future events. The focus is on the future and may take into account
past and present events as elements of the examination. One topical example
which has emerged in the 20th and 21st Century is the planning of security responses
to possible terrorist threats.
Benchmarking similar organisations and activities
Benchmarking is as you have seen above, a process of identifying the industry best
practice, and setting that as the standard for the particular organisation. The
process involves significant industry knowledge and an ability to examine
competitors processes in order to identify why that market is dominant or
produces the leading product or service.
Sample Risk Data collection record
Below is a sample Risk Data Collection Record for a fictional manufacturing business
identifying how the shift work environment affects the health and safety of
employees? The sample includes a full list of the kinds of data that may be
collected, however because of the nature of this fictional business and the issue it is
investigating; only some of these methods have been used.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 61 of 135
Figure 2: Sample risk data collection record

DATA COLLECTION METHOD IDENTIFIED RISKS POSSIBLE RISK CONSEQUENCES


Stakeholder consultation, N/A
e.g. staff, customers,
suppliers
Organisational records, Increased Labour shortage
e.g. attendance, absenteeism and
Increased labour costs
accidents & incidents accidents at
beginning of shift Increased insurance costs
rotation Human suffering
Expert input, Studies show Long-term consequences, eg
e.g. increased anxiety depression, family stress
professionals and personal
problems at end of
night shift rotation
Scenario analysis, e.g. N/A
asking what if?
questions
Brainstorming N/A
Flow chart analysis N/A
System testing N/A
Surveys Indicated tendency Labour shortages
to take long
Increased labour costs
weekends during
shift rotations that Production delays
clashed with family
commitments
Fishbone diagrams N/A
SWOT analysis N/A
Observation Took staff a couple of Long term health costs
days at beginning of
Increase in absenteeism and
rotation to realign to
accidents (see above)
new roster
Increased lateness
and reports of minor
illness, e.g.
headaches

Audit N/A
Other N/A

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 62 of 135
Nine
Risk identification tools
What procedures can you identify in your workplace that are used solely as risk
identification tools, or can serve as tools for the identification of risk in addition to
their usual operation?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 63 of 135
Identifying control measures for risks

Once you have identified, assessed/evaluated a risk, it is then either permanently


avoided, or has been eliminated, or the risk is then under control. Control here
refers to a process which reduces substantially or to nil, the effect of the risk if and
when it arises.
Where the risk has not been eliminated it is necessary for you to use a control
mechanism to measure the absence of the risk or to ensure that monitoring shows
the ineffectual nature of the risk if and when it arises. This can be as simple as
viewing sales reports, breakdown reports, or production figures. In other words
documents and records relating to the process can be used to control the risk.
Hierarchy of risk control
You may have already learnt about the hierarchy of risk control, ie.
1 Elimination/isolation
2 Substitution
3 Engineering/modification
4 Administration
5 PPE.
It may be most effective to use a combination of the above control methods. The
most effective control measure is to eliminate the hazard; however this is not always
possible. One of the strategies may be isolation of the hazard. If the hazard can be
completely removed, the risk of exposure to that hazard is eliminated; therefore this
is the ideal control solution.
Then there is substitution. If you cannot get rid of the hazard altogether it may be
possible to eliminate the risks associated with it by replacing it with something that is
less likely to cause illness or injury. If a hazard cannot be eliminated, the next
preferred measure is to control the risk.
It may be possible to modify the work area, equipment or tool using engineering
controls and these may include:
Modification to tools and equipment
Using enclosures, guarding, local exhaust ventilation or automation.
If this is ineffective, changing work practices or workflow through administrative

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 64 of 135
Controls may be a solution, i.e.11 The introduction of work practices that
potentially reduce risks, which limits the exposure of the worker to the hazard.
These controls include:
Reducing the number of workers exposed to the hazard
Providing appropriate signage
Reducing the period of exposure
Rotating jobs
Adopting purchasing policies which take account of health and safety
Lockout procedures
Providing personal protective equipment.
Personal Protective Equipment (PPE): should only be used where other measures are
not practicable. Efforts to use higher level controls should continue. PPE may reduce
vision, hearing or movement, and may be uncomfortable or awkward. These factors
should be considered when planning work that requires use of PPE.
PPE must:
Be appropriate for the job
Be clean and functional
Fit the operator correctly
Come with relevant training on its need and use
Be serviced regularly, by appropriately trained staff.
For further information on risk control measures you could:
Check the WorkCover website or telephone them for a leaflet
Look up the National Standards and Codes of Practice.
If you are already employed in a Health Services environment check the OH&S
policies and procedures manual at your workplace.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 65 of 135
An example of a hierarchy of control for managing risk

Can Y'Oll.J liminate ri'Sk'? El'iminate risk

Ca.Jn you r duc risk? Raduca iltla risk

Isolate t'he rrisk.. eg through


Can you i:solate r isk? use of guards and- rtBSbicted
work arreas

Oarn you redu:ce ltle rrisk lnliroduce administmtilll.e


administratively? COIIlhol's

Appropr.iata [personal
pr,oteal!ion proVIided

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 66 of 135
Developing options for control
Let us look at how the hierarchy of control can be applied creatively to develop a
range of controls. The first step is to brainstorm possible risk control options. This
may be done in a group or by an individual. Groups with people from a broad
range of backgrounds are usually better as they generate a wider range of
options.
There are a few DOs and DONTs for brainstorming:
DO:
Clearly define the problem (for risk control this means identifying the hazard, if
you do not get this right you will come up with the wrong controls);
Explore broadly, be enthusiastic and uncritical, have fun; and
Have some resources at hand to prompt discussion.
Do NOT:
Say it cant work or its too expensive
Be critical of, laugh at, or denigrate any suggestions; and
Evaluate the suggestions (this may limit the range of thinking).
Before any brainstorming session, check that the problem has not already been
solved by somebody else or whether there is a solution that may be modified to suit
the needs or provide the stimulus for an even better solution.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 67 of 135
Ten
Hierarchy of controls
Go to the web sites:
www.ascc.gov.au
http://osha.europa.eu/en and search on practical solutions
www.cdc.gov/niosh and search on practical solutions.

Or to the website of your OHS regulatory authority


Review the type of material held on each site, and enter in your resource file the
web sites and at least two resources from each site that may be of use to you in your
work.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 68 of 135
Element 3: Analyse risks

Analyse risk likelihood and consequences


The next step of the risk assessment is to determine or estimate both the likelihood of
a risk arising and its potential consequences. All available data sources should be
used to understand the risks. These may include: historical records, procurement
experience, industry practice, relevant published literature, test marketing and
market research, experiments and prototypes, and expert and technical judgement
and independent evaluation.
The risk analysis involves:
An estimate of the likelihood of each risk arising. This might be done initially on a
simple scale from 'rare' to 'almost certain', or numerical assessments of probability
might be made
An estimate of the consequences of each risk. This might be done initially on a
simple scale from 'negligible' to 'severe', or quantitative measurements of
impacts might be used.
Analysis of risk levels can be conducted on the inherent risks (assuming no controls
are in place) or on residual risk (that remaining after considering existing control
strategies). The former zero-based approach would be appropriate at the outset
of an activity or when considering a possibility of revising controls. The latter would be
appropriate when monitoring management action or reviewing implementation.
The purpose of analysing risk is to provide information to enable the evaluation of
risks, using predefined likelihood and consequence criteria. Risk analysis uses
judgments and assumptions, which may involve uncertainty and be based on
incomplete information. Therefore, the best available information sources and
techniques should be used. Wherever possible the confidence placed on estimates
of levels of risk should be included.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 69 of 135
Eleven
Risks and causes

Consider a number of risks that exist in your workplace. Complete the table below
by sourcing the risks and identifying their possible causes.

RISK: POSSIBLE CAUSE:


Increasing client complaints

Workplace accidents

Theft

High employee attrition rates

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 70 of 135
Risk Reporting Matrix

Each undesirable event that might affect the success of the program (performance,
schedule, and cost) should be identified and assessed as to the likelihood and
consequence of occurrence. A standard format for evaluation and reporting of
program risk assessment findings facilitates common understanding of program risks
at all levels of management.
The Risk Reporting Matrix below is typically used to determine the level of risks
identified within a program. The level of risk for each root cause is reported as low
(green), moderate (yellow), or high (red).

5
o d

4
o
o
Likelih

1
1 2 3 4 5
Consequence

Probability of risk
You can look at the probability, or likelihood of a risk event actually occurring as
being on a continuum from: Almost certain(level A) to Rare(level E) as described
in the table below.
Sample Probability Table of Definitions

LEVEL DESCRIPTOR DESCRIPTION


A Almost certain Is expected to occur in most circumstances
90-100%
B Likely Will probably occur in most instances
50-90%
C Possible Might occur at some time
25-50%
D Unlikely Could occur at some time
10-25%

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 71 of 135
E Rare May occur only in exceptional circumstances
1-10%

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 72 of 135
Assess impact or consequence if risks occur

Qualitative risk analysis involves looking at the extent of the risk and its potential or
current impact on the product or process, or both. It may involve an assessment of
the impact of the risk on the general culture of the organisation. In this case, culture
refers to how the members of the organisation perceive the organisation it is a
perception shared by a number of members of the organisation.
Impact itself can be assessed in terms of its effect on:
Time
Cost
Quality
Time
This includes the time taken to:
Identify, record and report the risk
Analyse and assess the risk
Address the risk
Either reduce its impact or remove it completely as a potential risk.
Cost
Although you may have assessed something as a risk, the cost of identification,
recording, analysis and addressing it may operate against making a proper
response to it. Once identified, some risks will also be identified as having a
potentially significant cost to the organisation if they allowed continuing to go
unchecked.
Quality
Risk assessment also includes an analysis of the impact of the risk on quality. In this
case, quality may be the quality of the product or service, the impact on the culture
or employees of the organisation, or the issue of risk proximity.
Risk proximity is about:
When and where the risk will occur
Its role in the process or system
Its damage or potential damage reaches.
The following table shows that the impact of risk is generally ranked from
Insignificant(level 1) to Catastrophic(level 5). You can see from the detail
descriptions that these levels focus on the degree to which the business is affected
in regards to its financial and service capability.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 73 of 135
Sample Consequences (Impact) Table of Definitions

LEVEL DESCRIPTOR EXAMPLE DETAIL DESCRIPTION


1 Insignificant No service impact; low financial loss
2 Minor Minimal disruption to service capability; medium
financial loss
3 Moderate Interruptions to service delivery; high financial loss
4 Major Loss of service capability; major financial loss
5 Catastrophic Loss of business continuity; huge financial loss
As with most areas of our lives, the immediate risks often have more impact than risk
that has become part of the working life or system of the organisation. In the
workplace, an immediate risk is often easier to deal with than a future risk, because
future risks need planning. To manage future risk, you need to be able to mobilise a
team to plan against these future issues.
For example: before the Sydney 2000 Olympics many businesses that considered
they would be affected in some way during the Olympics period (for example by
heavy traffic, road closures or increased/decreased patronage) conducted risk
analyses around 1998. This gave them the time and opportunity to plan to manage
the risks effectively.
Some organisations believe that risks that are not going to occur in the current
financial year should not be considered until the year in which they will occur. On
the other hand, there may be a risk that has an imminent effect, or has already had
its effect. Or the effect may be latent.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 74 of 135
Ranking risk and setting priorities

This section looks at qualitative and quantitative risk analysis and the ranking or
priority listing of the risk(s).
Qualitative and Quantitative Risk Analysis
Once you have identified and analysed the risks, it is important to rank them so that
you can prioritise the focus of resources and attention. It is also important that this
ranking is carried out in an objective way and is not influenced by emotion or self-
interest. There is some evidence that people tend to focus on risks that have recently
occurred rather than those that have arisen some time before and may be
repeated.
Qualitative risk analysis is commonly used because it is easy.
The skills needed for quantitative analyses are a little more specialised. However, a
structured approach will allow analyses to take into account both qualitative and
quantitative approaches.
While it is important to canvass a range of people within the organisation, you and
other managers must be cautious when taking into account peoples personal
perspectives. Self-interested and self-promoting motives are not uncommon during
the process. For example, Angelas priority is network security as she has always
advocated new network security purchases. A technique that is sometimes used to
keep the focus on the problem is the Delphi Technique. Here opinions and views are
collated anonymously then cross-checked with a range or panel of experts. In this
method the data is examined and forms the examinable material. Personalities are
not considered.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 75 of 135
Ranking and recording
The criteria for ranking and recording:
Take into consideration whether the risk falls within established or accepted
guidelines
Differentiate between risks that have high impact/consequence/likelihood and
those having low impact/consequence/likelihood
Assign value to identified risks using available tools
Assess consequences and likelihoods.
The following tables show how risks can be ranked and recorded according to their
probability and impact. You can see, for example, that a risk that has been
analysed as having a minorimpact (minimal disruption to service capability;
medium financial loss), but which has a high probability (it is almost certainthat it
will occur) is ranked as a high(H) level risk. Senior management attention is usually
needed to manage the risk at this level.
A risk that has been analysed as having a catastrophic impact(loss of business
continuity; huge financial loss) is ranked as an extremelevel risk if the probability is
likelybut highif the probability is rare. Immediate action is required, involving
senior management, to manage the risk.
Sample Level of Risk Matrix

IMPACT INSIGNIFICANT MINOR MODERATE MAJOR CATASTROPHIC

PROBABILITY
Almost certain H H E E E
Likely M H H E E
Possible L M H E E
Unlikely L L M H E
Rare L L M H H

Sample Risk Table of Definitions

EXAMPLE OF RISK TABLE OF DEFINITIONS

E Extreme risk; immediate action required


H High risk; senior management attention needed
M Moderate risk; management attention must be specified
L Low risk; manage by routine procedures

ACCEPTABILITY RISK LEVEL

Acceptable Low and Moderate


Not acceptable High and Extreme

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 76 of 135
Twelve
Risk ratings
1. Indicate on a scale of 1 to 5 (where 1 is least likely and 5 are most likely), how
would you rate the likelihood of the following (circle a number):
Major flooding in central Australia
1

Taxes increasing in the next two


years 1

Further bank mergers in the near


future 1

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 77 of 135
Humans living on Mars within 50
years 1

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 78 of 135
Computers no longer being used
in the next 20 years 1

Australia becoming a republic


1

5
World War 3 occurring
1

Marriage being abolished


1

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 79 of 135
2. Which of these is most probable? Which is likely to have the highest frequency?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 80 of 135
Element 4: Select and implement treatments

Determining and select most appropriate options for treating risks


Risk treatment involves identifying the range of options for treating risk, assessing
those options, preparing risk treatment plans and implementing them. It is probable
that a combination of options will be required to treat complex risks. Once a risk is
well understood and it is clear that some treatment will be required, detailed analysis
of treatment options may be required. There will usually be several options, each
entailing different costs and benefits and each offering a different level of risk
mitigation.
Key outcomes steps
1. Identify treatment options
The most suitable risk treatment options for the organisation are identified.
The options are summarised below.
The control or management of risk can be different on an organisational or industry
basis. However there are seven commonly used approaches:

APPROACH DESCRIPTION

1. Elimination / In this approach the risk is either reduced to its lowest


reduction possible level to enable it to be managed, or it is eliminated.
management
This latter course may involve divesting a manufacturing
process, a particular service within a general service industry,
or simply deleting a process and replacing it with a newer,
safer or alternative system.
A variation in this approach is not to eliminate the risk if that is
too difficult or too late, but to reduce or eliminate its effect.
2. Assumption Insurance companies assume risk as part of their operations.
of risk Here the expression assume risk means to knowingly
accept the risk as part of the agreement with the
person/company that pays the premium. Organisations
unused to risk may assume or accept its effect because to fail
to do so might negatively affect the organisations
operations.
Once again the decision to assume a risk must be taken
bearing in mind the competing issues of cost, proximity and
extent of the risk.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 79 of 135
APPROACH DESCRIPTION

3. Transfer risk Insurance is a means of transferring the risk, through the


payment of insurance premiums, to an insurance company.
It is important to understand that this is generally a way of
managing financially based risk. The insurance company
can only really assume a financial risk. It is not able to
assume risk that relates to culture, personnel or
manufacturing for example.
So if the risk of the factory burning down is identified, then
the financial risk can be transferred to the insurance
company, but the actual risk of losing specific or specialist
machinery cannot.
Often organisations only transfer part of the financial risk
having assessed the insurance premium cost as too high to
transfer it all.
To offer a personal example, this may be compared with a
householder insuring the contents of the house against fire,
but not paying extra for the loss of specialist jewellery or
stereo equipment. It then falls on the householder to fund
the replacement of such items.
Changing
4. Risk can be avoided by changing processes, or refraining
processes
from an activity. This is often an ongoing process of change
from risk identification.
Organisations with a positive risk identification and
management culture are ready and willing to change or
remove processes that demonstrate a greater degree of risk
or risk potential.
Changing a process to avoid an activity also requires a
positive risk management culture as this can be confronting
and expensive, particularly if the process needs to be
replaced.
The change or replacement of a process in order to
manage a risk must also be undertaken using risk
management procedures. In other words, the new process
must not create or support the same or similar risk it was
designed to eliminate.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 80 of 135
Delaying
5. An organisation may defer a risk, by delaying it until such
time as it is able to assume the risk or deal with it in a better
and more positive way.
An organisation may believe that research or development
it is undertaking will make it more able to deal with the risk at
a later time.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 81 of 135
APPROACH DESCRIPTION
Sharing risk
6. Organisations may seek to share risk with other organisations
by way of joint ventures or cooperative options.
A good example of this is seen in the construction and
maintenance of motorways in capital cities where
government and private industry come together to share the
expense.
Similarly in recent times wine and beer companies have
combined with manufacturing industries associated with
wine and beer production, when entering new markets such
as China.
7. Spread and An organisation may attempt to spread and minimise
minimise locations of the risk, eg a company may spread its outlets
locations of and workforce to a number of areas in order to spread or
the risk reduce the risk of an incorrect decision in relation to
geographic marketing. For example, a retailer may have
outlets in a number of locations in a town to ensure the
product is available to as many potential customers as
possible.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 82 of 135
Action plans for implementing risk treatment

The action plan formalises the risk management process. The specific format of the
risk management action plan will vary from one organisation to another, but the
following is an example of a relatively straightforward methodology.
Risk
Date identified
Level of risk
Reason for risk rating
Risk priority /risk ranking
Action (what is to be done)
What resources are required
Who is responsible for the action
Timeline-when should the action be completed
Strategy for informing relevant stakeholders- ie. staff volunteers, board,
corporate sponsors, etc
Review date
A risk control action plan is not only essential for the effective and systematic
introduction of risk control actions, it may also be a legal defence that you have a
plan in place and are working towards a target. (Provided the target dates are
appropriate considering the severity of the risk and that the target dates are being
met.) Remember to compare the levels of the risk control hierarchy with the time
frame when determining target dates.
You will find some suggestions on how to format a risk control action plan in some of
the codes of practice and also in the Risk Management Guidelines (Standards
Australia, 2004b). However, you should develop the format of your risk control action
plan to suit the organisational structure and management style of the organisation.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 83 of 135
Sample risk treatment action plan

DATE OF RISK REVIEW: COMPILED BY:


FUNCTION/ACTIVITY:
risk # from treatment risk level person implement by indicators to person
register after responsible date monitor responsible
treatment for for
treatment monitoring
1. Lack of Design and Reduce HR 3 weeks Staff
Accounts
operator delivery of likelihood but Consultant competence and
expertise relevant not impact: confidence in Supervisor
training risk level operating new
program reduced to system
high
2. Resistance to Determine Reduce Accounts 2 weeks
Attitude of Team
change by reasons for likelihood and Supervisor
staff to new leaders
some resistance; impact: risk
system;
operators ensure all level reduced
willingness to
operators to unlikely
adopt changes
understand
benefits of new
system to
themselves &
other
stakeholders;
have out with
the old, in with
the new party
3. Time Install new Reduce System 2 days
Installation Accounts
constraints system likelihood supplier (weekend)
time; Supervisor
in installing outside of and impact:
customer
the new normal risk level
complaints
system and working hours reduced to
about delays
possible moderate
interruptions
to daily work
schedules

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 83 of 135
Risk treatment plan
Sample risk treatment plan

Risk Ranking Treatment option Date

Eg loss of
contract due to .

Objective: (set out objective in summary)

Steps Who When Resources Cost


responsible

Cost
Total cost

Keys to risk treatment action plan:


Example Consequences (Impact) Table of Definitions

LEVEL DESCRIPTOR EXAMPLE DETAIL DESCRIPTION


1 Insignificant No service impact; low financial loss
2 Minor Minimal disruption to service capability; medium financial loss
3 Moderate Interruptions to service delivery; high financial loss
4 Major Loss of service capability; major financial loss
5 Catastrophic Loss of business continuity; huge financial loss.
Example Likelihood (Probability) Table of Definitions

LEVEL DESCRIPTOR DESCRIPTION


A Almost certain Is expected to occur in most circumstances
B Likely Will probably occur in most instances
C Possible Might occur at some time
D Unlikely Could occur at some time
E Rare May occur only in exceptional circumstances

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 84 of 135
Example Level of Risk Matrix

CONSEQUENCE INSIGNIFICANT MINOR MODERATE MAJOR CATASTROPHIC


LIKELIHOOD

Almost H H E E E
certain
Likely M H H E E
Possible L M H E E
Unlikely L L M H E
Rare L L M H H
Example of Risk Table of Definitions

Example of Risk Table of Definitions


E extreme risk; immediate action required
H high risk; senior management attention needed
M moderate risk; management attention must be specified
L low risk; manage by routine procedures

ACCEPTABILITY RISK LEVEL


Acceptable Low and Moderate
Not acceptable High and Extreme

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 85 of 135
Thirteen
Risk treatment action plans
Does your organisation have a risk plan? If so, how would you describe it in relation
to its terms or make-up? If you cannot recognise such a plan, in summary form what
sort of plan would you implement?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 86 of 135
Risk registers

Formal recording and reporting of risk is an important phase of the risk management
process. The risk register is the central starting point whereby risk reporting and risk
treatment plans can be recorded and monitored, and reviewed regularly.
A Risk Register is developed to:
Provide a useful tool for managing and reducing the risks identified before
and during the project
Document risk mitigation strategies being pursued in response to the
identified risks and their grading in terms of likelihood and seriousness;
Provide the project sponsor, steering committee/senior management with a
documented framework from which risk status can be reported
Ensure the communication of risk management issues to key stakeholders
Provide a mechanism for seeking and acting on feedback to encourage the
involvement of the key stakeholders; and
Identify the mitigation actions required for implementation of the risk
management plan and associated costings.
The risk register is many cases customized data base to document and log the
following:
Number of the risk identified
Date
Area or location of risk
Description
Likelihood of occurring consequences on organisational objectives
Proposed responses risk treatments.
Priority assigned
Control measures
Responsible for implementation
By what date
Review

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 87 of 135
Sample risk register

This may be simply a title, but some kind of alphanumeric coding is


Unique ID
likely to be useful when you are dealing with a large number of risks.
Presented in a structured format:
Condition 'There is a risk that'
Description
Cause 'Caused by'
Consequence 'Resulting in'
What is the likelihood of the risk occurring? It would be helpful to
Probability
record the justification behind this analysis.
What will the impact be if the risk occurs? It would be helpful to
Impact
record the justification behind this analysis.
What is the 'risk window' when this risk may occur and when do you
Timescale
start to lose options as to how you respond?
What will the risk cost if it does occur? Note: you can't assess this
Cost
unless you know what your response action will be.

There should be a person nominated to 'own' the risk which means


monitoring the situation and ensuring that necessary management
actions are carried out. In a project situation this should be somebody
Owner
within the project team and in all cases it should be somebody who
will be impacted by the risk and who has a vested interest in
addressing it.

What are the agreed response actions? These may be broken into:
Management Preventative actions to mitigate the risk and
approach The response action if the risk actually occurs. This is sometimes
known as an 'impact plan'.

This is the expected level of risk once all the mitigating actions are
Residual risk
complete.
What 'trigger' might alert you to the fact that the risk is about to
Early warning
occur? In some cases you may only choose to spend money on a
signs
response action once the trigger occurs.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 88 of 135
Communicate risk management processes to relevant parties
Risk management communication is the sharing of information about risk and risk
management between the decision makers and others. Parties can communicate at
any stage of the risk management process. When all parties in a project
communicate their expectations and perceptions early and often, the disconnects
between opposing parties can be readily established. Steps can then be taken to
resolve those differences and align everyones expectations and perceptions. To be
effective, communication must flow both up and down the
chain of command so that all parties are informed.
Good planning will lead to good communication. All parties should agree on
acceptable means and lines of communication early in the process. Develop tools
to aid the communication process such as correspondence logs, telephone
conversation logs, and e-mail protocol. Communication must be handled in a
professional and courteous manner.
When dealing with a contentious issue, it is not a good practice to send a letter or e-
mail immediately after composing it. Take time and then re-read the
communication before sending it. Communicating only the facts of the case and
avoiding emotional outbursts or statements of opinion can help to avoid problems or
making problems worse.
Communication factors such as language and literacy
Effective communication is obviously critical to genuine participation. The specific
needs of individuals in the workplace need to be taken into account. Individuals will
have different levels of literacy and either may not speak much English or may not
have English as their first language. For example, induction and instruction in policies
and procedures need to reflect the language and literacy levels of each person,
and things like safety and emergency warning signs, which are for the whole
workplace, need to be based on easily understandable pictures, rather than
complex language.
Communication must be a two-way street. If individuals are to be able to
participate in OHS activity in a meaningful way they need access to information in a
format they can understand, and they need to be able to communicate back to
OHS representatives, supervisors, OHS advisers and others easily.

Diversity of workers
Similarly, this is about recognising the differences in the individuals in your workplace.
A one size fits all approach to OHS wont work. Employees may come from
different cultural, age and educational backgrounds with different views about
personal responsibility and authority; they will have different previous experiences,
knowledge and skills and may have different learning styles. They may have external
pressures and stresses in their lives or pre-existing physical injuries. All these factors
need to be taken into consideration in designing and developing participative
arrangements.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 89 of 135
Documenting risk management processes

Document management is a vital ingredient in any risk management process. For


example, where the risk is addressed by regulatory authorities, then an organisation
which is subject to those regulations must retain the supporting documents to show it
has met or exceeded the risk guidelines. In some situations this forms part of their due
diligence procedures. Due diligence is a formatted or sometimes regulated process
of risk assessment and identification. Where an organisation conducts a process of
due diligence it follows a set or agreed procedure to examine processes,
documents or systems, to determine a set of agreed standards.
You should document the results of the analysis process, including changes and
recommendations. These documents should be easy to understand by all those
whose role includes their use. It is very important that all documentation
communicates clearly. Often people who are very literate will write documents that
are difficult to understand.
Make sure you use plain English and that your message is understood by all who
read it. Keep in mind that language difficulty also impact on the success of the
documents used and must always be taken into account.
The person writing the document must be clear about:
The reason the document is being created
What is should contain
Its purpose what it will be used for and who will be reading it.
There is always a role for training in relation to the completion of the documents, and
that training should take these issues into account. Focusing on the documentation
may also highlight the need for amendments to be made to operational and
training manuals, schedules, checklists and instructional documents to ensure they
communicate clearly.
Statistics
Statistics on incidents, accidents and illnesses help identify problem areas, show
trends over time, provide baselines for intervention and assist with evaluation of such
intervention, i.e. provide information which will support occupational health and
safety programs in the workplace.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 90 of 135
With which statistics should people on-site be concerned?
While their precise needs might vary - compare the narrower focus of a section
manager with the overview taken by a workplace health and safety committee -
people on-site should be concerned with all statistics relevant to health and safety
matters in the organisation of which they are part.
In addition, statistics gathered from external sources, may be consulted for
comparison, or reference, purposes. Such information may include data on
incidents, which led (or potentially could have led) to injury, data on hazards, on
work-related disease cases, and sickness / absenteeism data.
Broadly, statistics are kept for the following reasons:
To identify problems warranting preventive action
To allow follow-up and evaluation of the effectiveness of actions taken to
improve workplace health and safety.
To fulfil statutory (legal) requirements, and
To provide data for future reference on, for example, trends over time.
Sickness and absence records
These records concern individuals and are kept for personnel and payroll reasons.
They can also be a valuable tool in occupational health and safety as they may
indicate trouble spots, such as unsafe or unhealthy working conditions, or problems
with the management of certain areas of people.
One only needs to look at the available industrial accident statistics to see that,
despite increasing legal requirements, industrial accidents are severe drain on the
economy as a whole, as well as the individual organisation.
Record keeping is an important tool for employers to monitor the performance of
their safety management system. This need not be a complicated task and in some
cases a simple diary of events, procedures, instructions or similar may be all that is
needed. Records must be kept as evidence that you are complying with the
legislation.
Employee handbooks
New staff should gain skills in working with clients safely and gain an understanding
of policies. Harassment, bullying, prejudice, and diversity organisation policies should
be outlined in the employee handbook. An employee handbook (or employee
manual or staff handbook) details guidelines, expectations and procedures of an
organisation to its employees. An employee handbook is a way of communicating
the procedures and policies followed by an organisation, including the current OHS
policy details specific to that organisation.
Employee handbooks must:
Comply with relevant state legislation
Be tailored to the business, not just a generic statement
Include a statement about the types of people covered by the policy, e.g.
contractors, employees, and clients, and
Include a procedure for making workers compensation claims.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 91 of 135
Job Safety Analyses (JSAs) and risk assessments
Job Safety Assessments (JSAs) provide a written record of the process to be used to
proceed, on a task. They are becoming a regular part of managing safety in the
community services sectors. It is an official document and can therefore be used in
court and needs to be signed off by parties who have responsibility for tasks.
JSAs prepare people for each job and should be completed prior to the
commencement of work. Each worker involved with a job should know what tasks
are listed in the document for the work they are doing. Management processes
must be in place to ensure workers have the skills to complete the job at hand and
that there is adequate supervision to ensure tasks are completed and documented.
Material Safety Data Sheets (MSDSs) and chemical registers
An MSDS is a document prepared by the manufacturer that contains further
information in relation to a particular chemical product. You should refer to an MSDS
if you need to know:
First aid procedures
Storage and handling
What hazardous substances the product contains (if any)
Possible harmful effects
Modes of entry into the body.
The MSDS is available from the manufacturer of the chemical product (contact
details on label).
Audit and monitoring records
Monitoring records that need to be kept should include:
Details of the methods and frequency of review of risks and the risk management
process
Outcomes of any audits and other monitoring procedures (internal or external)
for OHS matters.
Details of how the review recommendations are to be followed up and
implemented
Records for Health surveillance
Health surveillance is the monitoring of workers' health to identify health effects or
other measures of exposure to a hazardous substance. Health surveillance includes
biological monitoring, which is the measurement of a hazardous substance in the
body (eg, the level of a substance in the blood or exhaled air).

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 92 of 135
Health surveillance must be done if the assessment identifies that any employee
could be exposed to a hazardous substance and:
There is a disease or health effect that can be caused by the exposure
There is a reasonable likelihood that the disease or health effect could occur
under the conditions of work
There are valid ways of detecting the disease or health effect.
Health surveillance records must be kept as a confidential record for 30 years. The
informed consent of an employee must be obtained before any personal health
information obtained as a result of health surveillance is provided to another person.
In general, health surveillance records should only be used on a confidential basis or
'in aggregate', i.e., group records that do not identify individual employees.
Evacuation procedures
When presented with a possible life-threatening event, individuals may need to exit
the building or immediate environment. Evacuation procedures are relevant in such
events as a fire, bomb threat, or chemical spill. New workers need to familiarise
themselves with these processes.
Register of injuries
A Register of Injuries is a current record of any injuries suffered by workers, whether
they result in claims or not. You and your team should fill in the Register even if the
accident is small and seems insignificant. You and/or your team members may need
to provide this information if a workers compensation claim is made.
The Register should be kept in each workplace within the first aid kit and should
contain:
The name, age, address and occupation of every person injured while working
at that place of work
The industry in which the person was working at the time of the injury
The activity in which the person was engaged at the time the injury occurred
The date and time the injury occurred
A brief description of the type of cause of the injury.
(SOP) Standard operating procedures
Standard operating procedures (SOPs) are documented operational controls
procedures, or instructions designed to control risks associated with, routine activities.
SOPs are administrative controls that reduce the risk of a hazard. SOPs are defined
by analysing operational activities, processes or procedures, reducing them to their
component parts or tasks, and them devising the most efficient way, to carry out the
activity, by incorporating generally recognised best practices and taking into
account, appropriate health and safety measures along the way.
Standard operating procedures may be laid down for:
Proper handling and storage of hazardous materials
Operating procedures for manual handling equipment
Regulatory compliance activities.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 93 of 135
Fourteen
Documenting risks

Think about the following situation. Consider the hazards, the likelihood and severity
of the risks and the possible controls. Complete the 'Risk assessment form'.

Case study
Kim has been working for six months as a trainee in a small accounting firm. The
office is in an old two storey building which is cool in summer and cold in winter. The
offices are cramped and the lighting is poor. Storage has become a real problem
with the storeroom on the ground floor packed to the ceiling with files and old
equipment. The offices are nearly all upstairs.
Kim is a hard worker and is always keen to do that bit extra. She often stays back at
night to finish work and by the end of the week she is usually very tired. Everyone
seems busy all the time and there never seems enough time to do things properly.
Yesterday Kim was carrying files from the accountant's office downstairs to the
storeroom on the ground floor. The stairs are narrow and have no handrails. As usual
during tax time there were files and boxes lying around at the top of the stairs. The
next thing she knew the files were spread everywhere and she was down the stairs
with a badly sprained ankle.
Kim was really embarrassed especially when the office manager said it was her own
fault for rushing and wearing those 'ridiculous high heels'.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 94 of 135
Risk assessment form

Complete this form for the example situation you have just read about Kim in the
accounting firm.

THE HAZARD THE LIKELIHOOD OF THE THE LIKELY SEVERITY OF THE POSSIBLE
RISK THE RISK CONTROLS FOR THE RISK

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 95 of 135
Incident reporting

An incident report is a document reporting on an unusual event, problem, incident,


such as an injury or other undesirable effects, that varies from the established
policies and procedures for care or service of the organisation. All incidents, whether
or not they result in injury should be reported to management according to the
organisations OHS policy.
Reports of this nature usually include the following standard details:
Details of person involved in the incident
Description of circumstances (date, time, location, how it occurred, body part
and severity of injury)
Witness information, and
Treatment given at time of incident.
There are a variety of incident reports, including:
Investigation reports, and
Register of injuries.
Each organisation has their own process and designated responsibilities for
reporting and dealing with incidents. Even in similar workplaces, the nature and
requirements of reports may vary.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 96 of 135
Fifteen
Incident reporting
Describe in approximately 200 words, how the incident/accident record keeping
system operates, or should operate, in a workplace. You can use an example if it will
assist with your explanation.
Name three records that are kept for OH&S and describe what they are for.
Describe how these documents can be used together to:
1. identify hazards

2. monitor risk control procedures

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 97 of 135
Storage of OHS information

In storing information, it is important to remember that information is being stored so


that it can be used. It is important not to create data cemeteries. So when
deciding how to store information keep in mind:
Why is the information being stored?
Who will want to use it?
When and how often will they want to access the information?
What protections (privacy, confidentiality) are required for the information?
What links, or other factors, need to be considered for the data to be
meaningful?
What technology is available?
What are the skills of the people in using the technology?
This will then lead to the following questions:
What is the best medium (electronic; hard copy) for storage?
What is the best format for organising the information?
What skills and technology will be required to access the information?
Most organisations will have some records, such as incident and injury reports,
workplace inspections and/or newsletters, in hard copy.
Hard copy formats tend to be used where:
The original record is in handwriting;
The original requires a signature; and
The material is for information and is usually circulated or left in an
open location for people to read (i.e. newsletter).
Even in the smallest community services organisation is likely to have electronic
storage for any information or records that meet one or more of the following
criteria.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 98 of 135
The record or document has to be:
Communicated to somebody else
Retained for legal reasons
Collated to identify a trend; and
Used for planning.
There are many software options for storing electronic OHS information. These
options may range from simple spreadsheets to highly interactive purpose-designed
software packages that may incorporate functions such as incident reporting, injury
management, chemical and risk registers, asset and maintenance registers and
training records. Having determined the format for storing OHS information (i.e. the
nature of software) the next question is whether it should be on a single computer or
networked hardware for an intranet-type system.
It is beyond the scope of this unit to compare the relative features of the various
systems, but some factors to consider are:
Who needs to access the information?
Do they have access to the hardware?
Do they have the skills to access the system?
What level of technological support is required/available?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 99 of 135
Monitor treatment plans

While it is not the role of the manager to manage change, the manager should
monitor the implementation of change in association with the responsible OHS
practitioner. Risk control action plans should be updated on an ongoing basis and
any actions that are delayed or blocked should be reviewed, the reasons for
the delay identified and appropriate action taken within level of control. The
manager has an obligation to ensure that the responsible manager is aware of any
delays and the practitioner should recommend actions as appropriate.
An example of a monitoring and review timetable is illustrated below.
Risks register review: Annually Management team meeting (CEO)

Reporting on risk registers: Annually Operational planning (Managers)


Review of risk treatment plan: Monthly Team meeting, reporting (Managers)

Reporting on risk treatment plans: Quarterly Board or Management (Managers)


As a general rule, volatile risk environment require closer monitoring and more frequent review
and re-evaluation of risk and the risk management process itself.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 100 of 135


Evaluating and monitoring risk management

Monitoring is not only a practical requirement but a legal obligation, as the common law
duty of care and OHS legislation requires that the employer provide and maintain a
working environment that is safe ..
Monitoring should be continuous and dynamic, with ongoing routine surveillance of
outcomes compared with expected performance, supported by periodic, focused
review.
Here is an example of a system for monitoring and reviewing risk.
Step One: Plan and implement risk management monitoring program
Analysis of tasks and activities for risk requirements
Selection and training of staff who are given various levels of responsibility in
relation to risk identification, analysis and management
Measurable performance standards are implemented.
Step Two: Measurement of performance
By using activity reports a monitoring of processes, trends and results
continues
Conduct continuous comparison between organisational risk policy and actual
activities within the organisation
Conduct organised audits of all activities within the organisation
Implement a system supporting continuous restructuring to reflect management of
identified risks and organisational compliance issues.
Step Three: Analyse historical data
Review reports and establish trends
Examine history of prior risks to establish cause and effect
Analyse processes and procedures to identify need for changes
Support, identify and implement innovation and improvement.
Step Four: Gain commitment to improvements
Ensure improvements and innovations fall within mission statements, policies and
quality systems
Gain commitment from senior management for change and innovation as a
process.
Step Five: Gain commitment of staff
Support change as a continuous cultural process, ensure that support is given to all
staff to identify and implement innovation and change
Involve staff in all areas of operation

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 101 of 135
Involve staff in communication at all levels relating to risk, change and
innovation.
Step Six External audit
Ensure all legislative and regulatory issues are complied with
Gain support of external stakeholders
Review all external audit findings and communicate to staff as much of your finds
as possible
Identify and implement changes proposed.
All organisations should ensure that risk identification, assessment analysis and the
change arising from these processes fall within the culture of the organisation. This
requires commitment from the most senior levels of management in the
organisation, and it requires communication throughout all ranks of the organisation.
Leadership and coaching are two of the most commonly used processes to engage
an organisation in cultural change to embrace the issues of risk identification and
management and the issues arising from the change that flows from these
procedures.
Sample audit

Areas to be audited FREQUENCY

Client satisfaction survey 3 yearly

Performance appraisal audit Annual

Professional development/ training Annual

Policy review 3 yearly

Equipment maintenance checks Annual

Human resource or personnel file audit Annual

Client feedback, complaints and complements Annual


audit
Occupational, health and safety audit 6 monthly / Annual

Incident, near miss audits Annual

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 102 of 135
Sixteen
Reviewing the Risk Management System

Identify the ways your organisation reviews its risk management system. How
effective do you think it is? In view of the matters dealt with in this content guide,
how would you suggest improvements?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 103 of 135
Bibliography

Standards Australia. (2004). HB 205 2004 OHS Risk management handbook.


Sydney: Standards Australia.
Standards Australia. (2004). AS/NZS 4360: 2004 Risk Management. Standards
Association International Ltd.
Standards Australia. (2004). HB 436:2004 Risk Management Guidelines
Companion to AS/NZS4360: 2004. Sydney: Standards Australia International
Ltd.
Rein, Martin, 1983, From Policy to practice, Armonk, and N.Y: M.E. Sharpe.
Hopkins, Andrew, Safety, Culture and Risk, CCH (2004)
Annual National Safety Conference Occupational Health and Safety Daily
News (newsletter)
Shmerling, L. 1996, Communication in the Workplace, Macmillan Education
Australia, Melbourne.
HB 205: 2004. OHS Risk Management Handbook. Australian/New Zealand
Standard.
HB 436: 2004. Guidelines to AS/NZ 4360:2004.
OECD (2006). OECD studies in risk management: Denmark: Assessing societal
risks and vulnerabilities. OECD Publications, Paris. France.
Reason, J. (1990). Human error. Cambridge University Press: New York.
Reason, J. (1997). Managing the risks of organizational accidents. Ashgate:
Aldershot.
Weick, K. E. (1987). Organizational culture as a source of high reliability. Calif.
Management Rev, 29: 112-127.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 104 of 135
BSBRSK501A Manage risk

Assessment tasks
Complete the following tasks. These tasks must be submitted to your trainer as they
form a major part of your assessment for this unit.

Assessment task 1:
(Written responses to questions)
In short sentences, briefly describe the following:
1. What is meant by a RISK?

2. Are there different types of risk, and if so, please list them?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 105 of 135
3. Define Risk Management?

4. What are the benefits of Risk Management to an organisation?

5. Explain in your own words, what a Risk management action plan is?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 106 of 135
Assessment task 2:
Establish risk context
(Report)
Present a report (500 words) on the organisation-strategic context in which the
organisation operates, including where relevant to your industry sector.
Summary of key documents:
a) Constitution
b) Business or strategic plans
c) Vision/mission statement
d) Annual report
e) Key policies
f) Annual report
g) Key competencies
h) Relevant awards
i) Standards related to the organisation /industry
j) Peak bodies of relevance to the organisation/industry
k) Organisation charter
l) Goals, objectives/strategies-brief overview only
All of these factors describe the positioning of the organisation-hence the context in
which the organisation operates and key parameters, for assessment of risk.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 107 of 135
Assessment task 3:
Determining the scope for the risk management process
Project management and stakeholders
(Workplace project)
1. Thinking about a time when you have worked as part of a project team, explain
how the team identified and defined the scope of a new project.

2. What scope planning models have you used?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 108 of 135
3. Discuss some of the documents you have used, or referenced, or produced as
part of the scoping of a project.

4. In what ways did the project management team analyse and plan for risk?

5. Identify all of the stakeholders involved in the project, and in what format
information regarding risks in the project was communicated to them.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 109 of 135
Assessment task 4:
Review political, economic, social, legal, technological and
policy context
(Research, written responses)
1. Navigate the World Wide Web and find examples of risks in the 21st Century
under the following categories
a) Political

b) Economic:

c) Social: (i.e. poverty due to retirement from working life, age, unemployment or
illness)

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 110 of 135
d) Legal

e) Technological

f) Financial: i.e. Bankruptcy, recessions

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 110 of 135


2. Why is the need to manage risk more important today than say 20 years ago?

3. Describe what you believe to be the elements and characteristics of a good risk
management policy statement.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 111 of 135


Assessment task 5:
Review strengths and weaknesses of existing arrangements
(Practical, workplace project)
Conduct a SWOT analysis of your organisations risk control measures:
1. What are the strengths of our control measures?

2. What are the weaknesses of our control measures?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 112 of 135


3. What are the opportunities provided by using these control measures?

4. How are the outcomes documented

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 113 of 135


Assessment task 6:
Communication and participation in the risk management process
(Written responses)
Note how the organisation that you work for, communicates OH&S information to all
levels of staff. You should be very familiar with how workers and supervisors are
advised, but see if you can find out how management gets its advice. If you are not
currently employed, you can use the example of a previous employer or find out
about a local health-related business.
1. be sure to include how people from different culturally and linguistically diverse
backgrounds receive their information.

2. As a supervisor, how would you encourage all workers to be involved in


discussions around OH&S issues and the maintenance of a safe workplace?
Include a brief outline of why consultation is necessary in the county services
industry sectors.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 114 of 135


Assessment task 7:
Identifying risks
(Workplace project, written responses)
1. Identify a risk in your organisation that is dealt with on a continuing basis. What
are the factors that determine?
a) When the risk is dealt with?

b) Who deals with it?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 115 of 135


c) The level and success of the management of the risk?

d) What are the cost factors involved in the identification and then the
management of each of these risks?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 116 of 135


Assessment task 8:
Risk management tools and techniques
(Written responses)
When you assessed the level of risk of a hazard in your workplace what tools and
strategies have you used, and what factors impacted on the effectiveness of the
controls? Explain how and to whom this information was communicated?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 117 of 135


Assessment task 9:
Analysing risks
(Written report)
Describe a hazardous event resulting from one of the hazards identified, or another
that you have encountered in the workplace.
Go through the full risk management process to:
a) Find the cause
b) Assess the likelihood of the risk reoccurring
c) Reach resolution
d) Prevent recurrence.
e) The impact of the risk occurring
You will need to describe briefly:
The investigation of the incident, along with the strategies that need to be
implemented to prevent recurrence.
(Minimum of 500 words

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 118 of 135


Assessment task 10:
Implementing risk management plan
(Research, analysis, article evaluation, written report)

a) Research on the internet current newspaper, magazines etc or old articles for
incidents where risk management processes could have been better
managed.
b) Once you have located your article write a 300 word report of the article, and
outline how the risk management process could have been improved and
may have prevented the disaster, financial biological etc.
c) You can use the findings of experts to help you. Reference the source of your
article.
Read this example for inspiration.

Severe acute respiratory syndrome (SARS) was a new disease identified in March
2003. It killed more than 520 people around the world and infected more than 7000
in 29 countries. It was believed to have originated in the Guangdong province of
southern China where it crossed the animalhuman divide as a result of extremely
close contact between animals (such as pigs and poultry) and humans.
At the time of the outbreak there was no vaccine for SARS. Problems relating to the
identification and treatment of the virus were compounded by a culture of secrecy
within China and by its spread to poor, isolated rural areas. SARS had a negative
impact on business, trade and tourism through Asia and the rest of the world.
Although the World Health Organization responded relatively quickly to the SARS
outbreak China did not have adequate risk management strategies to contain and
treat the virus in its early stages.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 119 of 135


Assessment task 11:
Ensure all documentation is in order and appropriately stored
(Workplace project, written responses, portfolio)
1. What documentation do you think needs to be in place for risk control systems to
be supported?

If you are currently employed, examine your own workplace to locate relevant
documentation. Aim to find three of the following forms (if you are not in a
workplace, some of these can be found online or even photocopied from a local
service or council):
OH&S policies and procedures
Accident/incident report/investigation forms
Material safety data sheets
Analysis and records of accident/incident statistics
Work cover guidelines and information sheets
Hazard identification reports
OH&S action reports
Health and Safety representatives reports
Minutes from OH&S committee meetings
Minutes from team meetings
Poster signage.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 120 of 135


2. List which three forms you found:

3. What is in place to ensure these processes work and are useful?

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 121 of 135


Assessment task 12:
Evaluating the Risk Management process
(Portfolio, workplace project, Questions and write responses)
Present one example of an audit tool to be used in the risk management context.
Store this in your portfolio.
1. Explain how the audit tool relates to risk management (the why, or risk
management context). You may identify a tool that is currently used by your
organisation or one that you could use. This will be the tool that you will be using
for your own risk analysis, so now is a good time to receive feedback.

2. Identify systems in your organisation that monitor, record and report risk or that
can be used to do this. How might you incorporate in these systems and
procedures, a process that monitors records and reports risk? Suggest
improvements designed to increase the quality of the monitoring process.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 122 of 135


TRAINING RECORD SUMMARY SHEET
BSBRSK501A Manage risk

The Training Record of :

Trainer

RTO

ELEMENTS OF COMPETENCY ASSESSOR DATE SUPERVISOR C/NYC COMMENTS


SIGNATURE SIGNATURE

Element 1: Establish risk


context
Element 2: Identify risks
Element 3: Analyse risks
Element 4: Select and
implement treatments

Evidence Gathered

(Please tick each one)

Activities from Learning Resource:

Written Assessment Tasks (at end of resource)

On-the-job-assessment
3rd party report(s)

C
NYC

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 123 of 135
Observation Workplace Assessment Form
Community services training package

Name of candidate

Unit BSBRSK501A Manage risk

Workgroup

Name of Assessor

Assessment strategy
a demonstration of the competency in an on-the-job situation or a simulation

oral questioning
any relevant workplace documents that support the assessment

Conditions under which the assessment should take place:


------------------------------------------------------------------
------------------------------------------------------------------
------------------------------------------------------------------
Questions Observation 1 Observation 2
Element 1: Establish risk context

1.1 Review organisational processes,


procedures and requirements for Yes No Yes No Yes No
undertaking risk management
1.2 Determine scope for risk management
process Yes No Yes No Yes No
1.3 Identify internal and external
stakeholders and their issues Yes No Yes No Yes No
1.4 Review political, economic, social, legal,
technological and policy context Yes No Yes No Yes No
1.5 Review strengths and weaknesses of
existing arrangements Yes No Yes No Yes No
1.6 Document critical success factors, goals
or objectives for area included in scope Yes No Yes No Yes No
1.7 Obtain support for risk management
activities Yes No Yes No Yes No
1.8 Communicate with relevant parties about
the risk management process and invite Yes No Yes No Yes No
participation

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 124 of 135
Element 2: Identify risks
2.1 Invite relevant parties to assist in the
identification of risks Yes No Yes No Yes No
2.2 Research risks that may apply to scope

Yes No Yes No Yes No


2.3 Use tools and techniques to generate a
list of risks that apply to the scope, in Yes No Yes No Yes No
consultation with relevant parties
Element 3: Analyse risks
3.1 Assess likelihood of risks occurring
Yes No Yes No Yes No
3.2 Assess impact or consequence if risks
occur Yes No Yes No Yes No
3.3 Evaluate and prioritise risks for
treatment Yes No Yes No Yes No
Element 4: Select and implement treatments
4.1 Determine and select most appropriate
options for treating risks Yes No Yes No Yes No
4.2 Develop an action plan for implementing
risk treatment Yes No Yes No Yes No
4.3 Communicate risk management processes
to relevant parties Yes No Yes No Yes No
4.4 Ensure all documentation is in order and
appropriately stored Yes No Yes No Yes No
4.5 Implement and monitor action plan
Yes No Yes No Yes No
4.6 Evaluate risk management process
Yes No Yes No Yes No
Signed by the assessor:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Dated:

Signed by the candidate:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Dated:

Comments

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 125 of 135
BSBRSK501A Manage risk
Questions to support Skills Assessment
Applicant:

Name of RTO:

Assessor:
Workplace:
Date of
assessment:

Satisfactory response
Yes No
Q1.
Describe what the risk management process involves.

Q2. Explain how you identify areas for hazard control and OHS risk
improvement?
Q3.
Explain your role in identifying potential risks in the workplace?

Q4. Explain why a record keeping process and the analysis of such
records essential for the management of OH&S in the workplace?
Q5. Describe you have monitored and reported risks in the workplace?
Give an example of a risk that was identified and your response to
minimise its impact on the project should the risk have occurred?

Q6. Briefly explain how OHS action plans are implemented and monitored
in your workplace?

The applicants underpinning knowledge was: Not satisfactory Satisfactory

Feedback to applicant:

Applicant signature:

Assessor signature:

Comments:

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 126 of 135
BSBRSK501A Manage risk
3rd party report
Candidates name

Third party evidence provided by

Relationship to candidate

Evidence collected Interview at the workplace

Interview on the telephone

Interview conducted by

Instructions

As part of the assessment for the unit of competency listed above, evidence is sought to
support a judgement about the candidates competence. A letter of support from the
organisation validating a range of tasks that the candidate has successfully completed would be
useful in identifying competency.

Does the candidate consistently: Yes No

1. Reviews organisational processes, procedures and requirements for



undertaking risk management.
2. Determines scope of projects for the risk management process.
3. Identifies internal and external stakeholders and their issues.
4. Reviews political, economic, social, legal, technological and policy contexts

which apply to the workplace.
5. Communicates with relevant parties about the risk management process

and invite participation
6. Invites relevant parties to assist in the identification of risks.
7. Researches risks that may apply to scope
8. Uses risk identification tools and techniques.
9. Assesses likelihood of risks occurring.
10. Assesses impact or consequence if risks occur
11. Evaluates and prioritise risks for treatment.
12. Determines and selects most appropriate options for treating risks.
13. Develops action plans for implementing risk treatment.
14. Communicates risk management processes to relevant parties
15. Ensures all OHS documentation is in order and appropriately stored.
16. Evaluates risk management process.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 127 of 135


Comments

Supervisors signature Date

Assessor s signature Date

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 128 of 135
BSBRSK501A Manage risk
Assessment plan/Mapping document

Assessor Evidence Matrix

This Assessment plan is to be completed with the assessor.


Your assessor will discuss the following areas with you. They should be ticked off once you are
confident that you have understood the information and procedures regarding this assessment.

Purpose and outcomes of the assessment process


Relevant units of competency
Appeals process
Confidentiality and security of information
Special needs/Additional information

Candidates Name PHONE NO.

Assessors Name PHONE NO.

Employer Contact
PHONE NO.
Details
Location of
Assessment

Assessment Date Time

Industry Specialist
If Required.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions
Page 129 of 135
Purpose of Essential knowledge/Essential Skills:

Essential knowledge:
AS/NZS 4360:2004 Risk management.
legislation, codes of practice and national standards, for example:
duty of care
company law
contract law
environmental law
freedom of information
industrial relations law
privacy and confidentiality
legislation relevant to organisation's operations
legislation relevant to operation as a business entity
organisational policies and procedures, including:
risk management strategy
policies and procedures for risk management
overall operations of organisation
reasonable adjustment in the workplace for people with a disability
Types of available insurance and insurance providers.
Essential Skills
. communication and literacy skills to consult and negotiate, to prepare communications about risk
management, and to encourage stakeholder involvement
organisational and management skills to plan and implement risk management processes
Problem-solving and innovation skills to find practical ways to manage identified risks.

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 130 of 135


ASSESSMENT TOOLS: Brief Description of Tasks required during the gathering or evidence or during assessment.
Methods of Assessment To demonstrate competence in this unit you are required to complete the following assessment tasks:
(Delete methods not required) (Remove any tasks (ie if assessment is conducted as a whole of workplace duties observation) or add more tasks if required)

Elements of Competency Activities Assessment Portfolio Work Practical Questions & Skills Observation Case Group Supplementary Evidence
Tasks Project Demo Answers/ Questions Performance Study Discussions ie 3rd Party Reports
Written Checklist Analysis RPL/RCC
Assessment

Element 1: Establish risk


context
1,2,3 1,2
1.1 Review organisational
processes, procedures
and requirements for
undertaking risk
management
3 1,2
1.2 Determine scope for
risk management
process
3,4,9,10 2,3
1.3 Identify internal and
external stakeholders
and their issues
3,5 4,10
1.4 Review political,
economic, social, legal,
technological and
policy context
3,6 5
1.5 Review strengths and
weaknesses of
existing arrangements
3 5
1.6 Document critical
success factors, goals
or objectives for area
included in scope
3 6
1.7 Obtain support for
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 131 of 135


Elements of Competency Activities Assessment Portfolio Work Practical Questions & Skills Observation Case Group Supplementary Evidence
Tasks Project Demo Answers/ Questions Performance Study Discussions ie 3rd Party Reports
Written Checklist Analysis RPL/RCC
Assessment
risk management
activities
3,7 6
1.8 Communicate with
relevant parties about
the risk management
process and invite
participation

Element 2: Identify risks


3,8,11 7
2.1 Invite relevant
parties to assist in
the identification of
risks
3 7
2.2 Research risks that
may apply to scope
3 7,8
2.3 Use tools and
techniques to
generate a list of
risks that apply to the
scope, in consultation
with relevant parties

Element 3: Analyse risks


3 9
3.1 Assess likelihood of
risks occurring
3,12 9
3.2 Assess impact or
consequence if risks
occur
3
3.3 Evaluate and prioritise
risks for treatment

Element 4: Select and


implement treatments
BSBRSK501A Manage risk
March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 132 of 135


Elements of Competency Activities Assessment Portfolio Work Practical Questions & Skills Observation Case Group Supplementary Evidence
Tasks Project Demo Answers/ Questions Performance Study Discussions ie 3rd Party Reports
Written Checklist Analysis RPL/RCC
Assessment
3 10
4.1 Determine and select
most appropriate
options for treating
risks
3,13,15 10
4.2 Develop an action plan
for implementing risk
treatment
3
4.3 Communicate risk
management
processes to relevant
parties
3 11
4.4 Ensure all
documentation is in
order and
appropriately stored
3
4.5 Implement and
monitor action plan
3,16 12
4.6 Evaluate risk
management process

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions Page 133 of 135
CONDITIONS OF ASSESSMENT (CONTEXT):
Performance can be demonstrated through assessment of evidence generated from work practice

CRITICAL ASPECTS OF ASSESSMENT

Evidence of the following is essential:


risk management plan which includes a detailed stakeholder analysis, explanation of the risk context,
critical success factors, identified and analysed risks, and treatments for prioritised risks
details of monitoring arrangements for risk management plan and an evaluation of the risk management
plan's efficacy in treating risks
Knowledge of relevant legislation, codes of practice and national standards.

METHOD OF ASSESSMENT
A range of assessment methods should be used to assess practical skills and knowledge. The following
examples are appropriate for this unit:
direct questioning combined with review of portfolios of evidence and third party workplace reports of on-
the-job performance by the candidate
observation of presentations
oral or written questioning to assess knowledge of risk management policies and procedures
review of documented critical success factors, and goals or objectives for area
review of risks prioritised for treatment
evaluation of action plan for implementing risk treatment
Evaluation of documentation communicating risk management processes to relevant parties.

Assessment Instructions to the candidate:

Resource requirements for assessment:


For the Assessment of this unit of competency the following resources may be required:
Knowledge testing and simulation exercises conducted in a training program
Knowledge tested or inferred from explanations and performance in work place applications
Observation of performance in routine workplace activities
Documentation and products produced as part of routine work activities
Observation and documentation from specially conducted assignments based on routine work requirements
Observations from supervisors, colleagues and clients

Supplementary Evidence (to be provided by candidate as agreed upon)

Eg. Third Party report by supervisor

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 134 of 135


Key Competencies

Key competencies at _ Level have been integrated into the assessments which relate to this
unit of competency and this assessment plan

Allowable Adjustments:

Date of assessment:

Assessment will take place at a mutually agreed time between the candidate and the assessor.

DATE: (Insert agreed date)

Assessor/s signature: Date:

In signing this form the candidate acknowledges that the assessment plan has been fully explained and s/he
understands and agrees to the assessment process as described above.

Candidates signature: Date:

Comments

BSBRSK501A Manage risk


March 2012 Author_ Drew Dwyer Frontline care Solutions

Page 135 of 135