Read NRSK401AC_S.pdf text version

IDENTIFY RISK AND APPLY RISK MANAGEMENT PROCESSES

CANDIDATE RESOURCE & ASSESSMENT BSBRSK401A

Precision Group (Australia) Pty Ltd 9 Koppen Tce, Cairns, QLD, 4870 Email: [email protected] Website: www.precisiongroup.com.au © Precision Group (Australia) Pty Ltd

BSBRSK401A Identify Risk and Apply Risk Management Processes

ISBN: 978-1-74238-

Copyright Notice

No part of this book may be reproduced in any form or by any means, electronic or mechanical, including photocopying or recording, or by an information retrieval system without written permission from Precision Group (Australia) Pty Ltd. Legal action may be taken against any person who infringes their copyright through unauthorised copying. These terms are subject to the conditions prescribed under the Australian Copyright Act 1968.

Copying for Educational Purposes

The Australian Copyright Act 1968 allows 10% of this book to be copied by any educational institute for educational purposes, provided that the institute (or the body that administers it) has given a remuneration notice to the Copyright Agency Limited (CAL) under the Act. For more information, email [email protected] com.au or visit www.copyright.com.au for other contact details.

Disclaimer

Precision Group has made a great effort to ensure that this material is free from error or omissions. However, you should conduct your own enquiries and seek professional advice before relying on any fact, statement or matter contained in this book. Precision Group (Australia) Pty Ltd is not responsible for any injury, loss or damage as a result of material included or omitted from this material. Information in this course material is current at the time of publication.

Table of Contents

2 3 4 5 7

Legend Qualification Pathways Qualification Rules Introduction BSBRSK401A/01 Identify Risks

Key Points Identify the context for risk management Identify risks using tools, ensuring all reasonable steps have been taken to identify all risks Document identified risks in accordance with relevant policies, procedures and legislation

15 17

`True' or `False' Quiz

BSBRSK401A/02 Analyse and Evaluate Risks

Key Points Analyse and document risks in consultation with relevant stakeholders Undertake risk categorisation and determine level of risk Document analysis processes and outcomes

27 29

`True' or `False' Quiz

BSBRSK401A/03 Treat Risks

Key Points Determine appropriate control measures for risks and assess for strengths and weaknesses Identify control measures for all risks Refer risks relevant to whole of organisation or having an impact beyond own work responsibilities and area of operation to others as per established policies and procedures Choose and implement control measures for own area of operation and/or responsibilities Prepare and implement treatment plans

35 37

`True' or `False' Quiz

BSBRSK401A/04 Monitor and Review Effectiveness of Risk Treatment/s

Key Points Regularly review implemented treatment/s against measures of success Use review results to improve the treatment of risks Provide assistance to auditing risk in own area of operation Monitor and review management of risk in own area of operation

43 44 45 46 49

`True' or `False' Quiz

Summary Bibliography Handout 1 Assessment Pack

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

1

Use considered risk taking in your `grey' area

...and others will follow you!

Legend

This symbol indicates the beginning of new content. The bold title matches the content of the competency and they will help you to find the section to reference for your assessment activities.

Activity: Whenever you see this symbol, there is an activity to carry out which has been designed to help reinforce the learning about the topic and take some action.

This symbol is used at the end of a section to indicate the summary key points of the previous section.

This symbol is used to indicate an answer to the Candidate's questions or notes to assist the Facilitator.

2

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

Qualification Pathways

"There are always two choices. Two paths to take. One is easy. And its only reward is that it's easy". Source Unknown

This unit of competency is provided to meet the requirements of BSB07 Business Services Training Package although it can be used in a range of different qualifications. The BSB07 Business Services Training Package does not state how a qualification is to be achieved. Rather, Registered Training Organisations are required to use the qualification rules to ensure the needs of the learner and business customer are met. This is to be achieved through the development of effective learning programs delivered in an order that meets the stated needs of nominated Candidates and business customers.

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

3

Qualification Rules

"You're either part of the solution or part of the problem."

Eldridge Cleaver

Qualification requirements include core and elective units. The unit mix is determined by specific unit of competency requirements which are stated in the qualification description. Registered Training Organisations then work with learners and business customers to select elective units relevant to the work outcome, local industry requirements and the qualification level. All vocational education qualifications must lead to a work outcome. BSB07 Business Services Training Package qualifications allow for Registered Training Organisations (RTOs) to vary programs to meet: Specific needs of a business or group of businesses. Skill needs of a locality or a particular industry application of business skills. Maximum employability of a group of students or an individual. When packaging a qualification elective units are to be selected from an equivalent level qualification unless otherwise stated.

4

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

Introduction

"Whether as an individual, or as part of a group, real progress depends on entering whole-heartedly into the process and being motivated to make you a more deeply satisfied human being."

Source Unknown

This unit of competency is about being able to identify risk in your workplace and then establishing a plan to enable you to evaluate that risk. It will help you with the skills you need to demonstrate competency for the unit BSBRSK401A Identify Risk and Apply Risk Management Processes. This is one of the units that make up the Certificates in Business. This manual is broken up into four distinct sections. They are:

1. 2. 3. 4.

Identify Risks: First we will examine how to identify risks in your business. Unless you know exactly what risks you are facing, it is impossible to establish ways of overcoming them. Analyse and Evaluate Risks: Once you have identified the risks you face in your business, you need to look at just how they will impact your business. In this section we will examine the process of analysing and evaluating the risks you face. Treat Risks: Then we will examine how you set up a plan to treat any risks that you identify in your business. This involves developing plans to overcome or minimise the risks in your business. Monitor and Review Effectiveness of Risk Treatment/s: Finally we will examine the process of ensuring that the treatment plan for the risks that you have identified is effective and will allow you to manage the risks in your business successfully.

At the conclusion of this training you will be asked to complete an assessment pack for this unit of competency. The information contained in this resource will assist you to complete this task. On conclusion of this unit of competency you will have demonstrated your ability to identify risks, analyse and evaluate risks, treat risks and monitor and review the effectiveness of treatment of risks.

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

5

6

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

PART 1:

Identify Risks

Key Points Section 1

Risks must be identified in order for you to assess and treat them. Tools for identifying risk include: task analysis, behaviour analysis, environmental analysis, what-if analysis, fault tree analysis, Accident and incident investigations, Assumptions Analysis, Facilitated Workshops, Brainstorming or SWOT Analysis, Influence Diagrams, Checklists, Decision Trees and Monte Carlo Simulation (or 3-Point Estimation).

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

7

Part 1: Identify Risks

A risk is defined as a situation, problem or activity that would have an impact on the progress of a program, sub-program or project if it were to actually happen. Risk is a natural part of all businesses, and in order for you to manage it effectively it is important that you have a management program in place.

Why Take Risks

As we previously mentioned, a certain amount of risk taking is inevitable if you are to achieve your objectives. Effective management of risk will help with the management of innovation and improve performance by contributing to: Increased certainty and fewer surprises. Better service delivery. More effective management of change. More efficient use of resources. Better management at all levels through improved decision making. Reduced waste and fraud, and better value for money. Innovation. Management of contingent and maintenance activities. A risk management plan is a plan aimed at attempting to build a picture of the types of events which could occur, unexpectedly, within your organisation. These events will often occur at the worst possible time, so you need to be sure that you have contingency plans in place for any such event and that your staff are aware of what they need to do when each of these events actually occurs. These surprise events could be anything from a robbery, to a natural disaster, to your suppliers being forced to shut down. When you are working to manage risk within your organisation, you work through four (4) steps. These steps are:

1. 2. 3. 4.

Identifying risks that are present. Measuring the impact of these risks. Deveop a series of steps or strategies that you can use to manage the risks that are present. Monitor these strategies to ensure that they are working.

When you are beginning the process of developing your risk management plan, you should start by reading through and analysing your business plan. Your business plan should bring together an analysis of the organisation as a whole and the environment within which it is operating. Try to think of your organisation from an outsider's point of view. What impacts could you foresee affecting your business? What could cause it to fail? What has been omitted from your business plan?

8

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

Part 1: Identify Risks

Spend time thinking through every possible occurrence that you consider as a major impact to your organisation. A great question to ask is "what if?" What if an earthquake occurs, what if we are robbed? What if our biggest supplier closes down? What is the cost if our supplies double in price? You need to have in your mind answers to these questions in order to determine where the most significant risks are likely to occur. There are many organisations who offer risk management services to small and medium sized businesses, but often you will find that because they are not intimately familiar with your business, they may fail to pick up all possible issues that may occur with your organisation. You and your staff are in the best position to pick up everything that could potentially impact on your business, so spend time thinking through these issues yourself and see just how far you can get on your own before you consider employing any such consultant. So, you now will have a list of all the possible impacts that you can foresee in your business. This list forms the possible risks that you need to find ways to manage effectively. Take these lists of risks and look for ways to manage each of them. Remember that this may be as simple as having insurance, or more complex risks may require an entire plan to be developed around them. Think of different ways that you might manage a specific rick ­ fire for example may involve insurance, fire alarms, sprinkler systems or other management tools that stop fires from occurring in the first place. Whichever method you decide to use, you must be sure that it will be effective in managing the risk that is possibly going to occur. Now, you are in a position to look at what tactics need to be implemented to manage the risk.

"Take calculated risks. That is quite different from being rash".

George S. Patton

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

9

Part 1: Identify Risks

The Risk Identification Process

Risk identification is the process of recognising the opportunities opened up by each activity or phase of the project and clarifying where the risk lies. The agreed tolerance of risk should help identify the amount of time that should be spent in identifying risk, but, at least 20% of the risks that would have 80% of the potential impact should be identified. There are many techniques to aid in risk identification and they generally fall under the heading of either quantitative or qualitative risk identification techniques. Risk Identification Tools

A Critical Task Analysis itemises each step of the task pinpointing potential risks. A clear procedure for safe task performance is outlined and documented in an easy to use format. Unlike task analysis the emphasis in behaviour analysis is on looking at the behaviour of the employees. You are looking at the way they do their job, rather than looking at the job itself. Are workers wearing all required safety equipment, are they taking their own, and their co-workers, safety seriously? Using behaviour analysis you should be able to find any short comings in the behaviour of your employees which can then be changed and reinforced through training in specific areas.

Task Analysis

Behaviour Analysis

Again here the emphasis is on analysis. You are looking this time at the actual workplace itself, the work environment. Are

Environment Analysis

light, ventilation and temperature all adequate? Are these likely to cause any problems for the workers and how can they be overcome? This involves looking at a hazard from the point of view of `what if' this was to occur. You would then use simulation techniques to attempt to establish whether or not any potential hazards exist. What if the machine overheated? What would this cause, and what types of hazards may exist if this happened? Fault-Tree Analysis is a specific technique that is aimed at attempting to analyse the systems in your organisation as a whole. Essentially, they start at the beginning of a particular event (let's say a machine failure) and then identify all the

`What If' Analysis

Fault Tree Analysis (See HO1 at the back of this resource)

elements in the organisation that could cause that specific event to occur. You then have a convenient means of identifying all risks that could occur within the organisation and more importantly the ways in which the risk could occur. By having this in place, you can attempt to find ways to manage the issues that could cause the risk to occur from the very start.

10

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

Part 1: Identify Risks

Risk Identification Tools continued

It is important to realise that sometimes you are unable to actually see a risk until it occurs. While this is not a desirable situation, sometimes it is the way that things happen, and you have to manage the event after it occurs. In these cases, it

Accident and Incident Investigations

is important that you investigate any event that causes harm in the workplace in order to ascertain the events that lead up to the accident. Once you know the cause of the accident, you can look at the associated risks and find ways to actually minimise the impact should the same event occur in the future.

All organisations and projects within them have some form of assumption made in order to allow the plan to be implemented quickly. It is impossible to know everything. So, by assessing the assumptions that you make when undertaking a major project you can then look at the risks that

Assumptions Analysis

are associated with assumptions that you have made (which inevitably occur). Think carefully about the assumptions that you have made and consider the consequences of the assumptions that you have made. You can then consider the way that your assumptions could potentially impact on the organisation as a whole.

Here, you actually bring together staff members in a workshop environment in order to formally ask about, and discuss, any risks that may occur. You have a trained facilitator lead the group, and work towards predetermined objectives. You will ask the participants to discuss risks in their specific work areas

Facilitated Workshops

and those that involve the organisation as a whole. You can undertake this task at any time, although the earlier in the process you use them, the better. Workshops can be quite time consuming, so you may like to look at similar tools which are quicker to undertake ­ interviews and surveys are two good examples of these. SWOT stands for strengths, weaknesses, opportunities and

Brainstorming or S/W/O/T Analysis

threats. It is a tool that attempts to bring together an analysis of the risks facing the organisation in such a way that you can determine the threats and weaknesses which may lead to problems in the future.

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

11

Part 1: Identify Risks

Risk Identification Tools continued

An influence diagram is a flow chart which attempts to see how one action affects another. By undertaking this analysis

Influence Diagrams

you can see where problems may eventuate and determine what actions need to be taken to stop these problems in their tracks. A risk checklist simply brings together common issues that arise in major projects and then draws together this knowledge to determine what issues may arise in this specific circumstance. Often you will need to consider:

How different a specific task is; How formal the process of development was; How much experience the team has; What impacts the project will have on the organisation; What standards need to be applied; Checklists What tolerances are acceptable; What tools you will use; What software packages are used; How flexible timelines can be; What this project depends on; How long the issues will run.

By thinking through all of these questions, you can create a specific checklist that can be applied to all activities within the workplace. A standard tool that allows comparison between activities is useful in helping to find those areas where there is the most concern. A decision tree looks like a flow chart ­ however it allows you to look at the way those two alternative decisions will impact on the organisation as a whole. You can figure out how making a decision or not making that decision will

Decision Trees

impact the risks associated within the organisation and what changes may impact the organisation. Try to keep this technique for simple tasks, as often complex situations with multiple decisions quickly become confusing and difficult to follow through using a decision tree. Monte-Carlo simulation attempts to bring together the

Monte Carlo Simulation (or 3-Point Estimation)

best case, worst case and most likely cases and weights them together in order for you to determine the most likely consequence of any decision that you may make.

12

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

Part 1: Identify Risks

Steps in the Process

Risk identification typically involves members of the endeavour's team performing the following steps in an iterative, incremental, parallel, time-boxed, and ongoing manner. The following takes you through the process of identifying risk in a typical business.

1. 2.

Determine what you will be examining in your review. Provide the context: What activities are you going to cover? Will you cover just internal factors or do you need to consider external factors as well?

3.

Identify the risks: Identify what parts of the organisation are at risk: Computers Machinery Parts Finances Goodwill Confidence Image Reputation Business Processes Identify the ways each of these parts is at risk.

"Precaution is better than cure." Edward Coke

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

13

Part 1: Identify Risks

Activity One - SWOT Analysis

Try the following activity ­ think of your organisation, and the risks that you are likely to face on a day-to-day basis. Do this by listing your organisation's strengths, weaknesses, opportunities and threats. Then discuss and compare your answers with others in your group.

Strengths

..................................................

Weaknesses

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

Opportunities

..................................................

Threats

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

..................................................

14

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

Part 1: Identify Risks

Section 1 - `True' or `False' Quiz

Please tick A risk is defined as a situation, problem or activity that would have an impact on the progress of a program, sub-program or project if it were to actually happen. Risk identification typically begins with identifying the scope of the risk management activity. True False

Your risk management plan needn't be documented.

Influence diagrams typically are similar to a project network diagram or Microsoft Project PERT charts.

Risks should not be a normal part of business if well planned.

Effective management of risk will help with the management of innovation and improve performance. A facilitated workshop is a structured approach that enables a group of people to work together to reach a predetermined objective. When writing a risk management plan always use the services of a risk management consultant. Risk identification is the process of recognising the opportunities opened up by each activity or phase of the project and clarifying where the risk lies. Risk management starts with risk analysis.

Candidate Resource BSBRSK401A Identify Risk and Apply Risk Management Processes © Precision Group (Australia) Pty Ltd

15

Information

17 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

944036


You might also be interested in

BETA
c02.qxd
NEW REP MODS PROOF 4.qxd