Overview of risk management

135 views 10:26 am 0 Comments May 5, 2023

BSBOPS504 Student Guide V1.0 | 1
MANAGE BUSINESS RISK
BSBOPS504
STUDENT
GUIDE-TKL
College

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 2

. Contents

Overview 3
Topic 1: Overview of risk management 4
Topic 2: Establishing risk management in an organisation 18
Topic 3: Addressing risks in an organisation 36

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 3

Overview

The Student Guide should be used in conjunction with the recommended reading and any further
course notes or activities given by the trainer/assessor.
Application of the unit
This unit describes skills and knowledge required to manage business risks in a range of contexts
across an organisation or for a specific business unit or area in any industry setting.
The unit applies to individuals who are working in positions of authority and who are approved to
implement change across the organisation, business unit, program or project area. They may or
may not have responsibility for directly supervising others.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Learning goals
Learning goals include:
You are able to establish the risk context to manage risk in a work area or organisation.
You are able to identify and analyse risks within a pre-determined scope.

You are able to select and implement risk treatments and monitor and evaluate the risk
management process.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 4

Topic 1: Overview of risk management

What does “risk management” mean?
Life is full of risk – the chance of something going wrong or not as planned. No outcome is ever
one hundred percent certain. In fact, any attempt you make at anything has the potential to
succeed or fail. In business, risk involves the possibility of financial and/or operational difficulties.

Managing risk in business is about using sound judgement and decision-making skills to reduce
the consequences of risk while still making the most of the opportunities available to you.
It is not about completely eliminating risks, as they are inevitable in business (and life!). It is
about establishing, mitigating and responding to risks and setting up a plan to deal with them.

 

Activity: Reflect
Think about some of the risks in your personal and work/study life.
Have you deliberately taken any risks that have been a success?
Have you taken any risks that have caused you to fail?
Have you taken any steps to avoid or manage any of the risks you’ve thought
about?

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 5
Image by Gladson Xavier on Pexels
What is risk?
Before we continue, make sure you understand what risk is.

A risk in business management can be seen as anything that:
could prevent the organisation from achieving goals it has set for itself.
could result in a negative outcome for the enterprise.

Examples of goals that may be involved with risk can relate to service delivery standards,
production specification of items, sales and/or revenue budgets, safety targets and attainment of
workplace objectives.
Examples of negative outcomes of a risk eventualising may be financial loss, damage to the
reputation of the company, loss of property, cash or data and breach of legislated obligations.
Risks come in different forms and in business, there are different types of risks. The risks for your
business or organisation will depend on:
the size of the business/organisation
the industry
the people you work with.
As you manage risks for your organisation, it’s helpful to know what type of risk you are dealing
with. A risk may be direct (specific to a business and its objectives) or indirect (don’t directly impact
the business but still affects operations such as a natural disaster impacting suppliers).

There are four main types of business risk: strategic risk, compliance risk, financial risk and
operational risk.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 6
Image by Suzy on Pexels
Take a look at the next table to understand more about these risks.

Type of risk Description Example Key responsibility
Strategic risk These risks can occur at
any time and are related
to the business or
organisation’s strategy.
A business sells
natural sunscreen in
lotion form but over
time people’s
preference for lotion
declines and more
people want a spray
form of sunscreen.
CEO
Managing director
Board of directors
Owner
Compliance
risk
These risks involve
having to comply with
rules set by government
or regulatory bodies.
Complying to all
regulations due to
COVID-19 and having
a COVID Safe plan
that meets
requirements.
Head of safety
Head of operations
Managers/supervisors
Financial risk These risks affect the
financial health of a
business (cash flow,
liquidity, financial
position, debt burden
etc.)
Customers not paying
on time (or paying in
instalments).
CFO
Financial controller
Managers/supervisors

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 7

Type of risk Description Example Key responsibility
Operational
risk
These risks are
associated with a
business or
organisations’ systems
and processes.
Targets not being met
because a machine
breaks down.
Head of operations
Managers/supervisors

 

Activity: Brainstorm
In small groups:
brainstorm more examples for each type of risk.
explain what their impact might be on an organisation.
say whether the risks are direct or indirect.
Your trainer will facilitate a group discussion to create a complete list of examples.
Take notes and keep them for future reference.

 

Activity: Reflect
Do you have any personal experience of any of the types of risks listed above?

What are common sources of business risk?
Regardless of the type of business risk you are identifying, there are common sources of risk.
These can either be internal or external sources.

Activity: Research and discuss
Work in a group and answer the questions:
What is meant by “internal” sources of risk in a business or organisation?
Provide examples.
What is meant by “external” sources of risk in a business or organisation?

Table 1: Types of business risk
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 8

Provide examples.
Your trainer will facilitate a discussion to summarise your research. Take notes and
keep them for future reference.

The three most common categories of business risk sources are:

natural causes (e.g., flooding disrupts a delivery service, dust storm causes a truck driver to
have an accident, pandemic results in extended business closure)

human causes (e.g., strikes result in unfilled customer orders, mistake when manually entering
invoices into the accounting system, spillage in the office kitchen results in someone slipping
and hurting themselves).
economic causes (price of raw materials increases making product manufacture more
expensive, labour costs increase with new regulations, rising interest rates affect a business or
organisation’s ability to repay debt).

Activity: Practical
Look at the examples of risk sources and answer the questions that follow.
bushfires, contractual breaches, terrorist attack, computer network failure, online
security, staff conflict, consumer preference changes, power failure, WHS
1. Classify each risk as internal or external.
2. Which category does each risk fall into (natural, human, economic)?
3. Who would be responsible for the risk?
Work in pairs to compare your answers.

Why is risk management important?

Activity: Discuss
Consider the quote:
“Take risks: if you win, you will be happy; of you lose, you will be wise” (unknown
author).
In a group, discuss this quote.
Do you agree with it?
How is right? How is it wrong?

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 9
Did you know that the cost of risk management is often less than the costs associated with a risk
eventualising (such as fines, lawsuits, loss, reputational harm and the potential for business
closure)?
Depending on the consequences of the risk, risks should be taken or avoided. When the
consequences of risks we take are negative, we can learn from the outcome and plan for the
future.
Managers are under a legal obligation to:
demonstrate to the workforce they are effectively managing the business through the risk
management actions they take – giving workers a sense of reassurance and confidence in
management.

discharge a common law “Duty of Care” to take action to avoid allowing foreseeable harm to
impact individuals or the company.

demonstrate responsible corporate governance in the way they run the organisation.

Risk management ensures the ongoing viability of a business by making sure its goals and
objectives can be achieved regardless of the obstacles that get in their way.

Risk management has become even more important over recent years as a result of:
an increasingly volatile and competitive business environment where there are more
competitors and their capacity to compete has massively increased due to inexpensive and
pervasive digital marketing options.

greater awareness among the business community that risks can be identified and actively
managed rather than simply be allowed to happen.

realisation that unmanaged risks can seriously impact a business if they materialise, and can
even bring about an end to the company – and that managed risks provide the business with
plans to exploit opportunities that arise rather than see them slip by.

changes to a raft of legislation that has placed obligations on senior managers carrying with
those responsibilities sever penalties of hundreds of thousands of dollars and imprisonment.

What process should I follow to management risk?
Given the importance of risk management (including the legal obligations), a deliberate and
consistent approach is required to identify, mitigate and respond to risk. In many businesses a risk
management team is put together and charged with heading up the process.
The typical risk management process essentially comprises of four steps or stages. The names
given to the four steps/stages can differ but the basics of the model remain the same. The steps
(shown in the next figure) are:
risk identification
risk analysis
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 10
risk mitigation (or control)
monitoring implemented risk control measures.

The process is an ongoing one in that regular and scheduled evaluation and reviews of risks and
the associated risk management occur.

What sources of information should I consider for risk
management?

Activity: Reflect
In the ICT industry “Garbage in, garbage out” (GIGO) is the concept that flawed or
incorrect
input data produces flawed or incorrect output or “garbage”.
Reflect on how this concept applies to sourcing reliable information when managing
risk in a variety of contexts in an organisation.

 

In order to successfully manage risk, a variety of information sources should be consulted
throughout the risk management process.

Relevant information sources are described in the table below.

Learning
opportunity
Description
Stakeholders All people who are involved in identify, mitigating and responding to risk.
Stakeholders can be seen as any person or body who:
is able to shed light on or assist with risk identification, risk analysis
and/or risk control.
is likely to be impacted by an adverse risk event.
For example: employees, external consultants, suppliers, customers,

Identify Analyse Control Monitor
Figure 1: Risk management process
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 11

Learning
opportunity
Description
business owners, the Board and senior management, insurers, third party
contractors, creditors of the business, financiers, various government
agencies.
Legislation These are laws that have been made by the state and/or country and must be
followed. Legislation in Australia may be state-based or national (Federal).
Most businesses engage the services of legal practitioners to assist them in
identifying and understanding their legal obligations.
The government agencies or bodies responsible for enforcing the various
pieces of legislation can also provide valuable insight and have lots of
information freely available on their websites.
Failure to conform with these legislated obligations can lead to warnings,
fines or more dire consequences for serious, continued or intentional and
deliberate action (including imprisonment in some cases). It can also involve
negative media publicity when non-compliance becomes public especially in
terms of the impact of social media.
Where an individual (worker or customer or other) is wronged or injured by
the organisation they have the right to proceed against the business under
civil law.
This action is commonly taken against the business for negligence where
they have breached their Duty of Care.
Legislative examples include: Fair work Act, WHS Acts, Corporations Act,
Privacy Act, Environmental legislation, Discrimination legislation
Regulations and
codes of
practice
Regulations are directly related to legislation. They are the ongoing
processes of monitoring and enforcing the law (in other words the very act of
enforcement through a regulatory authority).
Codes of practice provide information on a specific issue and help you
achieve legal standards. It is a practical guide on how to comply with legal
duties.
Regulatory authorities often provide information on codes of practice.
Examples include WHS codes of practice, Work health and safety regulations
2011
Industry
standards
Standards may be internationally accepted practices, government
requirements or industry regulations.
The AS/NZS ISO 31000:2018 Standard is useful in that it gives terms and
definitions relating to “risk management” and provides information and step

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 12

Learning
opportunity
Description
by-step guidance on topics including:
principles underlying risk management
the risk management framework
the risk management process.
Use of or adherence to this Standard is not mandatory but is considered ‘best
practice’ or the benchmark against which an organisation’s risk management
practices can be judged.
Organisational
documentation
These are workplace documents created by management and are relevant to
risk management. Organisational policies and procedures are put in place to
make sure everyone is as safe as possible and to ensure a successful
outcome for the business or organisation.
For example: Strategic plan, operational plan, policies and procedures (e.g.,
document storage, privacy, confidentiality, recruitment, performance
appraisal, work health and safety)
Best practice
examples
The concept of “best practice” refers to good practices, procedures or
guidelines that have been proven to achieve successful results.
For example: Literature reviews, case studies, analogy thinking (such as
“Uber of public transport”).

 

Activity: Research and discuss
Research legislation relevant to your workplace or industry of interest (such as
mining, manufacturing, transport, building, education or health) that may be
associated with risk management.
You may consider Consumer law, Fair Work Act, Public Service Act, Corporations
Act, Workplace Health and Safety Acts (industry specific), Privacy Acts, Equal
employment opportunity legislation, Discrimination (age, sex, disability) legislation,
Mandatory reporting legislation, Natural justice and procedural fairness.
Take notes and keep them for future reference.
Your trainer will facilitate a group discussion to summarise relevant legislation.

Table 2: Information sources
ntinuous improvement methods
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 13

Activity: Research
Work together in small groups to:
choose an industry or work area you work in or are interested in (e.g. mining,
ICT, finance, education, sales etc.).
research any regulatory bodies and codes of practice associated with the work
area or industry.
share your findings with the larger group (your trainer will provide guidance on
how to do this e.g. PowerPoint presentation or document sharing etc.).

Image by Pixabay on Pexels

Activity: Read
Read more about the AS/NZS ISO 31000:2018:
Website:
https://infostore.saiglobal.com/preview/332265330632.pdf?sku=1134720_
SAIG_AS_AS_2680492

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 14
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 15

Activity: Discuss
As a group discuss the purpose and key elements of the standard.
Take notes and keep them for future reference.

 

Activity: Explore
Explore a few of the policies and procedures that may apply to a risk management:
Website 1:
https://www.oaic.gov.au/about-us/our-corporate-information/key
documents/privacy-policy/
Website 2: https://www.rba.gov.au/about-rba/our-policies/risk-management
policy.html
Website 3: https://www.servicesaustralia.gov.au/organisations/about-us/corporate
publications-and-resources/work-health-and-safety-policies
Website 4: https://policy.vu.edu.au/document/view.php?id=3

How can risk management be supported in an organisation?

In order to successfully manage risk, a variety of information sources should be consulted
throughout the risk management process.

As the risk process is being established, time must be taken to ensure there is support for the
process and for the activities that will need to be undertaken.
This support may either need to be actively sought or may be implicitly provided through
statements in, for example, the organisation’s Risk management policy. Obtaining practical support
for risk management activities can include:
being able to obtain constructive and meaningful input from stakeholders in a timely manner
having management commit the necessary funds to risk management activities

being allowed to take whatever time is necessary to engage in the required risk management
activities

 

having permission to write or re-write operational procedures etc as the need to do so arises
to minimise or address risk.

 

receiving input from management when undertaking any aspect of the process where their
contribution is essential

gaining ready approval to spend money on any aspect of the process.
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 16
While most times businesses and organisations take every step possible to mitigate risk,
sometimes it’s still not enough and consequences occur. At times like this, it’s vital to learn from
mistakes and to identify ways to minimise future risk.
The explosion in Beirut, Lebanon on 4 August 2020 is an example of a terrible tragedy that could
have been prevented with better risk management. After the Beirut explosion, an official of the
Lebanese Higher Defence Council quoted the Lebanon Prime Minister Diab saying:
“…because it isn’t acceptable that a shipment of ammonium nitrate — estimated to be 2,750 tons
— was in a depot for the past six years without precautionary measures being taken.”
(source: https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html)

Activity: Read
If you’re not familiar with the details of the explosion, read more in the news report
below.
News report:
https://www.nytimes.com/2020/08/04/world/middleeast/beirut
explosion-blast.html

 

Activity: Practical
Consider the article you’ve just read about the Beirut explosion. To complete this
activity, work in small groups.
1. Describe the importance of risk management for the warehouse involved in the
explosion.
2. What type of business risk was involved?
3. Identify any legislative and regulatory requirements that may have applied to the
warehouse safety (answer as if Australian law applies).
4. List the possible organisational policies and procedures related to risk
management that may have existed for the warehouse .
5. Think about the risk process discussed previously in this topic. How did (or did
not) the warehouse follow each step in the process?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 17
Image by Pixabay on Pexels
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 18

Topic 2: Establishing risk management in an
organisation

In the previous topic, we looked at the four general steps in a risk management process. This topic
addresses the first two steps in the process (identify and analyse risk).
Before you can identify risks however, you must determine the scope of the risk management
process by:
understanding the risk context
establishing goals and objectives for the area included in the scope
setting up critical success factors.
Figure 2 explains the relationship between the risk management process and the context,
goals/objectives and critical success factors.
What does “risk context” mean?

Risk context is the totality of the business environment (both internal and external) in which the
organisation operates.

It can be determined by a combination of:
undertaking an internal protocols review
defining the risk management scope
identifying stakeholders and their related issues
analysing the external environment of the business
assessing internal conditions.
These are discussed in more detail in the table below.
Figure 2: Risk management process – topic 2
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 19

Risk context
element
Description
Undertaking
an internal
protocols
review
In practice this means becoming familiar with:
the risk management policy of the organisation
the personnel with responsibility allocated to them for managing risk
the risk management standard/s used as for guiding the risk management
activities of the business
the time and funding made available for the process
template documents available to support the process
previous risk management activities undertaken by the business and the
outcomes of same
the risk management process and methodology used by the organisation
the risk appetite of the business and their orientation to tolerance of risk –
some businesses are quite risk averse while others are prepared to take
certain risks.
Defining the
risk
management
scope
Risk can be present across a range of areas for a business (such as record
keeping, recruitment and WHS) and can be both internal and external to the
organisation.
‘Risk management scope’ refers to the parameters of risk management the
business will address.
It is practically not feasible for a business to manage all risk it faces (this would
be too time consuming, too expensive and make the practical day-to-day
operation of the organisation impossible due to all the restrictions, checks and
precautions to be taken) so a decision must be taken about what risks are ‘in’
and will be managed, and those that are ‘out’ and will not be managed.
Scope can be viewed as:
the structure and operations of the business (for example, projects they
are engaged in, departments in the organisation, different work sites
and/or the organisation as a whole)
risks the business will and will not manage (for example, some businesses
will not manage risk for industrial relations or staff retention but will
manage it for WHS and finances).
Identifying
stakeholders
and their
Stakeholders are identified by understanding the possible risks facing the
organisation. When all internal and external stakeholders have been identified,
action should be taken to:

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 20

Risk context
element
Description
related issues determine how they might provide input to the risk management process
(such as identifying possible risks, helping describe their impact and
suggesting ways to prevent or mitigate risks)
assess the influence they have on risk management decisions based on
their relative and/or strategic importance to the business (for example,
contractors who can easily be replaced may have less weight or influence
than a supplier who is critical to the supply chain of the business)
describe the possible issues they will/might have if a risk event occurs (for
example, employees will still want to be paid, customers may still need
your products or services and banks will still need to be paid for loans
etc).
Analysing the
external
environment of
the business
Analysis of the external environment will provide information to identify,
analyse, prioritise and monitor risk. The analysis should include:
the political context, including:
o the state of political stability or unrest in the country, or state/territory
o the political will towards (for example) stimulating and supporting
businesses or taking action to rein in or control them.
the economic context, such as:
o the state of the local economy
o the state of other economies on which the business largely depends
for customers and revenue
o interest rates, exchange rates, employment rates and the confidence
other businesses have in the economy.
the social context, including:
o the values, beliefs and attitudes of society in general
o how they may have changed or be changing.
the legal context, such as:
o the type and volume of legislation the business needs to comply with
o the regulatory framework it has to satisfy
o the potential for new laws to be introduced or existing ones to be
amended or rescinded.
the technological context, including:

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 21

Risk context
element
Description
o the way technology is impacting the business
o the potential it has to help the organisation achieve its aims, save time
or money, enhance compliance levels, improve the standard or quality of
goods and services it provides
o assisting with identifying and controlling risks.
the policy context (this is allied strongly to the political and economic
contexts) for decisions that:
o governments make (such as decisions about tax rates, whether or not
to make grants, loans or subsides available, imposition of tariffs on certain
imported goods, and the support given for ‘Buy local’ or ‘Buy Australian’
campaigns).
o made by other businesses (which might be to move into or out of
certain markets, whether to expand or down-size, or take an aggressive,
price-centred focus on acquiring more sales or greater market share).
A tool such as PESTLE/PESTLE analysis can be used for undertaking this
analysis.
(Watch the video:
https://www.youtube.com/watch?v=GFVKKTwkANY (03:17)
for more information)
Assessing
internal
conditions
This involves analysis of situations and arrangements within the organisation
that have the potential to create or impact risk. For example:
the state or condition of buildings and physical resources owned or used
by the business
the nature of the consultation and communication mechanisms that exist
in the business between departments, between workers and between
management and the workforce
the previous effectiveness (success and failures) of its risk management
processes and actions
the strategies it has in place to retain stop and stop/limit the flow of staff
(knowledge, expertise and intellectual property) from the company to an
opposition business
the size and quality of the customer database the business has
the type of organisational culture that exists in the enterprise
the physical layout of the departments, workspaces and the structure of
the organisational chart for the business

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 22

Risk context
element
Description
the amount of funds available to the business and the potential it has to
raise more or borrow money
the state of any debts it has and its projected ability to repay them
the number and nature of the strengths and weaknesses the business has
including:
o the capacity to capitalise on or exploit strengths and turn them into
opportunities.
o the ability to address and convert weaknesses and threats into
strengths.
o the potential that weaknesses and threats have for causing negative
impacts.
o the plans the enterprise has developed for itself.
(Watch
https://www.youtube.com/watch?v=EJ4uVsSqQ9k&feature=emb_logo
for more information on SWOT analysis).

 

Activity: Practical
Think back to the practical activity you did at the end of Topic 1 (Beirut explosion –
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html).
Assume the explosion has not yet occurred.
1. Analyse the external environment of the business
2. Analyse the internal environment of the business for strengths and weaknesses.
3. Define the scope for risk management at the warehouse.
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.

How do I determine goals and objectives?
To establish the risk management goals and objectives, first review, identify and record the
strategic and operational goals and objectives of the organisation. These goals and objectives
should be used as the basis to inform and shape risk management. The figure below illustrates the
relationship between strategy, operations and risk management in more detail.
Table 3: Establishing the risk context
ntinuous improvement methods
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 23
Strategic and operational goals:
help create the context of the risk to be managed (type, size, timing and topic)
provide the basis for ensuring all areas within the determined scope have been addressed
prevent ‘creep’ caused by non-scope risks being included in the risk management process

give all those involved in the risk management process certainty about the focus of their
activities.

 

Activity: Reflect
How can the strategic and operational goals and objectives can be identified?
Hint: Look back to the section on “Sources of information” in topic 1.

Once strategic and operational goals and objectives have been established, specific risk
management goals and objectives can be created. Because it is impossible to address all risks in a
business, it is useful to set goals for the risk management plans that are developed.

These goals will:
identify the types of risk to be addressed
specify the type of protection appropriate (for example, by stating the amount of loss that
will be allowed, the contingency plan that will be implemented or quantifying the amount of
money that will be made available to offset a negative event that occurs).

In-keeping with standard practice, these goals are formulated in accordance with the SMART
acronym. This is further explained below:
Figure 3: Strategy, operations and risk management
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 24
How do I establish critical success factors?
Critical success factors (CSF) are the things the business must do correctly or ‘get right’ in order for
the organisation to succeed. CSFs need to be comprehensively documented so that everyone
understands what success requires. Remember that a CSF is NOT the same as success criteria.

Activity: Watch
Watch the video about critical success factors.
Video:
https://www.youtube.com/watch?v=0kApm47ClzQ (01:44)
Takes notes and keep them for future reference.

Examples of critical success factors include:
good communication between all parties

suitable structure and design of the
business

participation of all stakeholders
an appropriate organisational culture
trust between everyone
support from management

capacity to monitor and measure
progress and outcomes achieved

effective leadership
provision of necessary resources
good resources and systems/IT
S = Specific •They must state clearly what the organisation seeks to achieve.
•The outcomes must be able to be measured so the business can
M = Measurable calculate and quantify its progress towards them.
•The objectives must be realistic such that everyone feels there is
A =Achievable genuine belief the outcomes can be attained.
•The objectives must be realistic such that everyone feels there is
R = Relevant genuine belief the outcomes can be attained.
T = Timely •The objectives need to have a start and finish date attached to them.
Figure 4: SMART goals
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 25
clear objectives and working guidelines appropriate staff training.

Activity: Practical
Think back to the practical activity you did previously in this topic (Beirut explosion –
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html).
Assume the explosion has not yet occurred:
1. List at least two possible strategic and/or operational goals of the warehouse.
2. For each strategic and/or operational goal, write a risk management goal or
objective.
3. What are potential CSFs for managing risk at the warehouse?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.

What does “identifying risks” involve?
Once you have established the context of risk management and set goals and objectives for the
risk management process, risks should be identified within in the pre-defined scope.

All risks should be considered, regardless of how significant or insignificant they may seem.

As for all business processes, consultation with relevant stakeholders is necessary to create a
comprehensive risk management plan. This includes:
communicating the risk management process to the stakeholders
involving the stakeholders to identify as many risks within the scope as possible.
How do I communicate with stakeholders?
The method used for communication used
will depend on:
the type/role of the stakeholder

the policies and procedures of the
organisation

geographic location of the stakeholder

legislative requirements (e.g. written
notice may be required).

Examples of appropriate methods are:
face-to-face discussions
email exchanges
team meetings
telephone calls
online discussion or chat forum.
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 26

Activity: Brainstorm
Look back to the list of stakeholders identified in Topic 1 (go to the “Sources of
information” section). Work together with a partner to brainstorm:
how each stakeholder may contribute towards identifying risks.
the best way to communicate with the stakeholder.
Your trainer will facilitate a group discussion to summarise your findings.

When you communicate, use appropriate, professional and friendly language and encourage
everyone to present their views. The figure below highlights a few general principles to consider as
you communicate.
Remember to apply active listening and use questioning to check and confirm understanding.

Activity: Watch
Watch the video about questioning.
Video:
https://www.youtube.com/watch?v=ImfU12epYcI (03:20)
Take notes and keep them for future reference.

As stakeholders cannot be expected to know when you need their input, invitations need to be
issued to them. These invitations may be issued verbally or via any digital option that is acceptable
to the stakeholder. The invitation may include:
start time and expected duration
date
location
names of other attendees
Figure 5: Clear communication principles
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 27
matters to be discussed
request to bring any relevant material or documentation
whether refreshments will be provided
whether the business is offering remuneration for participation.
In some cases there can also be a need to forward documentation for attendees to read prior to the
meeting. Standard practice is to send these by mail or courier in hard copy form rather than
electronically but organisational procedures should be followed in this regard.
How do I identity risks?

A structured and formal approach is needed to help ensure no risks are overlooked.

The approach may involve stakeholders or require research.
Options for identifying risks include:
meetings featuring the risk management team
conducting a series of meetings with the stakeholders you have identified and invited

referencing previous risk management documentation to see what other risk management
teams considered

 

distributing questionnaires and/or surveys to stakeholders (as an alternative to holding
meetings)

referencing what has happened in similar local, national and overseas organisations

noting the decisions of court cases where significant damages were awarded or serious
penalties issued

discussing new obligations imposed by legislation with the company’s legal advisor
reviewing internal risk-related reports
employing the services of a fee-for-service risk consultant.

Activity: Discuss
As a group, discuss:
which of the above methods involve stakeholders?
which methods involve research?
what sources of information can be used for the methods that involve research?

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 28

Take notes and keep them for future reference.

 

Activity: Read
Are you interested in industry specific risks? The links below provide helpful insight
for further reading.
https://www.business.qld.gov.au/running-business/employing/employee
rights/personal-safety
https://www.business.qld.gov.au/running-business/whs
https://www.business.qld.gov.au/running-business/protecting-business/risk
management/it-risk-management
https://www.business.qld.gov.au/running-business/protecting-business/risk
management/environment-climate

Are there specific tools or techniques to help identify risks?

Activity: Read
Read the articles that explain tools and techniques to help identify risks.
Article 1:
https://inconsult.com.au/publication/risk-identification-made-simple/
Article 2: https://www.itmplatform.com/en/blog/a-dozen-techniques-to-identify-risks/
Article 3: https://www.greycampus.com/opencampus/certified-associate-in-project
management/risk-identification-tools-and-techniques-in-capm
Take any notes keep them for future reference.

 

Activity: Research and discuss
Work together in a small group. Choose ONE tool or technique that can be used to
identify risks in an organisation or work area. Do research to:
explain the tool in more detail
provide an example to show how the tool is applied to risk management
present your work to the larger group.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 29
Image by Ivan Samkov on Pexels
How can I learn more about the identified risks?

Once risks have been identified, find out as much as you can about the risk.

Risk research is helpful for:
finding out information on the risks that have been identified
further developing risk context
obtaining information that can be used to establish a framework for addressing the risk
identifying what others have done in regard to the same or similar risks.
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 30
Strategies for researching risk can include:

talking to management from other organisations who can be expected to have similar risks or
who are known to have suffered an adverse event

talking to anyone who has first-hand experience with the risk being considered
asking for input from industry peak bodies
reviewing relevant literature and information sources.

reviewing previous internal risk analysis reports and risk control/treatment records of risks the
business has previously identified

obtaining advice from inspectors and officials from government departments/authorities
reading industry journals, reports and publications
searching the internet.

Activity: Practical
Think back to the practical activity you did previously in this topic (Beirut explosion –
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html).
Assume the explosion has not yet occurred:
1. Identify stakeholders who may be involve in a risk management process.
2. Select one stakeholder and explain how they may provide input.
3. Invite the stakeholder to participate in identifying risks (e.g. email, draft
telephone conversation).
4. Use one tool or technique to identify all the risks for the warehouse.
Now assume the explosion has occurred.
5. Search the internet to find examples of similar explosions in the past.
6. How were these explosions managed?
7. List ways the tragedy in Beirut could have been avoided.
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.

What happens after I’ve identified and researched all possible
risks?
Once risks have been researched, a detailed analysis of each risk is required to determine:
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 31
potential outcomes
the likelihood of the potential outcome occurring
the impact or consequence if the outcome occurs
prioritising risks
establishing potential risk treatments.
How do I determine the likelihood of a risk occurring?
For all risks the business elects to manage, the likelihood of each risk occurring must be estimated.
This may be done using words or numbers, for example:

Words Numbers
Rare 1
Unlikely 2
Likely 3
Very likely 4

 

Establishing the likelihood of the risk occurring requires the risk management team to decide
how likely or probable it is that the risk will materialise into an actual negative event.

Making these decisions requires the exercise of personal judgement using as many legitimate
reference points as possible. Keys to making this decision include:
examining internal historical records about the occurrence and timing of similar scenarios
referencing industry-wide records relating to the occurrence and timing of similar scenarios

asking managers in professional networks of contacts how they rate the same or similar
likelihoods and what they base their ratings on

working with government bodies to determine if they have any guidelines in this regard
being as realistic and objective as possible (striving to be neither optimistic nor pessimistic)

seeking qualitative and quantitative input from stakeholders and other professionals and
experts

 

realising some risks will be more difficult to decide probability to than others (some require
more detailed analysis or consideration).

 

Activity: Read

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 32

If you’re interested in a more detailed explanation of calculating likelihood, read the
article below:
Article:
https://www.dummies.com/careers/project-management/assessing-the
likelihood-of-a-risk-in-your-project/

How do I establish the impact or consequence of a risk
eventuating?
The ‘likelihood’ and ‘impact’ are normally worked out at the same time. The same principles
described above for deciding ‘likelihood’ apply again here. An example of descriptive words and
numbers that may be used to describe the impact of the risk are:

Words Numbers
Minor 1
Moderate 2
significant 3
Catastrophic 4

 

Activity: Read
If you’re interested in a more detailed explanation of developing consequences, read
the article below:
Article:
https://paladinrisk.com.au/risk-tip-3-developing-consequence-matrix/

How do I prioritise risks?
Once the likelihood and impact have been establishing, a risk rating can be calculated by
multiplying them together.

Risk = impact x likelihood

Take a look at the example and make sure you understand how risk is calculated.
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 33

Risk Potential outcomes Likelihood (0 –
4)
Impact rating (0
– 4)
Risk
Dust storm
causes a truck
driver to have an
accident.
Truck needs to be repaired 3 2 6
Driver injured 2 4 8
Other vehicles damaged 1 3 3

Once a risk has been analysed, you can choose to address the higher rated risks first (see the risk
matrix below).
A risk matrix is the graphical representation of the risk impact and likelihood for each of the risks
that have been addressed. It:
allows everyone to quickly and easily see the level of risk presented by each risk.
provides information to help prioritise the risk for treatment.
indicates what action may need to be taken on terms of treatment.
A sample risk matrix is shown below:
The risk matrix can be used to assist with prioritisation for example in the following way:
Extreme risks are treated immediately – some sort of action
to reduce this risk level needs to take place straight away.
High risks are treated
within 24 hours.
Moderate risks are
treated within a week.
Low risks are treated
within 30 days.
Figure 6: Risk matrix (adapted from Source: http://www.arriscar.com.au/services/risk-assessment/)
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 34
Other factors that may be considered to prioritise risks are:
any controls that are already in place

the potential cost to the business if the risk is allowed to continue un-treated ‘as is’ in the event
that the risk actually occurs

available resources and cost to address the risk
legislated obligations
the amount of risk the business is prepared to accept/carry.

Activity: Practical
Continue working on the practical activity you did previously in this topic (Beirut
explosion –
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion
blast.html
).
Assume the explosion has not yet occurred.
1. Establish the potential outcomes for two of the risks you identified risk.
2. Assess the likelihood of each risk occurring.
3. Assess the impact if each risk occurs.
4. Calculate each risk (likelihood x impact).
5. How will you prioritise the two risks?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.

Figure 7: Using a matrix to prioritise risks
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 35
Image by ELEVATE on Pexels
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 36

Topic 3: Addressing risks in an organisation

In the previous topic, we looked at the first two steps in the risk management process. This topic
explores the last two steps: control and monitor (Figure 8).
Which actions can I take to address risks?
Once risks have been prioritised, address each risk according to the priority it was given.

Treatment of risk refers to the way the business will handle the risk.

Depending on the risk and its consequences, different actions can be taken to address it (in other
words mitigate the risk). These actions are usually one of the following:

avoid the risk (for example, avoid the risk of employees being distracted by not allowing them
access to any social media sites during business hours)

 

prevent the risk (for example, prevent data leakages by limiting the number of people who
have access to sensitive information)

 

contain the risk (for example, contain the risk of hackers accessing data by installing a
stronger firewall)

accept the risk (when the risk level is very low, when the treatment cost is much higher than
the cost of the damage or when the benefit of taking the risk far outweighs the potential
damage)
transfer the risk (for example, seeking legal advice about employee contracts).

Activity: Brainstorm
As a group, brainstorm risk examples of where each the actions “avoid risk”, “prevent
risk”, “contain risk” and “transfer risk” are applicable.
Can you think of any situations when you should accept a risk?

Figure 8: Risk management process – Topic 3
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 37

Your trainer will facilitate a group discussion to create a comprehensive list of
examples. Take notes and keep them for future reference.

Factors to consider when deciding on a risk treatment option include:
acceptability of proposed decision/s to all
the risk level and priority of the individual risk
cost to address the risk
continuity of effects
contracts already in place
cost effectiveness
the economic and social environment surrounding the risk
legislated obligations and compliance imperatives
the possibility of the treatment creating another risk
timing necessities
sustainability of the proposed treatment.
Image by Norma Mortenson on Pexels
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 38

Activity: Reflect
Prior to COVID-19, most organisations would not have anticipated and planned for
the impact the pandemic has had.
How do you think COVID-19 has changed or shaped future risk management?

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 39
Procedures that a company could use to minimise risk include:

implementation of policies and procedures to ensure that staff understand and follow
appropriate procedures

 

implementation of quality and compliance processes, for example, regular auditing to ensure
that risk management standards are met

 

providing staff induction, ongoing training and performance management in relation to risk
management

 

ongoing monitoring of risk through a range of measures such as historical data, team
meetings or performance reviews

 

development and implementation of continuous improvement processes to ensure that risk
management processes are reviewed and monitored

 

implementing quality assurance procedures and systems to ensure that risk management
processes are regularly checked, reviewed and monitored on an ongoing basis.

As you decide how to treat a specific risk, you may be required to consult and negotiate with
stakeholders.

Activity: Reflect
What do you think of when you hear the word “negotiation”?

 

Activity: Watch
Watch the video showing a negotiation scene.
Website:
https://www.youtube.com/watch?v=0CdixDzE7I0 (01:00)

 

Activity: Discuss
As a group, discuss how the video you’ve just watched is similar AND dissimilar to
workplace negotiation.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 40

Activity: Read
Read the articles on negotiation skills and techniques:
Article 1:
https://www.skillsyouneed.com/ips/negotiation.html
Article 2: https://www.pon.harvard.edu/daily/negotiation-skills-daily/top-10-
negotiation-skills/
Take notes and keep them for future reference.

What documentation is required?
Once risks have been identified, researched, analysed and prioritised the risks that apply to the
scope should be documented according to the organisation’s policy and procedure. Keep in mind
that many software applications exist to help manage and document risk.

Activity: Read
Read the example of a sample risk management plan.
Website:
https://www.northam.wa.gov.au/documents/708/sample-risk-management
plan

 

Activity: Practical
Create a list of everything contained in a risk management plan.

 

Activity: Discuss
As a group discuss examples of situations where stakeholder consultation is
necessary before risks are documented.
Take notes and keep them for future reference.

How do I implement the chosen risk treatment?
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 41

Standard practice is to develop an action plan for every risk that has to be treated.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 42
An action plan will:
name the risk the plan relates to
explain the outcome the plan is seeking to achieve
identify the action that needs to be taken
prioritise actions or steps/stages within the plan
allocate responsibility for action to a particular person
identify the date/time by which action must be taken
identify the budget and other resources available
give performance measures that will be used to decide effectiveness of the plan
specify monitoring protocols for actions identified in the plan
identify reporting requirements (when reports to be made, how, to who and contents).

Implementation of risk action plans must be prearranged, intentional and scheduled.

Steps in the implementation process include:

notify those involved/impacted about the plan (provide them with a copy, explain their roles
and responsibilities, highlight timelines to be observed and provide rationale)

 

promote the plan/s (sell the benefits and emphasise impact on the business of failing to
implement the plan/s).

 

provide the resources (as identified in the plan so those with responsibilities can take the
action necessary)

actively manage implementation of the plan, including:
o verifying those involved understand what is expected of them and appreciate their roles
and responsibilities
o provide necessary training
o coordinate or facilitate required activities
o holding regular meetings with those involved
o be available for consultation by those with responsibilities under the plan/s
o check on work that has been identified as having been completed
o deal with problems and issues arising as a result of implementation activities
o be prepared to fine-tune original plan/s on the basis of issues arising
o re-order the priority ratings of risks as deemed necessary
o monitor risk management activities.
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 43
Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 44
What does the monitoring and evaluation of risk management
actions involve?

Activity: Brainstorm
Work together in small groups. Make a list of data that may result from an action plan
being implemented and that is relevant for monitoring risk.
Your trainer will facilitate a group discussion to create a comprehensive list of data
that may be used to monitor risk management.

Action plans need to be monitored to:
capture information that can be used in the evaluation phase
demonstrate due diligence
identify new or modified risks

determine when/if corrective or remedial action needs to be taken relating to planned
activities.

 

Here are a few tips to remember:
do it regularly
be seen doing it
involve others.

As you monitor the risk management process, evaluate each step to:
judge its effectiveness
learn lessons for future risk management
improve existing risk actions.
Options for evaluating include:
Process-based evaluation (assessing the effectiveness or success of the processes used).

Goals-based (judging the success or effectiveness of plans based on how close they came to
achieving their stated goal/s).

 

Outcomes-based (looking at all the results and effects of the plan: the positive and the
negative).

The focus of evaluation can include:

processes followed in the risk management process to see if they are being implemented as
intended, and whether or not they are working

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 45
the scope of risk management that was decided to see if anything has changed necessitating
an increase or decrease in that scope
the business environment within which the organisation is operating to see if new risks have
emerged or if identified risks have varied significantly
satisfaction levels of stakeholders with action taken to manage risks
treatment options applied to see whether they remain viable and legitimate or if they need to
be changed
incidents that occurred during the period
resources allocated to the process to determine if they are sufficient/adequate and/or
appropriate.
Image by Gustavo Fring on Pexels

Activity: Practical
Continue working on the practical activity you did at the end of topic 2 (Beirut
explosion –
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion
blast.html
).
Assume the explosion has not yet occurred.
1. Say how you will address (treat) each of you two chosen risks.
2. Choose one risk and develop an action plan for implementing the chosen risk
treatment.
3. Explain how you would communicate risk management actions to relevant
parties.
4. List any data that could be available for future monitoring.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 46

Assume that the explosion has now occurred.
5. How can the risk of a similar tragedy happening again be minimised in the
future?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.

 

Activity: Summary
Congratulations! You have now completed all the content required to successful
apply your knowledge.
Create a mind map to summarise what you’ve learnt.

 

Activity: Develop
It’s time to put what you’ve learnt into practice.
1. Identify a (real or simulated) business or work area suitable to apply risk
management to (for example, Uber eats food delivery).
2. Establish a risk context by:
providing a real or simulated review of its organisational processes,
procedures and requirements for undertaking risk management.
determining the scope for the risk management process.
identifying internal and external stakeholders.
reviewing the political, economic, social, legal, technological and policy
context for the organisation.
preparing a real or simulated analysis of strengths and weaknesses of
existing risk management-related arrangements.
document critical success factors, goals or objectives for one risk
management process.
3. Explain how stakeholders will be consulted by:
describing the consultation processes that would be used to engage with
stakeholders.
preparing a written invitation to a stakeholder to attend a risk management
consultation session.

Training for Knowledge & Livelihood (TKL college)
ABN: 97 619 537 692 RTO Code: 45509 CRICOS Provider Code: 03770M
Suite 707, Level 7 159-175 Church Street, Westfield Shopping Centre, Parramatta, NSW 2150 P 02 8677 3602
Email:
[email protected] www.tkl.edu.au
BSBOPS504 Student Guide V1.0 | 47

4. Identify risks likely to impact the business, including
an explanation of how risks for this business might be identified.
the use of at least one tool or technique to identify risks.
evidence of research into at least three identified risks.
5. Analyse the risks by:
assessing the likelihood of three of the risks they have identified occurring.
assessing the impact or consequence if those three risks occur.
prioritising the chosen risks.
6. Suggest at least one viable treatment option for each of the three risks.
7. Prepare an action plan for implementing each of the treatments selected and:
give details of how the three plans would be implemented to ensure their
effectiveness.
explain how the action plan would be shared with stakeholders (identify who
these would be).
explain negotiation principles you may use to negotiate details of the action
plan with stakeholders.
8. Describe the evaluation and monitoring protocols that would apply to the three
action plans.
9. List all the documents the business would generate and maintain as part of their
risk management process.
The information should be presented in the form of a written report.
The information must be professionally presented and in a clear, easy to follow
structure.
Your trainer will provide any submission requirements or details.