Student Workbook

Manage risk
BSBRSK501A
Student Workbook
Student Workbook
BSBRSK501A Manage risk

1st Edition 2010
Part of a suite of support materials for the
BSB07 Business Services Training Package
Acknowledgment
Innovation and Business Industry Skills Council (IBSA) would like to
acknowledge Equip Grow Lead for their assistance with the development of this
resource.
Writers: Shane MacDonald, Emily Logan and Peter Baskerville
Industry reviewer: Rod Peters, David Parry and Greg Field
Copyright and Trade Mark Statement
2010 Innovation and Business Industry Skills Council Ltd
All rights reserved. Apart from any use permitted under the Copyright Act 1968, no part of this publication may be
reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, or otherwise, without written permission from the publisher, Innovation and Business Industry Skills
Council Ltd (IBSA).
Use of this work for purposes other than those indicated above, requires the prior written permission of IBSA. Requests
should be addressed to Products and Services Manager, IBSA, Level 11, 176 Wellington Pde, East Melbourne VIC, 3002
or email sales@ibsa.org.au.
Innovation and Business Skills Australia, IBSA and the IBSA logo are trade marks of IBSA.
Disclaimer
Care has been taken in the preparation of the material in this document, but, to the extent permitted by law, IBSA and
the original developer do not warrant that any licensing or registration requirements specified in this document are
either complete or up-to-date for your State or Territory or that the information contained in this document is error-free
or fit for any particular purpose. To the extent permitted by law, IBSA and the original developer do not accept any
liability for any damage or loss (including loss of profits, loss of revenue, indirect and consequential loss) incurred by any
person as a result of relying on the information contained in this document.
The information is provided on the basis that all persons accessing the information contained in this document
undertake responsibility for assessing the relevance and accuracy of its content. If this information appears online, no
responsibility is taken for any information or services which may appear on any linked websites, or other linked
information sources, that are not controlled by IBSA. Use of versions of this document made available online or in other
electronic formats is subject to the applicable terms of use.
To the extent permitted by law, all implied terms are excluded from the arrangement under which this document is
purchased from IBSA, and, if any term or condition that cannot lawfully be excluded is implied by law into, or deemed to
apply to, that arrangement, then the liability of IBSA, and the purchasers sole remedy, for a breach of the term or
condition is limited, at IBSAs option, to any one of the following, as applicable:
(a)
if the breach relates to goods: (i) repairing; (ii) replacing; or (iii) paying the cost of repairing or replacing, the goods;
or
(b)
if the breach relates to services: (i) re-supplying; or (ii) paying the cost of re-supplying, the services.
Published by: Innovation and Business

Industry Skills Council Ltd
Level 11
176 Wellington Pde
East Melbourne VIC 3002
Phone: +61 3 9815 7000
Fax: +61 3 9815 7001
e-mail: reception@ibsa.org.au
www.ibsa.org.au
ISBN: 978-1-921749-76-6
Stock code: RSK501ACL
First published: June 2010

Print version: 1.0
Release date: June 2010
Printed by: Fineline Printing
130 Browns Road
Noble Park VIC 3174
Table of Contents
Introduction .............................................................................................................1
Features of the training program .....................................................................1
Structure of the training program ....................................................................1
Recommended reading ....................................................................................1
Section 1 Introduction to Risk ............................................................................2
What skills will you need? ................................................................................2
Understand risk and risk management ...........................................................2
Establish the context ..................................................................................... 10
Understand importance of relevant legislation............................................ 13
Section summary ........................................................................................... 27
Further reading............................................................................................... 27
Section checklist ............................................................................................ 27
Section 2 Identifying Risk................................................................................. 28
What skills will you need? ............................................................................. 28
Review the external environment ................................................................. 29
Determine strengths and weaknesses ......................................................... 32
Review and document objectives ................................................................. 34
Identify risks ................................................................................................... 35
Research ......................................................................................................... 42
Involve others in risk identification ............................................................... 46
Section summary ........................................................................................... 48
Further reading............................................................................................... 48
Section 3 Analysing and Evaluating Risk ........................................................ 49
Determine likelihood of risk .......................................................................... 50
Assess consequence of risk .......................................................................... 52
Evaluate and prioritise risk ............................................................................ 54
Determine risk treatment options................................................................. 57
Develop an action plan for treating risks ..................................................... 64
Section summary ........................................................................................... 78
Further reading............................................................................................... 78
Section 4 Treating Risk .................................................................................... 79

Implement the risk action plan ..................................................................... 79
Monitor the risk action plan .......................................................................... 88
Evaluate the risk management process ....................................................... 93
Section summary ........................................................................................... 94
Further reading............................................................................................... 94
Glossary ................................................................................................................ 95
Appendices ........................................................................................................... 96
Appendix 1: Risk action plan template ......................................................... 96
Appendix 2: MacVille risk management policy ............................................ 97
Appendix 3: Scenario Shoez ...................................................................... 99
Student Workbook
Introduction
Introduction
Features of the training program
The key features of this program are:
Student Workbook (SW) Self paced learning activities to help you to

understand key concepts and terms. The Student Workbook is broken
down into several sections.
Facilitator-led sessions (FLS) Challenging and interesting learning

activities that can be completed in the classroom or by distance learning
that will help you consolidate and apply what you have learned in the
Student Workbook.
Assessment Tasks Summative assessments where you can apply your

new skills and knowledge to solve authentic workplace tasks and
problems.
Structure of the training program

This Training Program introduces you to the concepts of identifying risk and how
to then apply the appropriate risk management strategies. You will develop the
skills and knowledge in the following topic areas.
1. Introduction to Risk (SW Section 1/FLS Session 1).
2. Identify Risk (SW Section 2/FLS Session 2).
3. Analyse and Evaluate Risk (SW Section 3/FLS Session 3).
4. Treat Risk (SW Section 4/FLS Session 4).
Note: The Student Workbook sections and Session numbers are listed next to the
topics above.
Your facilitator may choose to combine or split sessions. For example, in some
cases, this Training Program may be delivered in two or three sessions, or in
others, as many as eight sessions.
Recommended reading
Some recommended reading for this unit includes:
Australian Capital Territory Insurance Authority, 2004, Australian

Government, Guide to Risk Management, viewed May 2010,
<http://www.treasury.act.gov.au/actia/Guide.doc>.
Risk Management Institute of Australasia, 2010, Realising Opportunity,

viewed May 2010, <http://www.rmia.org.au/>.

2010 Innovation & Business Industry Skills Council Ltd
Page 1 of 100
Section 1 Introduction to Risk
Student Workbook

Before you can undertake risk management, there a number of key concepts that
you must understand. This chapter will define risk and risk management, and help
you establish the context in which risk management takes place.
Scenario: Preparing for risk management
You have recently been successful in securing the job of operations manager for
a chain of shoe repair stores with ten outlets. Your previous experience was in
sales management and more departmental areas of management but never as
the operations manager of a chain of stores.
You note that one of your specific responsibilities is to manage the risks that are
likely to happen in this particular organisation. Before attempting to identify the
organisations risks, you first take time to review the concepts of risks, risk
management and the context that risk will be applied to. From your previous
roles, you are very aware of the risks of non-compliance with relevant laws, and
so you decide to also review the legislative framework in which this organisation
operates.
What skills will you need?

In order to work effectively as a risk manager you must be able to:
understand risk and risk management
establish the context for risk management
understand the importance of relevant legislation.
Understand risk and risk management

What is risk?
Risk is inevitable. It is a natural part of our physical, social, financial and
competitive environments. It is defined as the chance of something happening
that will have an impact on objectives or goals being achieved. It is measured in
terms of consequence and likelihood. Organisations must decide on a daily basis
whether various risks are or are not worth taking, for example, when making
decisions regarding investment or the health and safety of employees. For some,
the ability to manage risk better than anyone else becomes a valuable resource
that they use for their own advantage.
In business, there is a strong correlation between risk and reward. For example,
investing in the share market is riskier than investing in Government Bonds, so as
a consequence of the risks involved, share markets traditionally offer the higher
returns.
Only an estimated 10% of all risks are actually unforeseeable.
Page 2 of 100

Student Workbook
Definition of risk
The concept of risk is incorporated into so many different business disciplines
from insurance to engineering to financial investment, so each of them have
developed their own definition of the concept of risk.
In this workbook, we will take the view that risk is an event or action, where if it
occurs, will cause a loss to an organisations valuable resources and adversely
affect the goals and objectives of that organisation.
Risk is the estimated likelihood of occurrence of an uncertain event, and its
impact on organisational objectives should it occur.
Probability
Consequence
Organisational
objectives
Figure 1: What is risk?
As shown in the diagram above, either the probability or likelihood of an event

occurring, and the consequence or impact of that event, have an effect on the
objectives of the organisation. The combination of these two factors give an
organisation an indication of the risk they are exposed to should the event occur.
Learning activity: Risk consultants
Many consultants can work with your organisation to identify risk and help in
developing and implementing processes to assist in the management of
business risk.
PricewaterhouseCoopers is one organisation that actively manages risk. Look at
their website at <http://www.pwc.com/gx/en/risk-management/> and explain
why PricewaterhouseCooper believe some risk management systems
implemented in companies have made the company more vulnerable.

Page 3 of 100
Student Workbook
Valuable resources
Valuable resources that can be affected by risk are not just financial. In todays
business environment, the loss of reputation or brand value can have far greater
impact on the organisations viability than the loss of some investment funds.
Other valuable resources that need to be considered in any loss evaluation
caused by risk are detailed below.
Human
workers,intellectualcapital,skills,experienceand
capabilities,levelsoftrust,managerialskills,firmspecific
practicesandprocedures,innovationandcreativity
technicalandscientificskills
Financial
cash,investments,shares,capacitytoraiseequity,
borrowingcapacity
Physical
plant,equipment,stateoftheartmachinery,equipment
andelectronics,land,buildings,vehicles,furniture,facilities
Intellectualproperty
patents,copyrights,trademarks,tradesecrets,software
Organisationalexcellence
evaluationandcontrolsystems,effectivestrategicplanning
processes,outstandingcustomerservice,excellentproduct
developmentcapabilities,innovativenessofproductsand
services,abilitytohire,motivate,andretainhumancapital,
innovativeproductionprocesses,favourablemanufacturing
locations,innovationcapacities,effectivestrategicplanning
processes,excellentevaluationandcontrolsystems
Intangible
information,reputation,brandvalue,goodwill.
Page 4 of 100

Student Workbook
Learning activity: Resources

Review the scenario provided in Appendix 3 and make note of any resources
mentioned. Rank them in terms of what you consider to be high priority
resources that should be protected.
Strategic resources
Many people understand the impact of an unfavourable event on tangible assets,
but often overlooked is the impact that adverse events can have on the
organisations intangible assets. All the resources listed above are valuable, but
some resources take on an even more important role in an organisation because
they become strategic. They are classified as being strategic because they give
the business its competitive advantage. To qualify as strategic they need to be:
Rare
Thatis,uniqueorinveryshortsupply.Forexample,personnelwho
areleadingexpertsintheirfield,andbringknowledgeorskillsthatare
notwidelyavailable.
Difficulttoimitate
Thatis,hardtocopyduetoexpenseortimerequiredtoacquire,For
example,thebrandrecognitionassociatedwithalongestablished
organisationorproduct.
Difficulttosubstitute
Thatis,cannoteasilybereplicatedusingalternativesources.For
example,longtermrelationshipsorworkingpartnershipsbetween
specificindividualsororganisationsthatgenerateshighlevelsof
creativityandinnovation.

Page 5 of 100
Student Workbook
Rare
Difficultto
substitute
Difficultto
imitate
Figure 2: Strategic resources
Many of these resources are intangible, and are in many cases the most
important ones to risk manage.
Learning activity: Strategic resource
Think about your own work skill sets. Most of what you know or are good at is of
value to a workplace environment. Write down the skill sets or owned items that
you have that could be called rare, difficult to copy and difficult to substitute.
These are your strategic resources.
Risk types
Risk identification is proactive. If youre looking for them you will soon find them
when discussing activities with team members, observing the workplace
environment, reading reports and analysing results. Over the broad spectrum,
risks can be categorised in various ways, for example:
Risks can be grouped into two types:
Certain those risks that will definitely occur at some point in time, for
example, employee sick days.
Uncertain those that may occur at some point in time, for example, an
employee being injured in the workplace.
Page 6 of 100

Student Workbook
Risk can also be categorised by expected impact:
Speculative risk where there are potential opportunities.
Pure risk where there are only negative or unfavourable outcomes for the
organisation.
Learning activity: Types of risk

Review the scenario in Appendix 3 under the heading Research findings and
select three issues. Then identify the type of risk/s that could impact on the
organisation as a result of these issues.
Identified issue
Risk type
1.
2.
3.
What is Risk Management?

Risk management is an essential part of good management and corporate
governance. It is a set of tools and processes that are used to avoid, reduce or
control the risks that are likely to adversely affect the valuable and strategic
resources of an organisation. Basically it is the process of identifying and
categorising potential risk and then defining actions to mitigate these risks.
Risk management processes should enhance decision-making and facilitate
continuous improvement in performance of the organisation. Studying and
identifying risk should not inhibit action, but instead help you turn risk into a
growth and development opportunity through the application of the risk
management process.
Risk management refers to the culture, processes and structure that are
directed towards the effective management of potential opportunities and
adverse effects.
AS/NZ 4360: 2004

Page 7 of 100
Student Workbook
Learning activity: Electronic risk management tools

Use the internet to find two electronic tools or software programs that can
facilitate and assist in risk management. Describe the tools and compare key
functions, and make a recommendation about the type of organisation or
project each tool would be most suited for use in.
AS/NZS 4360:2004 Risk Management

The Australian/New Zealand Standard AS/NZS 4360:2004 Risk Management
provides a guide for managing risk.
The objective of this standard is to provide guidance to enable public, private or
community enterprises, groups and individuals to achieve:
a more confident and rigorous basis for decision-making and planning
better identification of opportunities and threats
gaining value from uncertainty and variability
pro-active rather than re-active management
more effective allocation and use of resources
improved incident management and reduction in loss and the
cost of risk, including commercial insurance premiums
improved stakeholder confidence and trust
improved compliance with relevant legislation
better corporate governance.1
Quality Improvement Council, 2010, Introducing Risk Management Standard AS / NZS 4360:
2004, GPDV, viewed April 2010,
<www.gpv.org.au/files/...files/.../riskmanagementstandardsAS_march05.ppt>.
Page 8 of 100

Student Workbook
Throughout this workbook we will be referring to AS/NZS 4360:2004 Risk

Management Standards and following the processes outlined in it for the
management of risk.
The risk management process
For the purpose of this workbook, the risk management process will be shown in
the following way.
Identify risks
Analyse and evaluate

risk
Monitor and review
Communication and consultation
Establish the context
Treat risk
Figure 3: Risk management process
AS/NZ 4360: 2004 views the analysis and evaluation of risk as two separate
elements and so outlines seven elements in the risk management process.
Establish the context Determine the scope of the project, both internally
and externally. Establish the criteria by which a risk may be evaluated.
Identify risks Recognise potential hazards, which may prevent, diminish,

or delay the organisational or project objectives.
Analyse risks Identify what the consequence and likelihood of the risk
taking place.
Evaluate risks Compare the potential rewards with the potential adverse
outcomes including the likelihood of each. This allows decisions to be
made regarding the priority and action required to manage the risk.
Treat risks The process of selecting which risks are to be managed and
taking measures to limit the result of highest priority.
Monitor and review Critically observe or measure the progress of the risk
management process and make changes where beneficial.
Communicate and consult Ensure stakeholders are aware of information

applicable to them and appropriate to the risk level and the stage of risk
management.
For the remainder of this chapter, we will look at establishing the context for risk
management. The other stages will be addressed in the following chapters.
Page 9 of 100
Student Workbook

Scope
When you begin the process of risk management, you must be able to define the
scope within which risks must be managed. This requires you to know what needs
to be achieved through the risk managed activities undertaken.
An organisation is defined by its goals and objectives, therefore the aim of the risk
management process must be to ensure that the organisation is able to achieve
those goals while balancing costs, benefits and opportunities. This provides the
overall context in which risk management takes place. It is also essential that you
understand the nature of any decisions that need to be made so that your process
can inform and implement those decisions effectively.
In practical terms, the scope of a risk management process can apply to:
the whole organisation
a specific business unit/department
a particular project
a particular business function (e.g. finance, manufacturing).
Risk management can be applied to the internal or external environments of an

organisation, or both. The internal environment encompasses the operations and
inner workings of the organisation, while the external environment includes the
political, economic, social, legal, and technological factors affecting the business.
These are explored in more detail in Section 2 of this workbook.
Learning activity: Risk process scope
Review the scenario in Appendix 3 and identify the three criteria defining the
scope of the risk management task assigned by Jeff Harding to you as the newly
appointed operations manager.
1.
2.
3.
Page 10 of 100

Student Workbook
Describe how identifying the scope of a risk project is important to the

management of it?
Stakeholders
Once you have identified the scope of risk analysis and management, you must
identify the stakeholders: individuals, a group of people, or an organisation, that
can be affected by the risks or implementation of the risk management process.
Identification of stakeholders is an essential step in risk management. It
determines who should be involved in the formulation of the risk management
plan, and who you should communicate with regarding implementation of risk
management strategies and actions.
Identification of stakeholders includes identifying anyone impacted by the risk,
and documenting relevant information regarding their interests, involvement,
and impact on the effectiveness of the risk management process.
Learning activity: Communicating with stakeholders

Jeff believed that it would be useful to involve the store managers in gathering
information about risks associated with their stores and has asked you to
prepare an email. Complete an email in the space below making sure that you
stay within the scope of the task.

Page 11 of 100
Student Workbook
In the book The Handbook of Program Management2 Dr James T Brown gives the
following advice for identifying stakeholders.
Follow the money! Whoever is paying is definitely a stakeholder. Also, if a

program produces savings or additional costs for an organisation then the
organisation is also a stakeholder for that program.
Follow the resources. Every entity that provides resources, whether internal
or external, labour or facilities, and equipment, is a stakeholder. Line
managers and functional managers providing resources are stakeholders.
Follow the deliverables. Whoever is the recipient of the product or service

the organisation is providing is considered a stakeholder.
Follow the signatures. The individual who signs off on completion of the
final product or service is a stakeholder.
Examine programs stakeholder lists. Include active programs and

completed projects.
Review the organisational chart to asses which parts of the organisation

may be stakeholders.
Ask team members, customers, and any other confirmed stakeholder to

help you identify additional stakeholders.
Look for the Unofficial People of Influence. These may be people who are
trusted by high-level leaders or who wield a lot of power through influence
and not position.
Learning activity: Stakeholders

From the scenario provided at the beginning of this section, identify the internal
and external stakeholders and the types of input each of them are likely to
provide.
Stakeholder
Internal/External? Type of input
Brown, J T, 2007, The Handbook of Program Management, McGraw-Hill, Australia.
Page 12 of 100

Student Workbook
Learning activity: Stakeholders in the risk process

Review the scenario in Appendix 3 and identify three stakeholders, their role
and their primary concerns in regard to the risk management process.
Stakeholder
Role
Risk concerns
Describe briefly the attributes that qualifies a person as a stakeholder in the

risk management process?
Understand importance of relevant legislation

You cannot afford to ignore the role of legislation in the risk management process.
Arguably, the greatest risk for an organisation is to be non-compliant with relevant
regulations as this can incur significant penalties. The risk management process
must therefore use legislative guidelines as a criteria against which risk is
assessed. Some key areas of legislation affecting businesses are listed below.

Page 13 of 100
Student Workbook
OHS regulations
OHS (Occupational health and safety) laws vary throughout Australia according to
the state parliament that passed the Act. For example, in Queensland it is the
Workplace Health and Safety Act 1995. While states have different names to
their acts covering the workplace, they all prescribe a similar set of requirements
for all managers including supervisors of projects. These are:
to ensure that work is performed in a safe manner and does not have any
negative effect on the workers health
to ensure sufficient information and education was provided so that the

work could be undertaken safely
to ensure workers have a say in the safety of their own workplace by

recognising and acting on risks and hazards in the workplace
to implement audit and control measures that verifies the effectiveness of

OHS activities
to ensure equipment and machinery is maintained in a safe condition.
Learning activity: Legislation, standards and codes of conduct

Use the internet to research a duty of care legislation, standards and codes of
conduct in Australia (relevant to the business sector), and describe how you
think these influence risk management processes for organisations.
Privacy Act 1988

The National Privacy Principles regulate the way information is handled by private
sector organisations such as creditors and debt collectors. The principles, as
stated by the Office of the Privacy Commissioner3 are as follows.
Australian Government, 2001, National Privacy Principles, Office of the Privacy Commissioner,
viewed April 2010, <http://www.privacy.gov.au/materials/types>.
Page 14 of 100

Student Workbook
Collection
Organisationsmustensurethatindividualsareawaretheirpersonalinformationis
beingcollected,why,whoitmightbepassedontoandthattheycanaskthe
organisationwhatpersonalinformationitholdsaboutthem.
Use
Personalinformationmaynotbecollectedunlessitisnecessaryforanorganisations
activitiesandmustonlybeusedforthepurposeitwascollected.Manydirect
marketingmailerswillnowhavetooffertherecipienttheopportunitytoelectnot
toreceivefurthermailings.
Dataquality
Organisationsmusttakestepstoensurepersonalinformationtheycollectis
accurate,completeanduptodate.
Datasecurity
Anorganisationmusttakereasonablestepstoprotectthepersonalinformationit
holdsfrommisuseandlossandfromunauthorisedaccess,modificationor
disclosure.
Openness
Anorganisationmusthaveapolicydocumentoutliningitsinformationhandling
practicesandmakethisavailabletoanyonewhoasks.
Accessandcorrection
Generally,anorganisationmustgiveanindividualaccesstopersonalinformationit
holdsabouttheindividualonrequest.
Identifiers
Generally,anorganisationmustnotadopt,useordiscloseanidentifierthathas
beenassignedbyaCommonwealthgovernmentagency.
Anonymity
Organisationsmustgivepeopletheoptiontointeractanonymouslywheneveritis
lawfulandpracticabletodoso.
Transborder dataflows
Anorganisationcanonlytransferpersonalinformationtoarecipientinaforeign
countryincircumstanceswheretheinformationwillhaveappropriateprotection.
Sensitiveinformation
Sensitiveinformation(suchasaboutsomeone'shealth,politicalopinionsorsexual
preference),mayonlybecollectedwiththeconsentoftheindividual(unlessa
publicinterestexceptionapplies).

Page 15 of 100
Student Workbook
There are several key obligations around information collection:

Wheneverpossible
collectinformation
directlyfromthe
person.
Onlycollect
informationthatis
necessary.
Collectinformationby
fairmeans.
Takereasonablesteps
toletpeopleknowthat
personalinformation
hasbeencollectedand
whatisgoingtobe
donewithit.
Donotdisclose
informationaboutthe
persontoathirdparty
thatyouarecollecting
informationfrom.
Takecareaboutthe
typeofinformation
containedinmessages
leftonanswering
machines.
Generally, personal information should only be used and disclosed for the
purpose that it was collected.
Learning activity: Application of National Privacy Principles
Considering the privacy laws, identify what National Privacy Principles are being
tested in the following circumstances?
A sales person from your organisation asks for information about

someones partners mobile phone?
Your organisations website asks for personal details but does not have a
displayed privacy statement.
A person approaches you at work and asks about a work colleague who
he says owes him money?
Contract law
Contract law is any law or regulation with the objective of enforcing certain
promises, namely, their formation, scope and content, avoidance, performance
and termination and remedies. This is important in risk management, as
contracts hold the potential for risk, and breach of contract may have
repercussions not only with the other party/s but may be in breach of legislation.
Page 16 of 100

Student Workbook
Australian contract law can be broken into five key sections detailed in the table
below.
Formation
A contract is a promise or a set of promises that is legally

binding. This requires there to be an agreement between the
parties and the intention to create a legal relationship. The
parties must demonstrate legal capacity to contract, and
compliance with any legal requirements must be ensured.
Scope and
content
A contract is generally only able to be enforced by and against

the parties to the contract. The content of a contract must
allow the parties to determine what the terms of the contract
are, and how they should be interpreted where ambiguous.
Avoidance
A valid contract validly may still be avoided as a result of a

number of factors, which usually involve unfair or
unconscionable action by one of the parties.
Performance
Most contracts come to a natural end when the parties have
and termination performed their respective obligations. A contract may also
come to an end by mutual agreement between parties, as a
result of the breach of contract by one of the parties, or due
to events that might prevent parties from performing their
obligations as planned.
Remedies
When the terms of a contract are breached by one party, the

other party is entitled to remedies; in particular, damages.
Learning activity: Contracts

What risks might be presented to an organisation when entering into a
contract?

Page 17 of 100
Student Workbook
Company law
A corporation, or company, is a legal group of individuals who finance a business.
The group cannot become a company until it is registered with the Australian
Securities and Investment Commission (ASIC). ASIC will issue the new company
with a certificate of incorporation and an Australian Company Number (ACN)
which is used to identify the entity.
Key features of a company include the following.
Under Australian law a company, as a

separate entity, is given all the legal rights
and liabilities of a natural person,
including the ability to sue others and be
sued themselves.
A company is established with the

assumption of a continuous life, this
means while its owners may change the
company will continue to remain in
existence unless it is liquidated.
Separatelegalentity
Continuouslife
A company has limited liability for

shareholders, meaning that if the
company fails, then only the amount of
shareholder investment in the company
can be claimed against, and not other
investments that a shareholder may have.
Limitedshareholder
liability
Separateentityfrom
owner
A separate legal entity from its owners,

i.e. the financial affairs of the owners
must be separated from that of the company, and unless personal
guarantees of the owners have been secured, an entity can only sue the
company for damages and not the owners.
There are two types of companies that in Australia: proprietary and public. The
diagram below shows some major differences between the two types.
Proprietary
Page 18 of 100
Public
Cannotsell
sharestopublic.
Cansellshares
topublic.
Areclassifiedas
largeorsmall.
Generallylarge
companies.
Lessreporting
requirements.
Greater
compliance
reporting
requirements.

Student Workbook
Under section 45A of the Corporations Act 2001, a proprietary company is

currently classified as large if it satisfies at least two of the following criteria.
The consolidated gross operating revenue of the company and any entities
it controls is $10 million or more.
The value of the consolidated gross assets at the end of the financial year
of the company and any entities it controls is $5 million or more.
The company and any entities it controls have more than 50 employees at
the end of the financial year.4
If a proprietary company is classified as large, then it is required to submit annual

financial and directors reports. Small proprietary companies do not have to
prepare either of these reports except in the circumstance that ASIC or
shareholders with at least 5% of the company request it to.
Learning activity: ASIC
Access the ASIC website at <http://www.asic.gov.au> and review the section on
running a company. Under the heading Change of details, review the checklist
provided for company officers and describe three risks for an organisation if
compliance is not maintained.
1.
2.
3.
The Australian Securities and Investments Commission (ASIC)

The Australian Securities and Investments Commission (ASIC) is Australias
corporate, markets and financial services regulator. It is an independent
Commonwealth Government Body with most of its work being carried out under
the Corporations Act.
Australasian Legal Information Institute, 2001, Corporations Act 2001 - Sect 45A,
Commonwealth Consolidated Acts, viewed April 2010,
<http://www.austlii.edu.au/au/legis/cth/consol_act/ca2001172/s45a.html>.

Page 19 of 100
Student Workbook
ASIC regulates Australian companies, financial markets, financial services

organisations and professionals who deal and advise in investments,
superannuation, insurance, deposit taking and credit. ASICs main role to consider
in relation to this unit is its responsibility for ensuring that company directors and
officers carry out their duties honestly, diligently and in the best interest of their
company.
Although ASIC administers many acts or parts of acts, as well as relevant
regulations made under them, the main two are:
Corporations Act 2001
Australian Securities and Investments Commission Act 2001.
The other acts involve insurance, superannuation and medical indemnity.

The Corporations Act 2001 sets much of the legislative framework for the conduct
of companies and their directors in relation to corporate governance. Internal
controls need to be implemented and maintained to ensure compliance with the
legislation administered by the delegated authority, ASIC.
The Australian Securities and Investments Commission Act 2001 makes provision
for ASIC to ensure the performance of the financial system and entities in it, to
assist investors and consumers in the financial system with appropriate
information, and to administer and enforce the law effectively.
Learning activity: Directors responsibilities
Search the ASIC website <http://www.asic.gov.au> using the search term
directors responsibilities. Name two of the directors responsibilities listed
under the heading What does the law expect of you, and for each describe a
process or mechanism that you could put in place to help ensure compliance
with this directive.
1.
2.
Company records compliance

Under the Corporations Law, directors are personally responsible for keeping
proper company records. These could be grouped into financial records and
company housekeeping records.
Page 20 of 100

Student Workbook
Up-to-date financial records must be kept so that they can:
accurately record and justify the companys transaction
illustrate the financial position of the company and its performance.
Companies should maintain current and accurate financial records in order to

ensure that:
it is able to prepare accurate financial statements of the company
these financial statements may be properly audited
the company is compliant to tax laws.
Financial statements a company would regularly prepare

Statement of Financial
Performance
Shows the companys revenue and expenses for a

set period and the resulting profit or loss.
Statement of Financial
Position
Shows the companys assets and liabilities at a

certain point in time.
Statement of Cash
Flow
Summarises the companys influx and efflux of

cash for a set period of time.
Financial records may be kept electronically, provided they are capable of being
converted into hard copy to anyone entitled to inspect them.
Note: a small proprietary company (as defined by the Corporations Act)
generally is not required to lodge formal financial reports to ASIC. On the other
hand, large proprietary companies, public companies and non-profit public
companies must produce, audit and lodge financial reports to ASIC.
Basic financial records that companies may be required to keep by law

General ledger
Records all transactions and balances (revenue, expenses,

assets, liabilities). Otherwise, summarises these balances
detailed in other records.
Cash records
For example, deposit books, cheque butts, petty cash

records and bank statements.
Debtor and sales

records
Outlines the money made or owing to the company, for

example, delivery dockets, invoices and statements
issued, debtors and their balances.
Creditors and
purchase records
Outlines the money spent or owed by the company, for

example, purchase orders, invoices and statements
received, creditors and their balances.

Page 21 of 100
Student Workbook
Basic financial records that companies may be required to keep by law

Wage and
superannuation
records
Funds paid to employees.
A register of
Shows the transactions and balances relating to individual
property, plant and items.
equipment
Inventory records
Value of the items that makes up the companys inventory.
Investment
records
For example, certificates and notices related to dividends

or interest.
Tax returns and

calculations
For example, goods and services tax returns and

statements, income tax, and fringe benefits.
Deeds, contracts
and agreements
Legal documentation.
Learning activity: Financial record keeping

Both tax law and corporations law require that financial records are kept
between five and seven years, which can present logistics problems for an
organisation if there is a large amount of physical records. Search the ATO
website to determine if past records can be kept electronically and, if so, how
they recommend that it can be managed?
Page 22 of 100

Student Workbook
Workplace legislation, awards and workplace enterprise agreements

Industrial Instruments (Awards) are laws passed by either the Commonwealth or
State Parliaments that govern the rate of pay and working conditions of
employees under their jurisdiction. Federally this act was called the Workplace
Relations Act 1996 with the states having similar acts like the Queensland
Industrial Relations Act 1999. The commonwealth and state parliaments have set
up commissions to check and approve awards and agreements and prevent and
resolve disputes.
The Fair Work Act 2009
Sweeping changes have been made to workplace legislation in the years 2005 to
2009, beginning with the introduction of the Workplace Relations Amendment
(Work Choices) Act 2005, followed by its replacement, the Fair Work Act
(Commonwealth) in 2009. This act set out to offer:
a fair and comprehensive safety net of minimum employment conditions
a system that has at its heart bargaining in good faith at the enterprise
level
protections from unfair dismissal for all employees
protection for the low-paid
a balance between work and family life
the right to be represented in the workplace.
Below are some key elements of the Fair Work Act. The organisation should be
aware of these regulations to ensure its compliance. Compliance will decrease the
likelihood of risk to the organisation regarding workplace relations.
FairWork
Australia(FWA)
Unfair
dismissial
Overlooksworkplacerelations.
Hasthepowertovaryawards,makeordersrelatingto
minimumwageandsettleunfairdismissalclaims.
EmployeesmaylodgeunfairdismissalclaimstoFWAwithin
sevendaysiftheywereemployedforsixmonthsorlonger
(twelvemonthsifthebusinessemploysfifteenpeopleor
less).
Safetynet
Examplesofrightsareminimumstandards:
flexibleworkingarrangementsafter12months
12monthsunpaidparentalleave
contracts,agreementsandpoliciesbetweenemployersand
employeesthatreflectstheNationEmploymentStandards
(NES).
Prohibitionordiscriminationbasedon:race,colour,sex,
sexualpreferences,age,physical,mentaldisability,marital
status,religionorpregnancy.
Discrimination

Page 23 of 100
Student Workbook
Increased
unionrightof
entry
Unionsmayenteraworkplaceinwhichtheyhaveamember
whoworksonthepremises,toinvestigateanysuspected
breachesoflegislation.
Enterprise
bargaining
FWAwillgrantapprovaltoenterpriseagreements(either
singleenterpriseormultienterprise)iftheyconsider"that
eachemployeeis'betteroffoverall'undertheagreement,
comparedtoanapplicablemodernaward."
Afterthetransferofassets,employees(betweenrelated
companies),outsourcingorinsourcing,theworkisnottobe
significantlydifferentafterthetransfer,comparedtothat
pretransfer.
Transferof
business
Learning activity: Unfair dismissal

What risks are there for an organisation in regards to unfair dismissal
legislation? How can the organisation manage against the occurrence of these
risks?
Page 24 of 100

Student Workbook
Awards Industrial Instruments

Under the new Fair Work Act 2009, new National Employment Standards (NES)
have been developed to underpin any award conditions and pay rates. In general,
the NES sets out the following.
Minimumratesofpay,suchas
hourlyratesandannualsalaries.
Ordinaryhoursofwork.
Annualleaveandleaveloading.
Longserviceleave.
Personalorcarersleave.
Noticetobegivenon
termination.
Restperiods.
Loadingsforovertime,casual
workandshiftwork.
Antidiscriminationprovisions.
Figure 4: National Employment Standards

Page 25 of 100
Student Workbook
Learning activity: Awards

Visit the websites listed below and briefly describe the information that each
one provides. How does this information assist organisations in risk
management?
<http://www.workplaceauthority.gov.au>
<http://www.wo.gov.au>
For state legislation see the following departmental sites.
New South Wales: <http://www.industrialrelations.nsw.gov.au>
Queensland : <http://www.wageline.qld.gov.au>
South Australia: <http://www.safework.sa.gov.au>
Tasmania: <http://www.wst.tas.gov.au>
Western Australia: <http://www.docep.wa.gov.au>
Australian Capital Territory and the Northern Territory come under federal
awards.
Page 26 of 100

Student Workbook
Section summary
You should now understand the risk management process and how to establish
the context for risk management activity, including the scope within which risks
must be managed, the stakeholders involved, and relevant legislation. In the next
chapter, we will look at Stage 1 of the risk management process: identifying risks.
Further reading
Leonard N Stern School of Business, 2010, NYU Stern, What is Risk?,

viewed May 2010,
<http://pages.stern.nyu.edu/~adamodar/pdfiles/valrisk/ch1.pdf>
What is risk?>.
AIRMIC, ALARM and IRM, 2002, A Risk Management Standard, viewed

May 2010,
<http://www.theirm.org/publications/documents/Risk_Management_Sta
ndard_030820.pdf>.
Section checklist
Before you proceed to the next section, make sure that you are able to:
understand risk and risk management
establish the context for risk management
understand the importance of relevant legislation.

Page 27 of 100
Section 2 Identifying Risk
Student Workbook

Risk identification is a vital stage of risk management as it develops the basis for
the proceeding steps of analysing and controlling risks. Thorough and correct risk
identification ensures effective risk management. If a risk is not first identified,
how can it be managed? The organisation will be unable to account for such risks
and so their consequences may be highly damaging to the organisations goals.
In this section, we will look at reviewing the organisation and factors affecting it, in
order to identify risks.
Scenario: Identifying risks
Having reviewed risk management processes and the legislative framework in
which the organisation operates, you now prepare for the job of identifying the
risks for the chain of shoe repair stores.
You quickly realise that risk management, like most forms of management,
requires input and feedback from stakeholders who affect and are affected by
the risks to the organisation. With their help you will use various techniques to
identify the scope of risks that could affect the organisation and set the
objectives for your risk management function.
In the process of identifying risks you will assess the internal strengths and
weaknesses of the organisation and the opportunities and threats from the
external environment which can arise from the social, technological, economic
and political spheres in which the organisation operates.

review the external environment
determine strengths and weaknesses
review and document objectives
identify risks
involve others in risk identification.
Page 28 of 100

Student Workbook
Review the external environment

To thoroughly identify risks, we must examine the external environment
surrounding an organisation. This includes the political, economic, social, legal,
and technological factors affecting the business.
A PEST analysis is an effective tool for investigating external environmental
factors. PEST stands for the following.
Political (or political-legal)
Economic
Social
Technological
It is a used when conducting an environmental analysis for strategic planning or

as a framework for market research. The analysis gives an overview of big picture
factors that the organisation should take into consideration.
This is a useful tool in the risk management process as it can aid in not only the
identification of risks, but may be used as a factor in the analysis of those risk
identified. Examples of factors which may come to light via a PEST analysis are
below.
POLITICAL
ECONOMIC
proposed laws that may

affect organisation
interest rates
economic growth
taxation policy
exchange rates
merit/demerit goods
inflation rates.
employment regulations.
SOCIAL
TECHNOLOGICAL
population growth
demographics
current research and

development
health consciousness
rate of technological change
social trends.
automation
technology incentives.

Page 29 of 100
Student Workbook
Learning activity: PEST analysis

Review the scenario in Appendix 3 under the heading Internal and external
environment and identify one item for each of the following in the PEST
analysis.
Political
Economic
Technological
Social
Describe briefly how a PEST analysis can help identify risks for an organisation.
Page 30 of 100

Student Workbook
Learning activity: List of risks

environment and list three risks and describe which areas of the scope they
belong to.
Risk
Area
Describe a process you could introduce that could help you obtain information
from stakeholders.

Page 31 of 100
Student Workbook
Determine strengths and weaknesses

The internal environment of an organisation must be examined to determine if it
is exposed to risk through any of its operations or processes. This requires that
you assess what the business is doing well, and what areas need improvement.
A SWOT analysis can be used to determine the strengths and weaknesses of an
organisation. SWOT stands for the following.
S
Strengths
Weaknesses
Opportunities
Threats
Strengths and weaknesses are factors that are able to be controlled by the
business. Strengths are the key elements that give an organisation advantage
over its competitors. Weaknesses are the limitations faced by the business in
achieving its objectives.
Opportunities and threats exist independent of the organisation, and are often
beyond its control. Opportunities are the conditions of the environment in which
the business operates which could benefit the organisation if acted upon. Threats
are barriers that prevent the business from achieving its objectives.
Page 32 of 100

Student Workbook
As shown in the diagram above, an organisation should endeavour to match

internal strengths with external opportunities to create the best competitive
advantage. Action should be taken to turn internal weaknesses into strengths or
minimise their effect on the business, and to convert threats into opportunities or
avoid them.
Learning activity: SWOT analysis
environment and identify one item for each of the following in the SWOT
analysis.
Strength
Weakness
Opportunity
Threat
Describe briefly how a SWOT analysis can help you to identify risks in an
organisation.

Page 33 of 100
Student Workbook
Review and document objectives

As stated in the introduction, an organisation is defined by its goals and
objectives. The greatest risk for an organisation is failure to achieve its strategic
objectives therefore the risk management process must document the goals of
the business and determine risks as those things which will prevent those goals
being fulfilled.
The mission statement of an organisation will ordinarily outline the key objectives
of the business, and these are generally detailed and implemented throughout
the policies and procedures. Reviewing these documents will help define the risk
management process. For example, if part of the organisations mission
statement is to produce a quality product, a potential risk is the inability to find
skilled staff, or to source quality resources required for production.
Learning activity: Goals of risk process
Review the scenario in Appendix 3 and identify two goals or objectives for the
task you have been assigned by Jeff to complete.
1.
2.
Describe how having goals or objectives assists in carrying out the risk
management process?
Page 34 of 100

Student Workbook
Identify risks
Risks must be identified in order to be analysed and treated. The Australian
Standard categorises risk identification into two categories.
1. What, where and when? This aims at generating a comprehensive list of
risks that may impact the objectives.
2. Why and how? Identify the circumstances in which this risk may be
realised. What would be the cause of an exposure of resources (For
example, failure of ..., lack of ..., loss of..., injury to... etc.)?
The process of identification can be aided by various tools and techniques, which
should be selected based on the purpose and context of the risk management
activities being undertaken. Some of these tools include:
checklists
fishbone diagrams
brainstorming
flowcharts.
Checklists
Checklists can be used to help in identifying risks by using targeted questions.
When trying to identify the risks within a specific context, it is important to
interrogate the components as much as possible. Some questions that could be
asked include:
Where are the risks likely to come from?
Who is likely to pose a risk?
What situations are likely to increase the possibility of the risk actually
occurring?
Just how large are the risks?
In order to ensure this is comprehensive, the following areas within differing

contexts, for example legislative risk, environmental risk, and economic risk could
be used to address these questions.
Financial risk
factors
People elements
Premises e.g. suitability, size, facilities available,

location, health and safety risks to workers and others,
financial concerns.
Product and services e.g. organisations competitive

position (and potential in the future), environmental
issues that affect development, waste management,
lifestyle trends and demographic changes.
Purchasing e.g. use of recognised standards,

government policy on standard, protection of workers etc.
People e.g. organisation of employees, culture, skills

and competence of employees, training and supervision,
OH&S (occupational health and safety), visitors to the
site, wider public in the vicinity.

Page 35 of 100
Actions or
processes
Management
issues
Student Workbook
Processes e.g. techniques used and their associated

risks, legislation requirements and skill level of
employees.
Performance e.g. stakeholder interest, health and

safety, insurance claims and quality.
Policy and strategy OH&S, environmental and waste

management, financial and purchasing control, accident
investigation, reporting and rehabilitation.
Planning and organising.
Learning activity: Checklist

Use the categories outlined above, and for the Scenario provided in Appendix 3,
develop a checklist of two target questions per category that could be used to
identify risks.
Financial risks factors
People elements
Actions or processes
Management issues
Page 36 of 100

Student Workbook
Brainstorming
Brainstorming may be done around the following questions to attempt to identify
risk to organisational objectives.
What:
o might happen
o is the impact
o are the existing controls?
How:
o could this arrive?
When:
o in the life of activity
o beyond the life of activity?
Who:
o is involved
o is affected?
Why will there be:

o changes and uncertainties
o causal factors and triggers?
Learning activity: Staff input to risk management

Brainstorm a list of approaches that you can use to encourage staff and
stakeholders to provide input and participate in the development of risk
management strategies for an organisation, and describe how each of these
can be effective.

Page 37 of 100
Student Workbook
Fishbone diagrams
Fishbone diagrams are cause-and-effect diagrams. Use of the fishbone diagram
encourages a systematic approach to identifying risks that looks beyond the
obvious causes of a problem. The starting point for creating the diagram is
identification of a problem. This is stated as the effect. The 'bones' show the types
of variables that might play a part in the root cause.
Causes are usually grouped into major categories, which typically include the
following.
People anyone involved with the process.
Methods how the process is performed and the specific requirements for
doing it, such as policies, procedures, rules, regulations and laws.
Machines any equipment, computers, tools etc. required to accomplish

the job.
Materials raw materials, parts, pens, paper, etc. used to produce the
final product.
Measurements data generated from the process that are used to

evaluate its quality.
Environment the conditions, such as location, time, temperature, and

culture in which the process operates.
Causes can be generated from brainstorming activities, and then grouped and
used as labels on the fishbone. Below is an example fishbone diagram showing
the 8 Ps. The 8 Ps are factors affecting the service industry which have the
potential to cause or contribute to problems and create risk. The smaller bones
connect sub-causes to major causes and show the escalation of risk.
Figure 5: Fishbone diagram
Page 38 of 100

Student Workbook
Learning activity: The 8 Ps

Use the internet to find the 8 Ps of the service industry and create a fishbone
diagram for them below. Ensure you include at least one variable for each
category included on the bones of the diagram. (You may find it easier to
create the diagram using a separate piece of paper).
Flowcharts
A flowchart is a diagram commonly used to
demonstrate the steps in a solution for a
problem. They are frequently used to
design, analyse, document and manage
processes.
Flowcharts use various symbols and
shapes to represent different facets of a
process, and arrows to show flow of
information, communication and control.
Some of the symbols include the following.
Circles, ovals or rounded rectangles

showing start and end points. The
shape will usually contain the word
start or end, or a specific phrase
that indicates the start or end of a
process, such as submit enquiry.
Rectangles showing processing

steps, for example replace
identified part or save changes.
Parallelograms showing
input/output, for example get
feedback from the user.
Diamonds representing conditional

steps or decisions. These would
usually contain a 'yes/no' or
'true/false' test.

Page 39 of 100
Student Workbook
Learning activity: Flowchart

Create a simple flowchart using the symbols above to show the process for
dealing with a lamp that wont function. You will need to think about reasons the
lamp may not be working, and address these, and appropriate responses or
actions, in your flowchart.
Page 40 of 100

Student Workbook
Learning activity: Risk management tools

Research the internet for tools or templates that you could use in risk
management processes in an organisation. Identify three that you think you
could use and describe why and how you think these could be helpful. Include a
brief description of each tool as well as the web URL.
TOOL
URL
WHAT THE TOOL DOES
HOW THE TOOL COULD BE HELPFUL
TOOL
URL
WHAT THE TOOL DOES

Page 41 of 100
Student Workbook
TOOL
URL
WHAT THE TOOL DOES
Research
The process of risk identification is much aided, by the use of both internal and
external research. This may be in the form of:
past records
data and statistical information
relevant published credible literature
the result of public consolation
market research.
To ensure a thorough risk analysis, several of these sources of information could

be used. Information can be collected in many ways, some of which are listed
below.
Primary data collection techniques
Primary data collection refers to data collected by the user. Data collected is
unique to the organisation and is not publicly available unless the researcher
chooses to publish it.
Some common methods of primary data collection include interviews, focus
groups, surveys and questionnaires, observations, and diaries.
Page 42 of 100

Student Workbook
INTERVIEWS
Interviewing can be used to identify the underlying reasons and motivations for
peoples attitudes, preferences or behaviour. They can be individual or groupbased.
Advantages
Disadvantages
Need to set up interviews.
Time consuming.
Geographic limitations.
Can be expensive.
Normally need a set of questions.
Respondent bias tendency to please

or impress, create false personal
image, or end interview quickly.
Embarrassment possible if personal

questions.
Transcription and analysis can present

problems subjectivity.
If many interviewers, training required.
Serious approach by
respondent resulting in
accurate information.
Good response rate.
Completed and immediate.
Possible in-depth questions.
Interviewer in control and can

give help if there is a problem.
Can investigate motives and

feelings.
Can use recording equipment.
Characteristics of respondent
assessed tone of voice,
facial expression, hesitation,
etc.
Can use props.
If one interviewer used,

uniformity of approach.
Used to pilot other methods.
FOCUS GROUPS
A focus group is an interview conducted by a trained moderator in a nonstructured and natural manner with a small group of respondents. The
moderator leads the discussion. The main purpose of focus groups is to gain
insights by listening to a group of people from the appropriate target market talk
about specific issues of interest.

Page 43 of 100
Student Workbook
QUESTIONNAIRES
Popular means of collecting data, but are difficult to design and often require
many rewrites before an acceptable questionnaire is produced.
Advantages
Disadvantages
Can be used as a method in its

own right or as a basis for
interviewing or a telephone
survey.
Design problems.
Questions have to be relatively simple.
Historically low response rate (although
inducements may help).
Can be posted, emailed or

faxed.
Can cover a large number of

people or organisations.
Time delay whilst waiting for responses

to be returned.
Require a return deadline.
Wide geographic coverage.
Several reminders may be required.
Relatively cheap.
Assumes no literacy problems.
No prior arrangements are

needed.
No control over who completes it.
Avoids embarrassment on the

part of the respondent.
Not possible to give assistance if

required.
Problems with incomplete

questionnaires. Replies not
spontaneous and independent of each
other.
Respondent can read all questions

beforehand and then decide whether to
complete or not. For example, perhaps
because it is too long, too complex,
uninteresting, or too personal.
Respondent can consider

responses.
Possible anonymity of
respondent.
No interviewer bias.
OBSERVATIONS
Observation involves recording the behavioural patterns of people, objects and
events in a systematic manner.
Observational methods may be:
structured or unstructured
disguised or undisguised
natural or contrived
personal
mechanical
non-participant
participant, with the participant taking a number of different roles.
Page 44 of 100

Student Workbook
DIARIES
A diary is a way of gathering information about the way individuals spend their
time on professional activities. They are not about records of engagements or
personal journals of thought! Diaries can record either quantitative or qualitative
data, and in management research can provide information about work
patterns and activities.
Advantages
Disadvantages
Useful for collecting

information from employees.
Different writers compared

and contrasted
simultaneously.
Subjects need to be clear about what

they are being asked to do, why and
what you plan to do with the data.
Diarists need to be of a certain

educational level.
Allows the researcher freedom

to move from one organisation
to another.
Some structure is necessary to give the

diarist focus, for example, a list of
headings.
Researcher not personally

involved.
Diaries can be used as a

preliminary or basis for
intensive interviewing.
Encouragement and reassurance are

needed as completing a diary is timeconsuming and can be irritating after a
while.
Progress needs checking from time-totime.
Confidentiality is required as content

may be critical.
Analyses problems, so you need to

consider how responses will be coded
before the subjects start filling in
diaries.
Used as an alternative to
direct observation or where
resources are limited.
Secondary data collection techniques

Secondary data is collected by someone other than the user. It can be sourced
from existing survey results, databases, statistical research organisations,
published reports, case studies and published texts.
It is important to ensure that data is obtained from trusted sources, to ensure it is
valid and reliable. There are questions that you should consider when selecting
existing data for use in your audit.
What was the researchers objective in collecting the data?
What data was collected and what is it supposed to measure?
When was the data collected?
What methods were used?
How is the data organised?
What information is known about the success of that data collection? How
consistent is the data with data from other sources?

Page 45 of 100
Student Workbook
Essential qualities of information

The aim of any data collection activity is always to aid in decision making. The
decisions that are made will only be as good as the data collected. It is essential
then that data is quality tested to ensure it will produce the desired results.
Data should be as follows.
Accurate
Information collected through audit activities should be precise

and a true reflection of the relevant events, subjects and issues.
Relevant
Data collected should be directly related to the intent and

objectives of the audit or collection process.
Reliable
Data must be verifiable and well supported by background

information.
Learning activity: Risk research

Identify at least three different ways that risk in a business environment can be
researched, and describe the types of information you are likely to gather from
each approach.
Involve others in risk identification

Communication and consultation should take place at every step of the risk
management process with both internal and external stakeholders. Therefore a
communication plan for both these parties should be developed early in the
process.
Page 46 of 100

Student Workbook
This plan should address issues relating to the risk itself, the likelihood of the risk,
its potential consequences, and measures being taken to manage the risk.
Communication is vital in risk management as it ensures that those accountable
for implementing risk management, as well as other stakeholders, understand the
reasoning behind decisions, and why particular actions are required.
Identification of risks should never be the responsibility of one individual.
Consulting a team of people with different areas of expertise means that many
viewpoints are represented and the identification process is thorough. Including
stakeholders in the process also facilitates a sense of ownership for risk
management activities.
Some key skills that you will require for involving others and maintaining
communication with stakeholders are described in the table below.
Active listening
Encouraging
feedback
Facilitating
discussion
Effective
questioning
Keep the purpose in mind know why you are listening and
what you are listening for.
Listen to whats not said learn to read gestures and facial
expressions, not just listen to words.
Give feedback acknowledge and respond to what you hear,
without interrupting.
Be sensitive show that you listen to and understand the
other persons point of view, even though you may not agree
with it.
Value feedback recognise that you need feedback to build

an accurate picture of what is occurring.
Do not react show respect for feedback even when it is

critical.
Dont point fingers use feedback to diagnose and fix

problems, without laying blame.
Step back establish the purpose or goal for the group, and
then let the group continue the discussion.
Bring focus ensure the discussion stays on track by

reminding the group of the established purposed.
Be open dont voice personal opinions or make judgments

about proposed ideas, just listen.
Be fair make sure everyone has an opportunity to

participate, express an opinion or contribute an idea.
Summarise rephrase key points and bring clarification to any

decisions or planned actions when needed.
Directive questions seek facts and concrete answers
Non-directive questions deal with emotions, feelings and

attitudes.
Reflective questions clarifying information being provided,

rephrasing, etc. (e.g. Do you mean...)
Closed questions allow limited responses, such as Yes or

No.
Open questions allow for unlimited response.

Probing questions seek further response to a question
already asked, often in response to the answer given.

Page 47 of 100
Student Workbook
Learning activity: Staff involved

In reference to the scenario provided, who would be most beneficial to involve in
the process of risk identification, and why would you include them in gathering
input to risk identification?
Section summary
You should now understand how to evaluate the internal and external
environments of an organisation, review organisation objectives, identify risk and
include stakeholders in the process.
Further reading
The University of New South Wales, 2010, UNSW Rick Consequence

Assessment Tool, viewed May 2010,
<http://www.fin.unsw.edu.au/files/forms/rmu/UNSW_Risk_Risk_Assess
ment_Tool.pdf>.
Australian Government, 2010, Risk Analysis, viewed May 2010,

<http://www.ga.gov.au/image_cache/GA10820.pdf>.
Section checklist
review the external environment
determine strengths and weaknesses
review and document objectives
research risks
identify risks
involve others in risk identification.
Page 48 of 100

Student Workbook
Section 3 Analysing and Evaluating Risk
Section 3 Analysing and Evaluating

Risk
It is not enough for an organisation to merely be aware of risks. Once they have
been identified, risks must be analysed to determine the probability of occurrence
and expected impact. This chapter looks at conducting this analysis, and using it
to form an action plan to deal with risks.
Scenario: Preparing a risk action plan as the new operations manager for a
shoe repair chain
With the help of stakeholders, and the use of other research methods, you have
been able to create a list of all the perceivable risks that could impact on the
shoe repair store chain.
You are already aware that compiling a list of risks is only the first part of the
risk management story, because the second part being management, requires
analysis, assessment, evaluation and prioritisation to determine the best use
and allocation of an organisations resources.
You will use an approach that looks at each risk on a likelihood and
consequence basis to determine the priority levels that each should be given.
You will then consider the possible options for treating each risk starting with
the highest priority and working to the lowest.
To assist you in this function you will prepare a risk management action plan
that quite clearly shows your reasoning for establishing the risk priority levels,
and the actions needed to manage the risks.

determine likelihood of risk
assess consequence of risk
evaluate and prioritise risk
determine risk treatment options
develop an action plan for treating risks.
Risk analysis is about developing an understanding of the risk. It provides an
input to decisions on whether risks need to be treated and the most
appropriate and cost-effective risk treatment strategies.
AS/NZA4360:2004

Page 49 of 100
Student Workbook
Determine likelihood of risk

The first step in risk analysis is to determine the likelihood of risks. Likelihood
refers to the probability that a risk will occur, and is measured in terms of the
following scale. Note that the classification of risks must take into account the
specific circumstances, for example, the flooding of a warehouse may range from
rare if it is located to a region that receives little rain to frequent if it is located in
somewhere that is often subject to flooding.
Rare
May occur only in exceptional circumstances, e.g. death of an

employee at work.
Unlikely
Event is unlikely to occur but is possible, e.g. an employee crashing

a company car.
Possible
Event could occur, e.g. rain on the day of an outdoor event.
Likely
Event likely to occur once or more during the life of the project, e.g.
first aid injury.
Frequent
Event will occur many times during the life of the project, e.g. a
busy street.
Figure 3: Likelihood of risk occurring
Learning activity: Board role for risk management

PricewaterhouseCooper believes that boards can play a vital role in improving
the quality of risk management information provided to them to review and/or
act on. A discussion paper published by them at
<http://www.pwc.com.au/assurance/risk-controls/publications/informationgap.htm> describes five steps that can help boards get the information they
require. Based on the likelihood scale above, describe which risks would be
included in the statement Be clear about what matters, i.e. would you include
all items on the scale, or just frequent risks? Identify the cut-off you would apply
and explain why.
Page 50 of 100

Student Workbook
Learning activity: Risk likelihood

Review the scenario in Appendix 3 under heading Research findings and select
the issues you think would occur rarely and which is likely to occur almost
certainly. Give your reasons.
Likelihood
Reasons
Rare
Almost certain
Learning activity: Revised risks

Some organisations assess risk, and apply a control, and then reassess risk
immediately (rather than waiting for a review period some time later). How could
this provide relevant information for risk management to the organisation?
State your reasons.

Page 51 of 100
Student Workbook
Research the internet for risk management tools that include two layers of
assessment in this way. (Hint: some risk management organisations use the
term residual risk). Briefly describe the tool, and include a copy in your
workbook.
Assess consequence of risk

The next step in risk analysis is to assess the potential consequence or impact of
the risk on the organisation and its objectives. The general levels of consequence
are called as follows.
Catastrophic
Major
Minor
Insignificant
Page 52 of 100
multiple injuries/death
regulatory intervention
net revenue loss or asset damage exceeds $x
damage to reputation at international level
long-term environmental damage (5 years or longer).
single stakeholder
breach of licenses, legislation, regulation or mandated

standards
net revenue loss or asset damage between $xxxx
damage to reputation at national level
medium-term (1-5 yr) environmental damage.
breach of internal procedures or guidelines
net revenue loss or asset damage between $x $x
adverse news in local media
environmental damage, requiring up to $250,000.
no breach of licenses, standards, guidelines or related audit

findings
net revenue loss or asset damage $x
public awareness may exist, but there is little public concern
negligible environmental impact.

Student Workbook
Learning activity: Risk consequence

select an issue you think would have an insignificant consequence and an issue
you think would have catastrophic consequences. Give your reasons.
Consequences
Reasons
Insignificant
Catastrophic
Learning activity: One of each

Think about your community or workplace and give an example of a each of the
following risks.
Rare and catastrophic
Frequent and insignificant
Possible and moderate

Page 53 of 100
Student Workbook
Evaluate and prioritise risk

Now that you have determined both the likelihood and consequence of risk, the
two are combined to determine the rating. The most effective method of risk
analysis is to generate a risk matrix. A risk matrix is shown below, where the
identified consequence meets the identified likelihood, a risk rating is given.
LIKELIHOOD
CONSEQUENCE
Insignificant
Minor
Moderate
Major
Catastrophic
Almost
certain
HIGH
HIGH
EXTREME
EXTREME
EXTREME
Likely
MEDIUM
HIGH
HIGH
EXTREME
EXTREME
Moderate
LOW
MEDIUM
HIGH
EXTREME
EXTREME
Unlikely
LOW
LOW
MEDIUM
HIGH
EXTREME
Rare
LOW
LOW
MEDIUM
HIGH
HIGH
Learning activity: Risk evaluation

Nearly all organisations and systems use the same or a very similar risk
evaluation tool as outlined above. Describe how you think the one illustrated
below is different, and when it might be suitable to use.
Page 54 of 100

Student Workbook
The allocation of a risk rating should prompt a decision to be made about the
action to be taken, as below.
Extreme
High
Medium
Low
IMMEDIATE senior management action
e.g. multiple deaths of employees.
Action plan needed, allocated responsibilities
e.g. damage to valuable assets.
Risk requires only monitoring and review
e.g. loss of assets due to staff theft.
Risk accepted - but not ignored
e.g. a paper cut.
Figure 4: risk rating and associated action
Risks can then be prioritised based on the level of action required.

Learning activity: Risk priorities
select an issue you think would be rated Extreme and an issue you think be
rated Low. Give your reasons.
Priorities
Reasons
Extreme
Low
Types of analysis
Qualitative analysis may be useful as an initial screening to identify if

further analyse of risk is required, when the analysis is appropriate for
decisions, when numerical data or resources are inadequate. It uses
descriptive scales to describe the potential consequences. So far
throughout this section we have been using qualitative risk analysis. The
risk matrix above is an example of this method.

Page 55 of 100
Student Workbook
Semi-quantitative analysis sets values to the risks in order to produce a

more expanded ranking scale than that which is usually achievable from
qualitative analyse. These values are not the predicted realistic figures
calculated in quantitative analysis. It is important that the limitations of
this form are recognised and it is combined with a formula or explanation.
Quantitative analyse of risks uses numerical values (as opposed to words)

to analyse both the consequence and likelihood of risks. The quality of this
analysis is dependent on the data from which it was initially sourced. The
outcomes may be expressed in terms of monetary, technical, or human
impact. Examples of quantitative risk analysis are as follows.
o Risk of financial loss:
o Fatality risk. This calculation gives a value of 0 1. The closer the
value to one, the greater the risk.
Learning activity: Financial loss

Using the formula above for financial loss, calculate the expected loss for a
car wash that loses $500 in wages for every day it rains. The car wash is located
in Brisbane where it rains on average 122 days per year, and on days when it is
not raining it makes $300.
If the same business with the same loss and profits was moved to Melbourne,
with an average of 148 rainy days, explain what could happen to the business.
Page 56 of 100

Student Workbook
Learning activity: Extreme action

Name a situation at work or at home you would rate as Extreme'.
List three things you would do in the first few minutes.
1.
2.
3.
Determine risk treatment options

Risk treatments
There are several ways by which to manage risk. The Australian Standards
outlines the following.
Avoid the risk. This may be done by ending the activity that gives rise to the
risk. Inappropriate risk avoidance may result in an increased significance
of the risk or result in the loss of opportunity.
Reduce the likelihood of the risk, i.e. reduce the likelihood of a negative
impact on objectives.
Reduce the consequences, that is, decrease the extent of the damage. An
example of this is reducing the inventory or making continuity plans.
Share the risk. This involves other parties baring a portion of the risk
(preferably by mutual consent). This may take place in the form of
insurance arrangements, contractions, partnerships or joint ventures, all of
which spread the responsibility and burden of the risk with another. This
usually comes at both a financial expense (e.g. premiums paid for
insurance, decrease in positive outcome of risk seen by the individual
organisation) and creates another risk, namely that the parties with whom
the risk is shared will not mange it effectively.
Retain the risk. After the altering or sharing of a risk, there exist residual
risks which are retained. This also may take place by default as a result of
failure to identify or manage a risk.

Page 57 of 100
Student Workbook
Hierarchy of control
The hierarchy of control for OHS risk management identifies the preferred option
to the least preferred option. If possible, eliminate the risk. The least preferred
option is for employees to be provided with personal protection in the
management of risk. There are better options between the most preferred and the
least preferred.
Can you eliminate the
risk?
Yes then eliminate the risk.
For example, repair damaged equipment.
Can you reduce the risk?
Yes then reduce the risk.
For example, hire a bus with seatbelts as

opposed to one without.
Yes then isolate the risk.
For example, a locked plant room for chemicals.
Can you reduce the risk

by control?
Yes then introduce administrative controls.
For example, occupational health and safety

induction.
Then provide personal

protection.
According to AS/NZ standard.
For example, gloves, safety googles, sunscreen.
Can you isolate the risk?
Figure 5: Hierarchy of risk control adapted from Cole (2005)
When managing risk, particularly OHS related risk, there are key questions that
managers need to be able to answer. These are as follows.
1. Are there legislated activities or practices that must be done or
implemented in relation to the specific hazard?
2. Is there a Code of Practice relating to the specific hazard?
3. Are there existing controls? If so:
a. are the controls as high as possible in hierarchy of control priorities
b. do controls protect everyone exposed to harm?
4. What additional controls are required?
The following table is from the Risk Management Code of Practice 2007
(Workplace Health and Safety Queensland) and gives some example of how
control measures can be implemented.
Page 58 of 100

Student Workbook
Control measure
Comment
Examples of use
Elimination
Control the hazard at the

Contract tasks out to
source. This is the most
specialists who have
effective control measure and
appropriate facilities.
removes the risk by removing
the hazard or changing the work
processes.
Substitution
Replace the hazard (e.g. plant

or substance) with another that
has a lower risk.
Use a machine with

better guarding or use a
less hazardous chemical
that does the same job.
Isolation
Remove or separate people

from the source of the hazard.
Use rubber mats to lift

workers off a concrete
floor or segregating work
processes.
Minimise by
engineering
means
Change the physical

characteristics of the plant or
workplace to remove or reduce
the risk.
Modify a machine so it
can be used by remote
control.
Administrative
measures
Use policies, procedures, signs

and training to control risk.
Review systems of work

so that nobody works
alone at night or train
workers in safe lifting
techniques.
Personal
protective
equipment (PPE)
Provide equipment or clothing

designed to protect the worker.
Provide hats and long

shirts to protect outdoor
workers against the sun.
Note: If there is a provision within the workplace health and safety regulation for
your state about any hazards identified then they must be controlled in the way
specified by the regulation. Similarly, if there is a Code of Practice about any of
the hazards you have identified then you must do what the code of practice says
or adopt and follow another way that gives the same level of protection against
the risks whilst the law does not demand compliance with codes of conduct,
insurance providers do, and no-compliance with these will either result in
significantly increased insurance premiums or voiding of the insurance cover.

Page 59 of 100
Student Workbook
Learning activity: Risk treatment options

select an issue and then apply the hierarchy of control to develop options.
Issue ........................................................................................................................
Hierarchy of control
Options
Can you eliminate the risk?
Can you reduce the risk? For

example, by substitution.
Can you isolate the risk? For

example, with guards and
barriers.
Can you reduce the risk by

control? For example, safe
operating procedures.
Then provide personal

protection according to
AS/NZ standard.
Page 60 of 100

Student Workbook
Learning activity: Risk controls in a shop-environment

You have a retail store and you know you cannot always be in front of the till, so
there is a risk that cash could be mishandled by store staff. Describe how you
could:
reduce the risk
isolate the risk
introduce control of some form.
Reduce
Isolate
Control

Page 61 of 100
Student Workbook
Learning activity: Hierarchy of control

In reference to the hierarchy of control, decide which option is the best
treatment for each of the risks you have identified in the earlier activity against
the scenario.
Assessing risk treatment options

When selecting the most appropriate treatment options for risk, the costs and
benefits of each treatment must be carefully considered. It is important to
consider all direct and indirect costs associated with each treatment, and both
tangible and intangible benefits.
However, the costs and benefits need to be considered in light of the risk rating.
The cost of managing a potentially catastrophic risk cannot simply be evaluated in
financial terms as the cost of failing to manage the risk could far outweigh the
initial cost of actions required to prevent its occurrence.
The following needs to be considered when choosing an appropriate treatment for
a risk:
acceptability to all
equity
administration efficiency
individual freedom
capacity compatibility
jurisdictional authority
continuity of effects
objectives
contracts
regulatory
cost effectiveness
risk creation
economic and social environment
timing.
Page 62 of 100

Student Workbook
Learning activity: Risk vs. freedom

Examine the list above and describe why you think equity and individual
freedom are included in the above list. It may be best to describe a control that
restricts a workers freedom in order to reduce risk in the workplace, and then
describe why this should also be considered from the individuals viewpoint.
Learning activity: Common business risks

Research the internet for common risks in the financial services sector and use
the table below to list practical ways to manage identified risks.
Risk
Control

Page 63 of 100
Student Workbook
Learning activity: Common business risks
Develop an action plan for treating risks

Plan early
Experienced operators know that risk management is a proactive process. It is not
the thing you do when a risk emerges because by then it may be too late. Effective
risk action plans are those that are part of the operations of the organisation.
Problems that start small can escalate into large threats, or a risk may appear
suddenly that threatens the reputation of the entire organisation. Having risk
management processes and planning in place when these happen could stop the
escalation and minimise the impact from the sudden disaster.
Learning activity: Risk timelines
Sketch a flow chart of a timeline for implementing a new product within an
organisation and identify at what points or phases, risk assessment would take
place.
Page 64 of 100

Student Workbook
Risk action plan

The risk action plan outlines how the risk is to be managed and a timeline for this
process to take place. It should include:
the risk
risk rating
treatment activity or controls
roles and responsibilities for those involved
timeline
monitoring arrangements.
See Appendix 1 for an example risk action plan template.

Learning activity: Action plans
Volunteering Australia uses a one page risk action plan, which can be found at
<http://www.volunteeringaustralia.org/files/NSJ4PVPMDM/Risk%20Action%20
Plan.pdf>.
Review the form, and describe when or how you could use a similar form in an
organisation where you are the risk manager. The key issue to describe is
whether you think this form is suitable for all risk planning and management
process, including your reasoning.

Page 65 of 100
Student Workbook
Internal control procedures

Internal control processes are an effective form of risk treatment for an
organisation.
When designing and implementing an internal control procedure it is important
that these fulfil at least one of the following
eight criteria.
Completeness that all records and

transactions are included in the reports
of business.
Accuracy the right amounts are

recorded in the correct accounts.
Accuracy
Authorisation the correct levels of

authorisation are in place to cover such
things as approval, payments, data entry
and computer access.
Authorisation
Validity that the invoice is for work

performed or products received and the
business has incurred the liability
properly.
Validity
Completeness
Existence of assets and liabilities. Has

a purchase been recorded for goods or
services that have not yet been
received? Do all assets on the books
actually exist? Is there correct
documentation to support the item?
Existence
Handling errors errors in the system

have been identified and processed.
Handlingerrors
Segregation of duties to ensure

certain functions are kept separate. For
example, the person taking cash
receipts does not also do the banking.
Segregationof
duties
Presentation and disclosure timely

preparation of financial reports in
conformity with generally accepted.
Page 66 of 100
Presentationand
disclosure

Student Workbook
Learning activity: Internal controls

For each of the internal controls listed below, describe or give an example of
what could go wrong if the control is not implemented correctly or thoroughly.
Completeness
Accuracy
Authorisation
Physical controls
Physical controls relate to security devices and measures designed to eliminate
unauthorised access to physical assets including the organisations sensitive
documents and records. Preventing access ensures that the assets are not used,
removed or destroyed without proper authority.
Examples of physical controls include the following.
Secured storeroom usually a fire resistant, thick walled room that is

lockable.
Having a stores clerk a person that is responsible for the movement of

supplies in and out of the store room, and ensuring that all movements are
recorded and stock takes balance.
Placing permanent identification codes on valuable assets this allows an

asset register to be created and stock takes to be done to identify missing
assets.
Using safety deposit boxes very common security device in banks. Can
be installed in businesses. Often require two people to open the box.
Password protection on electronic files this can be set at all levels

(logging on, into selected applications and access to selected files within
applications). Without the password, you cannot gain access.

Page 67 of 100
Student Workbook
Learning activity: Physical controls

As the operations manager, you have been asked to appoint a stores person to
monitor the movement of supplies and make sure physical stock takes mirror
the balances calculated from the source documentation of supply movement.
Explain how having a stores person appointed to the supplies process creates a
physical control over the supplies?
Insurance
Insurance involves paying premiums to share certain risks with another
organisation. Insurance should only be considered as a risk management option
when other treatments have not been successful in reducing a risk to an
acceptable level for the organisation. That being said, it is still an important part
of many risk action plans.
Generally, there are two types of insurance.
Life insurance management of the risk of death or disability.
General insurance covers the sharing of all other risks, e.g. property
damage, workers compensation, motor vehicle insurance.
Some insurance is required by legislation. For example, organisations that employ

staff must have workers' compensation, those that own motor vehicles must take
out compulsory third party motor vehicle insurance. Other insurances are
purchased at the discretion of the organisation, according to its determined
needs.
When investigating insurance you need to consider three things:
1. Which risks to insure against.
2. Which insurance company to insure with.
3. What level of insurance to obtain against the risk.
Page 68 of 100

Student Workbook
Choosing an insurance company

Your organisation can purchase insurance either directly from an insurance
company, or alternatively, it may be acquired through an insurance broker. An
insurance broker is often able to source insurance products that suit the specific
needs of an organisation, and can assist you in getting the best product for the
best price.
Always ensure that the broker or company you choose to deal with is known and
has a good reputation. If the company or broker you choose is not well known,
check the Australian Prudential Regulatory Authority to make sure they are
registered.
Choosing a Policy
When evaluating and selecting an insurance product, you should consider the
following questions.
What insurance do you need? Does the policy meet your requirements
or are you paying for added extras that you dont need?
Have you read the policy carefully, including the fine print? What is
covered for and what is excluded from the policy?
Do you have to pay an excess on a claim? Under what circumstances?
What is the limit applied to individual claims? Does a limit apply to
payouts in a single period?
Is the option of good replacement instead of cash available in the
policy?
Is property insured for the present market value or is an old for new
replacement provided as part of the policy?
Is the value you have insured the product for sufficient?
Have you provided all the necessary information?
Have you done all that the policy requires in order to maintain
coverage?

Page 69 of 100
Student Workbook
Learning activity: Risk insurance 1

Research the internet for types of insurance available for business risks (e.g.
theft, staff injury, compliance issues, fraud, fire, etc.) and briefly describe the
different types of insurance available.
Page 70 of 100

Student Workbook
Types of insurance
In order to reduce the risk to your organisation and its stakeholders, there is a
range of insurance policies available. The table following outlines some forms of
insurance policies and what they cover.
Insurance Type
Policy details
Workers compensation
Covers against:
employee injury
employee sickness or
employee death regardless of employers

negligence.
This is compulsory for all employers.

Motor vehicle
comprehensive
Covers against your organisations vehicles and the

damages they make to others property. This policy
covers:
theft
fire
legal cost.
Motor vehicle third

party
Covers against the damage made by your vehicles to

other peoples property. The insured car is only
covered against fire or theft.
Contents Insurance
Protects against damage or destruction by:
the causes stated in the building insurance policy
theft.
It is important to identify if the policy provides

compensation for only the depreciated value of
insured items or reinstatement or replacement, in
which case the new replacement cost will be paid.
Consequential Loss
Covers against loss of profits follow the occurrence of

a specified incident (e.g. fire) until it is able to resume
business.
This type of policy must be regularly reviewed to
ensure the amount of lost profits is up to date and
takes into account inflation. The insured period during
which payments are to be made should be long
enough that it allows for the re-establishment of
business.
Professional indemnity
Insures against the legal liability arising from

professional negligence when an organisation claims
to provide reliable advice which proves detrimental to
the person receiving it.

Page 71 of 100
Student Workbook
Insurance Type
Policy details
Building insurance
Covers against damage to structures owned by the

organisation. This may include damage caused by:
fire
animals
storm
aircraft
tempest
earthquakes
lightning
riots
explosion
malicious acts
impact by vehicles
flood.
This usually covers only the depreciated value of the

building insured at the time of loss. It does not cover
the cost replacement of the building as this requires
reinstatement or replacement insurance.
Public liability
Covers the organisations responsibility to pay

compensation to persons and other than employees
who:
suffer injury
damage to property
die.
This policy only covers the above incidents when they

are due to the organisations negligence and take
place either on its premises or due to its operations.
Manufacturers liability
Page 72 of 100
Covers manufacturers against claims arising from

defective products, which are unfit for the purposes
which they were sold (even to benefit charity).

Student Workbook
Learning activity: Drivers vs. insurance

An organisation has insurance for damage to vehicles, so long as the registered
staff drivers are licensed, over 25, and have not been the responsible party in
an accident within the last three years. Outline/draft a simple checklist-based
form that could be used within the organisation for potential drivers to complete
each time they collect company vehicle keys form the administration office.

Page 73 of 100
Student Workbook
Learning activity: Credit card risk

Most banks and financial institutions offer some kind of fraud or misuse of
credit card insurance for card-holders, with a few provisos. Describe some
common requirements (i.e. risk management controls for the financial
institution) that are expected of card-holders in order to qualify for the insurance
cover. You should come up with at least two simple requirements, but may
come up with more, by reviewing the ANZ Security Centre at the URL below.
<http://www.anz.com/auxiliary/security-centre/fraud-security-centre/protectyourself/online-security-tips/>
Page 74 of 100

Student Workbook
Learning activity: Risk insurance 2

Research the internet for Australian insurance providers that would suit the
scenario provided. Identify three that you think you could use, and explain why
each is suitable.
INSURANCE PROVIDER
HOW PROVIDER IS SUITBALE
INSURANCE PROVIDER
INSURANCE PROVIDER

Page 75 of 100
Student Workbook
Workplace adjustment
Sometimes it can be necessary to make adjustments in the workplace to
accommodate people with a disability. Adjustments can be undertaken in a
number of different ways, some of which are outlined below.
Selection
process
Work area
design
discuss potential changes to non-core requirements of

position
applicants may ask a friend to attend to interview
prove a signing interpreter for hearing impaired employees if

needed.
make physical changes to workplace, for example:

o movement or adjustment of furniture
o adjustment of lighting
o lowering benches.
Job design
exchange certain tasks to aid people with disabilities:

o e.g. telephone duties may be exchanged for filing
duties for someone with hearing impairment.
Flexible work
practices
Workplace
access
flexible work hours
regular breaks
working from home.
unobstructed access needs to be provided to all public use

areas . This may involve:
o the installation of ramps
o clear markings on steps
o provision of dedicated parking spaces near a
wheelchair accessible entrance
o lowered control panels
o accessible emergency phones in elevators.
Providing
equipment
a telephone typewriter (TTY)
voice recognition software
speech synthesiser.
Ensure the individual is insulted before purchasing equipment

as even people with similar disabilities may have different
needs.
Training and
development
Access to training and development opportunities needs to

be ensured for people with disabilities. This may be done by:
o conducting courses in accessible areas
o proving a signing interpreter.
Page 76 of 100

Student Workbook
Workplace Modifications Scheme

While the majority of employees with a disability wont require any workplace
modifications, for some the barrier preventing them from doing a job is that a
workplace doesnt accommodate them. Some might only need minor
adjustments to the workplace that can easily be made at minimal cost.
Sometimes whats needed is an adjustment to the work environment or some
special tool or technology that will enable them to perform a job to their full
potential.
For employers, the Workplace Modifications Scheme (WMS) aims to make
accommodating workers with disability in your workplace easier. Its a pool of
funds available to pay for the cost of any special equipment or adjustments that
are needed to accommodate an employee in a job.
Sometimes the help needed by an employee may be as simple as providing
them with an alarm wristwatch to remind them of when they need to do certain
tasks. Other times more complex solutions are needed to accommodate them,
such as building a wheelchair ramp to a workstation or installing special lighting
in the workplace.
The amount of funding available for each workplace modification usually isnt
limited, which means that theres flexibility to provide workplace solutions that
really meet the individual needs of both employers and employees.
Funding is available to help employers accommodate both new and existing
employees with disability. To be eligible, an employee must be employed for at
least eight hours a week in a job thats reasonably expected to last 13 weeks or
more.
Extract from An employers guide to employing someone with disability,
<www.workplace.gov.au>.
Learning activity: Risk management and workplace modifications

Research the internet to find an example of a disability within a work
environment, and an adjustment that was made to allow for the disability.

Page 77 of 100
Student Workbook
Section summary
You should now understand how to analyse and evaluate risk specifically, the
concepts of probability and consequence as well as risk acceptance.
Further reading
The University of New South Wales, 2010, UNSW Rick Consequence

Assessment Tool, viewed May 2010,
<http://www.fin.unsw.edu.au/files/forms/rmu/UNSW_Risk_Risk_Assess
ment_Tool.pdf>.
Australian Government, 2010, Risk Analysis, viewed May 2010,

<http://www.ga.gov.au/image_cache/GA10820.pdf>.
Work Place, Australian Government, 2010, An employers guide to

employing someone with disability, viewed May 2010,
<www.workplace.gov.au>.
Section checklist
determine likelihood of risk
assess consequence of risk
evaluate and prioritise risk
determine risk treatment options
develop an action plan for treating risks.
Page 78 of 100

Student Workbook
Section 4 Treating Risk

This section is looks at the implementation of the risk action plan developed in
the previous section.
Scenario: Treating, monitoring and evaluating the risk management process as
the new operations manager for the shoe repair chain
From the options developed previously, and in consultation with key
stakeholders, you determined the most appropriate risk management strategy
and actions for each risk. You then presented your risk management action plan
to the CEO who after consultation and discussion about monitoring the plan
made some adjustments. You were then asked to implement the plan.
Accepting the fact that all good plans need constant monitoring and evaluation,
you build control measures into the plan to help signal when actions are
delayed, ineffective or not being actioned. You rely on these control measures to
inform you when things are not going according to plan. You also instigate
internal and external audits to provide an extra dimension to the monitoring and
evaluation process.

implement the risk action plan
monitor the risk action plan
evaluate the risk management process.
Implement the risk action plan

Implementation of the risk action plan requires participation from the
organisation, and therefore should involve the following stages.
communicating the plan
documenting procedures
training.
Communicating the plan

A good starting point for implementation of the action plan is the communication
of the risk management process and strategies. It is essential that everyone in the
organisation understands the importance of risk management, who the key
people are and how they can contribute to the process.
Stakeholders make judgments on risk based on their perception. Their viewpoints
can significantly affect decisions made, so it is important that their perceptions
and opinions are documented and considered.

Page 79 of 100
Student Workbook
A communication plan should:
facilitate the exchange of information between stakeholders
be transparent, accurate and understandable
be useful.
Learning activity: Communicating the plan

Having developed your risk management action plan for the case study in
Appendix 3, describe an effective way to communicate it to the relevant
stakeholders.
Senior Management Support

For the risk management plan to be successful it is important to ensure the
support of senior management. This may be accomplished by:
obtaining the active ongoing support of the organisations directors and

senior management
appointing a senior manager or similar champion to lead the initiative
obtaining the commitment and support of all senior managers.
Page 80 of 100

Student Workbook
Learning activity: Gaining staff support

Describe three different ways that the support of staff in an organisation for risk
management practices can be obtained, that you would use as a manager
responsible for risk management in the workplace.
Communication with internal stakeholders

The organisation should ensure that its internal communication and reporting
mechanisms:
include processes to consolidate risk information from a variety of sources

within the organisation, taking into account their likelihood and
consequence
ensures all relevant parties are informed as to the key components of the
risk management framework, including any subsequent modifications
provide adequate internal reporting on the effectiveness and outcomes of

the framework
make relevant information derived from the application of the risk

management process available to appropriate levels of management in a
structured and timely manner
include processes for consultation with internal stakeholders.

Page 81 of 100
Student Workbook
Communication with external stakeholders

The organisation should develop a plan as to how it will communicate with its
external stakeholders. This should include:
engaging appropriate external stakeholders and ensuring effective

exchange of information
making legally required disclosures and other reporting to comply with

legal, regulatory and corporate governance requirements
providing feedback on prior communication and consultation
the use of communication and information to build confidence in the

organisation
communicating with stakeholders in the event of a crisis or contingency.
Learning activity: Communicating plans

Brainstorm a list of approaches that you can use to communicate risk
management processes to staff and stakeholders in an organisation, and
describe how each of these can be effective.
Page 82 of 100

Student Workbook
Documenting procedures
Your action plan will have identified areas where written procedures need to be
developed and documented. To effectively implement the plan, staff, volunteers
and management committee members need to work together to develop these
procedures. Existing and new procedures should be reviewed to ensure that they
are consistent.
Implementation of the risk management process will often require new policies to
be developed that include monitoring, evaluation and continuous improvement.
Every organisation needs to have a risk management policy framework to
document the processes and procedures required. This policy will become a key
document in the life of an organisation.
In general, when writing policy, you should keep in mind the size and specific
needs of the organisation. Policy should be clear and concise and should not
include lengthy processes or procedures that will be difficult to maintain or comply
with.
The structure for policy documents will vary from organisation to organisation, but
some common elements included are as follows.
Purposestatement
Thecontextofthepolicy,whyitisrequired.
Scope
Theapplicationofthepolicy(particularlocation,workgroup,etc.).
Procedure
Howthepolicyisimplemented.
Rolesandresponsibilities
Whoisresponsibleforwhatintheimplementationofthepolicy.
Legislation
Referenceanylegislationthatthepolicyspecificallycomplieswith.

Page 83 of 100
Student Workbook
Learning activity: Risk management policy

Identify a risk management policy or procedure for your training organisation
and describe how it assists the management of risk for the organisation.
POLICY
ASSISTS WITH RISK MANAGEMENT
A sample risk management policy can be found in Appendix 2.

Naming and securing documents
All documents produced in the workplace should be saved for future use and
reference. Commonly used formats should be saved as templates for efficient
access and creation of documents in the future.
Documents should be saved in accordance with organisational requirements
which may include protocols for naming documents to make their content
identifiable, and locations where particular documents should be stored for future
access.
Documents can also be saved with security measures implemented such as
password protection to prevent unwanted editing.
Ensure you know what the requirements are so that your document can be safely
stored and easily located again when required.
Page 84 of 100

Student Workbook
Learning activity: Organisational requirements for storage

What benefits are there in establishing protocols for naming documents? What
factors should be considered when storing documents, both electronically and
in printed format?
Training
It is highly likely your action plan will involve the introduction of new practices, or
changes to existing activities, so this will require training. It is a good idea to
ensure that this is carried out through the structures and processes that already
exist to facilitate training in your organisation.
Learning activity: Risk-reduction training
As the manager of risk for an organisation, you are responsible for ensuring that
new organisational activities are assessed for risk, and training is delivered to
affected staff to ensure that identified risks are managed as effectively as
possible. Describe ways that you could make training available to new staff in
the organisation to ensure that all staff have the same awareness of the
required safe work practices and risk management processes within the
organisation.

Page 85 of 100
Student Workbook
Responsibility
It is important that there is responsibility and authority within the organisation
when it comes to managing risks, including the implementation and continuation
of the risk management process and making sure that risks are competently
controlled. This may be done by:
placing specific people who are to be accountable for the development,

implementation and maintenance of the risk management process
specifying individuals with the role of implementing risk treatment,

maintaining risk controls and reporting relevant information
providing appropriate levels of recognition, reward, approval and authority.
Learning activity: Risk management responsibilities

Review the scenario in Appendix 3 under and then study the options outlined
below to determine who would best be suited to take responsibility for the task.
Briefly describe why you think they are most suited.
Task
Responsibility and why.
Prepare a new policy and

procedures on leather knife
storage.
Taking out insurance to cover

money kept overnight on the
premises.
Training staff on new cash

register procedures.
Fixing the broken tiles and

eliminating the trip points.
Issuing chain-mail gloves for

use with the leather knife.
Page 86 of 100

Student Workbook
Resources
The organisation should make sure that it allocates appropriate resources for risk
management. Examples of resources to be considered are as follows.
people, skills, experience and competences
resources specific to stages of the risk management process
information and knowledge
documented process and procedures.
Learning activity: Professional development

Another resource for risk managers in organisations is the use of professional
development, training and/or induction activities to assist staff to understand
their role and responsibilities in the workplace.
Identify two areas of development that you might outsource professional
development training for, and describe why.
Professional development activity
Reason
Professional development activity

Reason

Page 87 of 100
Student Workbook
Monitor the risk action plan

Monitoring and review are integral to the risk management process. Factors that
affect the likelihood and consequence of risk may change over time, as may the
costs of treatment options, so it is important to repeat the risk management
process cycle regularly.
Monitoring activities can include risk reviews, team meetings and progress
reports, which should be conducted regularly. Regular monitoring ensures that
mistakes made and lessons learned throughout the implementation of the risk
management process are incorporated into ongoing activities.
The progress of the risk treatment plans should be incorporated into the
continuous improvement system of the organisation as a key indicator of
performance. Continuous improvement refers to the ongoing efforts of an
organisation to improve processes.
Once your risk management process is in place, there are four elements to
maintaining the effectiveness of your risk management practices.
Identify one person responsible for risk management.
If it's everybody's responsibility, then it's nobody's responsibility
It is essential that one person be given responsibility for risk management within
your organisation. This person is usually known as the risk manager. In smaller
organisations, the risk manager will also have many other responsibilities, while
very large organisations may have someone whos only responsibility is risk
management.
Learning activity: Monitoring risk
Mossman municipal council has a risk management action plan which outlines
that managers and supervisors are required to record and review risk. Go to
<http://www.mosman.nsw.gov.au/file_download/149/risk-managementaction.pdf>, read pages 4 and 5 and describe how they are to involve others in
this process.
Page 88 of 100

Student Workbook
If you were a manager in this organisation, outline procedural steps you could
set-up and follow to help you fulfil your role in reviewing and reporting risk.
Keep procedures up to date

Circumstances change and therefore so should your risk management plan.
Experience gained from implementing risk management procedures can be used
to further refine those procedures.
Learning activity: Risk management documentation
Describe the typical documentation required in risk management, and explain
how it can be stored or saved for an organisation.

Page 89 of 100
Student Workbook
Re-assess risks
It is likely that the risks identified in the risk management process will change
over time, making it important to review the changes. To keep your risk action
plan up to date, you do the following.
Review it on a regular basis. At a minimum, this should be done at least

once a year.
Evaluate changes within your organisation and its environment. This may
include new legislation relevant to your organisation, taking on new roles,
acquisition of new equipment, or creation of new positions.
Learning activity: Risk management review

Mossman Municipal Council has a risk management action plan which outlines
a review structure for a list of risk areas identified. View pages 5 and 6 of the
document, which can be found at
<http://www.mosman.nsw.gov.au/file_download/149/risk-managementaction.pdf>. Based on the plan, estimate the review period you would put in
place for each of the items listed below, and state your reasoning.
Risk area
Review period
Reason
Assets & infrastructure

footpaths
Assets & infrastructure

street furniture
Legislative compliance
New projects and special

events
Page 90 of 100

Student Workbook
Report on risk management

The risk management process should include reporting as its final step, to ensure
it is current. Reporting on risk should include:
identification of any new risks
the effectiveness of existing risk management process
the occurrence of risks during the reporting period.
Risk reports should be filed and used in regular reviews of risks and procedures.
Risk reporting can occur in different formats and at different points in the risk
management cycle. The table below provides details of different reports that can
be produced by organisations to assist the risk management process.
Risk profile
Risk treatment
report
This report offers a quick reference point to determine an

organisations overall risk exposure. It can be used to
track risks and the factors the can cause risks to change,
as well as the effectiveness of treatment activities. This
report should include:
description of risk
risk rating (current and previous where applicable)
changes that have occurred and reasons for them
improvements or changes to treatment actions

required.
This report provides information about the status of a

prescribed risk treatment action or activity and its
effectiveness. It should include:
description of risk
risk rating
description of treatment action or activity
assigned timelines/completion dates
person/s responsible
current status.
Emerging risk report This report is used to highlight anticipated risks or add
new risks to the risk register, which assists in keeping the
risk register current in between formal risk review
processes. It should include:
description of risk
risk rating
causes of risk
expected impact or consequence
treatment action plan.

Page 91 of 100
Student Workbook
Learning activity: Risk management reporting

Consider you are in a role as a manager of risk management processes. In the
course of your work you identify a risk to the organisation and eliminate the risk
entirely. Describe what benefits there are to your organisation in reporting the
risk, even though it has now been eliminated.
Learning activity: Organisational risk management

Research the internet (Australian university and government organisations
usually have policy documents online) for an organisational risk management
policy and procedure document. Describe who is responsible for the enactment
of the risk control strategies in place in the document, and how you think it is
monitored. Include a copy of the policy document in your workbook.
PERSON/POSITION RESPONSIBLE
MONITORING PROCESS
Page 92 of 100

Student Workbook
Learning activity: Risk management monitoring approaches

Research three different approaches that can be taken to monitoring risk
management strategies and describe the positives and negatives of each for
the business environment.
Monitoring approach
Positives
Negatives
Evaluate the risk management process

So, what are measures of success in a well managed risk process? Here are some
things to look for:
A decline in residual risk values.
Progress towards a specific project objective.
The extent of implementations of risk treatments.
Decline in total cost of risk.
Senior management are understanding and supportive.

Page 93 of 100
Student Workbook
The various risk reports mentioned earlier, if produced well, should provide great
insight into the success of the risk management process. Your evaluation should
include a review of these reports, and take note of any repeated issues,
inadequate treatment actions or significant variances in expected impact of risk
as opposed to the actual impact.
Learning activity: Success
Name some metrics that you think would identify a successful implementation
and monitoring of the risk management process.
Section summary
You should now understand how to implement and monitor a risk action plan, and
Further reading
NT WorkSafe , 2010, Northern Territory Government, Risk Management

Plans, viewed May 2010,
<http://www.worksafe.nt.gov.au/corporate/bulletins/pdf/0610/09.01.11.pdf>.
Turbit, N., 2010, Project Perfect, Risk Management Basics, viewed May
2010, < http://www.projectperfect.com.au/info_risk_mgmt.php>.
Section checklist
implement the risk action plan
monitor the risk action plan
Page 94 of 100

Student Workbook
Glossary
Glossary
Term
Definition
Consequence
The outcome or impact of an event.
Control
A process, policy, device, practice or other action that acts to

minimise negative risk.
Event
Occurrence of a particular set of circumstances.
Hazard
Source of potential harm.
Likelihood
The extent to which an event is likely to occur.
Loss
Any negative consequence or affect.
Monitor
Check, supervise or measure the progress of an activity, action or

system on a regular basis.
Risk
The chance of something happening that will have an impact on

objectives.
Risk analysis
Systematic process to understand the nature of and determine the

level of risk.
Risk assessment
The overall process of risk identification, risk analysis and risk

evaluation.
Risk evaluation
The process of comparing the level of risk against risk criteria.
Risk
identification
The process of determining what, where, when, why and how

something could happen.
Risk
management
The culture, process and structures that are directed towards

realising potential opportunities whilst managing adverse affects.
Risk
management
process
The systematic application of management policies, procedures

and practices to the tasks of communicating, establishing the
context, identifying, analysis, evaluating, treating, monitoring and
reviewing risk.
Risk reduction
Actions taken to lessen the likelihood and/or negative

consequences associated with a risk.
Risk retention
Acceptance of the burden or loss, or benefit of gain, from a

particular risk.
Risk sharing
Sharing with another party the burden or loss, or benefit of gain,

from a particular risk.
Stakeholders
Those people and organisations who may affect, be affected by or

perceive themselves to be affected by a decision, activity or risk.
Treatment
The process of selection and implementation of measures to

modify risk.

Page 95 of 100
Appendices
Student Workbook
Appendices
Appendix 1: Risk action plan template
Risk
Page 96 of 100
Assess Risk
(L, M, H, E)
Controls
Monitoring
Timelines
Responsible

Student Workbook
Appendices
Appendix 2: MacVille risk management policy

Purpose
Risk is inherent in all business activities. The aim of this policy is not to eliminate
risk, rather to manage the risks involved in all MacVille activities to maximise
opportunities and minimise adversity.
Effective risk management requires:
a strategic focus
forward thinking and active approaches to management
balance between the cost of managing risk and the anticipated benefits
contingency planning in the event that mission critical threats are realised.
Policy
MacVille will maintain procedures to provide a systematic view of the risks faced
in the course of our business activities.
Establish a context: The strategic, organisational and risk management

context against which the rest of the risk management process in MacVille
will take place. Criteria against which risk will be evaluated should be
established and the structure of the risk analysis defined.
Identify Risks: Identification of what, why and how events arise as the
basis for further analysis.
Analyse Risks: The determination of existing controls and the analysis of

risks in terms of the consequence and likelihood in the context of those
controls. The analysis should consider the range of potential
consequences and how likely those consequences are to occur.
Consequence and likelihood are combined to produce a priority rating for
the risk.
Treat Risks: For higher priority risks, MacVille is required to develop and
implement specific risk management plans including funding
considerations. Lower priority risks may be accepted and monitored.
Monitor and Review: Oversight and review of the risk management system
and any changes that might affect it. Monitoring and reviewing occurs
concurrently throughout the risk management process.
Communication and Consultation: Appropriate communication and

consultation with internal and external stakeholders should occur at each
stage of the risk management process as well as on the process as a
whole.

Page 97 of 100
Appendices
Student Workbook
Identify risks
Analyse and evaluate

risk
Monitor and review
Communication and consultation
Treat risk
Page 98 of 100

Student Workbook
Appendices
Appendix 3: Scenario Shoez

Review
Shoez, a shoe repair chain, operates 10 stores in the CBD and suburbs of
Brisbane, Queensland. The CEO Jeff Harding has appointed you as the operations
manager. You are no stranger to management but mostly at departmental level
for international organisations, with some time spent in sales and marketing
management. One role specifically required in your job description is to manage
the risks that could impact on the Shoez operations.
A meeting with Jeff in the first week confirmed his requirement of you to review,
analyse, plan and monitor the risks of the Shoez organisation. Jeff wants you to
report directly to him on the risk management process but also encouraged you to
also speak with the stores liaison person Jenny Clerk and the accountant Sue Lee.
Jeff thought it may also be beneficial to contact his accountant Brown and Davis
and of course the store managers, although they were only really concerned about
achieving their sales budgets and getting their commissions.
Jenny was constantly reminding the store employees about the OHS issues
relating to other staff and customers. Sue did the payrolls and was constantly
pushing the managers to provide the appropriately authorised paperwork. Jeff
said that the accountants were keen to see safe guards instigated for cash
control.
Jeff wanted you to undertake this task so that you could get significant insight into
the Shoez operations and develop and implement a plan to reduce the risk
exposure of the organisation. He also said that he needed an ongoing risk
monitoring process instigated as well.
According to Jeff, the areas that had been underperforming and were primary
areas of risks concern were the human resources management, financial
operations and OHS. These are the areas he wanted you to focus on in your
management.
Internal and external environment
After discussing Shoez with the key stakeholders and doing some external
research you identify the following significant issues.
Jeff spoke about a new law that was being introduced by the Federal
Government that will impact on the way that he has been paying his staff
with some of their pay earned on commission.
Jeff showed a report from a survey where people rated their shoes as the
second most important dress item for the successful business person and
that business people were choosing the high quality shoes that they would
repair rather than replace.
Brown and Davis spoke about the latest Point of Sale cash registers that
would improve stock and cash control in the Shoez stores.
You noticed that the location of the Shoez stores was always in the
prominent and highly trafficked parts of the shopping centres.
Sue said that she was not able to get all the staff records for pays and
employees details from the store managers and this made processing
difficult and meant that they were not compliant.

Page 99 of 100
Appendices
Student Workbook
Brown and Davis explained that the old cash registers did not have the
features that could help eliminate fraud.
Jenny spoke about the flooring where the staff worked and customers were
sometimes required to access. The ceramic tiles were broken and covered
up with a thin mat, but still presented a trip point to customers and staff
alike.
Brown and Davis had spoken about a large chain in New South Wales that
were planning to expand into Brisbane in the next 12 months.
Jeff said that while 10 stores was a good number, there is another 20 good
locations in Brisbane that want Shoez as part of the shopping centre
assortment.
You noticed that the stores were looking old and the decor has been out of
fashion for over five years.
Brown and Davis explained that the growth in the older age portions of the
Brisbane population was a positive indicator for the Shoez business.
Research findings
Store manager reports, together with your interviews with the other key
stakeholders identifies the following risks.
Broken floor tiles creating a trip point for staff and customers.
Wet floors on rainy days making it slippery for staff and customers.
The store has extremely sharp knives used to cut the leather.
Banking not always done every day leaving cash on the premises.
The staff member balancing the cash registers also prepared the bank
deposit book and banked the cash.
Some stores had sizable banking amounts that were banked by the junior
staff member.
Staff records were kept in the individual stores in the bottom drawer of an
unlocked filing cabinet.
One question on the staff records asked for a full medical history of the
employee.
Timesheets sent to head office were not always authorised.
Page 100 of 100


Student Workbook

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Student Workbook

Enviado por

Direitos autorais:

Formatos disponíveis

Manage risk

BSBRSK501A Manage risk

Part of a suite of support materials for the

BSB07 Business Services Training Package

Published by: Innovation and Business

First published: June 2010

Section 4 Treating Risk .................................................................................... 79