Formative assessments

Activity 1

This is a Diploma level unit. At this level there is an expectation that you can
extrapolate answers to the questions from the text, other readings and
independent research.


 1
In a short sentence for each, explain the meaning of these terms:


1. Risk.

2. Risk management.

3. Risk appetite.

4. Risk capacity.
a. Risk is defined as a chance of direct loss or damage, i.e. financial losses and other
adverse consequences, as well as a chance of missed opportunities. Risk is also
defined as "The effect of uncertainty on objectives" (AS/NZS ISO 31000:2009.

b. Risk management is the procedures that are followed by a business organisation to

identify and manage the risks that could potentially threaten or harm business
operations & outcomes, as well as to manage the risks that it believes are necessary
in order to continue business.

c. Risk appetite can be referred to the level of risk that an organisation is prepared
to accept in order to meet their strategic objectives, before action is deemed
necessary to reduce the risk.It also represents a balance between the potential
benefits of innovation, and the threats that change brings.

d. Risk capacity is the amount of risk that an organisation or individual requires to

meet their goals. Risk capacity refers to the maximum amount of risk that an
organization is able to tolerate. This can be described as the total risk exposure that
is consistent with strategy and objectives. Risk capacity is commonly compared to risk
tolerance, or the willingness to take on risk.

Trainer Comments

14/10/2019 08:30AM Satisfactory Answer

14/10/2019 08:30AM Satisfactory Answer

 2
Why should risk management policies and procedures be periodically reviewed? (100
words)


It is always necessary to review risk management policies and procedures
periodically, as this helps the organisation decide whether they comply with current
risk management standards. This will help them identify any gaps or necessary
improvements in the current risk management procedures. This is also necessary
because new risks will arise and existing risks will disappear. Risks that the
organisation has already recognized may become more or less frequent, serious or
significant to it. Therefore, the risk management strategy should always be a flexible
document that is regularly updated to reflect changes in the organisation.
 
- Because rapid response to emerging risk events, tracking changes in
the external and internal business environment will reduce our risks
- ensuring comprehensive risk management on a regular basis, clearly
delineating the responsibility for the occurrence of risk events
between different activities and levels of management;
- ensuring the functioning of internal control and audit, as well as
disclosure of information on risks;
- Risk analysis should seek to identify potential causes and sources
of risk in order to analyse their consequence and the likelihood that
the consequence will occur.
- This common approach to risk rating is necessary to ensure that the
most significant risks can be readily identified and prioritised in a
way that has the greatest overall benefit.

Trainer Comments


14/10/2019 08:31AM Satisfactory Answer



Activity 2

Scenario:


You work for Australia Wide Taxations Solutions—a company of 1,500 employees
offering taxation services in different cities across the country. The company offers
five services: personal taxation, small business taxation, corporate services, personal
wealth creation and corporate asset management.


It is working in a highly regulated and legislated industry.


You have been asked to work with the team conducting a risk assessment for the
entire organisation.


How will you identify the risk management scope—what things do you need to look at?
What challenges does a scope of this size pose and how would you approach the risk
assessment process? (350–400 words)


This company is engaged in the service industry, which provides Australian tax
solutions for many segments. With a company size of 1,500 employees and offering
financial tax solutions to its clients, the successful delivery of services requires a high
level of taxation and financial skills, abilities and knowledge of the employees. As
the Government makes amendments to its tax plan and policy from time to time,
therefore, in this situation, an update is required to perform with accuracy and
success of the staff. To address issues, concerns, and risks, and to use the risk
management process, the organization has the following benefits, challenges, and
issues mentioned below: Advantages: - A proper preliminary plan to solve problems
and problems on the basis of past data. - Identification of risks associated with the
activities to be completed by the organization. - Preliminary planning and subsequent
analysis will provide opportunities for improvement and empowerment, which will
help to determine the path to success. - The organization may be able to introduce
checkpoints and checkpoints that control, reduce, minimize and eliminate possible
risks. Challenges and challenges: - Because this organization needs experts and high
expertise to provide its services to the target groups, because the organization deals
with regulatory sectors that need strong and structured control and control points,
because a small mistake will lead to the loss of the client. - Attracting high-level
financial and human resources in terms of expert risks. - Tasks to identify a suitable
plan and implement and execute the plan in the organization that takes into account
the risks associated with the tasks. The above paragraphs provide information on the
nature of the company and the various benefits, challenges and problems that can be
addressed through risk management procedures. The service provider organization
provides its services in the field of Australian tax solution which carries a lot of
regulation and policy. These rules and rules are quiet and strict. For the successful
provision of services and to minimize the risk or achieve the expected results risk
management it is necessary to determine areas that need monitoring and
improvement. Through an audit team, a group of experts, numerous training sessions
the organization can reduce various risks associated with the activities. Some of them
for providing services in the field of taxation requires through and updated
knowledge of tax policy within the employees.


Trainer Comments


14/10/2019 08:31AM Satisfactory Answer



Activity 3

Who are an organisation’s stakeholders and why should they and their issues be
identified? (300–350 words)


Stakeholders are people or groups of people who has interest or share in the product
or service. They are not necessarily using this particular product or service.
Stakeholders can be companies employees, owners, public, customers, suppliers,
environment, contributors and even competitors. There are also internal and external
stakeholders: internal are employees, owners, directors, and shareholders. External
are investors, regulators, suppliers and customers.


Each group of shareholders has different roles and as a result different issues and it
is important to identify and consider those. For example if an employees has a family
issue or death in the family and organisations declined the leave employee asked for.
This situation can pose a risk for the organisation and everyone involved as upset or
distressed employee might make wrong decisions at work and it can lead for many
troubles.


Managers of the organisation have to make sure that there is fairness in the decisions
for the staff members.


Posting wrong content on the social media can cause a lot of issues and create chain
effect and also can affect a reputation of the organisation.


Environmental issues can attract a lot of media attention to the subject so it can be
very important issue to consider.


Organisation should take seriously the evaluations of stakeholders issues and its
affect on the product or service.


Trainer Comments


14/10/2019 08:33AM **resubmit required** Alex this is 50% cut and paste .. please
re-submit in your own words



Activity 4

When considering organisational risk it is important to review the political, economic,
social, legal, technological, and policy context. Comment on the influence/ impact
each of those factors has on an organisation’s risk profile—the risk scope and context.
(500–700 words)


The activity of any organisation is fraught with several risks that can affect the
prospects of its business. These risk factors are mainly related to external factors
such as those described below:


Political:


Political instability in the country leads to a significant decrease in the ease of doing
business. The whole business environment is disrupted and there is hardly room to
expand the business or attract new customers. The government is unable to develop
policies that are conducive to business, and this harms the prospects of the
organisation.


Economic:


Economic barriers that countries or politicians face can pose a serious risk to
businesses around the world. Tariff barriers that are raised to protect local
businesses can lead to falling sales for organisations in that particular industry.


Social:


A Market that is at the centre of social upheaval or turmoil can lead to unfavourable
conditions for business and create risk for an organisation.


Law:


Legal systems are one of the pillars of good governance. A market in which there are
no refunds through legal procedures can result in significant losses for corporations
due to legal battles that can last for years.


Technological:


Technology is a developing space that changes very quickly. There may be situations
where the technology on which the company operates may be out of date and this
may result in total competitive damage to the company.


Trainer Comments


14/10/2019 08:34AM Satisfactory Answer



Activity 5

Why is it necessary to review existing risk management arrangements and standards?


Environments both internal and external keep changing, and, thus, risks once
perceived might or might not be relevant, and also new risks might emerge.


One needs to test, evaluate and update their risk management plan regularly as risks
can change as their business, their industry and the environment they operate in
change. Regularly reviewing their risk management plan is essential for identifying
new risks and monitoring the effectiveness of their risk treatment strategies.


Along with preparing for new changes, regular review and monitoring is required to
ensure that controls are effective and efficient in both design and operation.
Obtaining further information to improve risk assessment.
Analyzing and learning lessons from events (including near-misses), changes, trends,
successes and failures.
Identifying emerging risks, and
Capturing progress against risk treatments.
Monitoring and review thus measures whether risk management framework
implemented have reduced risks effectively and whether more needs to be done.
Things very rarely stay entirely constant in the workplace, so it's also a good idea to
decide on a regular pattern of review at the time of the initial assessment. How
regularly would depend on whether the workplace was a low or high risk
environment, and how frequently changes occur.
 
Trainer Comments


14/10/2019 08:34AM Satisfactory Answer



Activity 6

Scenario:


Nautilus Boat Hire is a small family-owned and operated business. It operates from a
marina at the mouth of a major river and has been operating for five years.


The business is based on:


 hire of eight aluminium runabouts (tinnies) to youth groups, anglers and tourists
 hire of two deep-sea vessels to serious anglers and scuba divers
 hire of fishing gear
 sale of bait and scuba tank refills
The business is considering an expansion that will include purchase of three
houseboats for hire to families and groups of young adults.

They recently conducted a survey revealing that a significant number of clients are
tourists from interstate or overseas. Most clients are once-only hirers who have no
knowledge of local waters and weather conditions.

As part of their business planning, the company identified the following risks to the
new business offerings:

1. people who are not strong swimmers, especially children, drowning

2. houseboats getting lost and/or driven on to sandbars

3. clients finding the houseboats difficult to control—resulting in damage to the houseboat and/or land
structures when, for example, mooring
4. clients being sunburned and dehydrated on hot, sunny days
Using the information provided, describe the goals, objectives and targets that
Nautilus Boat Hire should include in their risk management plan. These are the critical
success factors relevant to the safety of the new operation. (A total of 350–370 words)

Risk management plan: a risk management Plan is an action plan together with an
assigned resource for each identified risk in an organization so that the organization
can avoid the occurrence of a risk in the organization and, if it does, then manage
the event with the necessary supporting actions. to avoid any loss / serious problems
in the organization. A risk management plan is a necessary document required at all
stations to manage emergency / major adverse events. The risk management plan
will ensure that the organization has an action plan and team available to support
any potential unknowns occurring in the organization.

The purpose of the risk management plan. The purpose of the risk management plan
is to develop a support system in the organization that is able to manage emergency
events in the organization in the shortest possible time.
The purpose of a risk management Plan: the purpose of a Nautilus Boat Hire business
is to have a risk management plan that will be able to manage the risks associated
with boats in the river and the risk plan is able to protect the guest using the
business boats and avoid any major losses / serious water problems for their
customers while boating on the river.
Risk management Plan objectives: the goal of Nautilus Boat Hire business is to avoid
risk events when using their boats by their customers while boating on the river. The
business needs to have a team that can manage customer boating issues and can
protect customers from any problem in the water due to work / boating.
Critical success factors: as the business Nautilus Boat Hire plans to expand its
business by buying three more boats to support its customers and expand its business
so they can generate higher revenue in the organization. Critical success factors as
below

1. People who are not strong swimmers, especially children, drowning.The objective
of the Natilius boat hire to provide the service of house boat hires but to make sure
all safety criteria are met. For instance, each boat has to have enough life jackets as
number of passengers that are present on the boat. There should be clear signs where
the life jackets are located. There should be emergency situations plan, for example
if someone fell over the board and should be done in that situation.

2. Houseboats getting lost and/or driven on to sandbars. This risk should be seriously
considered and evaluated. Proper GPS system should be installed and monitored from
the shore. Also there should be established communication between the house boat
and the service centre.

3.Clients finding the houseboats difficult to control—resulting in damage to the

houseboat and/or land structures when, for example, mooring. There should be basic
training done before hiring the boat and proper instructions left on the boat for a
quick referral. Also thing like educational videos can be really helpful since everyone
is finding it easier to learn from different sources.

4. Clients being sunburned and dehydrated on hot, sunny days. There can be
reminders across the boat about applying the sunscreen and importance of staying
out of the sun during its active hours. Water stations can be really helpful.

The target of working on risk management is to make sure that all safety measures
have been identified and met and also it is important that customers have a pleasant
experince and not get sunburnt and dehydrated. Therefore organisation should
consider implementing and making sure that they did their best to provide their
customers with the good experience.

Trainer Comments

14/10/2019 08:35AM **resubmit required** Alex you are required to state the
goal/target and objective for all of the 4 scenarios.. please break
down each of these

Activity 7

How can support for risk management policies and procedures be encouraged? What
skills might be used when garnering support and with whom should you communicate
the risk management intentions? (230–250 words)


Good communication is critically important for an effective risk management
strategy. Managing risks involves everyone in an organisation involved. There are
staff members, managers, policy makers, stakeholders. They are all requires to be
invited to the process of risk management procedures and their roles in the company
is different and their view and opinion needs to be considered. All of the members
must be involved in the process of the risk management strategy.


Support for risk management policies and procedures can be managed by:


1. By understanding the importance of supporting the organisation's risk management
policies and action plans.


2. By maintaining a level of communication with those involved in risk management
or will be directly affected by the risk.


3. By providing staff members with appropriate knowledge of what procedures should
be followed in determining risk, what kind of risk the organisation intends to assess
and what the results of each periodic risk assessment are.


4. By educating the employees about the consequences and its importance.


5. When employees understand the risk management process and what is required of
the individual, the support and involvement of the staff is likely to be achieved.


6. By working in the team and making sure that everyones opinion has been
considered.


7. By providing risk management guidance.


8. By making sure everything is documented.


9. By crosschecking between each other and keeping each other accountable.


When reaching out for support the skills below should be considered:


1. Risk Manager must be competent and knowledgeable about the subject


2. Risk Manager should have good communication skills


3. Risk Manager should be able to work under pressure
 
4. Risk Manager should have technological skills for effective work


5. Risk Manager should have good attention to detail skill


6. Risk manager should have good presentation skills


7. Risk manager should be financially and mathematically educated


8. Risk manager should have an ability to deliver information to communicate
effectively.


Trainer Comments


14/10/2019 08:37AM **resubmit required** Alex this is 70% copy and paste -
resubmit in your own words



Activity 8
 1
The organisation for which you work is planning an extension to the premises and an
increase in staff numbers with a view to expanding into new markets. You have been
asked to conduct research that will identify any risks or contingency requirements for
the department that you head. What parties might be invited to assist with the risk
identification and what contribution could they make? (150–170 words)


Risk identification is the major process in any organisation to achieve the
organisation goals, organisation expansion, hiring new staff, developing new methods
and technologies will go through some risk


The owner is the first participant in the process, they need to make sure that
adequately and timely risk identification is done.


Soon after risk is identified, plans are decided to mitigate or manage the risk. All the
project management team members are usually gone through training for risk
management methodologies. This training not only to cover risk analysis techniques,
it also improves the managerial skills used to interpret risks in every level of
business.


Sometimes even the owner of the project will have lack of knowledge and experience
in identifying a risk without any other persons' assistance. It is responsibility of the
project directors to make sure all the important risks are identified by the project
team, a team is also called an integrated project team. The risk identification
process actually done with a help of contractors, owner's representative and also
internal or external advisory or consultants.


Now question is who needs to attend risk identification process and what is their
duties.
Not only project manager and project team are involved in the risk identification
stage, other stakeholders must be engaged as well.


Projects usually have multiple stakeholders, and they will bring various dimension of
risk. They include:


- operators that have strong knowledge about new system;
- users who are not well trained and who have fear for their job policy makers;
- legislative approval supervisors, who are not supporting new capabilities.


Stakeholders also know about various factors such as political program support that
will cause risk to project that are unknown to the project team.


Risk identification should also involve senior management and employees- senior
management knowing what is going on in the organisation, what are the issues that
will be faced while expanding the business. It also may be about the budget,
employee strength, location, marketing.


Employees will have the low level ideas, each minute things going inside the business
like communication between high level management, benefits, job security, comfort
level etc. Project team and management need face to face interaction in order to
encourage trust and communication with each other.


Trainer Comments


14/10/2019 08:37AM Satisfactory Answer



 2
Why should employees be invited to participate in risk management consultations?
(150–170 words)


Employee communications and consultation regarding risk management are
essentially about involving and developing people in an organisation. Inviting
participation form employees, particularly, makes them feel valued and valuable.


Regardless the size of an organisation, employees will only be able to perform at
their best if they know their duties, obligations and rights and have an opportunity of
communicating their views to management.
 
Good communications and consultation are essential for the management process,
and are very important when dealing with changes in working practices and
procedures. All managers need to communicate and consult with employees in order
to be effective, however they also need to exchange information with other
managers, and support communications within various departments.


Good employee communications and consultation can:


- improve organisational performance;


- improve management performance and decision making;


- allows employees to express their views, which can help managers and supervisors
make decisions which can more readily be accepted by employees;


- improve employees' performance and commitment - employees will perform better
if they are given regular, accurate information about their jobs such as updated
technical instructions, targets, deadlines and feedback.
They will be more commited if they know what the organisation is trying to achieve
and how they, as individuals, can influence decisions;


- help develop trust by discussing issues that are of common interest and allowing
employees an opportunity of expressing their views:


- increase job satisfaction - employees are more likely to be motivated if they have a
good understanding of their job and how it fits into the organisation;


- encourage a more flexible working environment - employers can help to promote a
good 'work-life balance' within the organisation by talking to all their staff about
developing flexible working policies and practices.


Employees participation in risk management consultations has a key role to play both
in ensuring the business success of risk management, and in involving and empowering
employees.


I


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer
 

 3
What is the danger of attempting to manage risks without properly researching them?
(30–40 words)


The danger of attempting to manage risks without properly researching them is not
knowing the full effect of the risk. Not investigate the risk may have the consequence
that we don't know that risk, scope and how to manage it. There also might be
already proven methods of managing that risk, and our task will be just to find them


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer



 4
List 12 aspects of risk that might contribute to new research processes.


1. Ecology
2. Ethics
3. Assets
4. Finance (capital, investment, loans)
5. Inventory / stock
6. Health and safety
7. Processes and process design
8. Suppliers / raw materials
9. Political changes
10. Information systems
11. Market conditions
12. Legislation


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer



Activity 9
 1
A number of tools can be used to collect risk related information and data ready for
analysis. List eight.


1. Checklists
2. Judgements
3. Scenario analysis
4. Brainstorming
5. SWOT analysis
6. Surveys
7. Audit questionnaires
8. Flow charts


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer



 2
From your list select two methods. Explain what they are and how they work. (Approx.
200 words each)


1. Flow Charts


Flow charts are easy-to-understand diagrams that show how the steps of a process fit
together.
The purpose of flow charts is to find out why the current process operates the way it
does, and to conduct an objective analysis in order to identify any potential risks.
Flow charts are a very useful tool, as they make a process easy to understand at a
glance. Using just a few words and some simple symbols, they show clearly what
happens at each stage and how this affects other decisions and actions. Very often
flow charts consist of four main symbols ( 1. Elongated circles, which signify the start
or end of a process; 2. Rectangles, which show instructions or actions; 3. Diamonds,
which highlight where you must make a decision; 4. Parallelograms, which show input
and output), linked with arrows that show the direction of flow.
This tool's simplicity makes communicating and documenting a process quick and
clear, so that the process will more likely be understood and applied correctly and
consistently.


An organisation can also benefit from the process of creating a flow chart itself, as it
is being build step by step. The organisation will be able to focus on the detail of
each individual stage, without feeling overwhelmed by the rest of the process, and
then "zoom out" again to see the wider picture.


Flow charts can be combined with other risk-related techniques, i.e. mind mapping.


2. Checklists


In most workplaces some sort of checklist are used to help identify hazards around
the work place. Such checklists often include classification of hazards, compliance
(yes / no), and comments.


"Classification" of hazards in a workplace may include:
 
1. Walkways/floors/work areas:


- Passageways kept clear of obstructions
- Clear of rubbish
- Floor surfaces even & in good condition
- Stairs and risers in good repair


2. General lighting


- Light fittings clean and in good condition
- Correct level of illumination for tasks
- No direct or reflected glare


3. Ventilation


- Suitable ventilation supplied where required
- Air conditioning system inspected, tested and maintained regularly
- Local exhaust ventilation provided where required,


etc.


Worksafe Queensland elaborated a comprehensive Hazard Identification Checklist of
potential issues and areas to consider in a workplace. The list gives general guidance
to the person conducting a business or undertaking about possible workplace health
and safety hazards and issues.One should conduct risk assessments for work tasks and
manage the risks they find.


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer



Activity 10
1
Plotting business risks on a risk matrix is recommended. What are the benefits of doing
this? (80–100 words)


A risk assessment matrix is a project management tool that provides a quick view of
the probable risks associated and the likelihood or probability of those risks and the
expected severity of the consequences.


Some of the benefits of a risk assessment matrix are:
 
- It just requires basic information obtained from the assessment matrix to create the
matrix.
- It provides the team with a clear picture of the risks involved and also assigns a
priority to each of these risks.
- All the risks will fall under different categories and this can help the team in
identifying them easily and also solve them.


Below mentioned are the four benefits of categorizing risks:


- It helps us in avoiding unpleasant surprises
- It helps in creating greater management focus and initiate a thought-provoking
process
- It helps in easy identification of risks along with the severity
- It helps in monitoring the risks and also in measuring the performance of the risks
handled


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer



 2
List four questions that might be asked when assessing and prioritising risks.


1. What is likely to have an impact? What is the nature of the risk?
2. What are the chances that the impact will occur?
3. How serious will be the consequences of the impact?
4. Will the impact be offset by benefits?


Trainer Comments


14/10/2019 08:38AM Satisfactory Answer



 3
How does categorising risk help? List four benefits of categorising risk.


It gives the team a clear picture of the risks involved and also prioritises each of
these risks.


All risks will fall into different categories and this can help the team easily identify
them as well as address them.
 
Four benefits of risk classification are listed below:


- This helps us avoid unpleasant surprises
- This helps in creating a greater concentration of control and to initiate the process,
makes you wonder
- It helps in easy identification of risks along with seriousness
- This helps in monitoring the risks as well as in measuring the effectiveness of the
processed risks


Trainer Comments


14/10/2019 08:39AM Satisfactory Answer



 4
List six factors that might contribute to financial risk.


1. Market conditions and prospects
2. Exposure in the light of resent trading experience
3. Budgeting capabilities
4. Policy and company ethics
5. Ability to address market opportunities and downturns
6. Competencies and behaviors of key personal


Trainer Comments


14/10/2019 08:39AM Satisfactory Answer



Activity 11
 1
A number of different risk treatments will be applied depending on the industry in
which an organisation operates its structure and the risks it faces. Explain what risk
treatment is and the categories of risk treatment options that could be applied. (130–
150 words)


Risk Treatment is the process of selecting and implementing of measures to modify
risk. Risk treatment measures can include avoiding, optimisng, transferring or
retaining risk.


Risk treatment applies to risks that are not considered acceptable or tolerable.


Categories of risk treatment options that could be applied:
 
- avoidance (not proceeding with activities likely to generate the risk)
- prevention (not allowing the risk to occur)
- reduction (to a manageable stage)
- sharing or spreading risks over a range of different areas to reduce impact
- transferring to other areas
- retaining / accepting and managing or retaining because the benefits outweigh the
risk
- choosing a more acceptable / alternative activity with less risk


Trainer Comments


14/10/2019 08:41AM Satisfactory Answer



 2
Under what circumstances might it be appropriate to accept risks, without applying
controls? (70–80 words)


It might be appropriate to accept risks, without applying controls if:


- the cost of treatments is much more than benefits, therefore the only option would
be to accept the risk
- the level of the risk is very low, so that specific treatment is not appropriate with
resources that are available
- represented opportunities outweigh the threats to a degree where the risk is
justified
- no treatment available for such risk


Trainer Comments


14/10/2019 08:41AM Satisfactory Answer



 3
Insurance is valuable and necessary, but why is it not a real risk control? (70–80 words)


Insurance is not a real risk control because it is passive. It is not able to directly
manipulate risk and risk drivers, or reduce, manipulate and treat the risk. It only can
mitigate risk circumstances by providing compensatory financial backup.


Insurance might protect shareholder investment, for example. However, it will not
alleviate risk to customers and other shareholders.


Trainer Comments


14/10/2019 08:41AM Satisfactory Answer



Activity 12
 1
Why are risk management plans necessary? (220–250 words)


Planning is a process of determining what steps are necessary to take, when to take
them, and how to take them to achieve goals. It asks the question "What things need
to be done now in order to attain objectives tomorrow and into the future?"


Risk management plan indicates the strategy chosen for the treatment of identified
risk. It gives information about the identified risk, its level, the chosen strategy, the
time frame for implementing the strategy, required resources and individuals
responsible for ensuring that the strategy is implemented.
The final plan would include the budget, appropriate goals and milestones. It needs
to be divided into "sub-goals": steps, methods, processes and time frames towards
completion.


Risk management plans make it possible to design and develop controlled and
directed strategies.
In addition, planning reduces uncertainty by helping staff anticipate and manage
internal and external risk factors.
Setting deadlines, allocating roles and tasks makes it possible to identify
expectations and standards.
When work goals and objectives are identified, it enables effective resources
allocation and use.
When planning is task focused it allocates and coordinates team members roles,
makes them more specific, and reduces uncertainty.
Moreover, planning provides the measures by which team and individual performance
and success are measured against the expected outcomes and risk management goals.


Trainer Comments


14/10/2019 08:41AM Satisfactory Answer



 2
Risk management plans should be accompanied by action plans. What information is
contained in an action plan? (50–60 words)


Action plans are chartered statements of what is required, who will do it, when it
will be completed, as well as what resources will be required.


Action plans are normally done in chart forms, which are easy to read and quickly
analyse in order to determine whether projected time frames are realistic, and if
they are being achieved.


Trainer Comments


14/10/2019 08:41AM Satisfactory Answer



 3
The organisation for which you work has recently leased new premises. The furniture
and equipment has been moved in and the staff are due to start working there 3 days
from now.


As a basic risk precaution it is necessary to develop a suitable building evacuation
procedure and you have been asked to oversee the process. There were evacuation
posters at the old building but these will, of course, no longer be suitable.


Using the template, create an action plan to show how you would proceed.


Risk management strategy: Develop and document a task evaluation strategy.
Make posters and place them where they can be seen by employees and any site
visitors.

Action to be Responsible Start/ end Resources Costs Completion

taken persons/s dates
Create an Building immediatel Human and Nil To be
emergency- managers y workers completed
responders and building at the
team and owner earliest
emergency
services
people

Develop Building immediatel Human and Nil To be

clear managers y workers in completed
instructions and building the building at the
for owner earliest
emergency
responders
team

Turn on the emergency immediatel The Depends To be

manual fire services y building's that how completed
alarm personnel fire alarm many fire at the
Also put system is alarms earliest
smoke and activated are
heat using required
detectors, an manual as per size
automatic exhaust and
warning stations, design of
system smoke or the
heat building
detectors, or
through an
alarm.

Develop emergency immediatel emergency It all To be

emergancy services y services depends completed
EXIT sign personnel personnel on how at the
and put them many earliest
on relevant exits there
places are in the
building.

Put emergency immediatel emergency Nil Firstly

emergancy services y services
helpline nos personnel personnel
on display
on each
floor

Define emergency immediatel emergency is free To be

designated services y services completed
assembly personnel personnel at the
area to earliest
meeting
peoples

Ask Supervisors, Urgent Human and Nill To be

everyone to Faculty, workers in completed
safely stop Department the building at the
your work Heads, earliest
Managers,
and other
staff

Ask Supervisors, Urgent Human and Nill To be

everyone to Faculty, workers in completed
leave the Department the building at the
building Heads, earliest
through the Managers,
nearest door and other
with the staff
EXIT sign


Evacuation from buildings may be required due to emergencies such as fire, chemical
spill, bomb or other threats, terrorism, or during other immediate safety and health
crisis. Supervisors, Faculty, Department Heads, Managers, and other staff must advise
their employees, visitors, and students on evacuation procedures.


Trainer Comments
 
14/10/2019 08:41AM Satisfactory Answer



Activity 13
 1
List six methods that could be used to communicate risk management plans to
relevant parties.


1. Email communications
2. In-house training sessions
3. Presentations (for example, at staff meetings)
4. Information communicated in internal newsletters
5. Electronic meetings for staff members who are off-site
6. Organisational conferences or seminars


Trainer Comments


14/10/2019 08:41AM Satisfactory Answer



 2
The senior accountant at Abacus Accounting, a small accountancy firm, has their
laptop stolen from an interstate restaurant where they were conducting a dinner
meeting with clients. The laptop contains nearly four weeks of data that has not been
backed up to the main server. This is a significant loss. In addition, the accountant is
now without use of a laptop and still has much client work to conduct.


The firm recognises that the use of laptops by accounting staff is critical, as is the
information the laptops contain.


Abacus Accounting decides to develop a risk management plan that will mitigate or
minimise such losses in the future.


Amongst other things, the plan contains details of:


 protocols for safeguarding laptops whilst travelling
 protocols for backing up data
 procedures for updating the asset register with laptop warranty and insurance details
 procedures for reporting the loss of the laptop and how to
 practises to follow in order to expedite replacement
To whom should the plan be communicated and what communication procedures
would be effective? (100–120 words)

Such scenarios can occur in an organization, and the organization must diligently
manage such issues so that work is not affected. To be able to back up nearly daily
data, an organization must communicate the requirements to the it team that
actually processes the data and stores and collects the data for future use. They need
to plan a data backup mechanism that runs too daily for such a loss to be handled
effortlessly. Communication with the team should be detailed so that they can
understand what really needs to be done and do everything necessary. The cloud is
the most popular thing and the cloud needs to have a backup present so that it can
be easily retrieved and when the data is on laptops the laptops need to be protected
from theft so that the data is extracted and no one can use it without access. The
technical team should address such issues so that they produce fruitful results and
can protect data in the future.

Trainer Comments

14/10/2019 08:42AM Satisfactory Answer

Activity 14

Why should risk management data and plans be documented and appropriately stored?


Risk management plan is an important element of the Business Continuity Planning,
which helps in identifying, evaluating risks and creating approaches to deal with
risks. It helps in understanding and determining the approaches to reduce significant
business risks in case of any incident occurrence and to achieve any type of legal
compulsions for a safe workplace.


Thus, it is important to document the data at every phase of the risk management
process by including norms, procedures, information sources and consequences. This
helps in indicating the process is followed appropriately; to have an evidence towards
a methodical approach used for identifying and analysing risks; this keeps a record of
information related to organisational risks in knowledge database; this helps in
decision making and details about the accountable parties; provides mechanism for
continuous monitoring and control; to have audit trail; and details to be
communicated to the managers to conform with risk management related procedures
and policies.


Hence, documenting and storing the risk data, helps in disaster recovery planning.


Trainer Comments


14/10/2019 08:42AM Satisfactory Answer



Activity 15

It is important to monitor and evaluate an action plan once it has moved into its
implementation phase. How does monitoring and evaluation help and what sorts of
things might come under scrutiny? (200 words)


Monitoring and evaluation are steps in a monitoring plan that is used to improve
productivity and achieve results within a specified time frame. It is used as a bridge
between past, present and future actions. In General, monitoring and evaluation of
actions are carried out by an independent organisation, it can also be done in the
house.


A monitoring and evaluation plan is important in any monitoring process. It is
important to develop a monitoring and evaluation plan prior to any process, as it
helps guide in the right direction by setting realistic time frames and budgets. This
helps to improve performance and achieve results.


Monitoring is carried out in order to constantly assess the progress of the plan, at
what stage it is, whether There are any delays or deviations. It also includes status
reporting and forecasting. This helps in taking the necessary steps to correct the
deviation and meet the delivery schedule.


The evaluation is conducted to identify errors and take corrective action to ensure
that such errors do not recur. It compares the planned result with the actual one in
the process, and when there is any deviation, it gives us an idea of the number of
deviations, enforcement measures are taken to keep it on schedule


Trainer Comments


14/10/2019 08:42AM Satisfactory Answer



Activity 16
 1
Explain who should be involved in the evaluation of risk management treatments. (30–
40 words)


It is advisable to involve the relevant stakeholders in addition to the project manager
and the project team to identify risks.
Top management is also part of the team and should be involved.


Trainer Comments


14/10/2019 08:45AM Satisfactory Answer



 2
Sometimes external auditors can be called in to evaluate risk management plans and
strategies. What are three advantages of using external auditors?


Before learning the benefit of using an external auditor, first of all, we need to know
what an external auditor is.
 
External auditor:


- the external auditor and internal auditor work for the organisation specifically in
the development of risk management policies. They also ensure that their risk
management policies are properly implemented or not. But here internal auditors are
employees of the organisation, and external auditors are simply appointed to
perform a specific task in the organisation and for a financial task. External auditors
are appointed by the shareholder of the company and are responsible to the
shareholder (owner) of the company or a third party. The external auditors ensure a
fair result or presentation of the situation.


The three advantages of using external auditors are as follows:


1.Impartial and well trained:


external auditors are well trained to specifically focus on tightening and improving
the business process to reduce the risk of misrepresentation of the company's
financial data. They are trained in their work because they do not work to impress
for any reason. External auditors always work with like-minded people with the aim
of improving the company.


2.Fraud prevention:


there is a maximum probability of fraud in the organisation by the internal auditor or
any employees of the organisation. They tried their best to hide the deception. But
the external auditor helps the organisation find these types of scams in the
organisation. Thus, external auditors can assess risks (financial) in the organisation,
as well as assist in the development of a plan and strategies for it.


3.Improvement:


the external auditor helps the organisation improve its financial condition and reduce
risk in financial plan and strategies by providing some additional knowledge regarding
their internal financial control. While they give some advice on improving the state
of the organisation, they do not need to be implemented immediately. Management
can implement this plan when it needs it most.


These are the three benefits of using external auditors.


Trainer Comments


14/10/2019 08:45AM Satisfactory Answer
 

Summative assessment 1
Question 1

You could be expected to outline the purpose and key elements of current risk
management standards. Where would you find this information and how does it link to
AS/NZS ISO risk management standards? List ten key elements of risk management.
(200 words)


The risk management standard known as AS/NZS ISO is a guide to managing risk, that
summaries components of the management process.
The basis to define the standard by the International Organisation for Standardisation
is to provide the essential important guidelines and principles that determine and
define the risk management activities and concepts.
An organisation's success is increasingly being challenged by unforeseen events that
are common risks. Health and safety risks, natural hazards and potential
environmental and technical dangers that may arise, can all affect a business in a
negative way. The need to manage hazards, minimise risk and improve business
activities, products and services, is critical to the sustainability of any business.
A strategic way to manage risk is introduced in ISO. Risk management is increasingly
becoming an essential component to any business strategy moving forward. This
standard demonstrates a strong commitment to ongoing improvement in reaching
organisational objectives.


Key Elements of risk management are:


1. Good management of the process to make sure that it is implemented across the
organisations.
2. Considering risk on the decision making process. Company should deliver value
3. Involving management and leaders in the risk management
4. Understanding the cycling nature
5. Controlling proper implementation
6. Measuring the process and success
7. Using best available information. Making sure it is accurate and up to date.
8. Being aware of the key objectives.


Trainer Comments


14/10/2019 08:46AM **resubmit required** you have made a good start here but
please outline some of the key elements of risk management and
what it relates to



Question 2

Legislation and regulations from all levels of government will affect various aspects of
business operations and the risk management aspect of business. The impact of
legislation and regulations will depend on business operations/ type of business, the
number of staff employed, industry sector and the structure of the business.


Explain in 200–250 words:


 why it is necessary to have a working knowledge of the legislation involved in business
 what legislation or regulations apply to the industry area in which you work or intend to work—list and give
a brief description of eight forms of relevant legislation
 how and from where you sourced this information
Make a list of 10 forms of legislation or regulation that could have an impact on risk
and that you might have to outline when communicating with employees.

A legal or legal personality makes a Corporation capable of having legal rights and
obligations. Individuals also help them to have rights and thus enable them to protect
themselves and thrive in a sustainable way. Society and the legal system respond by
seeking certain responsibilities and responsibilities from corporations. It is the
responsibility of the Corporation to be a responsible, good citizen of the global
village, to comply with all relevant laws and regulations and to provide quality
products to society. In modern conditions, it is necessary to know the legislation and
regulations, as they dictate an acceptable level of behavior. from the leadership. If
this does not happen, there may be legal consequences, but the social consequences
are far more deadly for business, and it is in this way that government regulations in
Addition, the benefits derived from regulations exceed the costs incurred by them.
This leads to innovation and competition, and therefore expands competition in the
market. This helps consumers as they now get a wide range of products at lower
prices as well as improved goods and services. Below are some of the regulations that
affect my field of activity.
1.The Human Rights Act is a UK 1998
2.EOCC commissions
3.Australian equal pay act 1969
4.The pregnancy discrimination act of Australia 1984
5.Fair Labor Standards Act 1938
6.Occupational Safety and Health Administration (OSHA)
7.Citizenship and Immigration Services Australian 1948
8.Family and Medical Leave Act (FMLA)
9.Antitrust laws
10.Environmental protection agency's regulations

Duty of care is a legal obligation which requires an individual to a standard of

reasonable care while performing any acts that could possibly harm others. It is the
first thing that must be established to proceed with an action in negligence.
Breaching duty of care can make individual liable by it. In turn, breaching a duty may
subject an individual to liability. Organisation employees and management should be
aware of the and making sure it is well monitored.

The Freedom of Information Act 1982 gives an individual the right to request access
to the information which government holds. This includes information they hold
about you or about government policies and decisions. It is very important for an
organisation to understand that and gather all required information.

Contract law is an agreement between private parties creating mutual obligations

enforceable by law. It is critically important to be considered within the organisation
as the circumstances of not following the law can de really damaging.
It is vital to consider where the information and sourced from and making sure it is
trustworthy source. If an organisation has legal team which can follow up on the
current update within the current legislation and regulations.

Trainer Comments

14/10/2019 08:47AM **resubmit required** you have made a good start here but you
need to be specific to some legislation around risk such as
duty of care
corporate/ company law
contract law
environmental interaction
freedom of information
please review your answer

Question 3

Each organisation should have policies and procedures, grounded in the relevant
legislation, in place to support their operations and the various functions/ activities of
the business. Risk management plans will relate to the overall operation of the
organisation.


Outline the reasons why business organisations should develop risk management
policies, risk registers and processes for managing risk. (250–300 words)


Risk in business is defined as anything that threatens an organization's ability to make
a profit at its target level due to uncertainties such as changes in consumer taste and
preferences, changes in government policy, uncertainties, production costs,
competition, the General economic climate, Etc. ,


Risk management is a procedure to determine a possible risk or diaster before it
occurs. the organization must make a realistic assessment of the true level of risk.
Risk management enables an organization to establish risk avoidance procedures. to
minimize the impact of risk and how to deal with this impact. There are four steps in
the risk management process.


1. Risk identification


2. Risk analysis


3. Risk control


4. Risk treatment


It should include commitments from all levels of the organization, policies and
procedures, defined roles and responsibilities to employees, adequate tools
dedicated to the plan, ongoing training and testing of the risk management plan.
 
role of policies and procedures in risk management


Some organizations believe that as long as everything goes smoothly, there is no need
for any documentation, policies and procedures. This is a serious mistake of any
organization because this type of mentality ignores the importance of active risk
management plans. Policies contain a high level of principles that are followed by
specific departments or functional areas of the organization. Policies determine the
direction for business and departments. processes define in detail how normal
business functions should be performed, and procedures combine a set of functions
and organizational processes. they are associated with specific policies and lower-
level processes.


Organizational risk management policies and procedures should be defined as a set of
written steps that an organization will take to ensure that its employees have a
minimum level of risk in the performance of their work.


There are various reasons for developing risk management policies and procedures.
such as


1. Provide each employee with a safe place to do their work.


2. Certain procedures and policies are the hallmark of maturity in any organization.


3. Certain policies provide strategic vision by defining what the risk and control
environment should look like.


4. It defines the internal workings of the business and provides a clear understanding
of the principles and requirements that set the tone of the organization at risk
control points.


5. Certain policies and procedures are seen as evidence of the current operational
status and its commitment to effective risk management of any organization.


6. The documented process, policies, and procedures contain information about
process and resource dependencies in addition to identified risks and control points.


7. Procedures and policies describe current requirements, risks, and controls that
identify gaps, which in turn help the organization implement the right controls into
the right processes.


8. Policies and procedures are required by the employer so that they can assess the
work responsibilities required to determine the risk associated with it.
 
9. This is necessary to train employees so that there is less risk at work.


Trainer Comments


14/10/2019 08:47AM Satisfactory Answer



Summative assessment 2
Project 1

Design, develop and document a risk management plan related to:


 the reduction of accidents, illness or incidents relating to worker or general public safety
 the prevention of operational discontinuity
 the need for new or innovative improvement/ changes in processes or procedures (and the associated risks)
 environmental impact issues—including resource use and management
You might choose another risk area relevant to the organisation for which you work. If
you do you will need to describe the organisation and the risk being addressed in
terms of industry sector requirements. If you are not working the risk management
process might apply to a fictional organisation that you describe in detail.

Explain why and how you would initiate and implement the risk management plan and:

1. Establish the context and scope of the plan.

2. Identify the risk/s.

3. Analyse the risks.

4. Select, plan and document risk management treatments.

5. Explain the implementation monitoring and evaluation processes.

Format your risk identification, analysis and improvement plan/ proposal (or action
plan) in a manner that would be accepted by senior management. Ensure that all risk
scenarios are addressed and catered for.

Submit:

 the plan
 research results and tools used in the assessment process and in the plan design
 any relevant support information, charts, graphs, statistics etc
The plan must clearly describe the risk/s, proposed actions, resource needs,
responsible persons, time frames, deadlines, expected outcomes and success metrics.

Alternative assessment

If you are currently employed in this field, to assist with assessment, and if you can
verify that these are entirely your own work, you might submit any of the following:

 written reports on activities that you have undertaken and that are directly associated with risk
management
 a portfolio of evidence showing a range of risk management strategies that you were instrumental in
developing and implementing
 assessment of the outcomes relevant to risk treatments that you have managed or overseen
 third party workplace reports of on-the-job performance—to show that you can establish the risk context,
identify risks, analyse risks, and select and implement treatments
 performance review results relevant to participation in and management of risks
 notes, electronic data and hard copy information related to presentations you have made informing teams
and individuals of risk management processes
Your assessor will determine how well this documentation meets the assessment
requirements and will ask you a series of verbal questions relating to relevant
documentation and legislation.

The assessor will document your responses.

please see attached in relation to project 1

Risk.docx (101 KB)

Trainer Comments

14/10/2019 08:49AM **resubmit required** you have made a good start here but you
need to put more into this and develop a risk management plan
(a template was provided to you in class or you can find one
through google) .. you need to outline all of the componants of
this of your work ie risk context/ risk objectives/ hazard
identification and controls etc