BSBRSK501

HI there are 3 task where Task 1 is case study, Task 2 is Report and should include all points according to question. Both tasks have examples as appendix in question booklet and should include risk matrix. Task 3 is question and answers. Thank you

Scanned with CamScanner

Don't use plagiarized sources. Get Your Custom Essay on

BSBRSK501

Just from $13/Page

Order Essay

Scanned with CamScanner

Manage

risk
BSBRSK501A

Student Workbook

Part of a suite of support materials for the

BSB07 Business Services Training Package

Student Workbook
BSBRSK501A Manage risk

1st Edition 2010

Acknowledgment

Innovation and Business Industry Skills Council (IBSA) would like to
acknowledge Equip Grow Lead for their assistance with the development of this
resource.

Writers: Shane MacDonald, Emily Logan and Peter Baskerville

Industry reviewer: Rod Peters, David Parry and Greg Field

All rights reserved. Apart from any use permitted under the Copyright Act 1968, no part of this publication may be
reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, or otherwise, without written permission from the publisher, Innovation and Business Industry Skills
Council Ltd (‘IBSA’).

Use of this work for purposes other than those indicated above, requires the prior written permission of IBSA. Requests
should be addressed to Products and Services Manager, IBSA, Level 11, 176 Wellington Pde, East Melbourne VIC, 3002
or email sales@ibsa.org.au.

‘Innovation and Business Skills Australia’, ‘IBSA’ and the IBSA logo are trade marks of IBSA.

Disclaimer

Care has been taken in the preparation of the material in this document, but, to the extent permitted by law, IBSA and
the original developer do not warrant that any licensing or registration requirements specified in this document are
either complete or up-to-date for your State or Territory or that the information contained in this document is error-free
or fit for any particular purpose. To the extent permitted by law, IBSA and the original developer do not accept any
liability for any damage or loss (including loss of profits, loss of revenue, indirect and consequential loss) incurred by any
person as a result of relying on the information contained in this document.

The information is provided on the basis that all persons accessing the information contained in this document
undertake responsibility for assessing the relevance and accuracy of its content. If this information appears online, no
responsibility is taken for any information or services which may appear on any linked websites, or other linked
information sources, that are not controlled by IBSA. Use of versions of this document made available online or in other
electronic formats is subject to the applicable terms of use.

To the extent permitted by law, all implied terms are excluded from the arrangement under which this document is
purchased from IBSA, and, if any term or condition that cannot lawfully be excluded is implied by law into, or deemed to
apply to, that arrangement, then the liability of IBSA, and the purchaser’s sole remedy, for a breach of the term or
condition is limited, at IBSA’s option, to any one of the following, as applicable:

(a) if the breach relates to goods: (i) repairing; (ii) replacing; or (iii) paying the cost of repairing or replacing, the goods;
or

(b) if the breach relates to services: (i) re-supplying; or (ii) paying the cost of re-supplying, the services.

Published by: Innovation and Business
Industry Skills Council Ltd
Level 11
176 Wellington Pde
East Melbourne VIC 3002
Phone: +61 3 9815 7000
Fax: +61 3 9815 7001
e-mail: reception@ibsa.org.au
www.ibsa.org.au

First published: June 2010

Print version: 1.0

Release date: June 2010

Printed by: Fineline Printing
130 Browns Road
Noble Park VIC 3174

ISBN: 978-1-921749-76-6

Stock code: RSK501ACL

Table of Contents

Introduction ……………………………………………………………………………………………….1

Features of the training program ……………………………………………………………1

Structure of the training program …………………………………………………………..1

Recommended reading …………………………………………………………………………1

Section 1 – Introduction to Risk ………………………………………………………………….2

What skills will you need? ……………………………………………………………………..2

Understand risk and risk management …………………………………………………..2

Establish the context …………………………………………………………………………. 10

Understand importance of relevant legislation …………………………………….. 13

Section summary ………………………………………………………………………………. 27

Further reading ………………………………………………………………………………….. 27

Section checklist ……………………………………………………………………………….. 27

Section 2 – Identifying Risk ……………………………………………………………………… 28

What skills will you need? ………………………………………………………………….. 28

Review the external environment ……………………………………………………….. 29

Determine strengths and weaknesses ………………………………………………… 32

Review and document objectives ……………………………………………………….. 34

Identify risks ……………………………………………………………………………………… 35

Research …………………………………………………………………………………………… 42

Involve others in risk identification ……………………………………………………… 46

Section summary ………………………………………………………………………………. 48

Further reading ………………………………………………………………………………….. 48

Section checklist ……………………………………………………………………………….. 48

Section 3 – Analysing and Evaluating Risk ……………………………………………….. 49

What skills will you need? ………………………………………………………………….. 49

Determine likelihood of risk ……………………………………………………………….. 50

Assess consequence of risk ……………………………………………………………….. 52

Evaluate and prioritise risk …………………………………………………………………. 54

Determine risk treatment options ……………………………………………………….. 57

Develop an action plan for treating risks …………………………………………….. 64

Section summary ………………………………………………………………………………. 78

Further reading ………………………………………………………………………………….. 78

Section checklist ……………………………………………………………………………….. 78

Section 4 – Treating Risk ………………………………………………………………………… 79

What skills will you need? ………………………………………………………………….. 79

Implement the risk action plan …………………………………………………………… 79

Monitor the risk action plan ……………………………………………………………….. 88

Evaluate the risk management process ………………………………………………. 93

Section summary ………………………………………………………………………………. 94

Further reading ………………………………………………………………………………….. 94

Section checklist ……………………………………………………………………………….. 94

Glossary …………………………………………………………………………………………………. 95

Appendices …………………………………………………………………………………………….. 96

Appendix 1: Risk action plan template ………………………………………………… 96

Appendix 2: MacVille risk management policy …………………………………….. 97

Appendix 3: Scenario – Shoez ……………………………………………………………. 99

Student Workbook Introduction

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 1 of 100

Introduction
Features of the training program

The key features of this program are:

 Student Workbook (SW) – Self paced learning activities to help you to
understand key concepts and terms. The Student Workbook is broken
down into several sections.

 Facilitator-led sessions (FLS) – Challenging and interesting learning
activities that can be completed in the classroom or by distance learning
that will help you consolidate and apply what you have learned in the
Student Workbook.

 Assessment Tasks – Summative assessments where you can apply your
new skills and knowledge to solve authentic workplace tasks and
problems.

Structure of the training program

This Training Program introduces you to the concepts of identifying risk and how
to then apply the appropriate risk management strategies. You will develop the
skills and knowledge in the following topic areas.

1. Introduction to Risk (SW Section 1/FLS Session 1).
2. Identify Risk (SW Section 2/FLS Session 2).

Analyse and Evaluate Risk (SW Section 3/FLS Session 3).
4. Treat Risk (SW Section 4/FLS Session 4).

Note: The Student Workbook sections and Session numbers are listed next to the
topics above.

Your facilitator may choose to combine or split sessions. For example, in some
cases, this Training Program may be delivered in two or three sessions, or in
others, as many as eight sessions.

Further reading

 The University of New South Wales, 2010, UNSW Rick Consequence
Assessment Tool, viewed May 2010,
.

 Australian Government, 2010, Risk Analysis, viewed May 2010,
.

Section checklist
Before you proceed to the next section, make sure that you are able to:

 review the external environment
 determine strengths and weaknesses
 review and document objectives
 research risks
 identify risks
 involve others in risk identification.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 49 of 100

Section 3 – Analysing and Evaluating
Risk

It is not enough for an organisation to merely be aware of risks. Once they have
been identified, risks must be analysed to determine the probability of occurrence
and expected impact. This chapter looks at conducting this analysis, and using it
to form an action plan to deal with risks.

Scenario: Preparing a risk action plan as the new operations manager for a
shoe repair chain

With the help of stakeholders, and the use of other research methods, you have
been able to create a list of all the perceivable risks that could impact on the
shoe repair store chain.

You are already aware that compiling a list of risks is only the first part of the
risk management story, because the second part being management, requires
analysis, assessment, evaluation and prioritisation to determine the best use
and allocation of an organisation’s resources.

You will use an approach that looks at each risk on a likelihood and
consequence basis to determine the priority levels that each should be given.
You will then consider the possible options for treating each risk starting with
the highest priority and working to the lowest.

To assist you in this function you will prepare a risk management action plan
that quite clearly shows your reasoning for establishing the risk priority levels,
and the actions needed to manage the risks.

What skills will you need?
In order to work effectively as a risk manager you must be able to:

 determine likelihood of risk
 assess consequence of risk
 evaluate and prioritise risk
 determine risk treatment options
 develop an action plan for treating risks.

Risk analysis is about developing an understanding of the risk. It provides an
input to decisions on whether risks need to be treated and the most
appropriate and cost-effective risk treatment strategies.

AS/NZA4360:2004

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 50 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Determine likelihood of risk

The first step in risk analysis is to determine the likelihood of risks. Likelihood
refers to the probability that a risk will occur, and is measured in terms of the
following scale. Note that the classification of risks must take into account the
specific circumstances, for example, the flooding of a warehouse may range from
rare if it is located to a region that receives little rain to frequent if it is located in
somewhere that is often subject to flooding.

Rare May occur only in exceptional circumstances, e.g. death of an
employee at work.

Unlikely Event is unlikely to occur but is possible, e.g. an employee crashing
a company car.

Possible Event could occur, e.g. rain on the day of an outdoor event.

Likely Event likely to occur once or more during the life of the project, e.g.
first aid injury.

Frequent Event will occur many times during the life of the project, e.g. a
busy street.

Figure 3: Likelihood of risk occurring

Learning activity: Board role for risk management

PricewaterhouseCooper believes that boards can play a vital role in improving
the quality of risk management information provided to them to review and/or
act on. A discussion paper published by them at
describes five steps that can help boards get the information they
require. Based on the likelihood scale above, describe which risks would be
included in the statement ‘Be clear about what matters’, i.e. would you include
all items on the scale, or just frequent risks? Identify the cut-off you would apply
and explain why.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 51 of 100

Learning activity: Risk likelihood

Review the scenario in Appendix 3 under heading ‘Research findings’ and select
the issues you think would occur rarely and which is likely to occur almost
certainly. Give your reasons.

Likelihood Reasons

Rare

Almost certain

Learning activity: Revised risks

Some organisations assess risk, and apply a control, and then reassess risk
immediately (rather than waiting for a review period some time later). How could
this provide relevant information for risk management to the organisation?
State your reasons.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 52 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Research the internet for risk management tools that include two layers of
assessment in this way. (Hint: some risk management organisations use the
term ‘residual risk’). Briefly describe the tool, and include a copy in your
workbook.

Assess consequence of risk

The next step in risk analysis is to assess the potential consequence or impact of
the risk on the organisation and its objectives. The general levels of consequence
are called as follows.

Catastrophic  multiple injuries/death

 regulatory intervention

 net revenue loss or asset damage exceeds $x

 damage to reputation at international level

 long-term environmental damage (5 years or longer).

Major  single stakeholder

 breach of licenses, legislation, regulation or mandated
standards

 net revenue loss or asset damage between $xxxx

 damage to reputation at national level

 medium-term (1-5 yr) environmental damage.

Minor  breach of internal procedures or guidelines

 net revenue loss or asset damage between $x – $x

 adverse news in local media

 environmental damage, requiring up to $250,000.

Insignificant  no breach of licenses, standards, guidelines or related audit
findings

 net revenue loss or asset damage $x

 public awareness may exist, but there is little public concern

 negligible environmental impact.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 53 of 100

Learning activity: Risk consequence

Review the scenario in Appendix 3 under the heading ‘Research findings’ and
select an issue you think would have an insignificant consequence and an issue
you think would have catastrophic consequences. Give your reasons.

Consequences Reasons

Insignificant

Catastrophic

Learning activity: One of each

Think about your community or workplace and give an example of a each of the
following risks.

Rare and catastrophic –

Frequent and insignificant –

Possible and moderate –

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 54 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Evaluate and prioritise risk

Now that you have determined both the likelihood and consequence of risk, the
two are combined to determine the rating. The most effective method of risk
analysis is to generate a risk matrix. A risk matrix is shown below, where the
identified consequence meets the identified likelihood, a risk rating is given.

CONSEQUENCE

Insignificant Minor Moderate Major Catastrophic

LI
K

EL
IH

O
O

Almost
certain HIGH HIGH EXTREME EXTREME EXTREME

Likely MEDIUM HIGH HIGH EXTREME EXTREME

Moderate LOW MEDIUM HIGH EXTREME EXTREME

Unlikely LOW LOW MEDIUM HIGH EXTREME

Rare LOW LOW MEDIUM HIGH HIGH

Learning activity: Risk evaluation

Nearly all organisations and systems use the same or a very similar risk
evaluation tool as outlined above. Describe how you think the one illustrated
below is different, and when it might be suitable to use.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 55 of 100

The allocation of a risk rating should prompt a decision to be made about the
action to be taken, as below.

Extreme  IMMEDIATE senior management action

 e.g. multiple deaths of employees.

High  Action plan needed, allocated responsibilities

 e.g. damage to valuable assets.

Medium  Risk requires only monitoring and review

 e.g. loss of assets due to staff theft.

Low  Risk accepted – but not ignored

 e.g. a paper cut.

Figure 4: risk rating and associated action

Risks can then be prioritised based on the level of action required.

Learning activity: Risk priorities

Review the scenario in Appendix 3 under the heading ‘Research findings’ and
select an issue you think would be rated ‘Extreme’ and an issue you think be
rated ‘Low’. Give your reasons.

Priorities Reasons

Extreme

Low

Types of analysis

 Qualitative analysis may be useful as an initial screening to identify if
further analyse of risk is required, when the analysis is appropriate for
decisions, when numerical data or resources are inadequate. It uses
descriptive scales to describe the potential consequences. So far
throughout this section we have been using qualitative risk analysis. The
risk matrix above is an example of this method.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 56 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

 Semi-quantitative analysis sets values to the risks in order to produce a
more expanded ranking scale than that which is usually achievable from
qualitative analyse. These values are not the predicted realistic figures
calculated in quantitative analysis. It is important that the limitations of
this form are recognised and it is combined with a formula or explanation.

 Quantitative analyse of risks uses numerical values (as opposed to words)
to analyse both the consequence and likelihood of risks. The quality of this
analysis is dependent on the data from which it was initially sourced. The
outcomes may be expressed in terms of monetary, technical, or human
impact. Examples of quantitative risk analysis are as follows.

o Risk of financial loss:

o Fatality risk. This calculation gives a value of 0 – 1. The closer the
value to one, the greater the risk.

Learning activity: Financial loss

Using the formula above for financial loss, calculate the expected loss for a
car wash that loses $500 in wages for every day it rains. The car wash is located
in Brisbane where it rains on average 122 days per year, and on days when it is
not raining it makes $300.

If the same business with the same loss and profits was moved to Melbourne,
with an average of 148 rainy days, explain what could happen to the business.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 57 of 100

Learning activity: Extreme action

Name a situation at work or at home you would rate as ‘Extreme’.

List three things you would do in the first few minutes.

Determine risk treatment options

Risk treatments

There are several ways by which to manage risk. The Australian Standards
outlines the following.

 Avoid the risk. This may be done by ending the activity that gives rise to the
risk. Inappropriate risk avoidance may result in an increased significance
of the risk or result in the loss of opportunity.

 Reduce the likelihood of the risk, i.e. reduce the likelihood of a negative
impact on objectives.

 Reduce the consequences, that is, decrease the extent of the damage. An
example of this is reducing the inventory or making continuity plans.

 Share the risk. This involves other parties baring a portion of the risk
(preferably by mutual consent). This may take place in the form of
insurance arrangements, contractions, partnerships or joint ventures, all of
which spread the responsibility and burden of the risk with another. This
usually comes at both a financial expense (e.g. premiums paid for
insurance, decrease in positive outcome of risk seen by the individual
organisation) and creates another risk, namely that the parties with whom
the risk is shared will not mange it effectively.

 Retain the risk. After the altering or sharing of a risk, there exist residual
risks which are retained. This also may take place by default as a result of
failure to identify or manage a risk.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 58 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Hierarchy of control

The hierarchy of control for OHS risk management identifies the preferred option
to the least preferred option. If possible, eliminate the risk. The least preferred
option is for employees to be provided with personal protection in the
management of risk. There are better options between the most preferred and the
least preferred.

Can you eliminate the
risk?

 Yes – then eliminate the risk.

 For example, repair damaged equipment.

Can you reduce the risk?  Yes – then reduce the risk.

 For example, hire a bus with seatbelts as
opposed to one without.

Can you isolate the risk?  Yes – then isolate the risk.

 For example, a locked plant room for chemicals.

Can you reduce the risk
by control?

 Yes – then introduce administrative controls.

 For example, occupational health and safety
induction.

Then provide personal
protection.

 According to AS/NZ standard.

 For example, gloves, safety googles, sunscreen.

Figure 5: Hierarchy of risk control – adapted from Cole (2005)

When managing risk, particularly OHS related risk, there are key questions that
managers need to be able to answer. These are as follows.

1. Are there legislated activities or practices that must be done or
implemented in relation to the specific hazard?

2. Is there a Code of Practice relating to the specific hazard?
3. Are there existing controls? If so:

a. are the controls as high as possible in hierarchy of control priorities
b. do controls protect everyone exposed to harm?

4. What additional controls are required?
The following table is from the Risk Management Code of Practice 2007
(Workplace Health and Safety Queensland) and gives some example of how
control measures can be implemented.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 59 of 100

Control measure Comment Examples of use

Elimination Control the hazard at the
source. This is the most
effective control measure and
removes the risk by removing
the hazard or changing the work
processes.

Contract tasks out to
specialists who have
appropriate facilities.

Substitution Replace the hazard (e.g. plant
or substance) with another that
has a lower risk.

Use a machine with
better guarding or use a
less hazardous chemical
that does the same job.

Isolation Remove or separate people
from the source of the hazard.

Use rubber mats to lift
workers off a concrete
floor or segregating work
processes.

Minimise by
engineering
means

Change the physical
characteristics of the plant or
workplace to remove or reduce
the risk.

Modify a machine so it
can be used by remote
control.

Administrative
measures

Use policies, procedures, signs
and training to control risk.

Review systems of work
so that nobody works
alone at night or train
workers in safe lifting
techniques.

Personal
protective
equipment (PPE)

Provide equipment or clothing
designed to protect the worker.

Provide hats and long
shirts to protect outdoor
workers against the sun.

Note: If there is a provision within the workplace health and safety regulation for
your state about any hazards identified then they must be controlled in the way
specified by the regulation. Similarly, if there is a Code of Practice about any of
the hazards you have identified then you must do what the code of practice says
or adopt and follow another way that gives the same level of protection against
the risks – whilst the law does not demand compliance with codes of conduct,
insurance providers do, and no-compliance with these will either result in
significantly increased insurance premiums or voiding of the insurance cover.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 60 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Risk treatment options

Review the scenario in Appendix 3 under the heading ‘Research findings’ and
select an issue and then apply the hierarchy of control to develop options.

Issue …………………………………………………………………………………………………………

Hierarchy of control Options

Can you eliminate the risk?

Can you reduce the risk? For
example, by substitution.

Can you isolate the risk? For
example, with guards and
barriers.

Can you reduce the risk by
control? For example, safe
operating procedures.

Then provide personal
protection according to
AS/NZ standard.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 61 of 100

Learning activity: Risk controls in a shop-environment

You have a retail store and you know you cannot always be in front of the till, so
there is a risk that cash could be mishandled by store staff. Describe how you
could:

 reduce the risk

 isolate the risk

 introduce control of some form.

Reduce –

Isolate –

Control –

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 62 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Hierarchy of control

In reference to the hierarchy of control, decide which option is the best
treatment for each of the risks you have identified in the earlier activity against
the scenario.

Assessing risk treatment options

When selecting the most appropriate treatment options for risk, the costs and
benefits of each treatment must be carefully considered. It is important to
consider all direct and indirect costs associated with each treatment, and both
tangible and intangible benefits.

However, the costs and benefits need to be considered in light of the risk rating.
The cost of managing a potentially catastrophic risk cannot simply be evaluated in
financial terms as the cost of failing to manage the risk could far outweigh the
initial cost of actions required to prevent its occurrence.

The following needs to be considered when choosing an appropriate treatment for
a risk:

 acceptability to all

 administration efficiency

 capacity compatibility

 continuity of effects

 contracts

 cost effectiveness

 economic and social environment

 equity

 individual freedom

 jurisdictional authority

 objectives

 regulatory

 risk creation

 timing.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 63 of 100

Learning activity: Risk vs. freedom

Examine the list above and describe why you think equity and individual
freedom are included in the above list. It may be best to describe a control that
restricts a workers freedom in order to reduce risk in the workplace, and then
describe why this should also be considered from the individual’s viewpoint.

Learning activity: Common business risks

Research the internet for common risks in the financial services sector and use
the table below to list practical ways to manage identified risks.

Risk Control

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 64 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Common business risks

Develop an action plan for treating risks

Plan early

Experienced operators know that risk management is a proactive process. It is not
the thing you do when a risk emerges because by then it may be too late. Effective
risk action plans are those that are part of the operations of the organisation.

Problems that start small can escalate into large threats, or a risk may appear
suddenly that threatens the reputation of the entire organisation. Having risk
management processes and planning in place when these happen could stop the
escalation and minimise the impact from the sudden disaster.

Learning activity: Risk timelines

Sketch a flow chart of a timeline for implementing a new product within an
organisation and identify at what points or phases, risk assessment would take
place.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 65 of 100

Risk action plan

The risk action plan outlines how the risk is to be managed and a timeline for this
process to take place. It should include:

 the risk

 risk rating

 treatment activity or controls

 roles and responsibilities for those involved

 timeline

 monitoring arrangements.

See Appendix 1 for an example risk action plan template.

Learning activity: Action plans

Volunteering Australia uses a one page risk action plan, which can be found at
.

Review the form, and describe when or how you could use a similar form in an
organisation where you are the risk manager. The key issue to describe is
whether you think this form is suitable for all risk planning and management
process, including your reasoning.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 66 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Completeness

Accuracy

Authorisation

Validity

Existence

Handling errors

Segregation of
duties

Presentation and
disclosure

Internal control procedures

Internal control processes are an effective form of risk treatment for an
organisation.

When designing and implementing an internal control procedure it is important
that these fulfil at least one of the following
eight criteria.

 Completeness – that all records and
transactions are included in the reports
of business.

 Accuracy – the right amounts are
recorded in the correct accounts.

 Authorisation – the correct levels of
authorisation are in place to cover such
things as approval, payments, data entry
and computer access.

 Validity – that the invoice is for work
performed or products received and the
business has incurred the liability
properly.

 Existence – of assets and liabilities. Has
a purchase been recorded for goods or
services that have not yet been
received? Do all assets on the books
actually exist? Is there correct
documentation to support the item?

 Handling errors – errors in the system
have been identified and processed.

 Segregation of duties – to ensure
certain functions are kept separate. For
example, the person taking cash
receipts does not also do the banking.

 Presentation and disclosure – timely
preparation of financial reports in
conformity with generally accepted.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 67 of 100

Learning activity: Internal controls

For each of the internal controls listed below, describe or give an example of
what could go wrong if the control is not implemented correctly or thoroughly.

Completeness –

Accuracy –

Authorisation –

Physical controls

Physical controls relate to security devices and measures designed to eliminate
unauthorised access to physical assets including the organisation’s sensitive
documents and records. Preventing access ensures that the assets are not used,
removed or destroyed without proper authority.

Examples of physical controls include the following.

 Secured storeroom – usually a fire resistant, thick walled room that is
lockable.

 Having a stores clerk – a person that is responsible for the movement of
supplies in and out of the store room, and ensuring that all movements are
recorded and stock takes balance.

 Placing permanent identification codes on valuable assets – this allows an
asset register to be created and stock takes to be done to identify missing
assets.

 Using safety deposit boxes – very common security device in banks. Can
be installed in businesses. Often require two people to open the box.

 Password protection on electronic files – this can be set at all levels
(logging on, into selected applications and access to selected files within
applications). Without the password, you cannot gain access.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 68 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Physical controls

As the operations manager, you have been asked to appoint a stores person to
monitor the movement of supplies and make sure physical stock takes mirror
the balances calculated from the source documentation of supply movement.
Explain how having a stores person appointed to the supplies process creates a
physical control over the supplies?

Insurance
Insurance involves paying premiums to share certain risks with another
organisation. Insurance should only be considered as a risk management option
when other treatments have not been successful in reducing a risk to an
acceptable level for the organisation. That being said, it is still an important part
of many risk action plans.

Generally, there are two types of insurance.

 Life insurance – management of the risk of death or disability.

 General insurance – covers the sharing of all other risks, e.g. property
damage, workers’ compensation, motor vehicle insurance.

Some insurance is required by legislation. For example, organisations that employ
staff must have workers’ compensation, those that own motor vehicles must take
out compulsory third party motor vehicle insurance. Other insurances are
purchased at the discretion of the organisation, according to its determined
needs.

When investigating insurance you need to consider three things:

1. Which risks to insure against.
2. Which insurance company to insure with.
3. What level of insurance to obtain against the risk.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 69 of 100

Choosing an insurance company

Your organisation can purchase insurance either directly from an insurance
company, or alternatively, it may be acquired through an insurance broker. An
insurance broker is often able to source insurance products that suit the specific
needs of an organisation, and can assist you in getting the best product for the
best price.

Always ensure that the broker or company you choose to deal with is known and
has a good reputation. If the company or broker you choose is not well known,
check the Australian Prudential Regulatory Authority to make sure they are
registered.

Choosing a Policy

When evaluating and selecting an insurance product, you should consider the
following questions.

What insurance do you need? Does the policy meet your requirements
or are you paying for added extras that you don’t need?

Have you read the policy carefully, including the fine print? What is
covered for and what is excluded from the policy?

Do you have to pay an excess on a claim? Under what circumstances?

What is the limit applied to individual claims? Does a limit apply to
payouts in a single period?

Is the option of good replacement instead of cash available in the
policy?

Is property insured for the present market value or is an ‘old for new’
replacement provided as part of the policy?

Is the value you have insured the product for sufficient?

Have you provided all the necessary information?

Have you done all that the policy requires in order to maintain
coverage?

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 70 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Risk insurance 1

Research the internet for types of insurance available for business risks (e.g.
theft, staff injury, compliance issues, fraud, fire, etc.) and briefly describe the
different types of insurance available.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 71 of 100

Types of insurance

In order to reduce the risk to your organisation and its stakeholders, there is a
range of insurance policies available. The table following outlines some forms of
insurance policies and what they cover.

Insurance Type Policy details

Workers’ compensation Covers against:

 employee injury

 employee sickness or

 employee death regardless of employer’s
negligence.

This is compulsory for all employers.

Motor vehicle
comprehensive

Covers against your organisation’s vehicles and the
damages they make to other’s property. This policy
covers:

 theft

 fire

 legal cost.

Motor vehicle third
party

Covers against the damage made by your vehicles to
other people’s property. The insured car is only
covered against fire or theft.

Contents Insurance Protects against damage or destruction by:

 the causes stated in the building insurance policy

 theft.

It is important to identify if the policy provides
compensation for only the depreciated value of
insured items or reinstatement or replacement, in
which case the new replacement cost will be paid.

Consequential Loss Covers against loss of profits follow the occurrence of
a specified incident (e.g. fire) until it is able to resume
business.

This type of policy must be regularly reviewed to
ensure the amount of lost profits is up to date and
takes into account inflation. The insured period during
which payments are to be made should be long
enough that it allows for the re-establishment of
business.

Professional indemnity Insures against the legal liability arising from
professional negligence when an organisation claims
to provide reliable advice which proves detrimental to
the person receiving it.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 72 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Insurance Type Policy details

Building insurance Covers against damage to structures owned by the
organisation. This may include damage caused by:

 fire

 storm

 tempest

 lightning

 explosion

 impact by vehicles

 animals

 aircraft

 earthquakes

 riots

 malicious acts

 flood.

This usually covers only the depreciated value of the
building insured at the time of loss. It does not cover
the cost replacement of the building as this requires
reinstatement or replacement insurance.

Public liability Covers the organisation’s responsibility to pay
compensation to persons and other than employees
who:

 suffer injury

 damage to property

 die.

This policy only covers the above incidents when they
are due to the organisation’s negligence and take
place either on its premises or due to its operations.

Manufacturer’s liability Covers manufacturers against claims arising from
defective products, which are unfit for the purposes
which they were sold (even to benefit charity).

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 73 of 100

Learning activity: Drivers vs. insurance

An organisation has insurance for damage to vehicles, so long as the registered
staff drivers are licensed, over 25, and have not been the responsible party in
an accident within the last three years. Outline/draft a simple checklist-based
form that could be used within the organisation for potential drivers to complete
each time they collect company vehicle keys form the administration office.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 74 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Credit card risk

Most banks and financial institutions offer some kind of fraud or misuse of
credit card insurance for card-holders, with a few provisos. Describe some
common requirements (i.e. risk management controls for the financial
institution) that are expected of card-holders in order to qualify for the insurance
cover. You should come up with at least two simple requirements, but may
come up with more, by reviewing the ANZ Security Centre at the URL below.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 75 of 100

Learning activity: Risk insurance 2

Research the internet for Australian insurance providers that would suit the
scenario provided. Identify three that you think you could use, and explain why
each is suitable.

INSURANCE PROVIDER –

HOW PROVIDER IS SUITBALE –

INSURANCE PROVIDER –

HOW PROVIDER IS SUITBALE –

INSURANCE PROVIDER –

HOW PROVIDER IS SUITBALE –

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 76 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Workplace adjustment

Sometimes it can be necessary to make adjustments in the workplace to
accommodate people with a disability. Adjustments can be undertaken in a
number of different ways, some of which are outlined below.

Selection
process

 discuss potential changes to non-core requirements of
position

 applicants may ask a friend to attend to interview

 prove a signing interpreter for hearing impaired employees if
needed.

Work area
design

 make physical changes to workplace, for example:

o movement or adjustment of furniture
o adjustment of lighting
o lowering benches.

Job design  exchange certain tasks to aid people with disabilities:

o e.g. telephone duties may be exchanged for filing
duties for someone with hearing impairment.

Flexible work
practices

 flexible work hours

 regular breaks

 working from home.

Workplace
access

 unobstructed access needs to be provided to all public use
areas . This may involve:

o the installation of ramps
o clear markings on steps
o provision of dedicated parking spaces near a

wheelchair accessible entrance

o lowered control panels
o accessible emergency phones in elevators.

Providing
equipment

 a telephone typewriter (TTY)

 voice recognition software

 speech synthesiser.

Ensure the individual is insulted before purchasing equipment
as even people with similar disabilities may have different
needs.

Training and
development

 Access to training and development opportunities needs to
be ensured for people with disabilities. This may be done by:

o conducting courses in accessible areas
o proving a signing interpreter.

Student Workbook Section 3 – Analysing and Evaluating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 77 of 100

Workplace Modifications Scheme

While the majority of employees with a disability won’t require any workplace
modifications, for some the barrier preventing them from doing a job is that a
workplace doesn’t accommodate them. Some might only need minor
adjustments to the workplace that can easily be made at minimal cost.
Sometimes what’s needed is an adjustment to the work environment or some
special tool or technology that will enable them to perform a job to their full
potential.

For employers, the Workplace Modifications Scheme (WMS) aims to make
accommodating workers with disability in your workplace easier. It’s a pool of
funds available to pay for the cost of any special equipment or adjustments that
are needed to accommodate an employee in a job.

Sometimes the help needed by an employee may be as simple as providing
them with an alarm wristwatch to remind them of when they need to do certain
tasks. Other times more complex solutions are needed to accommodate them,
such as building a wheelchair ramp to a workstation or installing special lighting
in the workplace.

The amount of funding available for each workplace modification usually isn’t
limited, which means that there’s flexibility to provide workplace solutions that
really meet the individual needs of both employers and employees.

Funding is available to help employers accommodate both new and existing
employees with disability. To be eligible, an employee must be employed for at
least eight hours a week in a job that’s reasonably expected to last 13 weeks or
more.

Extract from ‘An employer’s guide to employing someone with disability’,
.

Learning activity: Risk management and workplace modifications

Research the internet to find an example of a disability within a work
environment, and an adjustment that was made to allow for the disability.

Section 3 – Analysing and Evaluating Risk Student Workbook

BSBRSK501A Manage risk
Page 78 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Section summary

You should now understand how to analyse and evaluate risk specifically, the
concepts of probability and consequence as well as risk acceptance.

Further reading
 The University of New South Wales, 2010, UNSW Rick Consequence
Assessment Tool, viewed May 2010,
.
 Australian Government, 2010, Risk Analysis, viewed May 2010,
.

 Work Place, Australian Government, 2010, An employer’s guide to
employing someone with disability, viewed May 2010,
.

Section checklist
Before you proceed to the next section, make sure that you are able to:
 determine likelihood of risk
 assess consequence of risk
 evaluate and prioritise risk
 determine risk treatment options
 develop an action plan for treating risks.

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 79 of 100

Section 4 – Treating Risk
This section is looks at the implementation of the risk action plan developed in
the previous section.

Scenario: Treating, monitoring and evaluating the risk management process as
the new operations manager for the shoe repair chain

From the options developed previously, and in consultation with key
stakeholders, you determined the most appropriate risk management strategy
and actions for each risk. You then presented your risk management action plan
to the CEO who after consultation and discussion about monitoring the plan
made some adjustments. You were then asked to implement the plan.

Accepting the fact that all good plans need constant monitoring and evaluation,
you build control measures into the plan to help signal when actions are
delayed, ineffective or not being actioned. You rely on these control measures to
inform you when things are not going according to plan. You also instigate
internal and external audits to provide an extra dimension to the monitoring and
evaluation process.

What skills will you need?
In order to work effectively as a risk manager you must be able to:

 implement the risk action plan
 monitor the risk action plan
 evaluate the risk management process.

Implement the risk action plan

Implementation of the risk action plan requires participation from the
organisation, and therefore should involve the following stages.

 communicating the plan

 documenting procedures

 training.

Communicating the plan

A good starting point for implementation of the action plan is the communication
of the risk management process and strategies. It is essential that everyone in the
organisation understands the importance of risk management, who the key
people are and how they can contribute to the process.

Stakeholders make judgments on risk based on their perception. Their viewpoints
can significantly affect decisions made, so it is important that their perceptions
and opinions are documented and considered.

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 80 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

A communication plan should:

 facilitate the exchange of information between stakeholders

 be transparent, accurate and understandable

 be useful.

Learning activity: Communicating the plan

Having developed your risk management action plan for the case study in
Appendix 3, describe an effective way to communicate it to the relevant
stakeholders.

Senior Management Support

For the risk management plan to be successful it is important to ensure the
support of senior management. This may be accomplished by:

 obtaining the active ongoing support of the organisation’s directors and
senior management

 appointing a senior manager or similar champion to lead the initiative

 obtaining the commitment and support of all senior managers.

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 81 of 100

Learning activity: Gaining staff support

Describe three different ways that the support of staff in an organisation for risk
management practices can be obtained, that you would use as a manager
responsible for risk management in the workplace.

Communication with internal stakeholders

The organisation should ensure that its internal communication and reporting
mechanisms:

 include processes to consolidate risk information from a variety of sources
within the organisation, taking into account their likelihood and
consequence

 ensures all relevant parties are informed as to the key components of the
risk management framework, including any subsequent modifications

 provide adequate internal reporting on the effectiveness and outcomes of
the framework

 make relevant information derived from the application of the risk
management process available to appropriate levels of management in a
structured and timely manner

 include processes for consultation with internal stakeholders.

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 82 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Communication with external stakeholders

The organisation should develop a plan as to how it will communicate with its
external stakeholders. This should include:

 engaging appropriate external stakeholders and ensuring effective
exchange of information

 making legally required disclosures and other reporting to comply with
legal, regulatory and corporate governance requirements

 providing feedback on prior communication and consultation

 the use of communication and information to build confidence in the
organisation

 communicating with stakeholders in the event of a crisis or contingency.

Learning activity: Communicating plans

Brainstorm a list of approaches that you can use to communicate risk
management processes to staff and stakeholders in an organisation, and
describe how each of these can be effective.

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 83 of 100

Documenting procedures

Your action plan will have identified areas where written procedures need to be
developed and documented. To effectively implement the plan, staff, volunteers
and management committee members need to work together to develop these
procedures. Existing and new procedures should be reviewed to ensure that they
are consistent.

Implementation of the risk management process will often require new policies to
be developed that include monitoring, evaluation and continuous improvement.
Every organisation needs to have a risk management policy framework to
document the processes and procedures required. This policy will become a key
document in the life of an organisation.

In general, when writing policy, you should keep in mind the size and specific
needs of the organisation. Policy should be clear and concise and should not
include lengthy processes or procedures that will be difficult to maintain or comply
with.

The structure for policy documents will vary from organisation to organisation, but
some common elements included are as follows.

• The context of the policy, why it is required.

Purpose statement

• The application of the policy (particular location, workgroup, etc.).

Scope

• How the policy is implemented.

Procedure

• Who is responsible for what in the implementation of the policy.

Roles and responsibilities

• Reference any legislation that the policy specifically complies with.

Legislation

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 84 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Risk management policy

Identify a risk management policy or procedure for your training organisation
and describe how it assists the management of risk for the organisation.

POLICY –

ASSISTS WITH RISK MANAGEMENT –

A sample risk management policy can be found in Appendix 2.

Naming and securing documents

All documents produced in the workplace should be saved for future use and
reference. Commonly used formats should be saved as templates for efficient
access and creation of documents in the future.

Documents should be saved in accordance with organisational requirements
which may include protocols for naming documents to make their content
identifiable, and locations where particular documents should be stored for future
access.

Documents can also be saved with security measures implemented such as
password protection to prevent unwanted editing.

Ensure you know what the requirements are so that your document can be safely
stored and easily located again when required.

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 85 of 100

Learning activity: Organisational requirements for storage

What benefits are there in establishing protocols for naming documents? What
factors should be considered when storing documents, both electronically and
in printed format?

Training

It is highly likely your action plan will involve the introduction of new practices, or
changes to existing activities, so this will require training. It is a good idea to
ensure that this is carried out through the structures and processes that already
exist to facilitate training in your organisation.

Learning activity: Risk-reduction training

As the manager of risk for an organisation, you are responsible for ensuring that
new organisational activities are assessed for risk, and training is delivered to
affected staff to ensure that identified risks are managed as effectively as
possible. Describe ways that you could make training available to new staff in
the organisation to ensure that all staff have the same awareness of the
required safe work practices and risk management processes within the
organisation.

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 86 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Responsibility

It is important that there is responsibility and authority within the organisation
when it comes to managing risks, including the implementation and continuation
of the risk management process and making sure that risks are competently
controlled. This may be done by:

 placing specific people who are to be accountable for the development,
implementation and maintenance of the risk management process

 specifying individuals with the role of implementing risk treatment,
maintaining risk controls and reporting relevant information

 providing appropriate levels of recognition, reward, approval and authority.

Learning activity: Risk management responsibilities

Review the scenario in Appendix 3 under and then study the options outlined
below to determine who would best be suited to take responsibility for the task.
Briefly describe why you think they are most suited.

Task Responsibility and why.

Prepare a new policy and
procedures on leather knife
storage.

Taking out insurance to cover
money kept overnight on the
premises.

Training staff on new cash
register procedures.

Fixing the broken tiles and
eliminating the trip points.

Issuing chain-mail gloves for
use with the leather knife.

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 87 of 100

Resources

The organisation should make sure that it allocates appropriate resources for risk
management. Examples of resources to be considered are as follows.

 people, skills, experience and competences

 resources specific to stages of the risk management process

 information and knowledge

 documented process and procedures.

Learning activity: Professional development

Another resource for risk managers in organisations is the use of professional
development, training and/or induction activities to assist staff to understand
their role and responsibilities in the workplace.

Identify two areas of development that you might outsource professional
development training for, and describe why.

Professional development activity –

Reason –

Professional development activity –
Reason –

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 88 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Monitor the risk action plan

Monitoring and review are integral to the risk management process. Factors that
affect the likelihood and consequence of risk may change over time, as may the
costs of treatment options, so it is important to repeat the risk management
process cycle regularly.

Monitoring activities can include risk reviews, team meetings and progress
reports, which should be conducted regularly. Regular monitoring ensures that
mistakes made and lessons learned throughout the implementation of the risk
management process are incorporated into ongoing activities.

The progress of the risk treatment plans should be incorporated into the
continuous improvement system of the organisation as a key indicator of
performance. Continuous improvement refers to the ongoing efforts of an
organisation to improve processes.

Once your risk management process is in place, there are four elements to
maintaining the effectiveness of your risk management practices.

Identify one person responsible for risk management.

‘If it’s everybody’s responsibility, then it’s nobody’s responsibility’

It is essential that one person be given responsibility for risk management within
your organisation. This person is usually known as the ‘risk manager’. In smaller
organisations, the risk manager will also have many other responsibilities, while
very large organisations may have someone who’s only responsibility is risk
management.

Learning activity: Monitoring risk

Mossman municipal council has a risk management action plan which outlines
that managers and supervisors are required to record and review risk. Go to
, read pages 4 and 5 and describe how they are to involve others in
this process.

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 89 of 100

If you were a manager in this organisation, outline procedural steps you could
set-up and follow to help you fulfil your role in reviewing and reporting risk.

Keep procedures up to date

Circumstances change and therefore so should your risk management plan.
Experience gained from implementing risk management procedures can be used
to further refine those procedures.

Learning activity: Risk management documentation

Describe the typical documentation required in risk management, and explain
how it can be stored or saved for an organisation.

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 90 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Re-assess risks

It is likely that the risks identified in the risk management process will change
over time, making it important to review the changes. To keep your risk action
plan up to date, you do the following.

 Review it on a regular basis. At a minimum, this should be done at least
once a year.

 Evaluate changes within your organisation and its environment. This may
include new legislation relevant to your organisation, taking on new roles,
acquisition of new equipment, or creation of new positions.

Learning activity: Risk management review

Mossman Municipal Council has a risk management action plan which outlines
a review structure for a list of risk areas identified. View pages 5 and 6 of the
document, which can be found at
. Based on the plan, estimate the review period you would put in
place for each of the items listed below, and state your reasoning.

Risk area Review period Reason

Assets & infrastructure –
footpaths

Assets & infrastructure –
street furniture

Legislative compliance

New projects and special
events

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 91 of 100

Report on risk management

The risk management process should include reporting as its final step, to ensure
it is current. Reporting on risk should include:

 identification of any new risks

 the effectiveness of existing risk management process

 the occurrence of risks during the reporting period.

Risk reports should be filed and used in regular reviews of risks and procedures.

Risk reporting can occur in different formats and at different points in the risk
management cycle. The table below provides details of different reports that can
be produced by organisations to assist the risk management process.

Risk profile This report offers a quick reference point to determine an
organisation’s overall risk exposure. It can be used to
track risks and the factors the can cause risks to change,
as well as the effectiveness of treatment activities. This
report should include:

 description of risk

 risk rating (current and previous where applicable)

 changes that have occurred and reasons for them

 improvements or changes to treatment actions
required.

Risk treatment
report

This report provides information about the status of a
prescribed risk treatment action or activity and its
effectiveness. It should include:

 description of risk

 risk rating

 description of treatment action or activity

 assigned timelines/completion dates

 person/s responsible

 current status.

Emerging risk report This report is used to highlight anticipated risks or add
new risks to the risk register, which assists in keeping the
risk register current in between formal risk review
processes. It should include:

 description of risk
 risk rating

 causes of risk

 expected impact or consequence

 treatment action plan.

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 92 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Learning activity: Risk management reporting

Consider you are in a role as a manager of risk management processes. In the
course of your work you identify a risk to the organisation and eliminate the risk
entirely. Describe what benefits there are to your organisation in reporting the
risk, even though it has now been eliminated.

Learning activity: Organisational risk management

Research the internet (Australian university and government organisations
usually have policy documents online) for an organisational risk management
policy and procedure document. Describe who is responsible for the enactment
of the risk control strategies in place in the document, and how you think it is
monitored. Include a copy of the policy document in your workbook.

PERSON/POSITION RESPONSIBLE –

MONITORING PROCESS –

Student Workbook Section 4 – Treating Risk

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 93 of 100

Learning activity: Risk management monitoring approaches

Research three different approaches that can be taken to monitoring risk
management strategies and describe the positives and negatives of each for
the business environment.

Monitoring approach Positives Negatives

Evaluate the risk management process

So, what are measures of success in a well managed risk process? Here are some
things to look for:

 A decline in residual risk values.

 Progress towards a specific project objective.

 The extent of implementations of risk treatments.

 Decline in total cost of risk.

 Senior management are understanding and supportive.

Section 4 – Treating Risk Student Workbook

BSBRSK501A Manage risk
Page 94 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

The various risk reports mentioned earlier, if produced well, should provide great
insight into the success of the risk management process. Your evaluation should
include a review of these reports, and take note of any repeated issues,
inadequate treatment actions or significant variances in expected impact of risk
as opposed to the actual impact.

Learning activity: Success

Name some metrics that you think would identify a successful implementation
and monitoring of the risk management process.

Section summary

You should now understand how to implement and monitor a risk action plan, and
evaluate the risk management process.

Further reading

 NT WorkSafe , 2010, Northern Territory Government, Risk Management
Plans, viewed May 2010,
.

 Turbit, N., 2010, Project Perfect, Risk Management Basics, viewed May
2010, < http://www.projectperfect.com.au/info_risk_mgmt.php>.

Section checklist
Before you proceed to the next section, make sure that you are able to:
 implement the risk action plan
 monitor the risk action plan
 evaluate the risk management process.

Student Workbook

Glossary

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 95 of 100

Glossary

Term Definition

Consequence The outcome or impact of an event.

Control A process, policy, device, practice or other action that acts to
minimise negative risk.

Event Occurrence of a particular set of circumstances.

Hazard Source of potential harm.

Likelihood The extent to which an event is likely to occur.

Loss Any negative consequence or affect.

Monitor Check, supervise or measure the progress of an activity, action or
system on a regular basis.

Risk The chance of something happening that will have an impact on
objectives.

Risk analysis Systematic process to understand the nature of and determine the
level of risk.

Risk assessment The overall process of risk identification, risk analysis and risk
evaluation.

Risk evaluation The process of comparing the level of risk against risk criteria.

Risk
identification

The process of determining what, where, when, why and how
something could happen.

Risk
management

The culture, process and structures that are directed towards
realising potential opportunities whilst managing adverse affects.

Risk
management
process

The systematic application of management policies, procedures
and practices to the tasks of communicating, establishing the
context, identifying, analysis, evaluating, treating, monitoring and
reviewing risk.

Risk reduction Actions taken to lessen the likelihood and/or negative
consequences associated with a risk.

Risk retention Acceptance of the burden or loss, or benefit of gain, from a
particular risk.

Risk sharing Sharing with another party the burden or loss, or benefit of gain,
from a particular risk.

Stakeholders Those people and organisations who may affect, be affected by or
perceive themselves to be affected by a decision, activity or risk.

Treatment The process of selection and implementation of measures to
modify risk.

Appendices Student Workbook

BSBRSK501A Manage risk
Page 96 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Appendices

Appendix 1: Risk action plan template

Risk Assess Risk (L, M, H, E) Controls Monitoring Timelines Responsible

Student Workbook Appendices

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 97 of 100

Appendix 2: MacVille risk management policy

Purpose

Risk is inherent in all business activities. The aim of this policy is not to eliminate
risk, rather to manage the risks involved in all MacVille activities to maximise
opportunities and minimise adversity.

Effective risk management requires:

 a strategic focus

 forward thinking and active approaches to management

 balance between the cost of managing risk and the anticipated benefits

 contingency planning in the event that mission critical threats are realised.

Policy

MacVille will maintain procedures to provide a systematic view of the risks faced
in the course of our business activities.

 Establish a context: The strategic, organisational and risk management
context against which the rest of the risk management process in MacVille
will take place. Criteria against which risk will be evaluated should be
established and the structure of the risk analysis defined.

 Identify Risks: Identification of what, why and how events arise as the
basis for further analysis.

 Analyse Risks: The determination of existing controls and the analysis of
risks in terms of the consequence and likelihood in the context of those
controls. The analysis should consider the range of potential
consequences and how likely those consequences are to occur.
Consequence and likelihood are combined to produce a priority rating for
the risk.

 Treat Risks: For higher priority risks, MacVille is required to develop and
implement specific risk management plans including funding
considerations. Lower priority risks may be accepted and monitored.

 Monitor and Review: Oversight and review of the risk management system
and any changes that might affect it. Monitoring and reviewing occurs
concurrently throughout the risk management process.

 Communication and Consultation: Appropriate communication and
consultation with internal and external stakeholders should occur at each
stage of the risk management process as well as on the process as a
whole.

Appendices Student Workbook

BSBRSK501A Manage risk
Page 98 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

Establish the context
Identify risks
Analyse and evaluate
risk
Treat risk
Co
m
m
un
ic
at
io
n
an
d
co
ns
ul
ta
tio
n
M
onitor and review

Student Workbook Appendices

BSBRSK501A Manage risk
© 2010 Innovation & Business Industry Skills Council Ltd Page 99 of 100

Appendix 3: Scenario – Shoez

Review

Shoez, a shoe repair chain, operates 10 stores in the CBD and suburbs of
Brisbane, Queensland. The CEO Jeff Harding has appointed you as the operations
manager. You are no stranger to management but mostly at departmental level
for international organisations, with some time spent in sales and marketing
management. One role specifically required in your job description is to manage
the risks that could impact on the Shoez operations.

A meeting with Jeff in the first week confirmed his requirement of you to review,
analyse, plan and monitor the risks of the Shoez organisation. Jeff wants you to
report directly to him on the risk management process but also encouraged you to
also speak with the stores liaison person Jenny Clerk and the accountant Sue Lee.
Jeff thought it may also be beneficial to contact his accountant Brown and Davis
and of course the store managers, although they were only really concerned about
achieving their sales budgets and getting their commissions.

Jenny was constantly reminding the store employees about the OHS issues
relating to other staff and customers. Sue did the payrolls and was constantly
pushing the managers to provide the appropriately authorised paperwork. Jeff
said that the accountants were keen to see safe guards instigated for cash
control.

Jeff wanted you to undertake this task so that you could get significant insight into
the Shoez operations and develop and implement a plan to reduce the risk
exposure of the organisation. He also said that he needed an ongoing risk
monitoring process instigated as well.

According to Jeff, the areas that had been underperforming and were primary
areas of risks concern were the human resources management, financial
operations and OHS. These are the areas he wanted you to focus on in your
management.

Internal and external environment

After discussing Shoez with the key stakeholders and doing some external
research you identify the following significant issues.

 Jeff spoke about a new law that was being introduced by the Federal
Government that will impact on the way that he has been paying his staff
with some of their pay earned on commission.

 Jeff showed a report from a survey where people rated their shoes as the
second most important dress item for the successful business person and
that business people were choosing the high quality shoes that they would
repair rather than replace.

 Brown and Davis spoke about the latest Point of Sale cash registers that
would improve stock and cash control in the Shoez stores.

 You noticed that the location of the Shoez stores was always in the
prominent and highly trafficked parts of the shopping centres.

 Sue said that she was not able to get all the staff records for pays and
employees details from the store managers and this made processing
difficult and meant that they were not compliant.

Appendices Student Workbook

BSBRSK501A Manage risk
Page 100 of 100 © 2010 Innovation & Business Industry Skills Council Ltd

 Brown and Davis explained that the old cash registers did not have the
features that could help eliminate fraud.

 Jenny spoke about the flooring where the staff worked and customers were
sometimes required to access. The ceramic tiles were broken and covered
up with a thin mat, but still presented a trip point to customers and staff
alike.

 Brown and Davis had spoken about a large chain in New South Wales that
were planning to expand into Brisbane in the next 12 months.

 Jeff said that while 10 stores was a good number, there is another 20 good
locations in Brisbane that want Shoez as part of the shopping centre
assortment.

 You noticed that the stores were looking old and the decor has been out of
fashion for over five years.

 Brown and Davis explained that the growth in the older age portions of the
Brisbane population was a positive indicator for the Shoez business.

Research findings

Store manager reports, together with your interviews with the other key
stakeholders identifies the following risks.

 Broken floor tiles creating a trip point for staff and customers.

 Wet floors on rainy days making it slippery for staff and customers.

 The store has extremely sharp knives used to cut the leather.

 Banking not always done every day leaving cash on the premises.

 The staff member balancing the cash registers also prepared the bank
deposit book and banked the cash.

 Some stores had sizable banking amounts that were banked by the junior
staff member.

 Staff records were kept in the individual stores in the bottom drawer of an
unlocked filing cabinet.

 One question on the staff records asked for a full medical history of the
employee.

 Timesheets sent to head office were not always authorised.

Learner Guide

This learner guide is copyright protected and belongs to:

BSBRSK501

MANAGE RISK

Developed by Enhance Your Future Pty Ltd 2

BSBRSK501 Manage risk Version 2

Developed by Enhance Your Future Pty Ltd 3

BSBRSK501 Manage risk Version 2

T A B L E O F C O N T E N T S

TABLE OF CONTENTS………………………………………………………………………………………………………………. 3

COURSE INTRODUCTION ………………………………………………………………………………………………………… 6

ABOUT THIS GUIDE ………………………………………………………………………………………………………………………………………………… 6
ABOUT THIS RESOURCE ………………………………………………………………………………………………………………………………….. 6
ABOUT ASSESSMENT ………………………………………………………………………………………………………………………………………… 6

ELEMENTS AND PERFORMANCE CRITERIA ………………………………………………………………………….. 9

REQUIRED SKILLS AND KNOWLEDGE …………………………………………………………………………………… 10

KNOWLEDGE EVIDENCE ………………………………………………………………………………………………………………………………………. 10
PERFORMANCE EVIDENCE ……………………………………………………………………………………………………………………………………. 10

PRE-REQUISITES ……………………………………………………………………………………………………………………… 11

TOPIC 1 – ESTABLISH RISK CONTEXT …………………………………………………………………………………….. 12

REVIEW ORGANISATIONAL PROCESSES, PROCEDURES AND REQUIREMENTS FOR

UNDERTAKING RISK MANAGEMENT …………………………………………………………………………………….. 12

OUTLINE ORGANISATIONAL POLICIES, PROCEDURES AND PROCESSES FOR RISK MANAGEMENT …………………….. 12
THE LEGISLATIVE AND REGULATORY CONTEXT OF THE ORGANISATION IN RELATION TO RISK MANAGEMENT

………………………………………………………………………………………………………………………………………………………………………………. 14
Anti-Discrimination and Equal Employment Opportunity (EEO) …………………………………………………………………………….. 14
Consumer Protection, Fair Trading and Trade Practices …………………………………………………………………………………………….. 15
Employment and Industrial Relations ……………………………………………………………………………………………………………………… 16
Environment and Sustainability……………………………………………………………………………………………………………………………… 18
Financial Services ………………………………………………………………………………………………………………………………………………… 18
Occupational Health and Safety (OHS) ………………………………………………………………………………………………………………….. 19
Privacy ……………………………………………………………………………………………………………………………………………………………….. 20

THE PURPOSE AND KEY ELEMENTS OF CURRENT RISK MANAGEMENT STANDARDS ………………………………………… 21

DETERMINE SCOPE FOR RISK MANAGEMENT PROCESS …………………………………………………….. 22

THE SCOPE DOCUMENT AND ITS COMPONENTS …………………………………………………………………………………………………… 23
RISK ASSOCIATED WITH PROJECT MANAGEMENT ………………………………………………………………………………………………… 24

IDENTIFY INTERNAL AND EXTERNAL STAKEHOLDERS AND THEIR ISSUES …………………… 25

REVIEW POLITICAL, ECONOMIC, SOCIAL, LEGAL, TECHNOLOGICAL AND POLICY

CONTEXT ………………………………………………………………………………………………………………………………… 26

SPECIFIC RISK AREAS …………………………………………………………………………………………………………………………………………….. 26

REVIEW STRENGTHS AND WEAKNESSES OF EXISTING ARRANGEMENTS …………………………. 31

CONDUCTING A SWOT ANALYSIS ……………………………………………………………………………………………………………………….. 31

DOCUMENT CRITICAL SUCCESS FACTORS, GOALS OR OBJECTIVES FOR AREA INCLUDED

IN SCOPE …………………………………………………………………………………………………………………………………. 34

OBTAIN SUPPORT FOR RISK MANAGEMENT ACTIVITIES ……………………………………………………. 36

CREATING A SUPPORTIVE WORK ENVIRONMENT …………………………………………………………………………………………………. 36
INDIVIDUAL OR TEAM APPROACH ………………………………………………………………………………………………………………………… 37
THE IMPORTANCE OF TRAINING ………………………………………………………………………………………………………………………….. 38

COMMUNICATE WITH RELEVANT PARTIES ABOUT THE RISK MANAGEMENT PROCESS

AND INVITE PARTICIPATION ………………………………………………………………………………………………… 40

TOPIC 2 – IDENTIFY RISKS ………………………………………………………………………………………………………. 42

INVITE RELEVANT PARTIES TO ASSIST IN THE IDENTIFICATION OF RISKS…………………….. 42

Developed by Enhance Your Future Pty Ltd 4

BSBRSK501 Manage risk Version 2

RESEARCH RISKS THAT MAY APPLY TO SCOPE ……………………………………………………………………. 44

USE TOOLS AND TECHNIQUES TO GENERATE A LIST OF RISKS THAT APPLY TO THE

SCOPE, IN CONSULTATION WITH RELEVANT PARTIES ………………………………………………………. 45

RISK IDENTIFICATION TECHNIQUES ……………………………………………………………………………………………………………………. 45
PROCESS CHARTING ……………………………………………………………………………………………………………………………………………… 46

Scenario analysis ………………………………………………………………………………………………………………………………………………….. 47
BENCHMARKING SIMILAR ORGANISATIONS AND ACTIVITIES ………………………………………………………………………………. 47

TOPIC 3 – ANALYSE RISKS ……………………………………………………………………………………………………….. 49

ASSESS LIKELIHOOD OF RISKS OCCURRING …………………………………………………………………………. 49

ASSESS IMPACT OR CONSEQUENCE IF RISKS OCCUR …………………………………………………………… 50

EVALUATE AND PRIORITISE RISKS FOR TREATMENT …………………………………………………………. 51

TOPIC 4 – SELECT AND IMPLEMENT TREATMENTS …………………………………………………………….. 55

DETERMINE AND SELECT MOST APPROPRIATE OPTIONS FOR TREATING RISKS ……………. 55

KEY OUTCOMES STEPS ………………………………………………………………………………………………………………………………………….. 55
Identify treatment options ………………………………………………………………………………………………………………………………………. 55

DEVELOP AN ACTION PLAN FOR IMPLEMENTING RISK TREATMENT ……………………………… 58

SAMPLE RISK TREATMENT ACTION PLAN ……………………………………………………………………………………………………………… 59

COMMUNICATE RISK MANAGEMENT PROCESSES TO RELEVANT PARTIES ………………………. 60

COMMUNICATION FACTORS SUCH AS LANGUAGE AND LITERACY ……………………………………………………………………….. 60
DIVERSITY OF WORKERS ………………………………………………………………………………………………………………………………………. 60

ENSURE ALL DOCUMENTATION IS IN ORDER AND APPROPRIATELY STORED ………………… 62

STORAGE OF WHS/OHS INFORMATION……………………………………………………………………………………………………………… 62

IMPLEMENT AND MONITOR ACTION PLAN ………………………………………………………………………… 63

EVALUATE RISK MANAGEMENT PROCESS ……………………………………………………………………………. 66

SUMMARY ………………………………………………………………………………………………………………………………… 68

REFERENCES ………………………………………………………………………………………………………………………….. 69

Developed by Enhance Your Future Pty Ltd 5

BSBRSK501 Manage risk Version 2

Developed by Enhance Your Future Pty Ltd 6

BSBRSK501 Manage risk Version 2

C O U R S E I N T R O D U C T I O N

ABOUT THIS GUIDE

This resource covers the unit BSBRSK501 Manage

risk.

This unit describes the performance outcomes, skills and knowledge required to manage risks in

a range of contexts across the organisation or for a specific business unit or area.

This unit addresses the management of the risk across the organisation or within a business unit

or area. It does not assume any given industry setting.

This unit applies to individuals who are working in positions of authority and are approved to

implement change across the organisation, business unit, program or project area. They may or

may not have responsibility for directly supervising others.

ABOUT THIS RESOURCE

This resource brings together information to develop your knowledge about this unit. The

information is designed to reflect the requirements of the unit and uses headings to makes it

easier to follow.

Read through this resource to develop your knowledge in preparation for your assessment. You

will be required to complete the assessment tools that are included in your program. At the back

of the resource are a list of references you may find useful to review.

As a student it is important to extend your learning and to search out text books, internet sites,

talk to people at work and read newspaper articles and journals which can provide additional

learning material.

Your trainer may include additional information and provide activities. Slide presentations and

assessments in class to support your learning.

ABOUT ASSESSMENT

Developed by Enhance Your Future Pty Ltd 7

BSBRSK501 Manage risk Version 2

Throughout your training we are committed to your learning by providing a training and

assessment framework that ensures the knowledge gained through training is translated into

practical on the job improvements.

You are going to be assessed for:

 Your skills and knowledge using written and observation activities that apply to your

workplace.

 Your ability to apply your learning.

 Your ability to recognise common principles and actively use these on the job.

You will receive an overall result of Competent or Not Yet Competent for the assessment of this

unit. The assessment is a competency based assessment, which has no pass or fail. You are either

competent or not yet competent. Not Yet Competent means that you still are in the process of

understanding and acquiring the skills and knowledge required to be marked competent. The

assessment process is made up of a number of assessment methods. You are required to achieve

a satisfactory result in each of these to be deemed competent overall.

All of your assessment and training is provided as a positive learning tool. Your assessor will

guide your learning and provide feedback on your responses to the assessment. For valid and

reliable assessment of this unit, a range of assessment methods will be used to assess practical

skills and knowledge.

Your assessment may be conducted through a combination of the following methods:

 Written Activity

 Case Study

 Observation

 Questions

 Third Party Report

The assessment tool for this unit should be completed within the specified time period following

the delivery of the unit. If you feel you are not yet ready for assessment, discuss this with your

trainer and assessor.

To be successful in this unit you will need to relate your learning to your workplace. You may be

required to demonstrate your skills and be observed by your assessor in your workplace

Developed by Enhance Your Future Pty Ltd 8

BSBRSK501 Manage risk Version 2

environment. Some units provide for a simulated work environment and your trainer and

assessor will outline the requirements in these instances.

Developed by Enhance Your Future Pty Ltd 9

BSBRSK501 Manage risk Version 2

E L E M E N T S A N D P E R F O R M A N C E
C R I T E R I A

1. Establish risk context 1.1 Review organisational processes, procedures and requirements for

undertaking risk

management

1.2 Determine scope for risk management process

1.3 Identify internal and external stakeholders and their issues

1.4 Review political, economic, social, legal, technological and policy

context

1.5 Review strengths and weaknesses of existing arrangements

1.6 Document critical success factors, goals or objectives for area

included in scope

1.7 Obtain support for risk management activities

1.8 Communicate with relevant parties about the risk management

process and invite participation

2. Identify risks 2.1 Invite relevant parties to assist in the identification of risks

2.2 Research risks that may apply to scope

2.3 Use tools and techniques to generate a list of risks that apply to the

scope, in consultation with relevant parties

3. Analyse risks 3.1 Assess likelihood of risks occurring

3.2 Assess impact or consequence if risks occur

3.3 Evaluate and prioritise risks for treatment

4. Select and implement

treatments

4.1 Determine and select most appropriate options for treating risks

4.2 Develop an action plan for implementing risk treatment

4.3 Communicate risk management processes to relevant parties

4.4 Ensure all documentation is in order and appropriately stored

4.5 Implement and monitor action plan

4.6 Evaluate risk management process

Developed by Enhance Your Future Pty Ltd 10

BSBRSK501 Manage risk Version 2

R E Q U I R E D S K I L L S A N D
K N O W L E D G E

This describes the essential knowledge and skills and their level required for this unit.

KNOWLEDGE EVIDENCE

To complete the unit requirements safely and effectively, the individual must:

 Outline the purpose and key elements of current risk management standards

 Outline the legislative and regulatory context of the organisation in relation to risk

management

 Outline organisational policies, procedures and processes for risk management.

PERFORMANCE EVIDENCE

Evidence of the ability to:

 Analyse information from a range of sources to identify the scope and context of the

risk management process including:

o Stakeholder analysis

o Political, economic, social, legal, technological and policy context

o Current arrangements

o Objectives and critical success factors for the area included in scope

o Risks that may apply to scope

 Consult and communicate with relevant stakeholders to identify and assess risks,

determine appropriate risk treatment actions and priorities and explain the risk

management processes

 Develop and implement an action plan to treat risks

 Monitor and evaluate the action plan and risk management process

 Maintain documentation

Developed by Enhance Your Future Pty Ltd 11

BSBRSK501 Manage risk Version 2

P R E – R E Q U I S I T E S

This unit must be assessed after the following pre-requisite unit:

There are no pre-requisites for this unit.

Developed by Enhance Your Future Pty Ltd 12

BSBRSK501 Manage risk Version 2

T O P I C 1 – E S T A B L I S H R I S K
C O N T E X T

REVIEW ORGANISAT IONA L PROCESSES, P ROCE DU RES AND

REQUIREMENTS FOR UND ERTAKING RISK MANAGE MENT

Most organisations are exposed to some level of risk. Some of these risks are consistent across

organisations, and some are organisation-specific. Risks may relate

to:

 Commercial relationships

 Economic circumstances and scenarios

 Human behaviour

 Individual activities

 Legislation

 Management activities and controls

 Natural events

 Political circumstances

 Technology

OUTLINE ORGANISATION AL POLICIES, PROCEDU RES AND PROCESSES

FOR RISK MANAGEMENT

Before beginning a project to manage the various risks to which your organisation is exposed, it

is important to take the time to review your organisation’s risk management policies, procedures

and processes. Read the following definitions:

 A policy is a written statement which explains why workers within an organisation should

undertake a task in a certain way

 A procedure is a written statement which explains how workers within an organisation

should undertake the task

 A process is a series of actions or steps which workers should undertake to achieve a

particular outcome; processes for different tasks, including those related to risk

Developed by Enhance Your Future Pty Ltd 13

BSBRSK501 Manage risk Version 2

management, may be outlined in your organisation’s procedures, or they may exist as

separate documents

You must be familiar with where your organisation’s risk management policies, procedures and

processes are stored – for example, they are often located in soft-copy on a shared computer

drive, or in hard-copy in folders in a main office, etc. You must know how to access these key

documents, and how you are expected to apply them in your work – and in particular, when

assessing risk, and when planning to manage risk.

Your organisation’s policies, procedures and processes for risk management will provide you

with the following types of important information:

 They will tell you about the risks associated with specific areas or the organisation as a

whole, and these should be included in your risk management assessment. They may also

provide information on how risks change over time, in response to different

circumstances and events in your organisation

 Different organisations create different levels of expectation for risk management

strategies, along with specifying cost effectiveness versus acceptable risk; knowing this

information means you can keep the risk management project in line within the

company’s guidelines and objectives

 They may provide information on past risk management activities undertaken in your

organisation, and the impacts these had on organisational risk

When reviewing risk management procedures you should also look for specific formatting

requirements for contingency plans. Areas such as emergency services (Ambulance, Fire, SES

and Police departments) often create contingency plans for different potential emergencies. They

always follow the same format in all of their plans. This allows the reader of the plan to quickly

find the information that they need.

If you need to implement contingency plans, then following standard formats may save time.

People will not have to search for information or understand the format before implementing

their part of the plan the only thing they need to do is open the plan to the section they need,

and find what they are looking for.

If there are other risk management assessments that have been done in parallel parts of the

organisation, you may need to consider accessing a copy of them in order to help you with the

new plan. Often, the risk management plans created for other areas of the company can be

adapted to suit your needs. This also provides for a cost saving to the company, because it means

Developed by Enhance Your Future Pty Ltd 14

BSBRSK501 Manage risk Version 2

work already done does not need to be repeated.

Your organisation’s policies, procedures and processes for risk management should also provide

you with a great deal of information about how your final documentation should be filed, who

should receive copies, where they should be located, and how they should be distributed. All are

important factors in a risk management project.

THE LEGISLATIVE AND REGULATORY CONTEXT O F THE

ORGANISATION IN RELA TION TO RISK MANAGEM ENT

In your role, it is important that you are familiar with the legislation and regulations which apply

to your organisation in relation to risk management. Working within legislation and regulations is

essential to reducing the risks to which your organisation is exposed, and it can also assist you to

identify strategies to effectively manage risks.

There may be particular pieces of legislation and regulations that apply in the organisation /

industry or the State / Territory where you work. If this is the case, it is essential that you

familiarise yourself with this – for example: by reading about it online (e.g. on the Federal

organisation manager, legal professionals, etc.). Read the following about some more general

legislation / regulations which may apply to you:

ANTI-DISCRIMINATION AND EQUAL EMPLOYMENT OPPORTUNITY (EEO)

Discrimination refers to the unjust or prejudicial treatment of a person on the grounds of a point

of difference (e.g. race, colour / ethnicity, gender, sexual preference, age, physical or mental

disability, marital status, family / carer responsibilities, pregnancy, religion, political opinion,

national extraction, social origin, etc.). Under a range of legislation, discrimination is illegal in

Australia. Read

the following:

Over the past 30 years the Commonwealth Government and the state and territory governments have introduced laws to

help protect people from discrimination and harassment.

The following laws operate at a federal level and the Australian Human Rights Commission has statutory responsibilities

under them:

 Age Discrimination Act 2004

 Australian Human Rights Commission Act 1986

 Disability Discrimination Act 1992

 Racial Discrimination Act 1975

 Sex Discrimination Act 1984.

The following laws operate at a state and territory level, with state and territory equal opportunity and anti-discrimination

agencies having statutory responsibilities under them:

Developed by Enhance Your Future Pty Ltd 15

BSBRSK501 Manage risk Version 2

 Australian Capital Territory – Discrimination Act 1991

 New South Wales – Anti-Discrimination Act 1977

 Northern Territory – Anti-Discrimination Act 1996

 Queensland – Anti-Discrimination Act 1991

 South Australia – Equal Opportunity Act 1984

 Tasmania – Anti-Discrimination Act 1998

 Victoria – Equal Opportunity Act 2010

 Western Australia – Equal Opportunity Act 1984.

Commonwealth laws and the state/territory laws generally overlap and prohibit the same type of discrimination. As both

state/territory laws and Commonwealth laws apply, you must comply with both. Unfortunately, the laws apply in slightly

different ways and there are some gaps in the protection that is offered between different states and territories and at a

Commonwealth level. To work out your obligations you will need to check the Commonwealth legislation and the state or

territory legislation in each state in which you operate.1

A concept closely associated with anti-discrimination is equal employment opportunity.

Diversity in the workplace means having employees from a wide range of backgrounds. This can include having employees

of different ages, gender, ethnicity, physical ability, sexual orientation, religious belief, work experience, educational

background, and so on.

In Australia, national and state laws cover equal employment opportunity and anti-discrimination in the workplace.

You’re required by these laws to create a workplace free from discrimination and harassment. It’s important that as an

employer, you understand your rights and responsibilities under human rights and anti-discrimination law. By putting

effective anti-discrimination and anti-harassment procedures in place in your business you can improve productivity and

increase efficiency.1

Equity and diversity principles state that all people must be treated equally and fairly, regardless

of diversity such as gender, disability, etc. This applies also in relation to employment. All States

and Territories in Australia have equal employment acts; you should familiarise yourself with

those which apply to you in your role.

CONSUMER PROTECTION, FAIR TRADING AND TRADE PRACTICES

Australian consumer laws protect consumers in relation to the products and services they

purchase. They require people / organisations selling products and services to utilise fair trading

/ fair trade practices. Under the Australian consumer laws, organisations have a responsibility to

offer guarantees on the products and services they sell. Read the following:

Products must be of acceptable quality, that is:

1 Australian Human Rights Commission, 2017.

Developed by Enhance Your Future Pty Ltd 16

BSBRSK501 Manage risk Version 2

 Safe, lasting, with no faults

 Look acceptable

 Do all the things someone would normally expect them to do

Acceptable quality takes into account what would normally be expected for the type of product and cost. Products must also:

 Match descriptions made by the salesperson, on packaging and labels, and in promotions or advertising

 Match any demonstration model or sample you asked for

 Be fit for the purpose the business told you it would be fit for and for any purpose that you made known to the

business before purchasing

 Come with full title and ownership

 Not carry any hidden debts or extra charges

 Come with undisturbed possession, so no one has a right to take the goods away or prevent you from using them

 Meet any extra promises made about performance, condition and quality, such as life time guarantees and money

back offers

 Have spare parts and repair facilities available for a reasonable time after purchase unless you were told otherwise

Services must:

 Be provided with acceptable care and skill or technical knowledge and taking all necessary steps to avoid loss and

damage

 Be fit for the purpose or give the results that you and the business had agreed to

 Be delivered within a reasonable time when there is no agreed end date2

There are some exceptions to these guarantees; you can read more about these on the Australian

Competition and Consumer Commission’s (ACCC) website.

In some circumstances when an organisation has failed in relation to its responsibilities when

selling a product or service, a customer may be entitled to a refund or an exchange. To refund a

customer means to return the money they have paid for the product or service they are

dissatisfied with. To exchange means to provide the customer with another product or service to

replace the one they are dissatisfied with.

EMPLOYMENT AND INDUSTRIAL RELATIONS

The Australian national workplace relations system establishes a safety net of minimum terms

and conditions of employment, and a range of other workplace rights and responsibilities. Read

the following:

2 Australian Competition and Consumer Commission, 2016.

Developed by Enhance Your Future Pty Ltd 17

BSBRSK501 Manage risk Version 2

The national workplace relations system is established by the Fair Work Act 2009 and other laws and covers the

majority of private sector employees and employers in Australia. As set out in the Fair Work Act 2009 and other

workplace legislation, the key elements of our workplace relations framework are:

 A safety net of minimum terms and conditions of employment

 A system of enterprise-level collective bargaining underpinned by bargaining obligations and rules governing

industrial action

 Provision for individual flexibility arrangements as a way to allow an individual worker and an employer to

make flexible work arrangements that meet their genuine needs, provided that the employee is better off overall

 Protections against unfair or unlawful termination of employment

 Protection of the freedom of both employers and employees to choose whether or not to be represented by a third

party in workplace matters

Australia’s workplace relations laws are enacted by the Commonwealth Parliament. The practical application of the Fair

Work Act in workplaces is overseen by the Fair Work Commission and the Fair Work Ombudsman:

 The Fair Work Commission is the independent national workplace relations tribunal and has the power to

carry out a range of functions in relation to workplace matters such as the safety net of minimum conditions,

enterprise bargaining, industrial action, dispute resolution and termination of employment

 The Fair Work Ombudsman helps employees, employers, contractors and the wider community to understand

their workplace rights and responsibilities and enforces compliance with Australia’s workplace laws3

It is important that you are familiar with the industrial relations laws and processes which apply

in the context in which you work

3 Australian Government Department of Employment, 2017.

http://www.fwc.gov.au/

http://www.fairwork.gov.au/

Developed by Enhance Your Future Pty Ltd 18

BSBRSK501 Manage risk Version 2

ENVIRONMENT AND SUSTAINABILITY

We all have a moral and ethical responsibility to safeguard the environment. For many

organisations, environmental protection is also a legal responsibility. Read the following:

The Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act) is the Australian Government’s key

piece of environmental legislation which commenced 16 July 2000. The EPBC Act enables the Australian Government

to join with the states and territories in providing a truly national scheme of environment and heritage protection and

biodiversity conservation. The EPBC Act focuses Australian Government interests on the protection of matters of

national environmental significance, with the states and territories having responsibility for matters of state and local

significance. The Australian Government Department of the Environment (the Department) administers the EPBC Act.

The objectives of the EPBC Act are to:

 Provide for the protection of the environment, especially matters of national environmental significance

 Conserve Australian

biodiversity

 Provide a streamlined national environmental assessment and approvals process

 Enhance the protection and management of important natural and cultural places

 Control the international movement of plants and animals (wildlife), wildlife specimens and products made or

derived from wildlife

 Promote ecologically sustainable development through the conservation and ecologically sustainable use of natural

resources

 Recognise the role of Indigenous people in the conservation and ecologically sustainable use of Australia’s

biodiversity

 Promote the use of Indigenous peoples’ knowledge of biodiversity with the involvement of, and in cooperation

with, the owners of the knowledge4

It is important that you work in a manner consistent with the EPBC Act, as well as any other

environmental protection legislation which applies to your context of practice.

FINANCIAL SERVICES

Your organisation may provide a variety of different financial services; in your role, you may be

responsible for managing these financial services. When considering financial services, it is

important that you consider financial probity. Probity is a strict adherence to a code of ethics,

and undeviating honesty, in commercial (monetary) matters. It is important that you familiarise

yourself with your organisation’s policies and procedures for financial probity. Financial probity

involves considerations such as:

4 Australian Government Department of Environment and Energy, 2017.

http://www.environment.gov.au/epbc/protect/index.html

http://www.environment.gov.au/epbc/protect/biodiversity.html

http://www.environment.gov.au/epbc/assessments/process.html

http://www.environment.gov.au/heritage/index.html

http://www.environment.gov.au/biodiversity/wildlife-trade/index.html

Developed by Enhance Your Future Pty Ltd 19

BSBRSK501 Manage risk Version 2

 Acting in a manner consistent with the real estate code of ethics / code of conduct

relevant to the context in which you work; there are a variety of general codes of ethics /

conduct online, and you are encouraged to read these

 Not making improper use of your position – for example, avoid placing yourself in a

situation where there is the potential for claims of bias

 Not accepting hospitality, gifts or benefits, etc., from any potential suppliers

 Not seeking benefit from practices that may be dishonest, unethical or unsafe

 Treat all people equitably – this means fairly, not necessarily equally

 Manage conflict of interest and risks appropriately and effectively

 Keeping comprehensive documentation about financial matters

OCCUPATIONAL HEALTH AND SAFETY (OHS)

Occupational health and safety (OHS) refers to the legislation and guidelines in place to keep

yourself and others safe in the workplace. Formerly, each Australian State and Territory has its

own work health and safety (WHS) laws. However, as of 1 January 2012 a number of Australian

states and territories are working collaboratively to develop a harmonised Occupational Health and

Safety (OHS) Act which can be applied consistently across these jurisdictions. States and

Territories which follow this harmonised legislation – known as the Work Health and Safety

(National Uniform Legislation) Act 2011 – include the Australian Capital Territory, New South

Wales, the Northern Territory, Queensland and South Australia. The Work Health and Safety

(National Uniform Legislation) Act 2011 underpins a number of other legislation and regulations.

Under the Work Health and Safety (National Uniform Legislation) Act 2011, your legislative

requirements may include those related to:

 Provisions of federal, state / territory OHS Acts / regulations

 Guidelines and procedures administered by statutory / regulatory authorities

 Industry OHS standards and guidelines

 Health and safety representatives, committees, supervisors

 Licences, registration or certificates of competency

 National safety standards

Acting within your scope of practice to ensure the health and safety of all those attending the

organisation you work for is a fundamental aspect of your duty of care. You should familiarise

yourself with the Work Health and Safety (National Uniform Legislation) Act 2011 and / or the

applicable legislation in your State or Territory, as well as the organisational policies and

procedures which explain how you are expected to apply this legislation in your day-to-day work.

Developed by Enhance Your Future Pty Ltd 20

BSBRSK501 Manage risk Version 2

PRIVACY

Under The Privacy Act (1998) (Commonwealth), and related State / Territory legislation, you are

required to maintain the confidentiality of the clients who attend your organisation, as well as

that of other staff members, the program itself and the wider community (as applicable).

Fundamentally, this means protecting their right to privacy, and avoiding sharing private

information unnecessarily. Confidentiality is an important aspect of your duty of care.

Amendments to the Privacy Act (1988) – the Privacy Amendment Act (2000) – describe how services

should treat their clients’ personal information. These principles

include:

 Only collecting information necessary to provide a service

 Not using this information other than to providing a service

 Collecting such information lawfully, fairly and unobtrusively

 Obtaining informed consent to collect and store records

 Maintaining people’s rights to request access to their records

 Ensuring records are kept safe (e.g. in a locked filing cabinet)

 Ensuring records are shared appropriately, with relevant people

 Ensuring records are shared with the consent of the client

 Ensuring records are not discussed in public spaces

 Informing clients about the reasons why records are collected

 Informing clients of what is done with the records collected

 Ensuring that clients are informed about situations where disclosure of confidential

information without their consent is legally mandated

In essence, confidentiality is about protecting a client’s right to privacy. However, there are

circumstances where you are legally permitted to disclose information without the client’s

consent. This includes situations where you required by law to disclose confidential information

– for example, where you are subpoenaed (ordered) by a court to do so. Depending on your role,

you may also have a legal obligation to disclose confidential information if you have a reasonable

belief that a client may be at risk of harming themselves or others, for example. You may also be

legally required to disclose situations where you believe a colleague is impaired to the extent that

they may cause harm to clients. You should familiarise yourself with your legal obligations related

to your role as a mandatory reporter in your State or Territory.

Developed by Enhance Your Future Pty Ltd 21

BSBRSK501 Manage risk Version 2

THE PURPOSE AND KEY ELEMENTS OF CURRENT RISK MANAGEMENT

STANDARDS

The previous section of this unit discussed the legislative and regulatory context of your

organisation in relation to risk management. Closely related to legislation and regulations are

standards. Read the following about standards:

Standards are documents setting out specifications, procedures and guidelines. They are designed to ensure products, services

and systems are safe, reliable and consistent. They are based on industrial, scientific and consumer experience and are

regularly reviewed to ensure they keep pace with new technologies. They cover everything from consumer products and

services, construction, engineering, business, information technology, human services to energy and water utilities, the

environment and much more. There are three kinds of standards:

 International standards are developed by International Organisation for Standardisation (ISO) and other

organisations. Countries can adopt these standards directly for their national use. Wherever possible, Standards

Australia embraces the development and adoption of international standards

 Regional standards are prepared by a specific region. Joint Australian/New Zealand standards can be

considered regional standards

 National standards can be developed by a national standards body (like Standards Australia) or other

accredited bodies5

The current risk management standard in Australia is AS / NZS ISO 31000 : 2009. This standard

provides important principles and general guidelines which should be considered when you are

developing risk management frameworks and programs.

It is likely that your organisation will have a copy of AS / NZS ISO 31000 : 2009 – either in

hard-copy, or in soft-copy. It is important that you access this standard, and read it for

understanding. In particular, you should understand how you can – and, indeed, are expected to

– apply this standard in your work managing risk in your organisation.

5 Standards Australia, 2017.

Developed by Enhance Your Future Pty Ltd 22

BSBRSK501 Manage risk Version 2

DETERMINE SCOPE FOR RISK M ANAGEMENT PROC ESS

Every risk management project has limitations. It is impossible for one person to identify all

possible risks that exist for a company. This process is usually broken down into sub-projects.

It is important to determine the scope of the risk management project first because there are

always risk factors which arise, that are outside of the person or teams authority who are

performing the risk analysis.

If you try to be all inclusive in your scope, you’ll never complete

the project.

Each new risk that

presents itself can open the doors to whole new areas of risks to plan for.

The scope that you create or that is assigned by the organisational policies will create the limits

for your risk management project. Anything that doesn’t fall within that scope is not your

responsibility and you should not begin developing plans for these areas.

You should forward the list of risks that are outside your scope of management to the person

who is responsible for risk management within your organisation; this could be the Health and

Safety Rep.

When determining the scope of your risk management process, you need to think along practical
lines that are in agreement with your organisations operational plan. Trying to develop a risk
management program that extends across geographical separation, business units or different
projects can be extremely difficult. Your scope may apply to:

 A specific project

 An individual business unit or area

 Specific functions such as:

o Financial management

o WHS

o Governance

 External environment – for facilities

 Internal environment – also for facilities

Developed by Enhance Your Future Pty Ltd 23

BSBRSK501 Manage risk Version 2

 Or, in the case of a small organisation, it can cover the whole organisation

As you proceed in your risk management process, be sure to keep that scope in mind. It might be
a good idea to print it out and have it by your side. That scope becomes the rule to which you
compare every risk you encounter. If it is within the scope, you deal with it if it is outside the
scope; you pass it on to others.

THE SCOPE DOCUMENT A ND ITS COMPONENTS

A scope document shows the extent, of a project. Below is an example:

The scope document includes the following key sections:

 Scope statement – This clearly states the project goal, objectives and deliverables.

 Project constraints – These are any limiting factors that prevent the project from

moving in a particular path.

 Assumptions – These are aspects that the project manager builds into the scope

document to allow for any uncertainties that may occur.

 Tasks list – You need to specify a list of tasks (and deliverables) to be achieved during

the project.

Developed by Enhance Your Future Pty Ltd 24

BSBRSK501 Manage risk Version 2

 Estimates – You need to make initial estimates in relation to cost, time and human

resource requirements.

 Contract statement – This will include the names of those authorised to initiate

contract work, sign contracts and completion acceptances.

RISK ASSOCIATED WITH PROJECT MANAGEMENT

Risk management is a vital part of project management. It is important to identify as many risks

as possible and be prepared if something happens that is out of the ordinary.

Here are some examples of common project risks:

 Time and cost estimate too optimistic

 Customer review and feedback cycle too slow

 Unexpected budget cuts

 Unclear roles and responsibilities

 Stakeholder input is not sought, or their needs are not properly understood

 Stakeholders changing requirements after the project has started

 Stakeholders adding new requirements after the project has started

 Poor communication resulting in misunderstandings, quality problems and rework

 Lack of resource commitment

Risks can be tracked using a simple risk log. Add each risk you have identified to your risk log

and write down what you will do in the event it occurs and what you will do to prevent it from

occurring. Review your risk log on a regular basis adding new risks as they occur during the life

of the project. Remember, when risks are ignored they don’t go away.6

6 http://www.gru.edu/ie/epmo/documents/steptwoplanprojectpdf

Developed by Enhance Your Future Pty Ltd 25

BSBRSK501 Manage risk Version 2

IDENT IFY INTE RNAL AN D EXT ERNAL STAKEH OLD ERS AND

THEIR ISSUE S

The term “stakeholders” typically, refers to the people who have an interest or share in the
project. In the case of risk management, we can include anyone and everyone whose lives and
businesses can be negatively impacted by the risks or actions of the business.

This means that stakeholders can be either internal or external. Stakeholders may includeee:::

 Staff and employees

 Owners,

 Shareholders

 Customers

 Suppliers

 The community

Anyone who could be affected by your company taking a negative turn can be considered a

stakeholder. Different stakeholder groups will have different concerns and not all will be

financial.

The most important of these is health. Risks to health can be extremely dangerous, even to the

point of death. While that is rare, it does exist more so in some industries than others.

Nobody can see all possible risks that exists, that is why you need to involve others in the risk

management process, it should not be your responsibility alone.

Developed by Enhance Your Future Pty Ltd 26

BSBRSK501 Manage risk Version 2

REVIEW P OLIT ICAL, E C ONOMIC, SOCIAL, LEGAL ,

TECHNOL OGICAL AND P O L ICY CONTEXT

Many factors external to your company can create risks. While you must accept that these exist
and that they are outside of your control; that doesn’t mean that you should just ignore them, or
hope that they will never be a problem.

Therefore, as part of your risk management analysis, you need to take into account as many
outside influences as you possibly can. These may include:

 Political climate

 What effect a downturn in the economy will have to your company or project

 New applications for existing technologies that can invalidate existing products

 How trends, fads and other changes in society can negatively affect your company

 Potential upcoming changes in the political climate

 The state of the economy

 Proposed legislation, and how it can affect your company

 New technologies being introduced into the marketplace7

SPECIFIC RISK AREAS

Commercial and strategic risks arising from:

 Competition

 Market demand levels

 Growth rates

 Technological change

 Stakeholder perceptions

 Market share

7 http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establi…

http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establish-risk-context-6/

Developed by Enhance Your Future Pty Ltd 27

BSBRSK501 Manage risk Version 2

 Private sector involvement

 New products and services and

 Site acquisition

Economic risks arising from:

 Discount rate

 Economic growth

 Energy prices

 Exchange rate variation

 Inflation

 Demand trends

 Population growth and

 Commodity prices

Contractual risks arising from:

 Client problems

 Contractor problems

 Delays

 Insurance and indemnities and

 Joint venture relations

Financial arising from:

 Debt/equity ratios

Developed by Enhance Your Future Pty Ltd 28

BSBRSK501 Manage risk Version 2

 Financing costs

 Taxation impacts

 Interest rates

 Investment terms

 Ownership

 Residual risks for government and

 Underwriting

Poverty arising from:

 Weak governance

 Remoteness

 Low incomes

 Gender inequalities

 Social and ethnic inequalities

 Low education

 Poor infrastructure

 Weak institutions

 Inadequate policy framework and

 Human rights infringements

Environmental arising from:

 Amenity values

 Approval processes

 Community consultation

 Site availability/zoning

 Endangered species

Developed by Enhance Your Future Pty Ltd 29

BSBRSK501 Manage risk Version 2

 Conservation/heritage

 Degradation or contamination

 Environmental emergencies and

 Visual intrusion

Political risks arising from:

 Parliamentary support

 Community support

 Government endorsement

 Policy change

 Sovereign risk and

 Taxation

Social arising from:

 Community expectations and

 Pressure groups

 Activity initiation

 Analysis and briefing

 Functional specifications

 Performance objectives

 Innovation

 Evaluation program and

 Stakeholder roles and responsibilities

Procurement planning arising from:

 Industry capability

Developed by Enhance Your Future Pty Ltd 30

BSBRSK501 Manage risk Version 2

 Technology and obsolescence

 Private sector involvement

 Regulations and standards

 Utility and authority approvals

 Completion deadlines and

 Cost estimation

Procurement and contractual Arising from:

 Contract selection

 Client commitment

 Consultant/contractor performance

 Tendering

 Negligence of parties

Developed by Enhance Your Future Pty Ltd 31

BSBRSK501 Manage risk Version 2

REVIEW ST RENGTHS AND WEAKNESSES OF EX IST ING

ARRANGEMENT S

In most cases, there will be an established risk analysis from which you will begin. However, even

if you are creating a totally new analysis, there are probably some contingency plans already in

existence.

There may be already plans in existence for some of the risks that you are going to be working

on. If so, there is no reason not to use them. However, if this plan is not strong enough, you will

have to revise it.

Realistically speaking, there’s no such thing as a perfect plan. All plans have strong points and

weak ones. Experience in creating plans can help reduce the number of weak points in a given

plan, but the fact that there are too many variables which are outside of your control precludes

creating a perfect plan.

So, once you have identified the risk, there are two general approaches that you can choose from

to begin the decision-making process.

Will you:

 Control the risk?

 Transfer the risk?

CONDUCTING A SWOT ANALYSIS

To determine the best control measures for risks you should perform a SWOT analysis. A

SWOT analysis is the best tool to identify the internal strengths and weaknesses and external or

environmental threats and opportunities to any organisation. The SWOT allows an organisation

to answer the question: ‘where are we now?’

When analysing the best control measures for risk, you should ask the following questions:

 What are the strengths of this control measure?

 What are the weaknesses of this control measure?

 What are the opportunities provided by using this control measure?

 What are the threats involved in using this control measure?

Developed by Enhance Your Future Pty Ltd 32

BSBRSK501 Manage risk Version 2

The SWOT analysis can comprise five major categories and can be compiled using the following

matrix:

When reviewing existing contingency plans, it is helpful to identify which items are flexible and which are rigid. A good
plan will often have the first elements rigid and consistent, so that the people who have to react to those plans won’t have to
think about which option to take. At the same time, follow-up parts of the plan will have the flexibility to overcome
weaknesses caused by the difference between the expected emergency used in creating the plan, and the actual crisis that
erupts.

For example, let’s say that there is an emergency plan for dealing with weather or natural disaster damage to a facility.
Since the type of weather damage can vary, we really don’t know all the details of how the facility may be damaged.
However, there are some things which should always be done, for reasons of safety. These can include shutting off the
assembly line, shutting off power and natural gas to the facility, evacuating personnel and a final sweep through the facility
to determine that everyone has vacated. No matter what sort of disaster strikes the facility, these elements are always

done.
8

Once you have completed the above steps you may then be able to move some personnel back

into the facility, key data may be removed from the facility, or materials in the process may be

removed from equipment, to avoid damaging that equipment.

8 http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establi…

http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establish-risk-context-7/

Developed by Enhance Your Future Pty Ltd 33

BSBRSK501 Manage risk Version 2

The method of implementing the flexible elements of the contingency plan will depend upon the

severity of the crisis, how rapidly the crisis is developing and a number of safety factors. It may

seem extreme to force everyone out of the facility but it will ensure everyone’s safety. Machines,

technology and materials can be replaced, people can’t.

As part of your review of existing plans, you need to seek out possible issue related to your plan.

Those things that could put people, material or critical data at risk. Pay special attention to

systems which have been put into place since the creation of that plan, as those are the most

likely places to encounter these issues.

For example, a risk management plan may contain contingency plans for backup of data that is in

the IT computer cloud. However, it might not deal at all with information stored on personal

computers. At the time that the original plan was created, there was no risk of that, because all

critical data was stored in IT; however, changes in operations have created new types of data

storage on departmental servers or individual computers. That creates a “hole” in the plan, which

needs to be “plugged” in the new plan.9

9 http://tae.fortresslearning.com.au/?page_id=4945

Developed by Enhance Your Future Pty Ltd 34

BSBRSK501 Manage risk Version 2

DOCUMENT CRITICAL SU CCES S FACTORS, GOAL S OR

OBJECT IVES FOR ARE A INCLUDED IN S COPE

Risk management, like other aspects of project management, will need success criteria. Without

these, you won’t know if the project has ended. When putting together a project management

plan, if key points or activities on that plan do not have success criteria, then it will be hard to

assess how easily they can be met i.e. where the risk areas are.

Once criteria have been identified, the project management team will need to agree how they are

measured. If the objectives are not clear, criteria for its completion cannot be set. Even if the

objective and success criteria are clear, the measurement may not be easy.

Any difficulty in setting objectives and criteria will result in higher risk as there will be a lack of

confidence in completion. How do we find out the exact nature of the objective, criteria and

measurement techniques? There is no short cut, we have to ask the people that know (for

objectives) and agree criteria and measurement techniques with them.

You can decide which factors are the most critical by determining how great an impact it will

have on your company to not have those things functioning correctly. Some things, like cleaning

the offices, will only create an inconvenience for your staff. Others, like the computer system

going down, can totally shut down your business. Can you imagine the impact of having the

computer system of an e-commerce business go down?

As part of determining the impact of risks, it is important to determine the critical success

factors, goals and objectives. They are the most important factors for your company to have

contingency plans for. The following questions might assist you in this process:

 Where does my company’s income come from?

 What affects my company’s reputation in the marketplace?

 What functions are critical to ensuring that my company can continue operations?

Are there some that we can do without for a day or a week?

 Which company goals are essential to ensure continued operations? How would a

delay in the completion of those goals affect the company?

 How many shareholders are affected by the temporary cessation of this function?

Every risk that you encounter will end up needing to be compared to each of these critical

factors. Any risk factor can affect a number of different factors, each of them to a different

extent, with a different overall impact to the company’s operations.

Developed by Enhance Your Future Pty Ltd 35

BSBRSK501 Manage risk Version 2

Developed by Enhance Your Future Pty Ltd 36

BSBRSK501 Manage risk Version 2

OBTAIN SUPPORT FOR R ISK MANAGEMENT ACTIVITIE S

Once risk management activities have been planned, you will need to obtain support to

implement them.

You might obtain support from:

 Management

 Supervisors

 Stakeholders

CREATING A SUPPORTIV E WORK ENVIRONMENT

A supportive work environment is a key component of continuous learning. Valuing is learning

from experience, sharing best practices and lessons learned, and embracing innovation, and

responsible risk-taking characterises an organisation with a supportive work environment. An

organisation with a supportive work environment would be expected to:

Promote learning:

 By fostering an environment that motivates people to learn

 By valuing knowledge, new ideas and new relationships as vital aspects of the

creativity that leads to innovation; and

 By including and emphasising learning in strategic plans

Learn from experience:

 By valuing experimentation, where opportunities are assessed for benefits and

consequences

 By sharing learning from past successes and failures; and

 By using “lessons learned” and “best practices” in planning exercises

Demonstrate efficient leadership:

 By selecting leaders who are great coaches, mentors and trainers

Developed by Enhance Your Future Pty Ltd 37

BSBRSK501 Manage risk Version 2

 By demonstrating commitment and support to employees through the provision of

opportunities, resources, and tools; and

 By making time, allocating resources and measuring success through periodic reviews

INDIVIDUAL OR TEAM A PPROACH

Safety culture is described as the attitudes, values, norms and beliefs which a particular group of
people share with respect to risk and safety. All workers are the key to a successful safety culture.
Risk Management will only work if all team members are committed to the process. The first
step in the process of risk identification is to form a risk management team, as per direction of
the governing group.

However in some smaller organisation the responsibility of risk identification is allocated to one
worker or contracted to an external risk management team. A team approach works better
because the diversity of skills that various staff have will strengthen the risk management process.

The skills mix in an organisation may include:

 Financial expertise

 OH&S expertise

 Emergency services expertise

 HR expertise

 Legal knowledge

 Board or management committee

 Industry Expertise

 Staff representation

 Board or management committee representation (governance)

 Staff representation from the ground up

 Management

 Volunteer representation

Developed by Enhance Your Future Pty Ltd 38

BSBRSK501 Manage risk Version 2

 Other specialist expertise, depending on the work context, for example, appropriate

responses to violent/potentially violent clients, hazardous chemicals, etc.

Whether the process is driven by a risk management team, more common –even in smaller
organisations with few staff or an individual, the role is as follows:

 Identifying risks

 Identifying exposures

 Documenting risks

 Developing an action plan

 Putting it into practice

 Monitoring

 Review

THE IMPORTANCE OF TR AINING

Risk management training is important in the workplace in order for employees:

 To understand the overall Management of Risk Process

 To be able to apply a variety of techniques to determine and quantify potential risks

 To be able to develop alternative solutions and use a variety of techniques to

determine which one(s) to implement

 To understand the importance of planning and implementing identified actions

Topics which should be covered during risk management training include:

 What is ‘Risk’?

 Positive Risk taking

 Business Risks versus project Risk

 The ‘Management of Risk’ model

Developed by Enhance Your Future Pty Ltd 39

BSBRSK501 Manage risk Version 2

 The steps in Risk analysis

 Numeric versus discrete levels when estimating risks

 Evaluating Risks

 The steps in Risk management

 Risk response and action planning

 Risk assessment methods (advanced)

 The people side of Risk

 Putting it into practice

Another important part of the process of risk management is ensuring that managers and

employees can:

 Recognise a hazard when they encounter one

 Assess the risk that each hazard poses

 Develop controls appropriate to the risk

 Implement those controls; for example, carry out safe work procedures accurately

Each of these steps requires skills specific to the task and to the organisation. While recruitment

processes can deliver staff with some of these skills, others will need to be developed during their

employment with you, and will need to be refreshed or increased as part of continuous

improvement.

Developed by Enhance Your Future Pty Ltd 40

BSBRSK501 Manage risk Version 2

COMMUNICATE WITH REL EVANT PART IES ABOUT THE RISK

MANAGEMENT PROCES S A ND INVITE PART ICIP AT ION

Identifying stakeholders and developing communication strategies are critical to the successful

implementation of a risk management plan. It is important to consult with stakeholders and keep

communication pathways open so that you foster a supportive environment for risk management

activities. You must ensure communication is continuous during the process with all those

relevant to the successful implementation of risk management plans.

Earlier we discuss who stakeholders might include so refreshing your memory now would be

beneficial to this section. Briefly stakeholders may include:

 All staff

 Internal and external stakeholders

 Senior management

 Specific teams or business units

 Technical experts

Communication basically means providing information through training, newsletters, emails,

meetings, presentations, etc. The way to communicate information is to make sure you:

 Accept and involve consumers as legitimate partners

 Plan carefully and evaluate your efforts

 Listen to the specific concerns

 Be honest, frank, and open

 Coordinate and collaborate with other credible sources.

 Meet the needs of the media (if required)

 Speak clearly and with compassion

Communication and consultation are essential elements of risk management. They are critical to

every step to ensure all the participants understand and contribute to the process.

Consultation gives everyone the opportunity to influence decisions. It is an effective way to

gather useful input and ensure that all viewpoints are taken into account when identifying and

Developed by Enhance Your Future Pty Ltd 41

BSBRSK501 Manage risk Version 2

evaluating risks. Communication and consultation are essential to the overall risk management

process as well as each individual step in that process.

Developed by Enhance Your Future Pty Ltd 42

BSBRSK501 Manage risk Version 2

T O P I C 2 – I D E N T I F Y R I S K S

INVITE RELEVANT PART IES TO ASSIST IN THE

IDENT IFICAT ION OF RI SKS

Identifying potential risks is best achieved through a brainstorming session. Just like with any

other brainstorming session, the more people you can get involved in the process, the better. By

having a group of people involved, you can generate more ideas.

People who may be involved to assist in the identification of risks are:

Stakeholders:

 Managers

 Supervisors

 Health and safety and other employee representatives

 WHS/OHS committees

 Employees and contractors

 The community

Key personnel is:

 People who are involved in WHS/OHS decision-making or who are affected by

decisions.

WHS/OHS technical advisors:

 Risk managers

 Health professionals

 Injury management advisors

 Legal practitioners with experience in WHS/OHS

 Engineers (such as design, acoustic, mechanical, civil)

 Security and emergency response personnel

Developed by Enhance Your Future Pty Ltd 43

BSBRSK501 Manage risk Version 2

 Workplace trainers and assessors

 Maintenance and trade persons

WHS/OHS specialists:

 Safety professionals

 Ergonomists

 Occupational hygienists

 Audiologists

 Safety engineers

 Toxicologists

 Occupational health professionals

When you encourage people to participate in risks identification procedures you will need to

ensure you use use a wide variety of people. Each department will have its own view of things,

some of which can be quite unique and provide information that you may not have thought of.

Purchasing and engineering don’t see things the same way, nor do production and maintenance.

However, between all those different viewpoints, you are more likely to identify potential risks.

Developed by Enhance Your Future Pty Ltd 44

BSBRSK501 Manage risk Version 2

RESEARCH RISK S THAT M AY AP PLY TO SCOPE

Every idea that is brought forth in your brainstorming session has some merit. You won’t really

know how much merit each idea has until you research the likelihood of that problem happening.

For the ideas that were brought forth in your brainstorming session, you’ll need to research. That

research may include:

 Data or statistical information

 Information from other business areas

 Lessons learned from other projects or activities

 Market research

 Public consultation

 Review of literature and other information sources

Accurate research will provide you with a real image of the risks involve in your area or

organisation. Don’t guess, do your research and get it right the first time.

Developed by Enhance Your Future Pty Ltd 45

BSBRSK501 Manage risk Version 2

USE TOOLS AND TECHNI QUES T O GENE RATE A LIST OF

RISKS THAT APP LY TO THE S COPE, IN CONSUL T ATION W ITH

RELEVANT PARTIES

RISK IDENTIFICATION TECHNIQUES

The terms ‘hazard’ and ‘risk’ tend to be used interchangeably, but risk represents more than a

hazard. Risk takes into account scale, consequences, frequency, duration, extent, the probability

of occurrence, and time range. There are some general tools that can be used to identify risk.

These can be incorporated into established risk management processes in any organisation and

include:

 Inspections: walking through and conducting inspections of each task, location, team, group or

process within an organisation. This can be done by individual managers or team leaders and

supervisors. It can also be done by senior or executive management.

 Consultation: a process that allows evidence on unreported incidents to be gathered, for example,

injuries, machine breakdown. Again these meetings can be held in a local or team or group or senior

management level. The results of a number of these meetings can then be incorporated in further

meetings with managers at different levels.

 Safety or management audits: these can be conducted by individual managers or team leaders

and focus on their own or associated areas, or can be conducted by members of the organisation who

specialise in this area.

 Testing: of plant and equipment in an operational context, or of staff in a service area. This also

can be accomplished as part of the local group or team approach or can be part of a wider

organisation-wide approach.

 Scientific or technical evaluation or expert instruction in up-to-date methods

(service industry): these are usually provided by third parties or consultants and often form part

of the training process of the organisation.

 Collection and evaluation of material: from suppliers, manufacturers, designers, and from

safety organisations, unions, interest groups and employer organisations.

 Expert advice: engaging professional consultants and advisors, lawyers, engineers, safety experts,

process experts.

 Seeking government or regulatory information and help: from government

departments, investigatory and regulatory bodies, royal commissions, commissions of inquiry, coronial

inquests, industrial commission hearings, statistical bodies and ‘think tanks’.

Developed by Enhance Your Future Pty Ltd 46

BSBRSK501 Manage risk Version 2

 Networking: with other members of the market, or users of similar machines or processes.

 Benchmarking is a process of seeking out and identifying the best practices of the organisation’s

competitors, where those best practices represent a higher quality level or performance. The process

means that the organisation, having identified the best practice in the industry then uses that

‘benchmark’ as the quality standard to be obtained within its industry.

 Brainstorming; the brainstorming process can take various forms, but one of the most effective is

in meetings of staff in an environment where there is freedom to experiment with ideas and to express

opinions. Brainstorming is usually a process of energetic interaction with the goal of forming and

discussing ideas and concepts in a round-table or group dynamic. It allows examination of existing

and emerging risk by using the ideas and experience of fellow workers, managers, experts, other

stakeholders and the users of the process or service.

 Audits and physical inspections; Regulatory based risk management procedures often

include regular audits and inspections, for example, Occupational Health and Safety, activities of

brokers and traders on the Australian Stock Exchange register and the regulation of Registered

Training Organisations. 10

PROCESS CHARTING

The fishbone diagram provides a good example of a process chart, sometimes called a cause and

effect diagram. Each line or ‘fishbone’ represents an area that may have caused a problem.

10
http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CC0QFjAC&url=http%
3A%2F%2Fwww.frontlinecaresolutions.com%2FLiteratureRetrieve.aspx%3FID%3D79124&ei=1t0QVNy
jJcnkuQTXlIKQCA&usg=AFQjCNEbqowMjuyZ1sWuyetgB4l7OFmMcQ&sig2=WHkkQk3u5k6MfynEdjfitA&
bvm=bv.74894050,d.c2E

Developed by Enhance Your Future Pty Ltd 47

BSBRSK501 Manage risk Version 2

SCENARIO ANALYSIS

Scenario anaysis is a process of examining options and competing scenarios based on an

assessment of future events. The focus is on the future and may take into account past and

present events as elements of the examination.

BENCHMARKING SIMILAR ORGANISATIONS AND A CTIVITIES

Benchmarking is a process of identifying the industry best practice, and setting that as the

standard for the particular organisation. The process involves significant industry knowledge and

an ability to examine competitors’ processes in order to identify why that market is dominant or

produces the leading product or service.

Developed by Enhance Your Future Pty Ltd 48

BSBRSK501 Manage risk Version 2

System or process flow charts are especially useful in recognising and identifying potential areas

of the problem within the process flow.

Influence diagrams –demonstrate the influence that different aspects of a process have on each

other.

All the above are examples of tools that can be used to evaluate or identify risks in the

workplace.

Developed by Enhance Your Future Pty Ltd 49

BSBRSK501 Manage risk Version 2

T O P I C 3 – A N A L Y S E R I S K S

ASSESS LIKEL IH OOD OF RISKS OCCU RRING

The next step of the risk assessment is to determine or estimate both the likelihood of a risk

arising and its potential consequences. All available data sources should be used to understand

the risks. These may include historical records, procurement experience, industry practice,

relevant published literature, test marketing and market research, experiments and prototypes,

and expert and technical judgement and independent evaluation.

The risk analysis involves:

 An estimate of the likelihood of each risk is arising. This might be done initially on a

simple scale from ‘rare’ to ‘almost certain’, or numerical assessments of probability

might be made

 An estimate of the consequences of each risk. This might be done initially on a

simple scale from ‘negligible’ to ‘severe’, or quantitative measurements of impacts

might be used11

Analysis of risk levels can be conducted on the inherent risks (assuming no controls are in place)

or on residual risk (that remaining after considering existing control strategies). The former ‘zero-

based’ approach would be appropriate at the outset of an activity or when considering a

possibility of revising controls. The latter would be appropriate when monitoring management

action or reviewing implementation.

The purpose of analysing risk is to provide information to enable the evaluation of risks, using

predefined likelihood and consequence criteria. Risk analysis uses judgments and assumptions,

which may involve uncertainty and be based on incomplete information. Therefore, the best

available information sources and techniques should be used. Wherever possible the confidence

placed on estimates of levels of risk should be included.

11 http://portals.wi.wur.nl/files/docs/ppme/ausguidelines-risk_management

Developed by Enhance Your Future Pty Ltd 50

BSBRSK501 Manage risk Version 2

ASSESS IMPACT OR CON SEQUENCE IF RI SKS OCCUR

Impact itself can be assessed in terms of its effect on:

 Cost

 Quality

 Time

o This includes the time taken to:

 Identify, record and report the risk

 Analyse and assess the risk

 Address the risk

 Either reduce its impact or remove it completely from a potential risk

Risk proximity is about:

 When and where the risk will occur

 It’s role in the process or system

 It’s damage or potential damage reaches

Our first step in assessing a risk is to determine the likelihood of the risk occurring, meaning

what are the chances. See below for a scale to gauge how likely the risk is:

1. Not likely – 10%

2. Low likelihood – 30%

3. Likely – 50%

4. Highly likely – 70%

5. Near certainty – 90%

Just as we did with the likelihood of a risk occurring, the impact or consequences of the risk

needs to be rated. In this case, we are dealing with the amount of disruption to normal business

operations that the event can cause.

Developed by Enhance Your Future Pty Ltd 51

BSBRSK501 Manage risk Version 2

The following table shows that the impact of risk is generally ranked from ‘minimal’ (level 1) to

‘severe’ (level 5). You can see from the detail descriptions that these levels focus on the degree to

which the business is affected in regards to its financial and service capability.

LEVEL DESCRIPTOR EXAMPLE DETAIL
DESCRIPTION

1 Minimal No service impact; low
financial loss

2 Minor Minimal disruption to service
capability; medium financial
loss

3 Moderate Interruptions in service
delivery; high financial loss

4 Significant Loss of service capability;
major financial loss

5 Severe Loss of business continuity;
huge financial loss

Analysing the risk will help you decide the impact of the risk on your company and will enable

you to control for this when required.

EVALUATE AND PRIORIT ISE RIS KS FOR TREATM ENT

Developed by Enhance Your Future Pty Ltd 52

BSBRSK501 Manage risk Version 2

A simplified risk analysis can be conducted using probability theory:

Likelihood X consequence = Risk Score

By using these two scales, any potential risk can be rated with a risk score. For example, if we live

in an area which commonly has severe thunderstorms, which disrupt electrical service to our

distribution facility for 2 to 3 hours, we might assign a likelihood score of 5 and an impact score

of 3. That would give us a risk score of 15, considering the maximum score we can get with this

system is 25, that’s a fairly high-risk score.

The criteria for ranking and recording includes:

 Taking into consideration whether the risk falls within established or accepted

guidelines

 Differentiating between risks that have high impact/consequence/likelihood and

those having low impact/consequence/likelihood

 Assigning value to identified risks using available tools

 Assessing consequences and likelihoods

A risk that has been analysed as having a ‘catastrophic impact’(loss of business continuity; huge

financial loss) is ranked as an ‘extreme ‘level risk if the probability is ‘likely ‘but ‘high ‘if the

probability is ‘rare’. Immediate action is required, involving senior management, to manage the

risk.

Sample Level of Risk Matrix

EXAMPLE OF RISK TABLE OF DEFINITIONS

E Extreme risk; immediate action required

H High risk; senior management attention needed

M Moderate risk; management attention must be specified

L Low risk; manage by routine procedures

Acceptability Risk level

Acceptable Low and Moderate

Not acceptable High and Extreme

Risk Criteria include:

 Scope of the risk policy

Developed by Enhance Your Future Pty Ltd 53

BSBRSK501 Manage risk Version 2

 Internal and external contexts

 Internal and external stakeholders

 Corporate objectives, policies, values and visions

 Standards and laws

 Resource availability

 Social, economic, environmental, and political factors

Another type of scale describes risk in terms of acceptable levels:

 Broadly acceptable level of risk

 Best achievable level of risk

 As low as reasonably practicable (ALARP)

 Generally intolerable level of risk

B.F. Hough (1985)

developed the following

diagram to show the

relationship between cost

and risk. This type of

reference can contribute

to the evaluation and

prioritisation process by

representing different

factors relating to risk.

Each risk decision and its implementation will depend on your organisation and its guidelines on

what is acceptable. The cost of implementing some changes may be so great, that it is not

possible. In those cases, mitigation of the impact may consist of buying insurance against that

event occurring, this then transfers some of the risk to an insurance company and lessens the

load on the organisation.

Developed by Enhance Your Future Pty Ltd 54

BSBRSK501 Manage risk Version 2

Developed by Enhance Your Future Pty Ltd 55

BSBRSK501 Manage risk Version 2

T O P I C 4 – S E L E C T A N D I M P L E M E N T
T R E A T M E N T S

DETERMINE AND SELECT MOST APPROPRIATE OP TIONS

FOR T REATING RISKS

Risk treatment involves identifying the range of options for treating risk, assessing those options,

preparing risk treatment plans and implementing them. It is probable that a combination of

options will be required to treat complex risks. Once a risk is understood, you will need to treat

the risk, to do this you may need a detailed analysis of treatment options. There are usually be

several options, each with different costs and benefits and each will offer different levels of risk

mitigation.

KEY OUTCOMES STEPS

IDENTIFY TREATMENT OPTIONS

The purpose of evaluating risks is to prioritise the need for the development of a treatment plan.

Once that is completed, it is time to determine the best treatment plan option for that particular

risk.

The control or management of risk can be different on an organisational or industry basis.

However, there are seven commonly used approaches:

APPROACH DESCRIPTION
1. Elimination / reduction

management
 In this approach, the risk is either reduced to its lowest

possible level to enable it to be managed or it is eliminated
 A variation in this approach is not to eliminate the risk if

that is too difficult or too late, but to reduce or eliminate its
effect

2. Assumption of risk  Insurance companies assume risk as part of their operations.
Here the expression ‘assume risk’ means to knowingly accept
the risk as part of the agreement with the person/company
that pays the premium. Organisations unused to risk may
assume or accept its effect because to fail to do so might
negatively affect the organisation’s operations

 Once again, the decision to assume a risk must be taken
bearing in mind the competing issues of cost, proximity and
extent of the risk

3. Transfer risk  Insurance is a means of transferring the risk, through the
payment of insurance premiums, to an insurance company

 It is important to understand that this is generally a way of
managing financially based risk. The insurance company can

Developed by Enhance Your Future Pty Ltd 56

BSBRSK501 Manage risk Version 2

only really assume a financial risk. It is not able to assume
risk that relates to culture, personnel or manufacturing for
example

 So if the risk of the factory burning down is identified, then
the financial risk can be transferred to the insurance
company, but the actual risk of losing specific or specialist
machinery cannot

 Often organisations only transfer part of the financial risk
having assessed the insurance premium cost as too high to
transfer it all

 To offer a personal example, this may be compared with a
householder insuring the contents of the house against fire, but
not paying extra for the loss of specialist jewellery or stereo
equipment. It then falls on the householder to fund the
replacement of such items

4. Changing processes  Risk can be avoided by changing processes, or refraining from
an activity. This is often an ongoing process of change from
risk identification

 Organisations with a positive risk identification and
management culture are ready and willing to change or remove
processes that demonstrate a greater degree of risk or risk
potential

 Changing a process to avoid an activity also requires a positive
risk management culture as this can be confronting and
expensive, particularly if the process needs to be replaced

 The change or replacement of a process in order to manage a
risk must also be undertaken using risk management
procedures. In other words, the new process must not create or
support the same or similar risk it was designed to eliminate

5. Delaying  An organisation may defer a risk, by delaying it until such
time as it is able to assume the risk or deal with it in a better
and more positive way

 An organisation may believe that research or development
 It’s undertaking will make it more able to deal with the risk

at a later time

6. Sharing risk  Organisations may seek to share risk with other organisations
by way of joint ventures or cooperative options

 A good example of this is seen in the construction and
maintenance of motorways in capital cities where government
and private industry come together to share the expense

 Similarly in recent times wine and beer companies have
combined with manufacturing industries associated with wine
and beer production when entering new markets such as
China

7. Spread and minimise
locations of the risk

 An organisation may attempt to spread and minimise
locations of the risk, e.g. a company may spread its
outlets and workforce to a number of areas in order to
spread or reduce the risk of an incorrect decision in
relation to geographic marketing. For example, a retailer
may have outlets in a number of locations in a town to

Developed by Enhance Your Future Pty Ltd 57

BSBRSK501 Manage risk Version 2

ensure the product is available to as many potential
customers as possible

Regardless of the final decision ensure that all relevant parties have signed off on it. Although
you may be in charge of developing the risk management plan, this is a group project, with group
decisions.

Developed by Enhance Your Future Pty Ltd 58

BSBRSK501 Manage risk Version 2

DEVELOP AN ACTION P L AN FOR IMPLEMENTING RISK

TREATMENT

The action plan formalises the risk management process. The specific format of the risk

management action plan will vary from one organisation to another, but the following is an

example of a relatively straightforward methodology.

 Risk

 Date identified

 Level of risk

 Reason for risk rating

 Risk priority /risk ranking

 Action (what is to be done)

 What resources are required

 Who is responsible for the action

 Timeline-when should the action be completed

 Strategy for informing relevant stakeholders- i.e. staff volunteers, board, corporate

sponsors, etc.

 Review date

A risk control action plan is essential for the effective and systematic introduction of risk control

actions. Remember to compare the levels of the risk control hierarchy with the time frame when

determining target dates.

Developed by Enhance Your Future Pty Ltd 59

BSBRSK501 Manage risk Version 2

SAMPLE RISK TREATMEN T ACTION PLAN

Developed by Enhance Your Future Pty Ltd 60

BSBRSK501 Manage risk Version 2

COMMUNICATE RISK MAN AGEM ENT PROCESSES TO

RELEVANT PARTIES

Earlier we discussed the importance of good communication with stakeholders. You should

revisit that section now to refresh you knowledge.

Risk management communication is the sharing of information about risk and risk management

between the decision makers and others.

COMMUNICATION FACTOR S SUCH AS LANGUAGE A ND LITERACY

Effective communication is obviously critical to genuine participation. The specific needs of

individuals in the workplace need to be taken into account. Individuals will have different levels

of literacy, and either may not speak much English or may not have English as their first

language. For example, induction and instruction in policies and procedures need to reflect the

language and literacy levels of each person, and things like safety and emergency warning signs,

which are for the whole workplace, need to be based on easily understandable pictures, rather

than complex language.

Communication must be a two-way street. If individuals are to be able to participate in

WHS/OHS activity in a meaningful way they need access to information in a format they can

understand, and they need to be able to communicate back to WHS/OHS representatives,

supervisors, WHS/OHS advisers and others easily. 12

DIVERSITY OF WORKERS

Employees may come from different cultural, age and educational backgrounds with different

views about personal responsibility and authority; they will have different previous experiences,

knowledge and skills and may have different learning styles. They may have external pressures

and stresses in their lives or pre-existing physical injuries. All these factors need to be taken into

consideration in designing and developing participative arrangements.

Your risk management plan must be distributed to all appropriate personnel; especially those

who have a part in implementing the plan.

12 http://institute.safetyline.wa.gov.au/pluginfile.php/1642/mod_label/intro/BSBOHS503B

Developed by Enhance Your Future Pty Ltd 61

BSBRSK501 Manage risk Version 2

In order to diseminate information to key personnel you should be face-to-face with them. In

this way you can provide them with a brief outline of the plan containing the key information.

Any details con be provided in written form.

Developed by Enhance Your Future Pty Ltd 62

BSBRSK501 Manage risk Version 2

ENSURE ALL DOCUMENTA TION IS IN ORDER AND

APPROPRIATEL Y STORE D

Not only do you need to distribute the risk management plan to relevant parties, you’ll need to

ensure that copies are created and stored in your company’s information management system. In

many companies, this is a computerised system for the storage of all important information.

Since part of your risk factors include the possibility of something happening to the company’s

computer systems, you should also ensure that hard copies are created and stored in the

appropriate place.

STORAGE OF WHS/OHS INFORMATION

In storing information, it is important to remember that information is being stored so that it can

be used. It is important not to create ‘data cemeteries’. So when deciding how to store

information keep in mind:

 Why is the information being stored?

 Who will want to use it?

 When and how often will they want to access the information?

 What protections (privacy, confidentiality) are required for the information?

 What ‘links‘, or other factors, need to be considered for the data to be meaningful?

 What technology is available?

 What are the skills of the people in using the technology?

 This will then lead to the following questions:

 What is the best medium (electronic; hard copy) for storage?

 What is the best format for organising the information?

 What skills and technology will be required to access the information?

Most organisations will have some records, such as incident and injury reports, workplace

inspections and/or newsletters, in hard copy.

 Hard copy formats tend to be used where:

 The original record is in handwriting

 The original requires a signature; and

Developed by Enhance Your Future Pty Ltd 63

BSBRSK501 Manage risk Version 2

 The material is ‘for information’ and is usually circulated or left in an open location

for people to read (i.e. newsletter)

Even in the smallest community services organisation is likely to have electronic storage for any

information or records that meet one or more of the following criteria.

The record or document has to be:

 Communicated to somebody else

 Retained for legal reasons

 Collated to identify a trend; and

 Used for planning

There are many software options for storing electronic WHS/OHS information. These options

may range from simple spreadsheets to highly interactive purpose-designed software packages

that may incorporate functions such as incident reporting, injury management, chemical and risk

registers, asset and maintenance registers and training records.

Having determined the format for storing WHS/OHS information (i.e. the nature of the

software) the next question is whether it should be on a single computer or networked hardware

for an intranet type system.

It is beyond the scope of this unit to compare the relative features of the various systems, but

some factors to consider are:

 Who needs to access the information?

 Do they have access to the hardware?

 Do they have the skills to access the system?

 What level of technological support is required/available?

IMPLEMENT AND MONITO R ACTION PLAN

Developed by Enhance Your Future Pty Ltd 64

BSBRSK501 Manage risk Version 2

Once risks have been identified and given a reading that indicates that risk’s potential to be

problematic and has been documented for recording and reporting (and audit) purposes, a

treatment plan should be developed. A treatment plan would include rectification elements.

Having done all the work outlined above (and kept any relevant/necessary stakeholders,

management, committees informed during the process), it’s now time for those nominated to do

so, to present the risk management plan to whomever has the delegation to authorise its

implementation. This may be a supervisor, a manager or a complains or risk manager. They will

then consider the plan, clarify any questions it has, and after making any necessary adjustments,

endorse the plan.

Once endorsed, the next step is to implement the plan. This will involve:

 Issuing a risk management statement – A good starting point is to let everyone in the

organisation know that your organisation is serious about risk management and to

outline the key risk management strategies. The risk management statement should

also outline the proposed timetable and key contact people, and procedures for

contributing to the risk management process.

 Training – It is likely that training was identified as a key risk management strategy in

addition to the introduction of new practices will often require training. Training for

risk management needs to be carried out in the context of your organisation’s overall

training activities.

 Establishing and documenting procedures – Your risk management plan will have

identified areas where written procedures need to be developed and/or documented.

To implement the plan, it will be necessary for staff, volunteers and management

committee members to work together to develop these procedures. Existing

procedures should be reviewed to ensure that they are consistent with new

procedures.

 Allocating specific responsibilities – A risk management plan requires specific

allocation of tasks to ensure no gaps in the process leave room for further risk –

different people within your organisation should be given responsibility to implement

different parts of the plan. It should be clear to all those involved in the process,

who is responsible for each aspect of implementation for the risk management plan.

Developed by Enhance Your Future Pty Ltd 65

BSBRSK501 Manage risk Version 2

Hopefully, there will be some overlap in different action items, where the same action item may

deal with several different risks.

While there are parts of the risk management plan which require your direct involvement to

implement, there are other parts which will be implemented by others. You will still want to track

these areas, to ensure that they are actually completed and not derailed mid-stream.

Once the action items have been implemented, you also need to check and monitor, to ensure

that they will function as expected. There are always a certain number of plans that don’t work

out the way we expect. Should that happen, be willing to admit your fault and try something else.

Developed by Enhance Your Future Pty Ltd 66

BSBRSK501 Manage risk Version 2

EVALUATE RISK MANAGE MENT PROCES S

Risk management is a continual process. Reaching a point of completion in a risk management

project, only means that it’s time to go back and review everything over again.

It is critical to constantly monitor and review the processes and outcomes. Monitoring and

reviewing risk management processes helps to include risk management as a valuable part of the

company. The risk management process in not static but is taken in the context of the internal

and external environments. As these environments change, the variables affecting risk also

change.

Evaluating the process of risk management can be assigned to individuals within departments or

to dedicated staff depending upon the nature of the organisation and the resources available.

Consultants may be brought in at critical times to evaluate processes and institute changes based

on risk contexts or environmental, social and political changes.

In addition to planned and scheduled monitoring and review sessions to examine new risk,

review of the management plan must be ongoing in order to stay relevant. As policies,

procedures, and visions of a corporation change, risk changes. As external contexts change, risks

change. Suitability and cost factors for treatment options change. Treatment options or

contingency plans may lose relevancy throughout the process. External variables such as

legislative actions may develop which creates a different context under which to analyse and

evaluate risk.

Examination of successes and failures in relation to anticipated outcomes is a necessary

component of the risk management process. It increases the probability that future risks can be

evaluated with higher levels of accuracy and greater success. An inability to achieve outcomes

does not indicate failure but provides an opportunity to gain valuable knowledge regarding

process change. Duplication of ineffective processes leading to a repetition of unachieved

outcomes indicates a failure to learn. That can be tragic when corporations, and the people that

depend on them, are at risk.

One of the key components of the risk management process is keeping an accurate record of

documentation relating to the communications, justifications, analyses and relevant information

pertaining to risk. Remember how we began the risk assessment process? With research relating

to:

 Data or statistical information

 Information from other business areas

Developed by Enhance Your Future Pty Ltd 67

BSBRSK501 Manage risk Version 2

 Lessons learned from other projects or activities

 Market research

 Previous experience

 Public consultation

 Review of literature and other information sources

Monitoring is not only a practical requirement but a legal obligation, as the common law duty of

care and WHS legislation requires that the employer “provide and maintain a working

environment that is safe”.

All organisations should ensure that risk identification, assessment analysis, evaluation techniques

and the change arising from these processes fall within the culture of the organisation. This

requires commitment from the most senior levels of management in the organisation, and it

requires communication throughout all ranks of the organisation.

Leadership and coaching are two of the most commonly used processes to engage an

organisation in a cultural change to embrace the issues of risk identification and management and

the issues arising from the change that flows from these procedures.

Developed by Enhance Your Future Pty Ltd 68

BSBRSK501 Manage risk Version 2

S U M M A R Y

Life is full of risks. Everything we do, from buying a car, to crossing the street carries some

degree of risk. Therefore, it shouldn’t surprise us that our business activities have risk associated

with them as well. While some of those business activities carry very little risk, others come

loaded with risk at every turn. Some risks have a great potential for impact while the impact of

others can hardly be seen.

While the risks in our personal life can cause problems for us and our families, even the smallest

business risks carry a much broader potential for causing damage. Employees, customers and

even people who seem unrelated to our business can end up being hurt by the risks associated

with the business.

We had a perfect example of this with the earthquake and tsunami that hit Japan in March of

2011. Millions of lives were affected by what happened; first by the earthquake, then the tsunami,

and then by the damage to the nuclear power plant. Not only workers in the plant were affected,

but millions of customers, everyone who lived within 20 miles of that nuclear plant, even people

as far away as the western part of the United States were affected by what happened in that

event.

Even without the destruction and eventual meltdown of the nuclear power plant, the tsunami

itself wreaked havoc on the north eastern part of the Japanese home island of Honshu. Over five

million families lost their homes, with over 15,000 lives lost.

“In many cases, there is nothing we can do to stop these disasters from happening. Risk

management isn’t about that; it’s about understanding the potential risks and managing

how a company deals with that risk.”

If you have any questions about this resource, please ask your trainer. They will be only too

happy to assist you when required.

Developed by Enhance Your Future Pty Ltd 69

BSBRSK501 Manage risk Version 2

R E F E R E N C E S

10 Foundations for Risk Management

(N.D.) Retrieved on 12th January 2016 from:

10 Foundations for Risk Management

ASSIST IN THE DESIGN AND DEVELOPMENT OF OHS PARTICIPATIVE

ARRANGEMENTS (N.D.) Retrieved on 12th January 2016 from:

http://institute.safetyline.wa.gov.au/pluginfile.php/1642/mod_label/intro/BSBOHS503B

Managing Risk (N.D.) Retrieved on 12th January 2016 from:

http://portals.wi.wur.nl/files/docs/ppme/ausguidelines-risk_management

Establish Risk Context (N.D.) Retrieved on 12th January 2016 from:

http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establi…

(N.D.) Retrieved on 12th January 2016 from:

http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CC0QFjA

C&url=http%

(N.D.) Retrieved on 12th January 2016 from:

http://www.gru.edu/ie/epmo/documents/steptwoplanprojectpdf

10 Foundations for Risk Management

http://institute.safetyline.wa.gov.au/pluginfile.php/1642/mod_label/intro/BSBOHS503B

http://portals.wi.wur.nl/files/docs/ppme/ausguidelines-risk_management

http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establish-risk-context-6/

http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CC0QFjAC&url=http%25

http://www.gru.edu/ie/epmo/documents/steptwoplanprojectpdf

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

Order Now Talk to Us

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

Most Qualified Writer $10FREE
Plagiarism Scan Report $10FREE
Unlimited Revisions $08FREE
Paper Formatting $05FREE
Cover Page $05FREE
Referencing & Bibliography $10FREE
Dedicated User Area $08FREE
24/7 Order Tracking $05FREE
Periodic Email Alerts $05FREE

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

On-time Delivery
24/7 Order Tracking
Access to Authentic Sources

Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

Clear elicitation of your requirements.
Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

Proactive analysis of your writing.
Active communication to understand requirements.

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

Thorough research and analysis for every order.
Deliverance of reliable writing service to improve your grades.

Place an Order Start Chat Now

BSBRSK501

What Will You Get?

Premium Quality

Experienced Writers

On-Time Delivery

24/7 Customer Support

Complete Confidentiality

Authentic Sources

Moneyback Guarantee

Order Tracking

Areas of Expertise

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

Preferred Writer

Grammar Check Report

One Page Summary

Plagiarism Report

Free Features $66FREE

Our Services

Academic Writing

Professional Editing

Thorough Proofreading

Thorough Proofreading

Delegate Your Challenging Writing Tasks to Experienced Professionals

Check Out Our Sample Work

It May Not Be Much, but It’s Honest Work!

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

Share Your Requirements

Place Order & Deposit Funds

Release Payment to Your Writer

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We Mirror Your Guidelines to Deliver Quality Services

We Handle Your Writing Tasks to Ensure Excellent Grades