lOMoARcPSD|4962838

Bsbrsk 501 - MANAGE RISK

Leadership & Management (Melbourne Business School)

StuDocu is not sponsored or endorsed by any college or university

Downloaded by Sylvia M (sylviamungni07@gmail.com)
 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

Submission details
Candidate’s name Id no.
Assessor’s name

Assessment Task 1
Risk review

REVIEWING THE MACVILLE RISK MANAGEMENT POLICY

I reviewed the case study and then studied the RISK MANAGEMENT POLICY of the
company and I found some improvement areas and some loopholes which need
immediate plugging.
I shall discuss the policy in the following steps :

1. Scope
In the present case study, the areas of the scope of the risk management are
following :
1) Cash Management
2) Policies and procedure in document form and easily accessible by
employees.
3) Too much family oriented and managed business and hence the need for a
professional face of the company.
4) Assessing the impact of external factors
5) Ensuring compliance
6) Risk in relation to functions –human resources management, financial
operations, OHS, supply chain, local governance and compliance issues.
2. Goals
Goals setting is quintessential for the success of a risk management plan. Goals
should be aligned with the policies of the company. Macville’s business goals are :
1) Expanding customer base by providing quality customer service
2) Increase the number of stores across Australia
3) To appropriately manage the risks involved with the operation of store
4) To give the new manager significant insights into the store’s operations.
5) To ensure there is a smooth transition to the Mac Ville systems.
6) To encourage the new manager to give ongoing support for risk management.

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

3. Stakeholders:
Stakeholder is an employee, manager, vendor, society, and even government who
affect or can be affected by an organization's actions.

Stakeholder Internal/external Role in process Stake in process

Vendors supplying External Responsible for More business
pastries and other the quality of food with the company
materials products

Store Manager Internal Driving operations Increase in profit

profitably and business

Customers External Reason for our Best Quality,

existence cheap price

Top Management Internal Running the More stores,

business more business,
more revenues

Regulatory Bodies External Compliance Actions of

business should
not be against
law of land

Analysis
Risk analysis is the phase where the level of the risk and its nature are assessed
and understood. This information is the first input to decision makers on whether
risks need to be treated or not and what is the most appropriate and cost-effective
risk treatment methodology. We have two types of risk analysis methods:-
PEST
A PEST analysis is an effective tool for investigating external environmental factors.
PEST stands for the Political, Economic, Social and Technological.

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

▪ Political
Proposed laws that may affect organisation. In this case study compliance standards
in WHS, privacy and industrial relation laws. Others are Taxation policy,
Merit/demerit goods, and employment regulations.
▪ Economical
according to the case study dealing with banks, borrowing from the banks etc .
Business has strong economic growth potential.
▪ Social
population is increasing which is good for business; ageing population has better
access facilities.
▪ Technological
National broadband network scheme is coming in the are very soon which would
The SWOT Matrix
SWOT analysis (alternatively SWOT Matrix) is a structured planning method used to
evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a
project or in a business venture. A SWOT analysis can be carried out for a product,
place, industry or person.
In this case study the result of the SWOT analysis could be the classified in the
following manner:
▪ STRENGTHS: good location of the business, increasing population of the
area, no other competitor in the near locations etc.
▪ WEAKNESS: On time delivery of food, difficulty for managers to access due
to long driving, no written policy and procedures manual, improper use of
water, no proper security systems etc.
▪ OPPORTUNITIES: because of the easy access to busses and the stores
central location there is a plenty of business opportunities, there were
opportunities for opening more cafes in the surrounding shopping centers like
Wilsonton, Clifford Gardens and K-Mart Plaza
▪ THREATS: Introduction of legislation that backs up the local by-law
concerning efficient water usage, particularly by industries, representatives of
a large international chain of coffee shops had been making enquiries around
town about opening a store in the Toowoomba CBD.

Research

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

In this case study it is clearly evident from the following findings that the considerable
amount of research has been done.
▪ After research it has been found that two hour delivery would make fresh
pastry deliveries from the company’s central bakery plant impractical.
▪ Regarding the population and age research it has been found that the café is
attracting a large percentage of retirees because of its easy access to buses
and the stores central location
▪ Having conducted the area research it was found that there were
opportunities for opening more cafes in the surrounding shopping Centre’s..
▪ The research of upcoming laws and policies revealed that the current law was
due for implementation on the 1st of next month allowing cafes to expand their
footpath.

Describe: The process of identification can be aided by various tools and techniques,
which should be selected based on the purpose and context of the risk management
activities being undertaken. Some of these tools include:
▪ Checklist: It helps to ensure consistency and completeness in carrying out a
task
Human resources management risk.
i. No written policy and procedures manual and limited staff training –could lead to
errors and inappropriate actions.
ii. Authorisation system not clearly defined –could lead to fraud.
iii. Lack of sales promotion techniques –impacts of the stores financial viability.

Financial operations risk

i. No separation of duties –could lead to fraud.
ii. The banking was not done every day and was kept on the premises overnight
without a safe –assets not protected could lead to thief.
iii. Not all takings from the cash register by family staff members were recorded –
unacceptable behaviour in a company store and could lead to
misappropriation of funds.

OHS risk
i. Manager two-hour drive to and from weekly manager’s meeting –could lead to
physical injury.
ii. Unstable and broken chairs –customers injured –compliance breach and customer
suing, reputation loss
iii. No established process for dealing with injuries happening at work –staff need a
quick and organised response to injuries –staff work loss, unions suing,
reputation loss.

Supply chain risk

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

i Impractical to deliver fresh pastry from the company’s central bakery plant in
timely manner –brand loss, quality service loss.
ii. Supply of company branded supplies –brand loss.

Local governance and compliance risk over

I. Wateruse –company could be fined –reputation/brand loss.
ii. Incomplete employment records –unions could sue –government penalties –
reputation/brand loss, $50,000 fine.
iii. Confidentially of records not guaranteed –privacy law breach

▪ Fishbone diagrams: Fishbone diagrams are cause and effect diagrams. Use
of fishbone diagram encourages a systematic approach to identifying risks
that looks beyond the obvious causes of a problem.
▪ Flowcharts: A flowchart is a type of diagram that represents an algorithm or
process, showing the steps as boxes of various kinds, and their order by
connecting them with arrows. Flowcharts use various symbols and shapes to
represent different facts of a process and arrows to show flow of information,
communication and control.
Summary of meeting with the manager
After having visited the new store in Toowoomba a written report was prepared
according to the risk management policies of MacVille. This report defined and
identified the environment, characteristics and stakeholders, their goals and
objectives, and the scope of the specific risk management process. . Later, this
report was discussed with the manger. Some of the things and factors discussed
with the manger are as following
▪ Discussion on the issues raised by James Mansfield and Ron Langford
▪ Discussion on the report on previous NSW expansion, which head office had
given you
▪ Discussion on privacy and industrial relations law.
▪ Discussion on the Lack of written policy and procedures to guide staff in
carrying out their duties.
▪ Discussion on the lack of a professional business culture in the family runs
business.
▪ Discussion about the methods to communicate with stakeholders.
After having discussion on the all aspects of the research on the risk assessment my
Manager suggested me to contact stakeholders through a written form of
communication i.e. either Email or letter

Draft of the communication for consultation with stakeholders.

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

From: Manager-
To: FARM committee
Ref: New Toowoomba store
I have been assigned the task of managing risks involved in the operational takeover
of the Toowoomba store. I conducted research as per the Macville risk assessment
policies and prepared a report regarding the threats and opportunities the takeover
of business could bring to the company. I want to bring forward to the committee the
highlights of the research and want suggestions and inputs from the committee.
Following are the some of the findings of the research:
The following are four broad areas where potential for risk to MacVille has been
identified. Under each area, examples of possible risks are detailed.

Operational/Organizational
● Legal and regulatory compliance: there were no written policy and procedures
manual, no proper cash handling rules, chances for break-ins due to non-
existence of proper security system, no OHS policy and improper use of water
is violating the state law.
● Logistics and Product quality: The two hour delivery would make fresh pastry
deliveries from the company’s central bakery plant impractical. The pastries
would arrive after the morning rush. These are a key part of the MacVille
assortment there is also a concern about getting the company branded
supplies through as quickly.
● Infrastructure, plant and equipment: The fit-out in parts looked old and
unattractive, with some chairs unstable and broken and some parts of the worn
carpet was simply taped over with gaffer tape.
● Customer interaction: unskilled staff, not properly trained about the customer
interaction skills
Financial

● Accountability: cash is not handled properly, too much cash is kept at the
premises, no proper policy of doing day to day banking and financial records
are not password protected and anyone could access the information.

● Fraud or theft: no proper cash handling rules, chances for break-ins due to
non-existence of proper security system,

● Loss of income, funding/finance

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

Governance: business is a family run business. In family run business work ethics
and professionalism is always a big issue.

Project Management
The long drive from Toowoomba to Brisbane would make attending the weekly
managers meeting difficult considering many meetings did not finish until into the
evening after refreshments. There is also manager training sessions that need to
complete over the next 6 months in conjunction with a few other assistant managers.

These were highlights from the research I wanted bring forward to the committee
and inputs regarding how the committee wants to address these issues are sought.

Regards,

Manager, Toowoomba store

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

Assessment Task 2
Risk analysis and management plan

A) Likelihood :Once risks are identified, the next step is to determine the likelihood
that the potential vulnerability can be exploited. Several factors need to be
considered when determining this likelihood. First, the auditor needs to consider the
source of the threat, the motivation behind the threat, and the capability of the
source. Next, auditors need to determine the nature of the vulnerability and, finally,
the existence and effectiveness of current controls to deter or mitigate the
vulnerability. The likelihood that a potential vulnerability could be exploited can be
described as high, medium, or low.
Rare risk means that highly unlikely, but it may occur in exceptional circumstances.
It could happen, but probably never will.
Unlikely risk means that not expected, but there's a slight possibility it may occur at
some time.
Possible risk means that the event might occur at some time as there is a history of
casual occurrence at the University &/or similar institutions.
Likely risk means that there is a strong possibility the event will occur as there is a
history of frequent occurrence at the University &/or similar institutions.
Frequent risk means that very likely. The event is expected to occur in most
circumstances as there is a history of regular occurrence at the University &/or
similar institutions/Organizations。
According to the Case Study, there are:
i. Banking Risk – There is possibility of theft of cash that is left on premises as
the banking in Café was not done every day and often $4000 was kept on the
premises overnight in the cash register. It is a possible risk.
ii. Manager’s Travel Risk – It is an unlikely risk that the manager would involve
in an accident in spite of being a competent driver because of the steep
narrow climb up the range with trucks blocking the way that is quite difficult in
daylight hours.
iii. By-law Compliance Risk – It is an unlikely risk that if the employees or the
manager use more water, they could get the fines for excessive usage of
water and consequently breaching the current by-law will occur.

B) Consequence: Failing to address risk can lead to consequences that span the
spectrum from mere inconvenience to grave danger. The general level of
consequence is Catastrophic, Major, Minor, and Insignificant.
Catastrophic Risk like multiple injuries, regulatory intervention, net revenue loss or
asset damage exceeds $x, damage to reputation at international level and long-term
environmental damage.

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

Major Risk such as single stakeholder, breach of licenses, legislation, regulation or

mandated standards; net revenue loss or asset damage between $xxx, damage to
reputation at national level and medium-term (1-5yr) environmental damage.
Minor Risk like breach of internal procedures, net revenue loss or asset damage
between $x-$xx, adverse news in local media and environmental damage which
requiring up to $250,000.
Insignificant Risk like no breach of licenses, standards, guidelines or related audit
findings; net revenue loss or asset damage $x, public awareness may exist, but
there is little public concern and negligible environmental impact.

According to the Case Study, there are

i. Banking Risk – There is a possibility for theft of cash left on the premises
and it is also dangerous to the employees in the Café. So, it is a major risk of
not banking money every day.
ii. Manage Travel Risk - There is a possibility for the manager to have an
accident because of the long drive and also the navigating the steep narrow
climb up the range. If there is any accident occurs, the company has to insure
the manager as well as to find a substitute for the manager and this will slow
down their Café business. So, it is major risk.
iii. By-law Compliance Risk – If the company didn’t use the water
effectively,they will end up paying the fines up to $50,000 according to the
current by-law and it would be a loss for the company as well as a drawback
for their organization. So, it is a minor risk.

C) Priorities:
Now that you have determined both the likelihood and consequence of risk, the two
are combined to determine the rating. The most effective method of risk analysis is
to generate a risk matrix. A risk matrix is shown below, where the identified
consequence meets the identified likelihood, a risk rating is given.
The allocation of a risk rating should prompt a decision to be made about the action
to be taken, as below.
Extreme – immediate senior management action, e.g. multiple deaths of employees.
High – Action plan needed, allocated responsibilities, e.g. damage to valuable
assets.
Medium – Risk requires only monitoring and review, e.g. loss of assets due to staff
theft.
Low – Risk accepted – but not ignored, e.g. a paper cut.

Extreme – Banking risk: keeping cash of $4000 on the premises is an extreme risk
as there is possibility for theft and dangerous to employees.

High – Manager’s travel risk: because of the long drive. Then the company has to
substitute for the manager as well as to do the insurance for the manager in order to

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

support the manager.

Medium – By-law compliance risk: it is important to use the water effectively; other
wise the company will end up paying the fines up to $ 50000.

D) Options: The options for treating the risk which is likely to be effective and
feasible for the organization are action plan early and internal control procedures.

The following need to be considered when choosing an appropriate treatment for a

risk: acceptability to all, administration efficiency, capacity compatibility, continuity of
effects, contracts, cost effectiveness, economic and social environment, equity,
individual freedom, jurisdictional authority, objectives, regulatory, risk creation and
timing.

Develop an action plan for treating risks

Plan Early
Experienced operators know that risk management is a proactive process. It is not
the thing you do when a risk emerges because by then it may be too late. Effective
risk action plans are those that are part of the operations of the organization.
Problems that start small can escalate into large threats, or a risk may appear
suddenly that threatens the reputation of the entire organization. Having risk
management processes and planning in place when these happen could stop the
escalation and minimize the impact from the sudden disaster. The risk action plan
outlines how the risk is to be managed and a timeline for this process to take place.
It should include: the risk, risk rating, treatment activity or controls, roles and
responsibilities for those involved, timeline, and monitoring arrangements.

Internal Control Procedures

Risk Management and Internal Controls

The Company is committed to the identification, monitoring and management of risks
associated with its business
activities. Management is ultimately responsible to the Board for the Company’s
system of internal controls and risk management. The Company’s risk management
policies and procedures cover regulatory, legal, property, treasury, financial reporting
and internal controls. A clear organizational structure exists detailing lines of
authority and control responsibilities. Each business unit is responsible and
accountable for implementing procedures and controls to manage risks within its
business. Company management has established within its management and
reporting systems a number of risk management controls. These include:
• Formal operating and strategic planning processes for all businesses within the
Company;

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

• Annual budgeting and periodic reporting systems for all businesses which
enable the monitoring of progress against financial and operational performance
targets and metrics and evaluation of trends;
• Guidelines and limits for approval of capital expenditures and investments;
• Policies and procedures for the management of financial risk and treasury
operations; and
• Standards of Business Conduct which are applicable to all employees. Certain risks
cannot be mitigated to an acceptable level by internal controls. Such risks are
transferred to third parties in the international insurance markets to the extent
considered appropriate. An internal audit function operates under a charter which
defines the purpose, authority and responsibility of the Corporate Audit Department.
The Corporate Audit Department’s mission is to provide an independent, objective
assessment of risk and evaluation of the effectiveness of internal operating and
financial controls within the Company’s various operating businesses. The areas of
emphasis for the conduct of the assessment include the:
• appropriateness, efficiency, and effectiveness of the internal control
environment and the susceptibility of that environment, on a sample basis, to frauds,
failures in internal controls, or breaches in authority;
• reliability and integrity of financial and other operating controls; • extent of
compliance with Company policies and procedures; • accuracy and integrity of
and security over data and information;
• accountability for the Company’s assets to safeguard against loss;
• adequacy of reviews made by the operating companies to ensure an effective
internal controls environment is fostered; and
• economy and efficiency with which resources are employed. The results of each
audit and agreed-upon management action plan are reported on a timely basis to the
management responsible for implementing changes. The Corporate Audit
Department reports to the Company’s Audit Committee and meets with them at least
four times a year to review the annual Corporate Audit Plan and the results of its
activities. The activities of the Corporate Audit Department are separate and distinct
from those of the Company’s independent registered public accounting firm.
However, active coordination between the two groups is recognized as essential in
order to maximize the Company’s return on investment for audit services.

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

Assessment Task 3
Monitoring report

Plan
a. Banking risk–Likelihood is minor where the consequence is extreme and the
priorities is likely and risk is high and the option making it a company policy to
bank every day and eliminate the need to carry overnight. And ensure overnight
cash holding.
i. Insurance on ‘cash on premises’.
ii. Open an account with closest bank.
Iii. Policy and procedure requirement to bank daily.
b. Manager’s travel risk–in manager travel risk likelihood will be tiredness injury
death(likely) and the consequence is moderated and even priorities is moderate and
risk is high.
i. Management meetings to finish 3:00pm.
ii. Install teleconferencing.
iii. Management training shift to morning half day sessions.
c. By-law Compliance risk –the likelihood is moderate where the consequence is
major and priorities moderate and where risk extreme.
i. Apply for time to ‘make good’.
Ii. Policy and procedures to change work practices.
iii. Install water saving devices such as native plants, tank, dual flush toilet systems,
5-6 star (WELS) dishwasher.

Implementation
a. Banking risk –theft of cash left on premises.
i. The financial controller had taken out $5,000 the insurance cover on cash held on
premises overnight from the opening week as planned.
ii. The company bank account was opened about 4 weeks opening at the bank two
shops down the street.
iii. The training on daily banking has been successfully completed.
b. Manager’s travel risk–physical injury –initially rated as extreme.
i. The weekly management meetings are finishing close to 3:00pm.

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

ii. The assistant management training has been shifted to the mornings allowing the
manager to leave before 1:00 PM.
b. By-law Compliance risk –reputation/brand loss and fines –initially rated as high.
I. An external audit was completed and presented to the board 6 months after
settlement.
ii. The board and CEO included a new policy regarding compliance with the
Toowoomba by-law on water conservation.
iii. The plants have been changed to natives.
Iv. The dual flush toilets are ordered and in stock.
v. The 5 star rated (WELS) dishwasher was installed.
vi. The application to make-good by Goldsmith Partners on behalf of Mac Ville, was
accepted by the Toowoomba City Council.
vii. There has been one internal audit arranged by the store.
Viii. A water tank had been built in to the courtyard.
ix. There is a weekly water usage monitor in the staff room

Outcomes :
a. Banking risk–theft of cash left on premises –initially rated as moderate now low
due to insignificant consequence (insurance cover) and ‘unlikely’ likelihood because
cash rarely kept on the premises.
b. Manager’s travel risk –physical injury –initially rated as extreme still high.
Likelihood reduced to rare with the change in time travelled.
c. By-law Compliance risk –reputation/brand loss and fines –initially rated as high
now moderate due to unlikely likelihood with the installed water saving devices and
processes.
Evaluation
a. Banking risk –theft of cash left on premises –initially rated as moderate reduced to
low. Could be made more effective by 100% compliance with the daily banking
directive and removal of expensive insurance on overnight cash on premises.
b. Manager’s travel risk –physical injury -initially rated as extreme and reduced to
high because of the continued travel. Introduction of teleconferencing would reduce
this risk to nil. CEO should provide an excusal letter to ensure the manager leaves at
the appropriate time.
c. By-law Compliance risk–reputation/brand loss and fines -initially rated as high and
reduced to moderate but could be reduced again to low by having Brisbane
plumbers install the tank and the dual –flush toilets in the next 14 days. Monitor

Downloaded by Sylvia M (sylviamungni07@gmail.com)

 lOMoARcPSD|4962838

BSBRSK501 MANAGE RISK

should be constantly updated to keep staff motivated and a procedure should be

written. More internal audits are required.

Downloaded by Sylvia M (sylviamungni07@gmail.com)