Documentos de Académico
Documentos de Profesional
Documentos de Cultura
BSBRSK501A
Student Workbook
Student Workbook
Acknowledgment
Innovation and Business Industry Skills Council (IBSA) would like to
acknowledge Equip Grow Lead for their assistance with the development of this
resource.
Writers: Shane MacDonald, Emily Logan and Peter Baskerville
Industry reviewer: Rod Peters, David Parry and Greg Field
Copyright and Trade Mark Statement
2010 Innovation and Business Industry Skills Council Ltd
All rights reserved. Apart from any use permitted under the Copyright Act 1968, no part of this publication may be
reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, or otherwise, without written permission from the publisher, Innovation and Business Industry Skills
Council Ltd (IBSA).
Use of this work for purposes other than those indicated above, requires the prior written permission of IBSA. Requests
should be addressed to Products and Services Manager, IBSA, Level 11, 176 Wellington Pde, East Melbourne VIC, 3002
or email sales@ibsa.org.au.
Innovation and Business Skills Australia, IBSA and the IBSA logo are trade marks of IBSA.
Disclaimer
Care has been taken in the preparation of the material in this document, but, to the extent permitted by law, IBSA and
the original developer do not warrant that any licensing or registration requirements specified in this document are
either complete or up-to-date for your State or Territory or that the information contained in this document is error-free
or fit for any particular purpose. To the extent permitted by law, IBSA and the original developer do not accept any
liability for any damage or loss (including loss of profits, loss of revenue, indirect and consequential loss) incurred by any
person as a result of relying on the information contained in this document.
The information is provided on the basis that all persons accessing the information contained in this document
undertake responsibility for assessing the relevance and accuracy of its content. If this information appears online, no
responsibility is taken for any information or services which may appear on any linked websites, or other linked
information sources, that are not controlled by IBSA. Use of versions of this document made available online or in other
electronic formats is subject to the applicable terms of use.
To the extent permitted by law, all implied terms are excluded from the arrangement under which this document is
purchased from IBSA, and, if any term or condition that cannot lawfully be excluded is implied by law into, or deemed to
apply to, that arrangement, then the liability of IBSA, and the purchasers sole remedy, for a breach of the term or
condition is limited, at IBSAs option, to any one of the following, as applicable:
(a)
if the breach relates to goods: (i) repairing; (ii) replacing; or (iii) paying the cost of repairing or replacing, the goods;
or
(b)
if the breach relates to services: (i) re-supplying; or (ii) paying the cost of re-supplying, the services.
Table of Contents
Introduction .............................................................................................................1
Features of the training program .....................................................................1
Structure of the training program ....................................................................1
Recommended reading ....................................................................................1
Section 1 Introduction to Risk ............................................................................2
What skills will you need? ................................................................................2
Understand risk and risk management ...........................................................2
Establish the context ..................................................................................... 10
Understand importance of relevant legislation............................................ 13
Section summary ........................................................................................... 27
Further reading............................................................................................... 27
Section checklist ............................................................................................ 27
Section 2 Identifying Risk................................................................................. 28
What skills will you need? ............................................................................. 28
Review the external environment ................................................................. 29
Determine strengths and weaknesses ......................................................... 32
Review and document objectives ................................................................. 34
Identify risks ................................................................................................... 35
Research ......................................................................................................... 42
Involve others in risk identification ............................................................... 46
Section summary ........................................................................................... 48
Further reading............................................................................................... 48
Section checklist ............................................................................................ 48
Section 3 Analysing and Evaluating Risk ........................................................ 49
What skills will you need? ............................................................................. 49
Determine likelihood of risk .......................................................................... 50
Assess consequence of risk .......................................................................... 52
Evaluate and prioritise risk ............................................................................ 54
Determine risk treatment options................................................................. 57
Develop an action plan for treating risks ..................................................... 64
Section summary ........................................................................................... 78
Further reading............................................................................................... 78
Section checklist ............................................................................................ 78
Student Workbook
Introduction
Introduction
Features of the training program
The key features of this program are:
Recommended reading
Some recommended reading for this unit includes:
Page 1 of 100
Student Workbook
Page 2 of 100
Student Workbook
Definition of risk
The concept of risk is incorporated into so many different business disciplines
from insurance to engineering to financial investment, so each of them have
developed their own definition of the concept of risk.
In this workbook, we will take the view that risk is an event or action, where if it
occurs, will cause a loss to an organisations valuable resources and adversely
affect the goals and objectives of that organisation.
Risk is the estimated likelihood of occurrence of an uncertain event, and its
impact on organisational objectives should it occur.
Probability
Consequence
Organisational
objectives
Page 3 of 100
Student Workbook
Valuable resources
Valuable resources that can be affected by risk are not just financial. In todays
business environment, the loss of reputation or brand value can have far greater
impact on the organisations viability than the loss of some investment funds.
Other valuable resources that need to be considered in any loss evaluation
caused by risk are detailed below.
Human
workers,intellectualcapital,skills,experienceand
capabilities,levelsoftrust,managerialskills,firmspecific
practicesandprocedures,innovationandcreativity
technicalandscientificskills
Financial
cash,investments,shares,capacitytoraiseequity,
borrowingcapacity
Physical
plant,equipment,stateoftheartmachinery,equipment
andelectronics,land,buildings,vehicles,furniture,facilities
Intellectualproperty
patents,copyrights,trademarks,tradesecrets,software
Organisationalexcellence
evaluationandcontrolsystems,effectivestrategicplanning
processes,outstandingcustomerservice,excellentproduct
developmentcapabilities,innovativenessofproductsand
services,abilitytohire,motivate,andretainhumancapital,
innovativeproductionprocesses,favourablemanufacturing
locations,innovationcapacities,effectivestrategicplanning
processes,excellentevaluationandcontrolsystems
Intangible
information,reputation,brandvalue,goodwill.
Page 4 of 100
Student Workbook
Strategic resources
Many people understand the impact of an unfavourable event on tangible assets,
but often overlooked is the impact that adverse events can have on the
organisations intangible assets. All the resources listed above are valuable, but
some resources take on an even more important role in an organisation because
they become strategic. They are classified as being strategic because they give
the business its competitive advantage. To qualify as strategic they need to be:
Rare
Thatis,uniqueorinveryshortsupply.Forexample,personnelwho
areleadingexpertsintheirfield,andbringknowledgeorskillsthatare
notwidelyavailable.
Difficulttoimitate
Thatis,hardtocopyduetoexpenseortimerequiredtoacquire,For
example,thebrandrecognitionassociatedwithalongestablished
organisationorproduct.
Difficulttosubstitute
Thatis,cannoteasilybereplicatedusingalternativesources.For
example,longtermrelationshipsorworkingpartnershipsbetween
specificindividualsororganisationsthatgenerateshighlevelsof
creativityandinnovation.
Page 5 of 100
Student Workbook
Rare
Difficultto
substitute
Difficultto
imitate
Many of these resources are intangible, and are in many cases the most
important ones to risk manage.
Learning activity: Strategic resource
Think about your own work skill sets. Most of what you know or are good at is of
value to a workplace environment. Write down the skill sets or owned items that
you have that could be called rare, difficult to copy and difficult to substitute.
These are your strategic resources.
Risk types
Risk identification is proactive. If youre looking for them you will soon find them
when discussing activities with team members, observing the workplace
environment, reading reports and analysing results. Over the broad spectrum,
risks can be categorised in various ways, for example:
Risks can be grouped into two types:
Certain those risks that will definitely occur at some point in time, for
example, employee sick days.
Uncertain those that may occur at some point in time, for example, an
employee being injured in the workplace.
Page 6 of 100
Student Workbook
Pure risk where there are only negative or unfavourable outcomes for the
organisation.
Risk type
1.
2.
3.
Page 7 of 100
Student Workbook
Quality Improvement Council, 2010, Introducing Risk Management Standard AS / NZS 4360:
2004, GPDV, viewed April 2010,
<www.gpv.org.au/files/...files/.../riskmanagementstandardsAS_march05.ppt>.
Page 8 of 100
Student Workbook
Identify risks
Treat risk
AS/NZ 4360: 2004 views the analysis and evaluation of risk as two separate
elements and so outlines seven elements in the risk management process.
Establish the context Determine the scope of the project, both internally
and externally. Establish the criteria by which a risk may be evaluated.
Analyse risks Identify what the consequence and likelihood of the risk
taking place.
Evaluate risks Compare the potential rewards with the potential adverse
outcomes including the likelihood of each. This allows decisions to be
made regarding the priority and action required to manage the risk.
Treat risks The process of selecting which risks are to be managed and
taking measures to limit the result of highest priority.
Monitor and review Critically observe or measure the progress of the risk
management process and make changes where beneficial.
For the remainder of this chapter, we will look at establishing the context for risk
management. The other stages will be addressed in the following chapters.
BSBRSK501A Manage risk
2010 Innovation & Business Industry Skills Council Ltd
Page 9 of 100
Student Workbook
a particular project
2.
3.
Page 10 of 100
Student Workbook
Stakeholders
Once you have identified the scope of risk analysis and management, you must
identify the stakeholders: individuals, a group of people, or an organisation, that
can be affected by the risks or implementation of the risk management process.
Identification of stakeholders is an essential step in risk management. It
determines who should be involved in the formulation of the risk management
plan, and who you should communicate with regarding implementation of risk
management strategies and actions.
Identification of stakeholders includes identifying anyone impacted by the risk,
and documenting relevant information regarding their interests, involvement,
and impact on the effectiveness of the risk management process.
Page 11 of 100
Student Workbook
In the book The Handbook of Program Management2 Dr James T Brown gives the
following advice for identifying stakeholders.
Follow the resources. Every entity that provides resources, whether internal
or external, labour or facilities, and equipment, is a stakeholder. Line
managers and functional managers providing resources are stakeholders.
Follow the signatures. The individual who signs off on completion of the
final product or service is a stakeholder.
Look for the Unofficial People of Influence. These may be people who are
trusted by high-level leaders or who wield a lot of power through influence
and not position.
Page 12 of 100
Student Workbook
Role
Risk concerns
Page 13 of 100
Student Workbook
OHS regulations
OHS (Occupational health and safety) laws vary throughout Australia according to
the state parliament that passed the Act. For example, in Queensland it is the
Workplace Health and Safety Act 1995. While states have different names to
their acts covering the workplace, they all prescribe a similar set of requirements
for all managers including supervisors of projects. These are:
to ensure that work is performed in a safe manner and does not have any
negative effect on the workers health
Australian Government, 2001, National Privacy Principles, Office of the Privacy Commissioner,
viewed April 2010, <http://www.privacy.gov.au/materials/types>.
Page 14 of 100
Student Workbook
Collection
Organisationsmustensurethatindividualsareawaretheirpersonalinformationis
beingcollected,why,whoitmightbepassedontoandthattheycanaskthe
organisationwhatpersonalinformationitholdsaboutthem.
Use
Personalinformationmaynotbecollectedunlessitisnecessaryforanorganisations
activitiesandmustonlybeusedforthepurposeitwascollected.Manydirect
marketingmailerswillnowhavetooffertherecipienttheopportunitytoelectnot
toreceivefurthermailings.
Dataquality
Organisationsmusttakestepstoensurepersonalinformationtheycollectis
accurate,completeanduptodate.
Datasecurity
Anorganisationmusttakereasonablestepstoprotectthepersonalinformationit
holdsfrommisuseandlossandfromunauthorisedaccess,modificationor
disclosure.
Openness
Anorganisationmusthaveapolicydocumentoutliningitsinformationhandling
practicesandmakethisavailabletoanyonewhoasks.
Accessandcorrection
Generally,anorganisationmustgiveanindividualaccesstopersonalinformationit
holdsabouttheindividualonrequest.
Identifiers
Generally,anorganisationmustnotadopt,useordiscloseanidentifierthathas
beenassignedbyaCommonwealthgovernmentagency.
Anonymity
Organisationsmustgivepeopletheoptiontointeractanonymouslywheneveritis
lawfulandpracticabletodoso.
Transborder dataflows
Anorganisationcanonlytransferpersonalinformationtoarecipientinaforeign
countryincircumstanceswheretheinformationwillhaveappropriateprotection.
Sensitiveinformation
Sensitiveinformation(suchasaboutsomeone'shealth,politicalopinionsorsexual
preference),mayonlybecollectedwiththeconsentoftheindividual(unlessa
publicinterestexceptionapplies).
Page 15 of 100
Student Workbook
Onlycollect
informationthatis
necessary.
Collectinformationby
fairmeans.
Takereasonablesteps
toletpeopleknowthat
personalinformation
hasbeencollectedand
whatisgoingtobe
donewithit.
Donotdisclose
informationaboutthe
persontoathirdparty
thatyouarecollecting
informationfrom.
Takecareaboutthe
typeofinformation
containedinmessages
leftonanswering
machines.
Generally, personal information should only be used and disclosed for the
purpose that it was collected.
Learning activity: Application of National Privacy Principles
Considering the privacy laws, identify what National Privacy Principles are being
tested in the following circumstances?
Your organisations website asks for personal details but does not have a
displayed privacy statement.
A person approaches you at work and asks about a work colleague who
he says owes him money?
Contract law
Contract law is any law or regulation with the objective of enforcing certain
promises, namely, their formation, scope and content, avoidance, performance
and termination and remedies. This is important in risk management, as
contracts hold the potential for risk, and breach of contract may have
repercussions not only with the other party/s but may be in breach of legislation.
Page 16 of 100
Student Workbook
Australian contract law can be broken into five key sections detailed in the table
below.
Formation
Scope and
content
Avoidance
Performance
Most contracts come to a natural end when the parties have
and termination performed their respective obligations. A contract may also
come to an end by mutual agreement between parties, as a
result of the breach of contract by one of the parties, or due
to events that might prevent parties from performing their
obligations as planned.
Remedies
Page 17 of 100
Student Workbook
Company law
A corporation, or company, is a legal group of individuals who finance a business.
The group cannot become a company until it is registered with the Australian
Securities and Investment Commission (ASIC). ASIC will issue the new company
with a certificate of incorporation and an Australian Company Number (ACN)
which is used to identify the entity.
Key features of a company include the following.
Separatelegalentity
Continuouslife
Limitedshareholder
liability
Separateentityfrom
owner
There are two types of companies that in Australia: proprietary and public. The
diagram below shows some major differences between the two types.
Proprietary
Page 18 of 100
Public
Cannotsell
sharestopublic.
Cansellshares
topublic.
Areclassifiedas
largeorsmall.
Generallylarge
companies.
Lessreporting
requirements.
Greater
compliance
reporting
requirements.
Student Workbook
The consolidated gross operating revenue of the company and any entities
it controls is $10 million or more.
The value of the consolidated gross assets at the end of the financial year
of the company and any entities it controls is $5 million or more.
The company and any entities it controls have more than 50 employees at
the end of the financial year.4
2.
3.
Australasian Legal Information Institute, 2001, Corporations Act 2001 - Sect 45A,
Commonwealth Consolidated Acts, viewed April 2010,
<http://www.austlii.edu.au/au/legis/cth/consol_act/ca2001172/s45a.html>.
Page 19 of 100
Student Workbook
2.
Page 20 of 100
Student Workbook
Statement of Financial
Position
Statement of Cash
Flow
Financial records may be kept electronically, provided they are capable of being
converted into hard copy to anyone entitled to inspect them.
Note: a small proprietary company (as defined by the Corporations Act)
generally is not required to lodge formal financial reports to ASIC. On the other
hand, large proprietary companies, public companies and non-profit public
companies must produce, audit and lodge financial reports to ASIC.
Cash records
Creditors and
purchase records
Page 21 of 100
Student Workbook
A register of
Shows the transactions and balances relating to individual
property, plant and items.
equipment
Inventory records
Investment
records
Deeds, contracts
and agreements
Legal documentation.
Page 22 of 100
Student Workbook
a system that has at its heart bargaining in good faith at the enterprise
level
Below are some key elements of the Fair Work Act. The organisation should be
aware of these regulations to ensure its compliance. Compliance will decrease the
likelihood of risk to the organisation regarding workplace relations.
FairWork
Australia(FWA)
Unfair
dismissial
Overlooksworkplacerelations.
Hasthepowertovaryawards,makeordersrelatingto
minimumwageandsettleunfairdismissalclaims.
EmployeesmaylodgeunfairdismissalclaimstoFWAwithin
sevendaysiftheywereemployedforsixmonthsorlonger
(twelvemonthsifthebusinessemploysfifteenpeopleor
less).
Safetynet
Examplesofrightsareminimumstandards:
flexibleworkingarrangementsafter12months
12monthsunpaidparentalleave
contracts,agreementsandpoliciesbetweenemployersand
employeesthatreflectstheNationEmploymentStandards
(NES).
Prohibitionordiscriminationbasedon:race,colour,sex,
sexualpreferences,age,physical,mentaldisability,marital
status,religionorpregnancy.
Discrimination
Page 23 of 100
Student Workbook
Increased
unionrightof
entry
Unionsmayenteraworkplaceinwhichtheyhaveamember
whoworksonthepremises,toinvestigateanysuspected
breachesoflegislation.
Enterprise
bargaining
FWAwillgrantapprovaltoenterpriseagreements(either
singleenterpriseormultienterprise)iftheyconsider"that
eachemployeeis'betteroffoverall'undertheagreement,
comparedtoanapplicablemodernaward."
Afterthetransferofassets,employees(betweenrelated
companies),outsourcingorinsourcing,theworkisnottobe
significantlydifferentafterthetransfer,comparedtothat
pretransfer.
Transferof
business
Page 24 of 100
Student Workbook
Ordinaryhoursofwork.
Annualleaveandleaveloading.
Longserviceleave.
Personalorcarersleave.
Noticetobegivenon
termination.
Restperiods.
Loadingsforovertime,casual
workandshiftwork.
Antidiscriminationprovisions.
Figure 4: National Employment Standards
Page 25 of 100
Student Workbook
<http://www.workplaceauthority.gov.au>
<http://www.wo.gov.au>
Queensland : <http://www.wageline.qld.gov.au>
Tasmania: <http://www.wst.tas.gov.au>
Australian Capital Territory and the Northern Territory come under federal
awards.
Page 26 of 100
Student Workbook
Section summary
You should now understand the risk management process and how to establish
the context for risk management activity, including the scope within which risks
must be managed, the stakeholders involved, and relevant legislation. In the next
chapter, we will look at Stage 1 of the risk management process: identifying risks.
Further reading
Section checklist
Before you proceed to the next section, make sure that you are able to:
understand risk and risk management
establish the context for risk management
understand the importance of relevant legislation.
Page 27 of 100
Student Workbook
Page 28 of 100
Student Workbook
Economic
Social
Technological
ECONOMIC
interest rates
economic growth
taxation policy
exchange rates
merit/demerit goods
inflation rates.
employment regulations.
SOCIAL
TECHNOLOGICAL
population growth
demographics
health consciousness
social trends.
automation
technology incentives.
Page 29 of 100
Student Workbook
Economic
Technological
Social
Describe briefly how a PEST analysis can help identify risks for an organisation.
Page 30 of 100
Student Workbook
Area
Describe a process you could introduce that could help you obtain information
from stakeholders.
Page 31 of 100
Student Workbook
Strengths
Weaknesses
Opportunities
Threats
Strengths and weaknesses are factors that are able to be controlled by the
business. Strengths are the key elements that give an organisation advantage
over its competitors. Weaknesses are the limitations faced by the business in
achieving its objectives.
Opportunities and threats exist independent of the organisation, and are often
beyond its control. Opportunities are the conditions of the environment in which
the business operates which could benefit the organisation if acted upon. Threats
are barriers that prevent the business from achieving its objectives.
Page 32 of 100
Student Workbook
Weakness
Opportunity
Threat
Describe briefly how a SWOT analysis can help you to identify risks in an
organisation.
Page 33 of 100
Student Workbook
2.
Describe how having goals or objectives assists in carrying out the risk
management process?
Page 34 of 100
Student Workbook
Identify risks
Risks must be identified in order to be analysed and treated. The Australian
Standard categorises risk identification into two categories.
1. What, where and when? This aims at generating a comprehensive list of
risks that may impact the objectives.
2. Why and how? Identify the circumstances in which this risk may be
realised. What would be the cause of an exposure of resources (For
example, failure of ..., lack of ..., loss of..., injury to... etc.)?
The process of identification can be aided by various tools and techniques, which
should be selected based on the purpose and context of the risk management
activities being undertaken. Some of these tools include:
checklists
fishbone diagrams
brainstorming
flowcharts.
Checklists
Checklists can be used to help in identifying risks by using targeted questions.
When trying to identify the risks within a specific context, it is important to
interrogate the components as much as possible. Some questions that could be
asked include:
What situations are likely to increase the possibility of the risk actually
occurring?
People elements
Page 35 of 100
Actions or
processes
Management
issues
Student Workbook
People elements
Actions or processes
Management issues
Page 36 of 100
Student Workbook
Brainstorming
Brainstorming may be done around the following questions to attempt to identify
risk to organisational objectives.
What:
o might happen
o is the impact
o are the existing controls?
How:
o could this arrive?
When:
o in the life of activity
o beyond the life of activity?
Who:
o is involved
o is affected?
Page 37 of 100
Student Workbook
Fishbone diagrams
Fishbone diagrams are cause-and-effect diagrams. Use of the fishbone diagram
encourages a systematic approach to identifying risks that looks beyond the
obvious causes of a problem. The starting point for creating the diagram is
identification of a problem. This is stated as the effect. The 'bones' show the types
of variables that might play a part in the root cause.
Causes are usually grouped into major categories, which typically include the
following.
Methods how the process is performed and the specific requirements for
doing it, such as policies, procedures, rules, regulations and laws.
Materials raw materials, parts, pens, paper, etc. used to produce the
final product.
Causes can be generated from brainstorming activities, and then grouped and
used as labels on the fishbone. Below is an example fishbone diagram showing
the 8 Ps. The 8 Ps are factors affecting the service industry which have the
potential to cause or contribute to problems and create risk. The smaller bones
connect sub-causes to major causes and show the escalation of risk.
Page 38 of 100
Student Workbook
Flowcharts
A flowchart is a diagram commonly used to
demonstrate the steps in a solution for a
problem. They are frequently used to
design, analyse, document and manage
processes.
Flowcharts use various symbols and
shapes to represent different facets of a
process, and arrows to show flow of
information, communication and control.
Some of the symbols include the following.
Parallelograms showing
input/output, for example get
feedback from the user.
Page 39 of 100
Student Workbook
Page 40 of 100
Student Workbook
URL
TOOL
URL
Page 41 of 100
Student Workbook
TOOL
URL
Research
The process of risk identification is much aided, by the use of both internal and
external research. This may be in the form of:
past records
market research.
Page 42 of 100
Student Workbook
INTERVIEWS
Interviewing can be used to identify the underlying reasons and motivations for
peoples attitudes, preferences or behaviour. They can be individual or groupbased.
Advantages
Disadvantages
Time consuming.
Geographic limitations.
Can be expensive.
Serious approach by
respondent resulting in
accurate information.
Characteristics of respondent
assessed tone of voice,
facial expression, hesitation,
etc.
FOCUS GROUPS
A focus group is an interview conducted by a trained moderator in a nonstructured and natural manner with a small group of respondents. The
moderator leads the discussion. The main purpose of focus groups is to gain
insights by listening to a group of people from the appropriate target market talk
about specific issues of interest.
Page 43 of 100
Student Workbook
QUESTIONNAIRES
Popular means of collecting data, but are difficult to design and often require
many rewrites before an acceptable questionnaire is produced.
Advantages
Disadvantages
interviewing or a telephone
survey.
Design problems.
Questions have to be relatively simple.
Historically low response rate (although
inducements may help).
Relatively cheap.
Possible anonymity of
respondent.
No interviewer bias.
OBSERVATIONS
Observation involves recording the behavioural patterns of people, objects and
events in a systematic manner.
Observational methods may be:
structured or unstructured
disguised or undisguised
natural or contrived
personal
mechanical
non-participant
Page 44 of 100
Student Workbook
DIARIES
A diary is a way of gathering information about the way individuals spend their
time on professional activities. They are not about records of engagements or
personal journals of thought! Diaries can record either quantitative or qualitative
data, and in management research can provide information about work
patterns and activities.
Advantages
Disadvantages
Used as an alternative to
direct observation or where
resources are limited.
What information is known about the success of that data collection? How
consistent is the data with data from other sources?
Page 45 of 100
Student Workbook
Relevant
Reliable
Page 46 of 100
Student Workbook
This plan should address issues relating to the risk itself, the likelihood of the risk,
its potential consequences, and measures being taken to manage the risk.
Communication is vital in risk management as it ensures that those accountable
for implementing risk management, as well as other stakeholders, understand the
reasoning behind decisions, and why particular actions are required.
Identification of risks should never be the responsibility of one individual.
Consulting a team of people with different areas of expertise means that many
viewpoints are represented and the identification process is thorough. Including
stakeholders in the process also facilitates a sense of ownership for risk
management activities.
Some key skills that you will require for involving others and maintaining
communication with stakeholders are described in the table below.
Active listening
Encouraging
feedback
Facilitating
discussion
Effective
questioning
Keep the purpose in mind know why you are listening and
what you are listening for.
Listen to whats not said learn to read gestures and facial
expressions, not just listen to words.
Give feedback acknowledge and respond to what you hear,
without interrupting.
Be sensitive show that you listen to and understand the
other persons point of view, even though you may not agree
with it.
Step back establish the purpose or goal for the group, and
then let the group continue the discussion.
Page 47 of 100
Student Workbook
Section summary
You should now understand how to evaluate the internal and external
environments of an organisation, review organisation objectives, identify risk and
include stakeholders in the process.
Further reading
Section checklist
Before you proceed to the next section, make sure that you are able to:
review the external environment
determine strengths and weaknesses
review and document objectives
research risks
identify risks
involve others in risk identification.
Page 48 of 100
Student Workbook
Page 49 of 100
Student Workbook
Unlikely
Possible
Likely
Event likely to occur once or more during the life of the project, e.g.
first aid injury.
Frequent
Event will occur many times during the life of the project, e.g. a
busy street.
Figure 3: Likelihood of risk occurring
Page 50 of 100
Student Workbook
Reasons
Rare
Almost certain
Page 51 of 100
Student Workbook
Research the internet for risk management tools that include two layers of
assessment in this way. (Hint: some risk management organisations use the
term residual risk). Briefly describe the tool, and include a copy in your
workbook.
Major
Minor
Insignificant
Page 52 of 100
multiple injuries/death
regulatory intervention
single stakeholder
Student Workbook
Reasons
Insignificant
Catastrophic
Page 53 of 100
Student Workbook
LIKELIHOOD
CONSEQUENCE
Insignificant
Minor
Moderate
Major
Catastrophic
Almost
certain
HIGH
HIGH
EXTREME
EXTREME
EXTREME
Likely
MEDIUM
HIGH
HIGH
EXTREME
EXTREME
Moderate
LOW
MEDIUM
HIGH
EXTREME
EXTREME
Unlikely
LOW
LOW
MEDIUM
HIGH
EXTREME
Rare
LOW
LOW
MEDIUM
HIGH
HIGH
Page 54 of 100
Student Workbook
The allocation of a risk rating should prompt a decision to be made about the
action to be taken, as below.
Extreme
High
Medium
Low
Reasons
Extreme
Low
Types of analysis
Page 55 of 100
Student Workbook
If the same business with the same loss and profits was moved to Melbourne,
with an average of 148 rainy days, explain what could happen to the business.
Page 56 of 100
Student Workbook
2.
3.
Avoid the risk. This may be done by ending the activity that gives rise to the
risk. Inappropriate risk avoidance may result in an increased significance
of the risk or result in the loss of opportunity.
Reduce the likelihood of the risk, i.e. reduce the likelihood of a negative
impact on objectives.
Reduce the consequences, that is, decrease the extent of the damage. An
example of this is reducing the inventory or making continuity plans.
Share the risk. This involves other parties baring a portion of the risk
(preferably by mutual consent). This may take place in the form of
insurance arrangements, contractions, partnerships or joint ventures, all of
which spread the responsibility and burden of the risk with another. This
usually comes at both a financial expense (e.g. premiums paid for
insurance, decrease in positive outcome of risk seen by the individual
organisation) and creates another risk, namely that the parties with whom
the risk is shared will not mange it effectively.
Retain the risk. After the altering or sharing of a risk, there exist residual
risks which are retained. This also may take place by default as a result of
failure to identify or manage a risk.
Page 57 of 100
Student Workbook
Hierarchy of control
The hierarchy of control for OHS risk management identifies the preferred option
to the least preferred option. If possible, eliminate the risk. The least preferred
option is for employees to be provided with personal protection in the
management of risk. There are better options between the most preferred and the
least preferred.
Can you eliminate the
risk?
When managing risk, particularly OHS related risk, there are key questions that
managers need to be able to answer. These are as follows.
1. Are there legislated activities or practices that must be done or
implemented in relation to the specific hazard?
2. Is there a Code of Practice relating to the specific hazard?
3. Are there existing controls? If so:
a. are the controls as high as possible in hierarchy of control priorities
b. do controls protect everyone exposed to harm?
4. What additional controls are required?
The following table is from the Risk Management Code of Practice 2007
(Workplace Health and Safety Queensland) and gives some example of how
control measures can be implemented.
Page 58 of 100
Student Workbook
Control measure
Comment
Examples of use
Elimination
Substitution
Isolation
Minimise by
engineering
means
Modify a machine so it
can be used by remote
control.
Administrative
measures
Personal
protective
equipment (PPE)
Note: If there is a provision within the workplace health and safety regulation for
your state about any hazards identified then they must be controlled in the way
specified by the regulation. Similarly, if there is a Code of Practice about any of
the hazards you have identified then you must do what the code of practice says
or adopt and follow another way that gives the same level of protection against
the risks whilst the law does not demand compliance with codes of conduct,
insurance providers do, and no-compliance with these will either result in
significantly increased insurance premiums or voiding of the insurance cover.
Page 59 of 100
Student Workbook
Options
Page 60 of 100
Student Workbook
Reduce
Isolate
Control
Page 61 of 100
Student Workbook
acceptability to all
equity
administration efficiency
individual freedom
capacity compatibility
jurisdictional authority
continuity of effects
objectives
contracts
regulatory
cost effectiveness
risk creation
timing.
Page 62 of 100
Student Workbook
Control
Page 63 of 100
Student Workbook
Page 64 of 100
Student Workbook
the risk
risk rating
timeline
monitoring arrangements.
Page 65 of 100
Student Workbook
Accuracy
Authorisation
Validity
Completeness
Existence
Handlingerrors
Segregationof
duties
Page 66 of 100
Presentationand
disclosure
Student Workbook
Accuracy
Authorisation
Physical controls
Physical controls relate to security devices and measures designed to eliminate
unauthorised access to physical assets including the organisations sensitive
documents and records. Preventing access ensures that the assets are not used,
removed or destroyed without proper authority.
Examples of physical controls include the following.
Using safety deposit boxes very common security device in banks. Can
be installed in businesses. Often require two people to open the box.
Page 67 of 100
Student Workbook
Insurance
Insurance involves paying premiums to share certain risks with another
organisation. Insurance should only be considered as a risk management option
when other treatments have not been successful in reducing a risk to an
acceptable level for the organisation. That being said, it is still an important part
of many risk action plans.
Generally, there are two types of insurance.
General insurance covers the sharing of all other risks, e.g. property
damage, workers compensation, motor vehicle insurance.
Page 68 of 100
Student Workbook
Page 69 of 100
Student Workbook
Page 70 of 100
Student Workbook
Types of insurance
In order to reduce the risk to your organisation and its stakeholders, there is a
range of insurance policies available. The table following outlines some forms of
insurance policies and what they cover.
Insurance Type
Policy details
Workers compensation
Covers against:
employee injury
employee sickness or
theft
fire
legal cost.
Contents Insurance
theft.
Professional indemnity
Page 71 of 100
Student Workbook
Insurance Type
Policy details
Building insurance
fire
animals
storm
aircraft
tempest
earthquakes
lightning
riots
explosion
malicious acts
impact by vehicles
flood.
suffer injury
damage to property
die.
Page 72 of 100
Student Workbook
Page 73 of 100
Student Workbook
Page 74 of 100
Student Workbook
INSURANCE PROVIDER
HOW PROVIDER IS SUITBALE
INSURANCE PROVIDER
HOW PROVIDER IS SUITBALE
Page 75 of 100
Student Workbook
Workplace adjustment
Sometimes it can be necessary to make adjustments in the workplace to
accommodate people with a disability. Adjustments can be undertaken in a
number of different ways, some of which are outlined below.
Selection
process
Work area
design
Job design
Flexible work
practices
Workplace
access
regular breaks
Providing
equipment
speech synthesiser.
Page 76 of 100
Student Workbook
Page 77 of 100
Student Workbook
Section summary
You should now understand how to analyse and evaluate risk specifically, the
concepts of probability and consequence as well as risk acceptance.
Further reading
Section checklist
Before you proceed to the next section, make sure that you are able to:
determine likelihood of risk
assess consequence of risk
evaluate and prioritise risk
determine risk treatment options
develop an action plan for treating risks.
Page 78 of 100
Student Workbook
documenting procedures
training.
Page 79 of 100
Student Workbook
be useful.
Page 80 of 100
Student Workbook
ensures all relevant parties are informed as to the key components of the
risk management framework, including any subsequent modifications
Page 81 of 100
Student Workbook
Page 82 of 100
Student Workbook
Documenting procedures
Your action plan will have identified areas where written procedures need to be
developed and documented. To effectively implement the plan, staff, volunteers
and management committee members need to work together to develop these
procedures. Existing and new procedures should be reviewed to ensure that they
are consistent.
Implementation of the risk management process will often require new policies to
be developed that include monitoring, evaluation and continuous improvement.
Every organisation needs to have a risk management policy framework to
document the processes and procedures required. This policy will become a key
document in the life of an organisation.
In general, when writing policy, you should keep in mind the size and specific
needs of the organisation. Policy should be clear and concise and should not
include lengthy processes or procedures that will be difficult to maintain or comply
with.
The structure for policy documents will vary from organisation to organisation, but
some common elements included are as follows.
Purposestatement
Thecontextofthepolicy,whyitisrequired.
Scope
Theapplicationofthepolicy(particularlocation,workgroup,etc.).
Procedure
Howthepolicyisimplemented.
Rolesandresponsibilities
Whoisresponsibleforwhatintheimplementationofthepolicy.
Legislation
Referenceanylegislationthatthepolicyspecificallycomplieswith.
Page 83 of 100
Student Workbook
Page 84 of 100
Student Workbook
Training
It is highly likely your action plan will involve the introduction of new practices, or
changes to existing activities, so this will require training. It is a good idea to
ensure that this is carried out through the structures and processes that already
exist to facilitate training in your organisation.
Learning activity: Risk-reduction training
As the manager of risk for an organisation, you are responsible for ensuring that
new organisational activities are assessed for risk, and training is delivered to
affected staff to ensure that identified risks are managed as effectively as
possible. Describe ways that you could make training available to new staff in
the organisation to ensure that all staff have the same awareness of the
required safe work practices and risk management processes within the
organisation.
Page 85 of 100
Student Workbook
Responsibility
It is important that there is responsibility and authority within the organisation
when it comes to managing risks, including the implementation and continuation
of the risk management process and making sure that risks are competently
controlled. This may be done by:
Page 86 of 100
Student Workbook
Resources
The organisation should make sure that it allocates appropriate resources for risk
management. Examples of resources to be considered are as follows.
Page 87 of 100
Student Workbook
Page 88 of 100
Student Workbook
If you were a manager in this organisation, outline procedural steps you could
set-up and follow to help you fulfil your role in reviewing and reporting risk.
Page 89 of 100
Student Workbook
Re-assess risks
It is likely that the risks identified in the risk management process will change
over time, making it important to review the changes. To keep your risk action
plan up to date, you do the following.
Evaluate changes within your organisation and its environment. This may
include new legislation relevant to your organisation, taking on new roles,
acquisition of new equipment, or creation of new positions.
Review period
Reason
Legislative compliance
Page 90 of 100
Student Workbook
Risk reports should be filed and used in regular reviews of risks and procedures.
Risk reporting can occur in different formats and at different points in the risk
management cycle. The table below provides details of different reports that can
be produced by organisations to assist the risk management process.
Risk profile
Risk treatment
report
description of risk
description of risk
risk rating
person/s responsible
current status.
Emerging risk report This report is used to highlight anticipated risks or add
new risks to the risk register, which assists in keeping the
risk register current in between formal risk review
processes. It should include:
description of risk
risk rating
causes of risk
Page 91 of 100
Student Workbook
MONITORING PROCESS
Page 92 of 100
Student Workbook
Positives
Negatives
Page 93 of 100
Student Workbook
The various risk reports mentioned earlier, if produced well, should provide great
insight into the success of the risk management process. Your evaluation should
include a review of these reports, and take note of any repeated issues,
inadequate treatment actions or significant variances in expected impact of risk
as opposed to the actual impact.
Learning activity: Success
Name some metrics that you think would identify a successful implementation
and monitoring of the risk management process.
Section summary
You should now understand how to implement and monitor a risk action plan, and
evaluate the risk management process.
Further reading
Turbit, N., 2010, Project Perfect, Risk Management Basics, viewed May
2010, < http://www.projectperfect.com.au/info_risk_mgmt.php>.
Section checklist
Before you proceed to the next section, make sure that you are able to:
implement the risk action plan
monitor the risk action plan
evaluate the risk management process.
Page 94 of 100
Student Workbook
Glossary
Glossary
Term
Definition
Consequence
Control
Event
Hazard
Likelihood
Loss
Monitor
Risk
Risk analysis
Risk assessment
Risk evaluation
Risk
identification
Risk
management
Risk
management
process
Risk reduction
Risk retention
Risk sharing
Stakeholders
Treatment
Page 95 of 100
Appendices
Student Workbook
Appendices
Appendix 1: Risk action plan template
Risk
Page 96 of 100
Assess Risk
(L, M, H, E)
Controls
Monitoring
Timelines
Responsible
Student Workbook
Appendices
a strategic focus
balance between the cost of managing risk and the anticipated benefits
contingency planning in the event that mission critical threats are realised.
Policy
MacVille will maintain procedures to provide a systematic view of the risks faced
in the course of our business activities.
Identify Risks: Identification of what, why and how events arise as the
basis for further analysis.
Treat Risks: For higher priority risks, MacVille is required to develop and
implement specific risk management plans including funding
considerations. Lower priority risks may be accepted and monitored.
Monitor and Review: Oversight and review of the risk management system
and any changes that might affect it. Monitoring and reviewing occurs
concurrently throughout the risk management process.
Page 97 of 100
Appendices
Student Workbook
Identify risks
Treat risk
Page 98 of 100
Student Workbook
Appendices
Jeff spoke about a new law that was being introduced by the Federal
Government that will impact on the way that he has been paying his staff
with some of their pay earned on commission.
Jeff showed a report from a survey where people rated their shoes as the
second most important dress item for the successful business person and
that business people were choosing the high quality shoes that they would
repair rather than replace.
Brown and Davis spoke about the latest Point of Sale cash registers that
would improve stock and cash control in the Shoez stores.
You noticed that the location of the Shoez stores was always in the
prominent and highly trafficked parts of the shopping centres.
Sue said that she was not able to get all the staff records for pays and
employees details from the store managers and this made processing
difficult and meant that they were not compliant.
Page 99 of 100
Appendices
Student Workbook
Brown and Davis explained that the old cash registers did not have the
features that could help eliminate fraud.
Jenny spoke about the flooring where the staff worked and customers were
sometimes required to access. The ceramic tiles were broken and covered
up with a thin mat, but still presented a trip point to customers and staff
alike.
Brown and Davis had spoken about a large chain in New South Wales that
were planning to expand into Brisbane in the next 12 months.
Jeff said that while 10 stores was a good number, there is another 20 good
locations in Brisbane that want Shoez as part of the shopping centre
assortment.
You noticed that the stores were looking old and the decor has been out of
fashion for over five years.
Brown and Davis explained that the growth in the older age portions of the
Brisbane population was a positive indicator for the Shoez business.
Research findings
Store manager reports, together with your interviews with the other key
stakeholders identifies the following risks.
Broken floor tiles creating a trip point for staff and customers.
Wet floors on rainy days making it slippery for staff and customers.
The store has extremely sharp knives used to cut the leather.
Banking not always done every day leaving cash on the premises.
The staff member balancing the cash registers also prepared the bank
deposit book and banked the cash.
Some stores had sizable banking amounts that were banked by the junior
staff member.
Staff records were kept in the individual stores in the bottom drawer of an
unlocked filing cabinet.
One question on the staff records asked for a full medical history of the
employee.