SUMMATIVE ASSESSMENT 2

Project 1
 Design, develop and document a risk management plan related to:

o the reduction of accidents, illness or incidents relating to worker or general public safety

o the prevention of operational discontinuity

o the need for new or innovative improvement/ changes in processes or procedures (and the
associated risks)

o environmental impact issues—including resource use and management

You might choose another risk area relevant to the organisation for which you work. If you do you will
need to describe the organisation and the risk being addressed in terms of industry sector requirements.
If you are not working the risk management process might apply to a fictional organisation that you
describe in detail.

Explain why and how you would initiate and implement the risk management plan and:

1. Establish the context and scope of the plan.

2. Identify the risk/s.

3. Analyse the risks.
4. Select, plan and document risk management treatments.
5. Explain the implementation monitoring and evaluation processes.
Format your risk identification, analysis and improvement plan/ proposal (or action plan) in a manner
that would be accepted by senior management. Ensure that all risk scenarios are addressed and catered
for.

Submit:
o the plan

o research results and tools used in the assessment process and in the plan design

o any relevant support information, charts, graphs, statistics etc

The plan must clearly describe the risk/s, proposed actions, resource needs, responsible persons, time
frames, deadlines, expected outcomes and success metrics.

Alternative assessment
If you are currently employed in this field, to assist with assessment, and if you can verify that these are
entirely your own work, you might submit any of the following:
 o written reports on activities that you have undertaken and that are directly associated with risk
management

o a portfolio of evidence showing a range of risk management strategies that you were instrumental
in developing and implementing

o assessment of the outcomes relevant to risk treatments that you have managed or overseen

o third party workplace reports of on-the-job performance—to show that you can establish the risk
context, identify risks, analyse risks, and select and implement treatments

o performance review results relevant to participation in and management of risks

o notes, electronic data and hard copy information related to presentations you have made
informing teams and individuals of risk management processes

Your assessor will determine how well this documentation meets the assessment requirements and will
ask you a series of verbal questions relating to relevant documentation and legislation.

The assessor will document your responses.

A risk is an event or condition that, if it occurs, could have a positive or negative effect on a
project's objectives. The purpose of the Risk Management Plan for southwestern University is to
establish the framework in which the project team will identify risks and develop strategies to
mitigate or avoid those risks. The attached document is a Risk Management Plan of
Southwestern University. This is a project done to identify and control a wide range of campus
related health, safety, property, and other operational risks by a group of members chosen to do
so.The name of the project is Safety Office Research
 [Title]

微软中国

[Subject]

[Publish Date]
TABLE OF CONTENTS
INTRODUCTION ................................................................................................................................ 5
SCOPE .............................................................................................................................................. 6
ROLES AND RESPONSIBILITIES ......................................................................................................... 6
RISK IDENTIFICATION ...................................................................................................................... 7
RISK PRIORITIZATION AND CATEGORIZATION ................................................................................ 9
RISK RESPONSE PLANNING .............................................................................................................. 9
INTRODUCTION

A risk is an event or condition that, if it occurs, could have a positive or negative

effect on a project’s objectives. The purpose of the Risk Management Plan for
[Subject] which a group of team of members in Southwestern University, is to
establish the framework in which the project team will identify and control a wide
range of campus related health, safety, property, and other operational risks and
develop strategies to mitigate or avoid those risks. This plan also defines how risks
associated with the safety office will be recorded, and monitored throughout in the
organisation.

ThisRisk Management Plan includes the following sections:

 Scope-This is a risk management approach which decides on how to approach

and conduct the risk management activities for the project
 Roles & Responsibilities – Defining how each team role contributes to
managing the risk process
 Risk Identification – An initial and continuous effort to identify, quantify and
document risks as they are identified.
 Risk Prioritization & Categorization – Evaluate identified risks to determine
probability of occurrence, impact, and timeframe.
 Risk Response Planning -Establish an action plan for risk and assign
responsibility.
 Risk Monitoring, Controlling, & Reporting – Capture, compile, and report risk
using the Risk register
SCOPE
This Plan applies to every person who works for Southwestern University and the
basic risk management approach for [Subject] is to identify critical risks and take
necessary action before issues arise that impact organisation objectives. Many
different tools will be used as part of this strategy.

The approach taken to manage risks for this project will include a methodical process
by which the selected team in the universitywill identify, score, and rank various
risks. Risk information identified by the team will be entered into the risk register.
The project director will maintain the risk register, and risk information will be a
principal topic in all [Subject] status meetings. New risks will be reviewed to
determine if mitigation action is required. The most likely and highest impact risks
will be added to the project plan to ensure that the assigned risk managers take the
necessary steps to implement the mitigation response at the appropriate time during
the project. Risk managers will provide status updates on their assigned risks in
bi-weekly project team meetings, but only when the meetings include their risk’s
planned timeframe. Upon completion of the project, during the closing process, the
senior project director project director project director will analyze each risk and
review the risk management process. Based on this analysis, the senior project
director project director project director will identify any improvements that can be
made to the risk management process for future projects. These improvements will
be captured as part of the lessons learned knowledge base.

ROLES AND RESPONSIBILITIES

The table below provides an overview of the Roles & Responsibilities for the
[Subject]Risk Management activities.

Role Responsibilities
Business Analysts  Assists in identifying and determining the context,
consequence, impact, timing, and priority of the risk
Project Director  Chairs the risk assessment meetings
 Coordinates with Risk Managers to determine if the risk is
unique
 Identifies risk interdependencies across projects and
verifies if risk is internal or external to project
 Assigns risk classification and tracking number
 Continually monitors the projects for potential risks
throughout the project lifecycle
 Analyzes any new risks that are identified and add these
items to the Risk register
 Role Responsibilities
Risk Manager  Coordinates with the Senior project director project
director project director to identify the risks, the
dependencies of the risk within the project, and the
context and consequence of the risk
 Determines the impact, timing, and priority of the risk
 Formulates the risk statements
 Monitors and controls risks that have been identified
 Reviews and updates the top ten risk list [timeframe, as
needed, every two weeks, etc.]
 Escalates issues& problems to management
Risk Owners  Determines which risks require mitigation and
contingency plans
 Generates the risk mitigation and contingency strategies
and performs a cost benefit analysis of the proposed
strategies
 Monitors, controls, and updates the status of the risk
throughout the project lifecycle
 Aids in the development of the risk response and risk
trigger
 Carries out the execution of the risk response, if a risk
event occurs
 Participates in the review, re-evaluation, and modification
of the probability and impact for each risk item on a
weekly basis
 Identifies and participates in the analysis of any new risks
that occur
 Escalates issues/problems to PM that significantly impact
the projects triple constraint or trigger another risk event
to occur
 Highlights risks that require action prior to the next
weekly review
 Identifies and escalates risks where strategy is not
effective or productive (causing the need to execute the
contingency plan)
Other Key  Assists in identifying and determining the context,
Stakeholders consequence, impact, timing, and priority of the risk

RISK IDENTIFICATION

Risk identification will involve the project team, and appropriate stakeholders, and
will include an evaluation of environmental factors, organizational culture and the
project management plan including the project scope, schedule, cost, or quality.
Careful attention will be given to the project deliverables, assumptions, constraints,
Work Breakdown Schedule, cost/effort estimates, resource plan, and other key project
documents.

The following methods will be used to assist in the identification of risks associated
with
[Subject]:
 Expert Interviews
 Risk Assessment Meetings
 Historical Reviews of Similar Projects
 Brainstorming
 Interviewing
 SWOT (Strengths, Weaknesses, Opportunities and Threats)
 Diagramming

The Risk register will be updated as needed and will be stored electronically in the
project library located at the office of the Vice Chancellor.

The following are the General Categories of Potential Risks/Hazards identified:

1. Facility or property related
a. fire safety
 b. equipment
 c. electrical
 d. slip/trip/fall
 e. access/egress
 f. general housekeeping
 g. public safety - security
2. Process, task, equipment related
 chemical
 biological
 physical hazards
 material handling
 equipment/tools/machines
 slip, trip, fall
3. Environmental
 floods, natural disasters – emergency response
 air, land, water pollution
 hazardous waste
4. Liability
 event related
 transportation
 youth interaction
5. Others
 workplace violence
  harassment
 drugs/alcohol

RISK PRIORITIZATION AND CATEGORIZATION

In order to determine the severity of the risks identified by the team, a probability and
impact factor will be assigned to each risk. This process will allow the senior project
director project director project director to prioritize risks based upon the potential
impact to the project.

As risks are assigned a probability and impact, the senior project director project
director project director will move forward with risk mitigation/avoidance planning.

The probability and impact of occurrence for each identified risk will be assessed by
the senior project director project director project director, with input from the project
team using the following approach:

Probability
 High – Between80%and 100% probability of occurrence
 Medium – Between 20% and 79% probability of occurrence
 Low – Below 20% probability of occurrence
Impact
 High – Risk that has the potential to greatly impact H
project cost, project schedule or performance M
Impact

 Medium – Risk that has the potential to slightly L

impact project cost, project schedule or L M H
performance Probability
 Low – Risk that has relatively little impact on cost,
schedule or performance

Risks that fall within the Red and Yellow zones will have a risk response plan which
may include both a risk response strategy and a risk contingency plan.

RISK RESPONSE PLANNING

Each major risk (those falling in the Red & Yellow zones) will be assigned to a risk
owner for monitoring and controlling purposes to ensure that the risk will be
addressed and managed appropriately.

For each major risk, one of the following approaches will be selected:
 Avoid – Eliminate the threat or condition, or avoid impact to the project
objectives by eliminating the cause. The project plan may need to be altered
to account for the risk avoidance. Avoidance may be achieved by changing
scope, adding time, or adding resources.
  Mitigate – Identify ways to reduce the probability or the impact of the risk.
These steps may be costly and time-consuming, but could be preferable to
allowing the risk to go forward in an unmitigated state.
 Accept –The project team accepts that the risk exists and makes no change to
the project plan to address the risk. No response strategy is identified.
 Contingency –Define actions to be taken in response to risks.
 Transfer – Shift the consequence and ownership of a risk by making another
party responsible (buy insurance, outsourcing)

The senior project director project director project director will lead the project team
in developing responses to each identified risk. As more risks are identified, they
will be qualified and the team will develop the response. These risks will also be
added to the Risk register and the project plan to ensure they are monitored at the
appropriate times and are responded to accordingly.

For each risk that will be mitigated, the project team will identify ways to prevent the
risk from occurring or reduce its impact or probability of occurring. This may
include prototyping, adding tasks to the project schedule, adding resources, etc. Any
secondary risks that result from risk mitigation response will be documented and will
follow the same risk management protocol as primary risks.

Risk Monitoring, Controlling, and Reporting

The Risk register for [Subject] is a log of all identified risks, their probability and
impact to the organisaton, the category they belong to, mitigation strategy, and when
the risk is estimated to occur. This register will be created in the early planning
phase of the project. Based on the identified risks and timeframes in the risk
register, applicable risks will be added to the project plan. At the appropriate time in
the plan prior to when the risk is most likely to occur the project manager will assign
a risk manager to ensure adherence to the agreed upon mitigation strategy.

The level of risk on [Subject] will be tracked, monitored, controlled and reported
throughout the project lifecycle. The most likely and greatest impact risks will be
added to the project schedule to ensure that proper monitoring occurs during the time
of risk exposure. As risks are added to the project schedule, a risk manager will be
assigned. During the bi-weekly project team meeting, the risk manager will discuss
the status of their assigned risks. Only risks which fall in the current time period will
be discussed. Risk monitoring will be a continuous process throughout the life of
this project.

Critical risks will also be assigned a risk owner(s) who will track, monitor, and
control their assigned risks. The risk owner will also provide a weekly status report to
the project manager and risk management team. This report should contain an
assessment of the effectiveness of each risk response action.
As risk events occur, the list will be re-prioritized during weekly reviews and risk
management plan will reflect any and all changes to the risk lists including secondary
and residual risks.

The senior project director project director project director will notify the project
sponsor of important changes to risk status as in the weekly project status report.

Activity 3
 Who are an organisation’s stakeholders and why should they and their issues be identified?
(300–350 words)

An organisations stakeholders are people who have a genuine interest in or are

affected by and impacted by any proposed changes within the organisation. They can
include; owners and directors, managers, employees, suppliers, customers and
consumers, government agencies, the general public & environment, business
sponsors and financiers along with the local community. You as an organisation have
a duty of care to ensure all stakeholders are communicated and consulted when
changes are needed. The issues will differ between the two types of stakeholders:
Internal and External. Internal are employees, external are public, suppliers etc.
For all types of organisations, customer needs and expectations are of paramount
importance. This is important to consider by means of terms of risk because
individuals and groups in society have become more assertive and intune regarding
the duty of care and ethical and environment impact of an organisations profile.
Businesses seen as taking unsupported risk with shareholder money tend to gain a
reputation and run the risk of losing public, supplier and employee support.
Each type of stakeholder also has different communication processes and risk
management solution requirements. Having all parties participate in identifying issues
means you encourage compliance and individual responsibility. By maintaining open
and honest comments, providing good leadership by encouraging discussion and
active listening you will make sure stakeholders feel valued and stakeholders can
contribute great ideas, energy skills, assist in identifying risks and know of steps to
effectively manage them. Risk Management involves all stakeholders also. Especially
with employees, their issues should be identified, as they are usually the ones at the
front counter, on the warehouse floor, or in the works depot where the major nitty grit
of the organisation processes happen. Each group has important influence towards the
Companies future Strategies, goals and Risks and the organisations performance with
them.
4.1 When considering organisational risk it is important to review the political, economic, social, legal,
technological, and policy context. Comment on the influence/ impact each of those factors has on an
organisation’s risk profile—the risk scope and context. (500-700)
Risk management systems provide protection to an organisation, its owners, directors,
managers and employees. Many if the amazing discoveries of our century has come
from someone’s willingness to take a risk. But what a business needs to due, is
calculate how much risk they want to take, on and have a strategy to handle what risk
brings. The influence and impact of factors on an organisations risk profile comes
down to several factors. Each factor whether on a local or global scale are;
Political - Externally it can relate to legislative changes, unrest, change of
government, corruption. It could also relate to climate change and employment issues.
Internally is can relate to management of politics, staff satisfaction, organisational
structure. These can all have a huge impact/influence on and organisations risk
profile.
Economic - this will affect all businesses, economic downturns, recessions will
impact, Trading will be affected, which flows down to employment and profitability.
Social - this can relate to changes in target markets, purchasing behaviours, customer
perceptions and expectations, trends, ethical investment, management of suppliers and
manufacturers. Social factors will especially be important to retail businesses.
Financial fluctuations can also affect this. Its important for an organisation to
regularly research and investigate customer and consumer needs.
When organisations are not aware of and able to adapt to changes and trends, are at
risk of losing their competitive edge and customer base.
Legal - can range from legal, regulatory, ethical compliance, product safety,
promotion and ethical business expectations, methods of transacting, import/export
legalities, health and safety legislation, equal employment opportunity and
anti-discrimination legislation, social justcie. All organisations should be aware of
their responsibilities regarding communicating changes so employees are aware. They
also know that legislation can change or it can be amended. Failure to comply though
can result in bad publicity, damage to consumer trading, even closure and legal
fees/fines.
Technology - this can be a high risk area, as its constantly changing and evolving.
This can include security of files and servers, maintenance and reliability of
equipment and security measures, training and usage of equipment, applying new
technology are all influences that will have impact.
The risk scope means the type of risk and the context of the risks for the following:
Specific business areas, Specific projects, Specific business functions, The external
environment, the internal environment, commercial relationships, competitor activity,
economic circumstances and scenarios, human behaviour, individual activities,
legislation, management control activities, natural events, political circumstances,
technology, health and safety.
Determining that scope of risk is important to ensure that the plan is correctly targeted
and the resources are used in an effective manner to achieve the outcomes needed.
Scope and context are linked.
In creating the context, this defines the scope for the risk management, it sets the
criteria to what risks need to be assessed. It should stem from the organisational
objectives. Considering along with it; past history of the business, the prior
knowledge and experience of senior management, what resources are available,
external environment factors and uncertainty.