Risk Management: Overview And Guidelines

Question 1: Risk within an organization

Question 1: Risk within an organisation is broader than just an OH&S/WHS context. Describe what a risk is in terms of the organisation or project.

In terms of the organisation or project, a risk can be described of the chance of occurrence of an event or a problem that can cause significant negative impact on the project. In addition to WHS context, there can also be many other types of risks like business related risk, financial risk, technological risk and many others.

Question 2:

1. a) What is the name of the standard/code that provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organisation?

The name of the standard/code that provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organisation is ISO 31000:2009 – Risk Management.

1. b) Explain how these guidelines can support an organisation’s Policies & Procedures towards risk management.

These guidelines provide an organisation with suitable insight regarding how it should design its policies and procedures towards risk management. In other words, following these guidelines, the organisation can prepare a risk management roadmap that can be utilised to manage and control the risks that may occur any time.

Question 3: A)-Explain the term ‘Risk Appetite’.

Risk appetite is defined as the level of a risk that can be readily accepted by any organisation. If the level of risk crosses the risk appetite, the organisation will simply transfer the risk to some other entity or group who will then take care of the risk.

B)-Provide 3 workplace examples of your organisations ‘Risk Appetite’

The three workplace examples are as follows.

1. Insufficient output of work due to cultural diversity
2. Technological risks that may occur due to use of backdated technical setup
3. Financial debts up to a certain limit

Question 4:

A)-Within your organisation, explain your role in the management of risk.

My role in the management of risk is to identify the strategies for mitigating any risk that can occur any time. I am involved in analysing all the operations in the organisation so that I am able to identify the chance of occurrence and impact of the risk on the organisation. Accordingly, I develop suitable mitigation strategy that helps to control the risk on a permanent basis.

B)-Identify 2 areas of risk you MUST refer to higher authority and explain why

Two areas of risk that must be referred to the higher authority are as follows.

1. Lack of sufficient work output due to lack of efficiency of the employees in the organisation.
2. Insufficient plans in the organisation regarding management and control of financial debts.

Question 5: Describe a minimum of 3 common methods of researching risk. Give an example of when each would be suitable to use.

	Method	Example
1	Brainstorming	A group of people assigned to work together in identifying the possible risks and issues.
2	Interviews	Personal interviews of the employees to gain knowledge about any possible risks that might have been identified by the employees.
3	Scenario Analysis	Analysis of the scenario to identify possible risks.

Question 6: Explain the hierarchy of controls – what it is and how it should be applied for risk management processes.

Hierarchy of control is referred to a standard system used in the organizations to manage and control risks related to the organisation. This term is mainly depicted in the form of an inverted triangle that is divided into the different categories of risk control. As the categories go up from the lowest point to the upper part of the triangle, the severity of the risk also increases considerably.

Question 2: ISO 31000:2009

In a risk management process, the hierarchy will help to determine whether the risk is manageable or not. The most manageable risks are those that are situated towards the lower pointed end of the triangle. The risks at the top of the triangle are not manageable easily and involvements of several stakeholder groups are required for managing the risks.

Question 7:  Whilst conducting risk management activities, why is it necessary to have a working knowledge of the legislation and standards in your area of business?

It is necessary to have working knowledge of legislation and standards in the area of business in order to abide by the necessary guidelines that govern the risk management process. The legislations also recommend to avoid any unethical measures for managing a particular risk.

Question 8:  Choose 3 relevant workplace legislations from the list below and explain how an organisation can/does address its responsibilities for each, in risk management activities.

• Workplace health and safety Act 2011
• Privacy Act 2014
• Privacy Amendment (Enhancing privacy protection) Act 2012
• Fair Work Act 2009
• Australian Taxation Act 1997
• Environmental Protection and Biodiversity conservation Act 1999
• Electronic transactions Act 1999
• Income Tax assessment Act 1997
• Independent contractors Act 2006
• Copyright Act 1968
• Corporations Act 2001
• Paid Parental Leave Act 2010

OR Any other relevant legislation you are familiar with

	Legislation	How it is addressed
1	Australian Taxation Act 1997	The organisation ensures the employees pay relevant income taxes on a yearly basis to the Government.
2	Privacy Act 2014	The organisation ensures the correct handling of personal and other information and also requires approval from relevant personnel regarding collection and use of data.
3	Paid Parental Leave Act 2010	The organisation provides paid parental leaves to any employee as stated by the legislation.

Question 9: Provide and explain 3 examples of how you could monitor the effectiveness of your risk management strategy.

	Monitoring method	Explanation
1	Direct Monitoring	Direct monitoring can be done to identify whether the risk management strategy has been successful but it is a time consuming process.
2	Interview	Interview can be conducted on the employees to determine whether the risk management strategy has been effective.
3	Questionnaire Survey	Data collection regarding effectiveness of the risk management strategy can be done using questionnaire survey on the employees and other involved personnel.

Read the scenario below, and provide a detailed response to how you may handle or resolve the situation within the scenario based on your knowledge and skills.   If answers are being simulated, make it as real as possible to workplace settings.

After completing a risk review of your department, you identified there was an issue with your teams cohesion (internal social aspects). Understanding this has a direct impact on productivity you decided to implement a social activity twice a month.

After 3 months of implementing the strategy, you have obtained the following measurements on the team’s performance:

[Month 1 up 15%; Month 2 up 7 %; Month 3 down 2%].

Explain the following:

1. What the measurements identify

The measurements identify that initially the productivity increased after implementation of the strategy but after some time, the productivity started to decrease and one of the possible reasons is that the employees have lost interest in the social activities.

1. The process you need to take

A recommended process is to change the nature of social activities every month and also develop such activities that will require active participation from the employees. Employees can be further engaged by allowed them to take care of the social activities and generate suitable ideas themselves.

1. Describe the risks if no action is taken

If no action is taken, the productivity will continue to decrease and the company’s corporate performance will be affected. In addition, after some time, the employees will start to leave leaving behind vacancies at the workplace.

Project

Read the project below, and provide a detailed response.  Use as many workplace examples as possible.  If answers are being simulated, make it as real as possible to workplace settings.

In order to demonstrate competence in this unit, you need to demonstrate that you plan, conduct and evaluate risk management strategies for an organisation or business.  You can use your own work example or provide simulated answers.

Your task is to:

1. Describe your organisation’s risk management policies and procedures and comment on the strength and weakness of these current arrangements
2. Identify four risks in your organisation where there is a potential for having a negative impact on reaching your organisational objectives.  These four risks should be categorised as two intrinsic risks and two extrinsic risks.
3. Analyse and evaluate these four risks according to the likelihood of them occurring and the consequences if they did occur, i.e. provide a Risk Assessment matrix on these four risks
4. Using the “Hierarchy of Risk Management Control”,  determine the appropriate control measures for each of the four identified risks
5. Describe how you will monitor and review the effectiveness of your proposed strategies for these four identified risks.
6. Describe how you will document your risk management strategies so that they can become part of your organisation’s policies and procedures for managing risk.
7. a) The organisations risk management policies and procedures are listed in the following table.

Risk Management Policy	Strength	Weakness
Maintain a high level of risk appetite	The risks can be mitigated from within the organisation and internal information need not be disclosed to another party	Risks may go beyond control before appropriate actions can be taken
Avoid high risk projects if they are not absolutely necessary	The company can be selective of the projects and also can avoid risks if high risk projects are not accepted	The company cannot reap major benefits that can be received only from the high risk projects

1. b) The required risks are identified below.

Intrinsic risks: Ineffective and inefficient work force, technological risk

Extrinsic risks: Market value changes, organisational rivalry

1. c) The risk assessment matrix is developed as follows.

Risk	Likelihood of occurrence	Consequences
Ineffective and inefficient work force	High	Medium
Technological risk	Medium	High
Market value changes	Very High	Very High
Organisational rivalry	Very High	High

1. d) The appropriate control measures using hierarchy of controls are as follows.

Risk	Control Measure
Ineffective and inefficient work force	Substitution
Technological risk	Engineering controls
Market value changes	Administrative controls
Organisational rivalry	Substitution

1. e) The process is shown in the following table.

Risk	Monitoring
Ineffective and inefficient work force	Review weekly performance of the new work force
Technological risk	Monitor the effectiveness of the upgraded technical setup in the business of the company
Market value changes	Monitor market from time to time
Organisational rivalry	Check the business progress of rival organisations

f) The risk management strategies should be documented on a weekly basis and kept as records for future use. Furthermore, the main points in the strategies are to be highlighted and recorded in a separate document that is to be reviewed during preparations of new policies and guidelines.