Professional Documents
Culture Documents
Resource
Risk Management
Management 1
BSBRSK401 Identify Risk and Apply Risk Management Processes
2
Contents
Unit of Competency........................................................................................... iv
BSBRSK401 Identify Risk and Apply Risk Management Processes.................. iv
Grading System................................................................................................ iv
Assessment 1.................................................................................................... v
Assessment 2................................................................................................... vi
Legend............................................................................................................. vii
1. Identify risks.................................................................................................. 1
Activity 1.1..............................................................................................................7
Activity 1.2............................................................................................................11
Activity 1.3............................................................................................................14
2. Analyse and evaluate risks.......................................................................... 15
Activity 2.1............................................................................................................17
Activity 2.2............................................................................................................20
Activity 2.3............................................................................................................23
3. Treat risks................................................................................................... 24
Activity 3.1............................................................................................................27
Activity 3.2............................................................................................................30
Activity 3.3............................................................................................................32
Activity 3.4............................................................................................................34
Activity 3.5............................................................................................................36
4. Monitor and review effectiveness of risk treatment/s................................. 37
Activity 4.1............................................................................................................39
Activity 4.2............................................................................................................41
Activity 4.3............................................................................................................43
Appendix Tables........................................................................................... 44
UNIT OF COMPETENCY
BSBRSK401 Identify Risk and Apply Risk
Management Processes
Elements
1. Identify risks
3. Treat risks
GRADING SYSTEM
High Distinction (HD) 85% and above
ASSESSMENT 1
BSB41015
Certificate IV in Human Resources
Course Name
BSB42015
Certificate IV in Leadership and Management
Weighting 50%
BSBRSK401
Units of Competency
Identify Risk and Apply Risk Management Processes
Instructions
1. Assessments should be completed as per your trainers instructions.
2. Assessments must be submitted by the due date to avoid a late
submission penalty.
3. Plagiarism is copying someone elses work and submitting it as your
own. You must write your answers in your own words or appropriately
reference your sources. A mark of zero will be given for any assessment
or part of an assessment that has been plagiarised.
4. A list of references must be included.
5. You may discuss your assessments with other students, but submitting
identical answers to other students will result in a failing grade. Your
answers must be yours alone.
6. Your trainer will advise whether the assessment should be digitally
uploaded or submitted in hard copy. Assessments that are digitally
uploaded should be saved in pdf format.
7. You must pass both assessments in the subject to pass the subject.
ASSESSMENT 2
BSB41015
Certificate IV in Human Resources
Course Name
BSB42015
Certificate IV in Leadership and Management
Weighting 50%
BSBRSK401
Units of Competency
Identify Risk and Apply Risk Management Processes
Instructions
1. Assessments should be completed as per your trainers instructions.
2. Assessments must be submitted by the due date to avoid a late
submission penalty.
3. Plagiarism is copying someone elses work and submitting it as your
own. You must write your answers in your own words or appropriately
reference your sources. A mark of zero will be given for any assessment
or part of an assessment that has been plagiarised.
4. A list of references must be included.
5. You may discuss your assessments with other students, but submitting
identical answers to other students will result in a failing grade. Your
answers must be yours alone.
6. Your trainer will advise whether the assessment should be digitally
uploaded or submitted in hard copy. Assessments that are digitally
uploaded should be saved in pdf format.
7. You must pass both assessments in the subject to pass the subject.
LEGEND
Not all ICONS are used in this workbook
Research/Investigate
This tells you to go and find out some information
Activity/Provide notes
This indicates that you need to take notes and/or complete
an exercise/activity in this workbook
Reference material/manuals
This means you should look to sample of organisations
policies and procedures or to some other learning material,
resources to complete this exercise/activity.
Think
Take some time to think about the information and record
your own ideas
Talk
Talk to your peers, colleagues swap ideas.
Reading
Selected extra reading requirements.
You
Sydney Ferries
Youtube
Selected Youtube requirements.
Tube
1. IDENTIFY RISKS
What is risk management?
Risk management is the ability to identify risk and be able to use counter-
measures to prevent or minimise that risk. This is usually used in the context of
business for financial risk but can also be used for other situations where risk
needs to be assessed and managed, such as project management and for health
and safety.
Applying risk management processes in any organisation is an integral part
of any managers role. Managers need to be able to identify risks, hazards
and other situations that can cause harm to the business or people within the
business.
Staff members need to be safe at all times in the workplace and part of the
duty of care rests with their manager in ensuring they are in a safe working
environment. If a risk is present, management needs to take action to remove or
eliminate it for the safety of staff members.
So what is risk?
A risk is an event, activity, a situation or problem that could impact on
organisational objectives.
TYPES OF RISK
Risks take many forms and they can be classified in various ways. Some risks
can be anticipated, while others a business has little control over.
Risks can be classified into five types:
ff Strategic protection of intellectual property, loss of a major account,
competitor coming into the market, pursuing or not pursuing a new
opportunity
ff Compliance failure to comply with a regulation or standard, breach of
contract, responding to the introduction of new legislation
ff Financial increase in interest rates, non-payment by a customer, foreign
exchange movement, managing bad debts
ff Operational breakdown of major equipment causing production delays,
data security, theft, fire, dealing with hazardous chemical or materials, key
employee leaving
ff Market or environmental external risks that a company has little control
over such as major storms or natural disasters, global financial crisis,
changes in government legislation or policies.
Many risks fall into different types so there is not a hard and fast rule when
classifying risks. For instance, a change in government legislation or polices
could also impact on compliance. Or, movement in foreign exchange might
hinder a companys ability to sell internationally, thus impacting on its strategy.
Putting risks into different types can help with formulating a risk management
plan.
WORKBOOK | 2017 YOUNG RABBIT PTY LTD, AUSTRALIAN PACIFIC COLLEGE
BSB41015 CERTIFICATE IV IN HUMAN RESOURCES and BSB42015 CERTIFICATE IV IN LEADERSHIP AND MANAGEMENT
RISK MANAGEMENT 1_V6.5
2
Note: The AS/NZS ISO 31000 (dated from 2009) is an adoption of the
International standard ISO 31000 and supersedes the AS/NZS 4360 standard for
Australia and New Zealand. The joint Australia/New Zealand committee OB-007
decided to use this instead of revising the AS/NZS 4360 standard so that a more
unified international standard on risk management could be promoted.
A duty of care
All organisations have a duty of care towards their staff and should put
measures in place to prevent all possible causes of injury from occurring at their
premises. All physical risks need to be assessed and counter-measures made to
ensure the work place is a safe environment for all that work or visit there.
All staff should also follow the correct action to ensure the safety of themselves
and also of their colleagues; no member of staff should put themselves
or another person at risk from any hazard. Your organisation should put
procedures in place to ensure all members of staff are aware of the safety
requirements and provide any training that may be necessary.
Activity 1.1
3. What is the name of the current Australian standards in place for risk
management?
Activity 1.2
Activity 1.3
3. When did WHS legislation come into force, and what did it replace?
the feasibility of the plan and at the required changes. Remember to include
industry regulations in your requirements and discuss options with the team.
Review and make changes to the plan as needed and communicate your
findings to all staff members and any relevant stakeholders. You may only need
to discuss the key points to the majority of your stakeholders, as it may not be
appropriate to discuss the in-depth business operations of your organisation.
Activity 2.1
3. List three questions that may be asked when analysing the risks.
Risk matrix
A risk matrix categorisation provides an overview of the potential risks within a
table format to show areas of concern and any priorities that need to be worked
on. This is a useful way to assess any probabilities of risk.
As in the example below, this template risk matrix shows how to evaluate risk
level..
Example: you may decide the likelihood of a fire is unlikely (a score of 2) but
the consequences are catastrophic (a score of 5). Using the tables and formula
above, a fire therefore has a risk rating of 10 (i.e. 2 x 5 = 10) means High.
Analyse of risk level Quantitative (risk rating table example)
In order for a risk matrix to be successfully used, you should design a specific
matrix for your particular needs and carefully monitor individual risks through
the project. If not used correctly the matrix will not give you a clear indication of
risk.
Activity 2.2
A risk assessment
A risk assessment can be carried out for many reasons and it ensures that
safety is reviewed and maintained. With change comes the need to meet
organisational guidelines and procedures and a risk assessment provides
the opportunity to check your list of requirements and to make sure you are
following the correct policies in place for your business.
You may want to make a risk assessment on:
ff Changes to equipment and new technology used at your workplace
ff An accident or incident that happens at your business
ff Implementing a change in working procedures
ff Security requirements for the protection of your premises
ff Changes to staff resourcing.
Identifying hazards
A hazard is the threat of potential injury, harm to a person, property,
environment; it is also the threat of damage to your business, be it profits,
reputation or inadequate working practices. This provides the opportunity for
other organisations to step in and take a share of your business, which further
damages your organisations ability to bounce back.
You may want to seek advice from:
ff Technical and industry experts
ff Insurance assessors
ff WHS representatives
ff Professional associations
ff Colleagues and peers.
Businesses that plan and document their risk management, and review this
regularly for effective management of risks, are better placed for successful
operations. By staying alert and ahead of any risks, they take the necessary
preventative actions to divert negative impacts. Only the unforeseen risks will be
the hazards that are difficult to control and if any occur, the organisation will be
in a better position to deal with these.
It will be the organisations that do not plan careful risk management or take
responsibility for the continual monitoring of their risk management that will
have uncertain outcomes.
Documentation
Your organisation will need to keep records for legal requirements and for any
future analysis needs. All incidents of risk need to be documented so that future
occurrences of risk can be avoided and your organisational systems can be
improved to better handle such situations.
Templates and copies of forms should be made available to staff for their use
and clear procedures should be explained so that all employees follow the
correct documentation processes. You may have forms for risk assessment,
incidents/accidents, risk monitoring, risk matrix, risk register (See Table 5)
Risk register
A risk register will help you to review your risk measures and to communicate
progress to other personnel. The register documents the risk details, the
current position of each risk and the effects each has had. Carrying out risk
tasks should be a daily routine for any project manager and will keep you on
top of both current risks and any new situations of risk that may arise through a
project.
A risk register includes:
ff Risk descriptions
ff Ownership issues of risk
ff Basic analysis for cause and effect.
This will enable you to track the risks involved and to moderate tasks as
required. It will also allow you to update the status of the risks so that the
information is current to all.
Look to see if the risk result has disappeared as a result of the treatment plans
performed or if a new risk has emerged as a result. It is helpful to log any new
risks and needs that evolve over time.
Activity 2.3
1. Name three things that you may want to make a risk assessment on.
2. Who could you seek advice form when identifying the hazards of a risk?
3. TREAT RISKS
3.1 Determine appropriate control measures for
risks and assess for strengths and weaknesses
Using control measures
From all of your documentation and analysis you will in a position to determine
the control measures needed for your recognised risks. If you need to do this in
consultation, make sure everyone involved has the facts at hand and can give a
true response to help you decide upon the correct measures for control.
Control measures may include:
ff Hierarchy of controls:
reduction in likelihood of risks
reduction of consequences of risks
retention of risks
risk aversion
transfer of responsibility of risks.
Strengths Weaknesses
ff Budget allocated ff Project will take a long time to
ff Market experience complete
ff Established team and resources ff Costs may increase
ff Environmental impact
Opportunities Threats
ff Project will guarantee jobs ff Consumer market close to
ff Financial gain saturation
ff Possible expansion of organisation ff Longevity of outcome unsure
ff Delays in meeting deadlines
Gather all the information that you need to start making decisions on the next
steps. Without all the information at hand, making decisions will be difficult
and could prove to be incorrect for your organisations needs. Never assume
anything, find the information that you need and make sure it is from trusted and
approved sources.
The following highlights some of the steps you may need to take when looking to
make decisions:
ff Identify the issues and determine initial risks
ff Analyse the situation to understand what information you have, what you will
need and how you can get this
ff Use a S.W.O.T. analysis to determine if further investigation are plausible
ff Identify all scenarios and options available (brainstorm with colleagues and
anyone else who can help)
ff Select the best option and develop a risk analysis and contingency plan
ff Implement the decision and document steps taken to get to this point.
Activity 3.1
Threat of new
entry
Threat
of
substitution
Resources needed:
Timelines: Deadlines:
Implementation comments:
Activity 3.2
1. What are the five forces named in the Porters Five Forces model?
Activity 3.3
Staff should be encouraged to operate on above the line principles for decision-
making. This helps staff to work better within their roles and responsibilities.
Below the line behaviour often comes from a lack of security in the job role,
undefined expectations, or a lack of self-esteem and belief in ones experience
and skills. Good management of staff should empower and provide a secure
environment for staff to work in and use above the line behaviour.
Activity 3.4
Activity 3.5
1. What are the responses to risk that you could take when formulating your
treatment plan?
Measures of success
Measures of success may include:
ff Costs
ff Reductions in impact
ff Reductions in likelihood
ff Reductions in occurrence.
to make improvements and it helps to keep ahead of the changes within the
business market.
PDCA cycle
Dr William Edward Demings PDCA model (plan, do, check and act) shows
a cycle of repetition for determining where and when a change, update or
improvement in a process may be needed.
1. Plan 2. Do
ff Planning ahead (analysing and ff Executing the plan
predicting results) ff Taking steps to control the plan
ff Identifying customer expectations ff Trialling the changes
ff Identifying improvements ff Monitoring and evaluating the plan
ff Developing possible solutions
ff Developing action plans
ff Planning the improvement
3. Check 4. Act
ff Checking the actual outcomes ff Taking action to improve the
ff Comparing results with intended process
outcomes ff Developing a new plan for
ff Identifying quality improvements improvements to be achieved
ff Identifying further opportunities
for improvement
Activity 4.1
1. Name three successes that you may be looking for when monitoring your
treatment plan.
3. What does PDCA stand for in Dr William Edward Demings PDCA model?
Auditing risk
In respect to auditing risk with other business activities, an audit will enable you
to gather all the relevant information from an activity performed so that you can
look back over what you have done. It allows you to look at the successful parts
and at the other areas that did not work so well and could have been improved
upon. It is an opportunity to review all relevant information.
By analysing the previous tasks in the audit, you can look at taking alternative
decisions and paths for your current project needs or for any future activities.
Your audit could include looking at:
ff The purpose of the work needed
ff The chosen strategy to fulfil the work
ff Risk management processes used
ff The strengths and weaknesses of your team
ff Resources for the project
ff Timescales
ff Activities that produced good results
ff Tasks that could have been improved
ff Any changes in your risk management
ff Decision-making processes.
Activity 4.2
1. What is an audit?
2. Name four possible areas that you may want to include in your audit for
risk.
Monitoring Suggested
Risk Who is involved
options improvements
Your responsibility
Managers should be responsible for providing correct and accurate information
to all staff on areas of risk and this should be checked to ensure it is supplied
from a trusted source. Confidentiality of information should also be respected;
never pass on information that is subject to privacy status. Always check on
confidentiality clearance before disclosing information.
All information on your risk management processes and results should be
current and regularly monitored and reviewed for changes. Your reviews will
help you to establish good practices and also to determine what works well and
what doesnt work well in future work.
Risk management needs to be at an effective level to prevent any sudden and
unexpected changes within your work area and also within your organisation. To
achieve the successful results you would like, make risk management a priority.
Activity 4.3
2. Where should your information for your risk management come from?
Economic
Human behaviour
44
Natural events
Technology
Management
Individual activity
BSB41015 CERTIFICATE IV IN HUMAN RESOURCES and BSB42015 CERTIFICATE IV IN LEADERSHIP AND MANAGEMENT
Organisational
behaviour
45
controls
Date:
Consequences
Risk
Risk Register
Activity
Review
Ref
For further information on APC courses please see Student Services, email info@apc.edu.au with
your enquiry, or visit our website at www.apc.edu.au
2017 Australian Pacific College
Head Office:
Lower Ground, 189 Kent Street
Kent St Campus (CBD)
Sydney NSW 2000
P (61 2) 9251 7000
F (61 2) 9251 7575
Web: www.apc.edu.au
#NAME?
1732