Professional Documents
Culture Documents
BSBRSK501 Risk Management LG
BSBRSK501 Risk Management LG
Manage risk
Learner Guide
Page |2
BSBRSK501
Manage risk
Table of Contents
Table of Contents...................................................................................................................................3
Unit of Competency............................................................................................................................5
Performance Criteria...........................................................................................................................6
Foundation Skills.................................................................................................................................7
Assessment Requirements..................................................................................................................8
Housekeeping items................................................................................................................................9
Objectives...............................................................................................................................................9
1. Establish risk context.......................................................................................................................10
1.1 – Review organisational processes, procedures and requirements for undertaking risk
management in accordance with current risk management standards in accordance with current risk
management standards........................................................................................................................11
The legislative framework.................................................................................................................13
The Act..............................................................................................................................................13
Regulations.......................................................................................................................................14
Codes of practice...............................................................................................................................14
Standards Australia...........................................................................................................................15
Legislation.........................................................................................................................................16
Learning Task 1..................................................................................................................................21
1.2 – Determine scope for risk management process...........................................................................22
Define the scope...............................................................................................................................24
Learning Task 2..................................................................................................................................28
1.3 – Identify internal and external stakeholders and their issues........................................................33
Learning Task 3..................................................................................................................................36
1.4 – Review political, economic, social, legal, technological and policy context..............................38
The economic system........................................................................................................................39
The social system..............................................................................................................................40
The political/legal system..................................................................................................................40
The technological system..................................................................................................................43
The policy context.............................................................................................................................44
Learning Task 4..................................................................................................................................45
Unit of Competency
Application
This unit describes skills and knowledge required to manage risks in a range of contexts across an
organisation or for a specific business unit or area in any industry setting.
It applies to individuals who are working in positions of authority and are approved to implement
change across the organisation, business unit, program or project area. They may or may not have
responsibility for directly supervising others.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Performance Criteria
Element Performance Criteria
Elements describe the Performance criteria describe the performance needed to
essential outcomes. demonstrate achievement of the element.
2. Identify risk 2.1 Invite relevant parties to assist in the identification of risks
2.2 Research risks that may apply to scope
2.3 Use tools and techniques to generate a list of risks that apply
to the scope, in consultation with relevant parties
4. Select and implement 4.1 Determine and select most appropriate options for treating
treatments risks
4.2 Develop an action plan for implementing risk treatment
4.3 Communicate risk management processes to relevant
parties
4.4 Ensure all documentation is in order and appropriately
stored
4.5 Implement and monitor action plan
4.6 Evaluate risk management process
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the
performance criteria that are required for competent performance.
Reading 1.1, 1.4, 1.5, 2.2 Comprehends a variety of relatively complex texts
Gathers, interprets and analyses textual
information from a range of sources to identify
relevant information
Writing 1.6, 1.8, 2.1, 2.3, 4.3 Develops textual material and organises content
in a manner that effectively documents risk
management analysis and assessment priorities
and processes
Interact with 1.8, 2.1, 2.3, 4.3 Establishes and uses appropriate conventions and
others protocols when communicating with stakeholders
about risk management
Consults and negotiates with stakeholders about
risk management processes and outcomes
Get the work 1.2, 1.3, 1.5, 1.7, 2.1, 2.2, 2.3, Sequences and schedules a range of routine and
done 3.1, 3.2, 3.3, 4.1, 4.2, 4.4, 4.5, complex activities, monitors implementation,
4.6 evaluates processes and manages relevant
communication
Systematically analyses information to decide on
appropriate risk management treatments
Uses digital technologies and systems to access
information, document plans and communicate
with others
Assessment Requirements
Performance Evidence
Analyse information from a range of sources to identify the scope and context of the risk
management process including:
o Stakeholder analysis
o Political, economic, social, legal, technological and policy context
o Current arrangements
o Objectives and critical success factors for the area included in scope
o Risks that may apply to scope
Consult and communicate with relevant stakeholders to identify and assess risks, determine
appropriate risk treatment actions and priorities and explain the risk management processes
Develop and implement an action plan to treat risks
Monitor and evaluate the action plan and risk management process
Maintain documentation.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Knowledge Evidence
To complete the unit requirements safely and effectively, the individual must:
Outline the purpose and key elements of current risk management standards
Outline the legislative and regulatory context of the organisation in relation to risk management
Outline organisational policies, procedures and processes for risk management.
Assessment Conditions
Links
Housekeeping items
Your trainer will inform you of the following:
Where the toilets and fire exits are located, what the emergency procedures are and
where the breakout and refreshment areas are.
Any rules, for example asking that all mobile phones are set to silent and of any
security issues they need to be aware of.
What times the breaks will be held and what the smoking policy is.
That to get the most out of this workshop, we must all work together, listen to each
other, explore new ideas, and make mistakes. After all, that’s how we learn.
o Smile
o Be on time
Objectives
Discover how to establish risk context
1.4 Review political, economic, social, legal, technological and policy context
1.6 Document critical success factors, goals or objectives for area included in scope
1.8 Communicate with relevant parties about the risk management process and invite
participation
Purdy (2011) in the Risk Management Magazine wrote that the five
steps to the implementation of ISO 3100:2009 would be:
1. Changing the paradigm for risk and risk management – ISO 31000 interprets risk
“being the uncertainty that lies between us and our objectives” (Purdy, 2011). Taking a
top down approach to risk management, risk will become a key component of an
organisation’s ability to determine and achieve its objectives. Risk is neither positive
nor negative, it is just risk.
2. Take stock – Make sure that the risk management framework is designed to suit the
internal and external context of the organisation. This means that both the systems and
processes should be assessed and ensures that all elements that are missing are
introduced to the framework.
3. Evaluate your maturity – The organisation has to make sure that the treatment of risks
is effective. Goals, targets and benchmarks should be used, to ensure that risk
management processes and systems are effective.
4. Develop your plan to start – If you have not already developed a plan to start risk
management, you should do so as a strategy to engage management in the risk
process, as this will increase the success of the program.
5. Develop your plan to keep it going – Every few months, management will usually
become complacent, believing that the risk management plan is no longer important,
as other projects take their attention away from risk management. For risk
management to work, it must become embedded into key business processes, making
management accountable for the reviewing and assurance of risk management
controls.
1
Australian Standards/New Zealand Standards
2
International Standards Organisation
These processes need to be addressed both professionally and at an organisational level, so that
accountability is reinforced; this is evidenced through self-assessment processes in the organisation’s
performance management processes.
For any risk process to succeed, it must be supported from management; all levels of management
should be made aware of the big risks in the organisation. The difference between AS/NZS 4360:2004
and ISO 13000 is that reporting is required on risk management, not on risks. After all, if an
organisation’s approach to risk is defective, any report of the risks it faces must be treated with
suspicion (Purdy, 2011).
Every State/Territory has its own WHS Act and Regulations. These are shown below. Currently, WHS
Law within Australia comprises of both State/Territory and Commonwealth Legislation. For legislation
within your State/Territory, please refer to the following table:
NT WorkSafe www.worksafe.nt.gov.au
SA WorkSafe www.safework.sa.gov.au
WA WorkCover www.workcover.wa.gov.au
The Government of Australia and her States/Territories are currently working at harmonising the WHS
legislation and regulations in Australia. However, this is only a goal – current separate State/Territory
and Commonwealth Laws still apply.
WHS legislation found within this guide shall relate to Commonwealth Legislation including:
Work Health and Safety Act 2011 (Cth)
The legislative framework that you operate in usually stems from the requirements of:
The Act
Acts aim at ensuring that WHS is managed effectively in the workplace by ensuring that employees are
protected under both their Commonwealth and State/Territory law. The aim of The Act is not to affect
the operation of a State or Territory Act now in operation.
To assist employers/employees and other persons who require assistance, as per their
obligations under law
Regulations
Regulations provide you with a lot of structure within a statutory framework that has been created by
Statute to give you details on how to implement legislation. Unless you can provide a better alternative,
regulations are mandatory.
Statutory notices
Codes of practice
Unlike with regulations – where you can be charged for not following them – codes of practice are
written to provide guidance on how to maintain a safe workplace. However, by demonstrating that you
are following a code of practice, you can provide sufficient evidence to demonstrate that you are
following the law. The code of practice based on the WHS Act 2011 (Cwlth) is the Work Health and
Safety Approved Codes of Practice 2011 (Cth).
The aim of the WHS Code of Practice is to assist organisations in interpreting the complete set of
previous 27 codes in an Australian workplace including the associated Australian Standards.
Mandatory – must
Law - the WHS Act
follow
Compliance
Legislative instruments -
mandated, unless
regulations, approved the
codes
same or better
of practice safety outcomes
are achieved
Guidance - Comcare SRC
guidance material, other
guidance No legal status
The approved codes of practice will provide you with guidance on how to meet your WHS Obligations.
Comcare can also provide guidance notes in WHS. Be aware that there are professional association and
other professional bodies that can provide you with guidance notes specific to your industry.
The aim of the WHS Code of Practice 2011 is to provide you with:
Easier to read and follow guidance
Look in the WHS Code of Practice (2011) on How to manage Work Health and Safety risks. The aim is
to provide you with practical guidance to:
Identify hazards
Control risks
Review controls
Keep records.
Standards Australia
A standard is how specifications and procedures are designed to make sure that methods and materials
are fit for the purpose intended. They are documents that are published to make sure that the
standards are consistent across Australia. These standards can be found at the SAI Global Limited and
can be purchased through the website: www.saiglobal.com.
Legislation
WHS legislation is provides employers with guidance on how they can meet their legislative
requirements.
Risk assessment
o Elimination
o Substitution
o Isolation
o Engineering
o Administrative
o PPE
Review the effectiveness of the risk management process in your workplace as part of
your organisations continuously improvement process.
The WHS Code of Practice (2011) aims to provide you with practical guidance for employers and
employees on how to meet their duty of care under the Act, with regards to the how to manage Work
Health and Safety risks. This learner guide will explain your responsibility under the Commonwealth
Work Health and Safety Act and corresponding Regulations. Note that you should also check your
State/Territory Act and Regulations for variations, to ensure that you know the legislation within your
State/Territory.
: www.comcare.gov.au
If the staff are not retrenched professionally and are not given an opportunity to find
other work, then the reputation of the organisation will be affected. If there is an
increase demand and they start hiring new staff, they may have trouble finding high
calibre staff due to the poor reputation that they have due to the way that the
retrenchments were handled.
o Because they are unable to meet the customers' needs their ability to make a
profit will be affected
Individual activities – these can include negligence, untrained personnel and those
unfamiliar with the organisation's procedures. Under WHS Law, employees have a legal
responsibility to ensure that they maintain a safe work environment. It is the
responsibility of the employer to ensure that the health, safety and welfare at work of
all employees and others who come on to the workplace.
When employees don’t act safely; the level of risk rises. When unsafe
behaviour is identified, steps need to be taken to correct the workplace.
The longer that the employee takes to learn the correct behaviour, the
greater the risk rises for the organisation.
demonstrates the incorrect behaviour, then the organisation needs to determine if the
level of risk is too high to retain their services. However, make sure that you are aware
of the correct organisational policies and procedures that you should follow.
o that incident reports are followed up with risk assessments as per organisational
and legislative requirements
o that all paperwork is processed to ensure that patterns in incidents are identified
and action is taken to minimise the chance of the incident occurring again.
Natural events – these are the effects of natural hazards such as floods, tornados,
hurricanes, volcanic eruptions, earthquakes and landslides. These types of hazards can
lead to financial, environmental and human loss. To counteract and minimise the risk
to an organisation and its employees, organisations – depending on the kinds of risks
relevant to an area – will put together a Natural Disaster Risk Management Plan that
encompasses:
Risk Identification
Risk Analysis
Risk Assessment
Risk Treatment
Existing disaster measures that are already in place should be continuously reviewed to
ensure that they are up-to-date in relation to change events and legislative
requirements.
A widely used tool for continuous improvement is the four step quality model – the
plan-do-check-act (PDCA) cycle, also known as the Deming Cycle:
o Check: Analyse the data from the small scale that has been implemented and
determine whether it made a difference
o Act: If the change is successful, then implement the change on a larger scale and
assess the results continuously. If the change process does not work, then you
will need to start the cycle again.
Other methods of continuous improvement include Six Sigma, Lean and Total Quality
Management (which emphasises team work), employee involvement, measuring and
systemising processes, and reducing cycle times, variations and defects.
For example, recent changes to industry laws increased the price of a product. Demand
for the product line decreased. The organisation maintained the same level of
production, with the belief that the level of demand is only short-term, based on
previous experience. Maintaining production levels and the increasing the price of the
product would elevate the level of risk for the organisation. If the customer is not
prepared to pay the price and if the organisation is unable to cut costs, then the risk of
the organisation needing to sell the product at a loss will rise. Therefore, this has
become a risk to the organisation.
Learning Task 1
What internal and external processes should you consider when you are preparing to review your
organisation’s risk management? Why?
Process Why?
Financial
Safety.
As a member of a team or in your role as leader, supervisor or manager, it is essential that you
understand the risk that your decisions or feedback, with regards to decisions, will impact on not only
on yourself, but also your organisation. Since globalisation in the early part of the 1990s, the level of risk
for many organisations has risen, threatening their overall continued existence.
For example, when the new WHS Act 2011 was introduced to Victoria’s workplace, many organisations
did not take initiative and introduce the new practices to the workplace. This form of risk was non-
compliance with government legislation, increasing security risks to both the organisation and staff.
Responsibility for the risk rests on the organisation/people that have control of it. This includes the
person who controls the budget, the spending and who is responsible for ensuring that decisions have
been carried out.
It is important that your organisation has in place a systematic and holistic approach to risk
management, to protect your organisation and its assets. Risk is defined under AS/NZS 4360:2004 as
“the chance of something happening that will impact on objectives”. Technically, risk is the probability
of a threat agent that exploits vulnerability and the results in impact on the business.
For example; your employees have been trained in WHS in the workplace. The vulnerability is that, even
though they understand WHS, they do not know when to start applying it. The trainer emphasised that
their duty of care started when they began work, so they did not report a ditch in the tarmac at the
main entrance until they started work. Heavy rainfall had cracked the tarmac where it had been laid
incorrectly. Overuse of the tarmac widened the crack into a ditch, over time.
They were busy and did not use their common sense. In the time between entering the workplace and
they starting work, a truck hit the ditch and rolled before it exploded, killing both the driver and his son
(who rode with his father that day).
Reflect on the financial risk the organisation would face. For example:
Employees failed their duty of care because they did not report the ditch when they
saw it.
The trainer did not train the employees correctly. The employees' duty should have
started the moment they entered the workplace.
The organisation, as the employer ,was negligent in that they did not provide both the
internal and external customer with a safe work environment
The organisation’s reputation was damaged, due to their failure to maintain a safe
work environment.
Each of these elements has a financial impact. The level of risk may include:
The level of responsibility the employees, trainer and organisation have, with regards
to their level of negligence.
Whether the driver is found partially liable, if the truck itself was not safe. This may
include that the driver was aware of a leak in, say, his fuel tank – this was a risk and he
did not take steps to have the truck repaired. Sparking when the truck rolled over could
have caused the explosion, leading to the death of the driver and his son.
Irrespective of the level of risk, there is a clear demonstration of negligence from all parties. As a
consequence, the organisation is at risk financially from:
1. Its inability to train its staff correctly and thereby
maintain a safe workplace
Many organisations would not be able to survive this financial burden and, in most instances, would be
closed down. Calculating the risk of this scenario requires an understanding of likelihood and
consequences but, even more importantly, the cost to the organisation.
Costs can be as straightforward as repairs to a fault and medical costs; these are quantitative values to
costs in the form of loss of reputation, market shared, unrealised customers and other intangibles.
Defining the scope of risk is not easy. All risks need to be recognised and, if required, quantifiable. The
scope should provide details of processes regarding risk and the deliverables. A major part of this
requires that a risk analysis is performed for your work site; this necessitates that you identify and
assess risks that may jeopardise your organisation’s processes and ongoing success.
The analysis of the worksite forms the basis of your Risk Management Plan. The rest of Section 1 in
this Learner Guide shall identify:
Your stakeholders
The impact the external environment will have on your organisation within the industry
that you work in
The process of obtaining support to ensure the ongoing success of the organisation.
As with any other aspect of good organisational management, it is essential that you obtain and
maintain support of organisational members. Obtaining their feedback and ideas allows them to create
ownership for the risk management process. Studies demonstrate that when people take ownership of
a program, there is a higher level of success for that program.
We have now considered the types of risk that may affect an organisation. The scope of the Risk
Management Plan needs to consider what the plan may apply to and the variables that may impact on
the scope.
Specific business unit or area – many laws have been designed that are industry
specific. When planning a risk management plan, care should be taken to ensure that
you consider this industry specific legislation. For this, you should consider a subject
matter expert as a stakeholder or as someone to refer to when you are unsure about
aspects of your Risk Management Plan. These subject matters may include specific
functions, such as:
NT WorkSafe www.worksafe.nt.gov.au
SA WorkSafe www.safework.sa.gov.au
WA WorkCover www.workcover.wa.gov.au
role within the organisation is; policies and procedures will assist you in clarifying
your accountability and to whom. If you are not sure about either your
accountability or your level or authority, you should consult with your supervisor
or a member of your team.
This definition touches on the bare minimum for Corporate Governance. To find
out more information on Australian Corporate Governance, refer to the
Australian Corporate Governance website:
http://www.governanceinstitute.com.au/
External environment – the external environment includes other players who have an
impact on the decisions you will make. The external environment consists of:
o Competitors
Internal environment – there may be times when your partner’s internal processes are
in conflict with your own. When on a customer’s work site, their risk management
processes must take precedence over your organisation’s processes. Internal processes
may include policies, procedures and practices that include identification, assessment,
control or reporting of risk.
This does not mean that you should not ignore your own organisation’s procedures. In
most instances of your organisation’s historical records, you should still follow your
organisational procedures. This is to assist future individuals undertaking a similar
project in the preparation and management of their own project.
Whole organisation – the context of a risk management plan will assist in establishing
the whole risk management plan for the organisation. This means that you need to
make sure that you include:
o How the operating environment will impact on the risk assessments conducted,
including the process of defining the context as part of the planning process.
Before developing the context of the risk assessment, you need to consider all of the above so that you
have a clear picture of the level of risk your stakeholders will be exposed to. Once you consider the
internal and external environment and the different scenarios that may impact on your organisation,
you will have a clear, broad perspective of the scope the Risk Management Plan that you are
developing.
The context will assist you in defining the purpose and importance of the scope for your organisation
and how risk assessments will take place. The scope will help define:
What areas should be covered
How much analysis you will need to complete the assessment safely
The environment that the risk assessment operates in and how it will impact on the
way in which the risk assessment is performed
Learning Task 2
Demonstrate your understanding of the scope of a risk management plan by reflecting on the level of
risk in your organisation. When identifying the scope of risk, what area(s) do you need to consider?
Areas of the Scope What do you think should be considered within the scope?
WHS
Corporate Governance
Spend time with your trainer discussing the variances in your answers. What differences are there?
Do you feel that the internal environment will impact on these variances? Why? Why not?
Using the information that you have gathered, outline the scope of the risk assessment by briefly
outlining:
The environment that the risk assessment operates in and how it will impact on the way in which the
risk assessment is performed.
Use the space below to add information if you require more space. Make sure that you have sufficient
information, as it will be used to answer the rest of the learning activities.
Take the time to work out what each party’s interest in risk management is and use it to determine their
objectives.
Employees need to be protected from risk. They require information that will assist
them in ensuring that the workplace is safe. Risks and the procedures on controlling
and/or minimising the risk should be made available to them. Employees need to be
kept up-to-date on safety issues and changes to legislation that will impact on their
practices. Employers must communicate changes to employees and provide training
when necessary.
Internal Investors:
Management:
Management needs to ensure that they balance providing support for the
employees with being accountable for working within their budget. Risk
management decisions should address the safety of staff and working
within their allocated budget. They need to make economic decisions
while ensuring that their team is not placed at risk.
Customers purchase the goods and services that the organisation either produces or
sells. They may be other organisations or individuals. When the customer purchases
your product, it is essential to make sure that the product is safe. Customers need to be
confident that they are not at risk.
Suppliers:
In the same instance, suppliers need to make sure that the products that they sell are
free of risk.
Creditors:
Government:
That all taxes are paid, and appropriate industry laws are
followed and adhered to.
Now that you know what a stakeholder’s interest in your organisation is, you should change their
interests into objectives. Be aware that these objectives will become an important part of the context of
the Risk Management Plan. It is through these objectives that you will be able to plan your risk
management plan.
Your stakeholders’ objectives need to be identified, depending on the nature of their relationship with
you and who they are.
Consulting with stakeholders to determine objectives. You could use contracts and
agreements to assist you in identifying these objectives.
When developing a risk assessment, take the time to reflect on your plan to ensure that the
event/situation and the existing elements that may have an impact on the level of risk that the
stakeholders are exposed to are clear. Make sure that each stakeholder is aware of the elements that
may impact on their decisions. The success of any planning rests on ensuring that the information
provided is clear and up-to-date. Stakeholders can then make informed decisions that will, in turn, assist
you in developing the policies and procedures for the Risk Management Plan.
For example, weather conditions of previous years indicate that staff will be exposed to minimal risk of
rock slide on a building site. However, one of the effects of El Nino saw an increase in rain fall over the
summer. Dried dirt has shifted and the chances of a mud slide over the winter period have increased.
Your contractor is concerned that the level of risk has risen and the equipment left on-site shall be at a
higher level of risk also.
Stakeholders would weigh the cost of insurance, putting in placing more safety practices and the cost of
replacement. The priority of this risk would rise as the chances of rain causing a mud slide rose. By
ensuring that the stakeholders have a report on the after effects of El Nino, stakeholders’ decisions
would be more informed and the budget and time allocated to minimising the risk would be varied
according to their responses.
Learning Task 3
Briefly outline a project or activity that you are involved in.
Using the project or activity described above, who are your stakeholders? Are they internal or external
to the organisation? What variables may impact on their decisions? What decisions may they assist in
that will impact on the Risk Management Plan? The variables must have an impact on the decisions that
they are making.
Internal (I)
Or
Stakeholders Variables Types of
External
(E)
Internal (I)
Or
Stakeholders Variables Types of
External
(E)
1.4 – Review political, economic, social, legal, technological and policy context
The successful management of any organisation or individual project or group of projects rests on the
ability of your organisation to adapt rapidly to the pressures of the external environment. Once your
stakeholder has made a decision on an event, whether they are an owner or a worker, your
responsibility does not cease to exist. In a global market that is static, you need to have the ability to
scan the environment and identify areas that will impact on your organisation or project.
Time is a highly regarded commodity and you are not able to spend too much of it studying the market
so that information you can present information (if so required) to make a decision that will change the
procedures of the organisation. You need to have a method that will allow you to understand both the
external environment and the interconnections between its various sectors, and translate the
understanding to planning and decision-making processes.
This activity can be done through environmental scanning. Brown and Weiner (1985, p. ix) define
environmental scanning as “a kind of radar to scan the world systematically and signal the new, the
unexpected, the major and the minor”.
Keep managers up-to-date – information should be timely and should give managers
time to identify changes in market trends, market conditions and any other variables
that will impact on the final decision.
The way in which information is provided will vary between organisations, according to the industry of
the individual organisation; it will also vary according to the procedures and requirements of the
management team and stakeholders who will have an impact on the decision-making process. The
scanning of the external environment can be completed internally or externally. Employees may be
required to scan the market to identify changes to trends. External organisations or bodies may be used
to monitor the external environment. These external bodies may include stakeholders, professional
associations and government bodies.
The type of information gathered will vary. However, the streams of information gathered in the
external market will usually include:
The economic system
The economic system is the organisation of the economy to allocate scarce resources. It is governed by
the needs of the individual departments. Resources are allocated according to their priority of the
organisation. For example, if your organisation has been audited, with regards to its WHS, and the
report stipulated that your organisation was not fully complying with the law, then quick action would
be taken to correct the safety of your internal and external customer. This may mean that the
organisation’s budgets would need to be reviewed and reallocated, due to the reprioritisation of the
decision-making process.
This example clearly demonstrates that decisions about resource allocation impact on the decision-
making process. Decisions of an economic nature can be influenced by:
The decision making structure of the organisation
The incentive structure, which uses recognition and rewards, to encourage human
resources to build their skills and take ownership of their roles and responsibilities,
allowing management to fulfil other roles. This could also be part of the social system
also.
Economic systems are usually divided through the way in which economic inputs (the means of
production) and the decisions made about the inputs.
Socialism.
The capitalist economic system is concerned with the production of profit maximisation through
investments and competition with other business owners. These systems may be both regulated and
unregulated.
The socialist economic system produces goods and services upon demand and ensures that sufficient
production is carried out for this end. This system is based on capital accumulation seeking to control or
direct the system through state ownership or cooperative control.
The social system is initialised through empowerment. Empowerment is the process of increasing the
capacity of individuals or groups to make choices and transform those choices into desired outcomes
and actions. (PovertyNet, 2011).
Organisations can also be influenced externally by including consumer attitudes and behaviours, which
will invariably depend on the age of the consumer, the type of consumer and whether they are
professionals, trade workers or admin staff, etc.
The Liberal
party of the centre right
Party
The National
a conservative party representing rural
Party of
Australia interests (formerly the Country Party)
The
Australian left-wing and environmentalist party
Greens
State parliaments are subject to the federal constitution and their state constitutions. A federal law
overrides a state law. In most instances, the relationships between the states and commonwealth are
formerly responsible. Local government bodies are developed by legislature at both the state and
territory level. This is a brief outline of Australia’s political system. For a more thorough explanation,
refer to: http://www.australia.gov.au/about-australia/australian-stories/political-system-and-
institutions
The legal system in Australia has three sources that you may need to refer to. The sources are:
1. The laws that are made in parliament
2. Delegated legislation
3. The decisions made by judges in courts, that are published in volumes of law reports.
The legal system can be a complicated process and the task to finding the relevant law may be
difficult, even for a lawyer. The basic legal system in Australia consists of:
The fundamental belief in the rule of the law, where all people are treated equally
under the law
That the common law system is formed on the basis of the United Kingdom’s
jurisprudence
That the common laws system encompasses the law of precedence where judge’s
decisions are based on previously settled cases
Nine legal systems – the eight state and territory systems and one federal system
which incorporates three separate branches of government – legislative, executive and
judicial.
For a basic understanding of Australia’s legal system, it is best to start with easy explanations of the
relevant law. If you wish to find out more information about Australia’s legal system, refer to the
following URL Addresses:
For example, to remain competitive, an organisation will usually purchase an upgrade their technology –
such as computers or equipment – if there is evidence that the upgrade will have a positive impact on
their ability to meet their customers’ needs and increase sales.
The aim of the study of technological systems is to understand the links between technological systems
and economic growth. This linkage can be observed after your organisation purchases new technology.
If the organisation aims to improve productivity, then a purchase of equipment to allow the
organisation to meet the demand means they will be able to take a larger share of the market and
ultimately improve their profits.
Another way the organisation can improve their productivity and profits is through the improvement of
processes or the quality of their output. For instance, employees may identify a way to improve
productivity, by changing or eliminating steps in the development process without affecting output.
Eliminating steps in the production process will also improve productivity and more units will be
produced to meet customer demand.
However, due to the infancy of the technology, the price of the equipment would blow the
organisation's budget. In the same instance, a member of the organisation’s production team identified
a way in which to improve productivity, so that they are on par with the new technology.
Preliminary investigations have identified that the improvement in processes would save the
organisation a lot of money, in that they would increase productivity. The policy context comes into play
here when the processes of the organisation will have an impact on the final decision made.
2. New processes equal cost savings, empowered staff and improve productivity
equivalent to the new technology found in the equipment.
What may be obvious to you may not be so to others. Your organisation's procedures may be geared to
the procurement of new equipment. The stakeholders of the organisation may not believe that the
processes that the employees and to put in place will meet their goals. If you are manager, your goal
would be to change the mind of the stakeholder.
Learning Task 4
Using the project you briefly outlined in Learning Task 3, identify what information your manager may
ask you to gather in the following areas, to assist in making informed decisions about risk for the
project/activity.
Economic
Social
Political/Legal
Technological
Policy context
SWOT is an acronym for strengths, weaknesses, opportunities and threats which make up the four
factors of the SWOT matrix. The aim of this tool is to produce a model that can serve to provide
direction in the development, formulation and assessment of risk management plans. As an important
step in the planning process, many organisations tend to undervalue or omit it from the Risk
Management Plan.
The SWOT analysis is straightforward and easy-to-use. The four factors are divided into external and
internal issues. The organisation's risk management objectives can be obtained by analysing the
information gathered in the tool. The SWOT analysis can assist in identifying any potential obstacles to
the success of the risk management plan, as well as the flaws in the plan.
Risk management requires organisations to avoid, eliminate or, at the very least, minimise identified
threats and weaknesses. The organisation should scrutinise the weaknesses, to ascertain whether or not
it is possible to change them into assets. Identified threats should be examined to see if there are
opportunities to strengthen areas that have been eliminated.
The opportunities and strengths should be analysed to identify whether the threats and weaknesses
have met the organisation’s objectives.
SWOT Matrix
Risk management is also central to strategic management and some organisations utilise the SWOT
analysis tool by determining the benefits of each activity that they perform, in terms of risk
management. This is done by focusing risk management processes and determining the value of each
potential value the ultimate strategies will apply to the organisation. It makes the organisation consider
the potential success or failure each strategy that can be implemented and the impact that the strategy
will have on the organisation.
Risk management must be a continuous process that considers the past, present and future activities of
the organisation. The risks facing an organisation can result from both external and internal factors that
can impact on the organisation.
Some organisations consider these internal and external drivers and, at times, can overlap over both
areas. These can be further categorised into types of risk such as strategic, financials, operational,
hazard, etc.
When analysing the SWOT analysis, care should be taken to ensure that the final decision is aligned with
the organisation's goals. For example; a change within your industry is a strategic risk. Within that
change, your organisation may be called to change their procedures to ensure that safety standards are
maintained. To close any gap wrought by this change, a risk assessment should be performed to ensure
that the employer performs their duty of care of providing a safe work environment to their employees.
: www.theirm.org/publications/documents/Risk_Management_Standard_030820.pdf
Learning Task 5
Changes to environmental legislation calls for a rubber organisation to change the way in which excess
waste is disposed of. Complete a SWOT analysis of your industry.
Use the SWOT analysis to identify whether this is internally or externally driven. Briefly explain your
answer.
1.6 – Document critical success factors, goals or objectives for area included in
scope
Critical success factors (CSFs) is the term for an element that is necessary for an organisation or project
to achieve its mission. CSFs are those few things that must go well, to ensure success for an organisation
and, therefore, they represent those enterprise areas that must be given special and continual attention
to bring about high performance. CSFs aim to assist organisations in narrowing their results, and if their
results are satisfactory, the organisation will ensure the successful competitive performance for the
organisation (Rochart, 1979, p.84).
Your organisation's critical success factors need to match the areas that will assist the organisation to
succeed. CSFs need to maintain a high level of performance, so that the organisation’s current and
future needs are met. Grabowski and Roberts (1999) suggest that the following four factors are
designed to ensure the high level of performance that your organisation needs. These factors include:
Communication
Organisational culture
Trust
Galorath (2006) writes that the importance and essence of risk management requires five activities
that are:
1. Top management support
4. Cultural imperative
5. A pattern of measurement.
Critical success factors should correlate with the pattern of values, ideas and thoughts transmitted by
the symbols that shape the organisation’s behaviour. For example, management support demonstrates
a support for an initiative. In this instance, risk management is an important part of the organisation’s
culture. If management demonstrates the appropriate support for the organisation’s risk management
culture, then the level of team members who follow organisational procedures should increase.
The more information that is shared to the team, the greater the chance is that desired behaviour will
become organisation-wide. As more and more of the team start demonstrating and participating in the
risk management process, the clearer the organisation’s culture becomes.
The importance of culture within effective risk management is that knowledge transference requires
individuals to come together to interact, exchange ideas and share knowledge with one another.
Moreover, culture creates individuals who are constantly encouraged to generate new ideas, knowledge
and solutions (Muller, 2009).
The relationships developed within an organisation involve the building of the organisation’s structure.
Think about your own organisation. What common vocabulary do the teams share? How do they differ
from other organisations within your industry?
Trust is also another critical success factor. Trust is the “willingness of a party to be vulnerable to the
actions of another party, based on the expectation that the other will perform a particular action
important to the trustor, irrespective of the ability to monitor or control that other party” (Mayer, Davis
and Schoorman, 1995, p.711).
For trust as a critical success factor to succeed, it is essential that risk management processes include
cooperation and teamwork. Trust is an important prerequisite to “changing those related alliances, thus
mitigating risk, as organisations are unwilling to adopt alliance-like organisational structures that make
them vulnerable to the fluctuation of the environment” (McAllister, 1995).
To measure the success and/or failure of the organisation’s critical success factors, the organisation
must, according to the WHS Act 2011, maintain records of actions and dangerous occurrences. By
monitoring and reviewing the risk management process, the organisation will be able to provide
evidence that they are continuously maintaining and reviewing the effectiveness of risk control.
Completing documentation and keeping records in a systematic manner allows the organisation to
demonstrate that they are adhering to the WHS Act in their State and/or Territory.
These records can also assist management in identifying whether the organisation is meeting its needs,
with regards to the critical success factors.
For example, based on the three critical success factors discussed, measurement of success can be
demonstrated:
When employees demonstrate that they are following
the organisation’s culture by adhering to the safety
procedures in place
This trust is built on management’s ability to support their team and communicate changes, so that
their team members become empowered. In turn, they will be able to make informed decisions.
Conversely, constructive feedback and support can lead to the empowerment of management’s
subordinates. The aim of constructive feedback is to provide employees with information to improve
their actions, to create better results. For feedback to be useful, it is important to make sure that it is
actionable. This is an important management interpersonal skill.
To give constructive feedback to team members it is important to make sure that your feedback is:
Timely – Give feedback as soon as the behaviour is demonstrated.
Supported with positive words – Be positive and make sure that your choice of words
demonstrates a positive work environment. The receiver needs to know that they are
making a positive contribution to the risk management process.
Descriptive and gives facts – Stick to facts. Be clear and specific to ensure that the
receiver know and understands the issue and what their goals are. Make sure that the
receiver knows, for example, how their failure to act will impact on the organisation,
staff members and management. For instance, if you identify a hazard and do not
report it, a customer or a member of your team may be injured – this will have a
negative impact for management of the organisation, in terms of loss of business,
reputation, productivity or profits.
Aimed at supporting collaboration so that new ideas for improvement are devised –
Acknowledge all recipients’ efforts, even if they are not appropriate at the time. Failure
to acknowledge their input can lead to the failure of the recipients contributing in the
future.
Share vision – Help your team members to see the bigger picture by giving them access
to your organisation’s policies, procedures, mission, values and vision statement
Share goals and direction – Make sure that the team knows the direction of the group
and their connection to the rest of the organisation, so they obtain a sense of
belonging.
Trust people – Trust your team members to make the correct decision to meet these
goals. In turn, when they are given clear expectations, they will learn to trust and relax
you.
Provide information for decision making – Keep staff abreast with what is happening.
Informed decisions can only be made when team members are provided with up-to-
date information
Focus on the problem, not the people – What is the cause of the problem? Do not
automatically assume that a person’s actions are at fault. Is there a way in which
processes can be improved?
Listen and ask questions – Show respect and treat people how you prefer to be
treated. Ask questions and encourage team members to ask questions, to either
reinforce their knowledge or to clarify information
1.8 – Communicate with relevant parties about the risk management process
and invite participation
For everyone to be involved in the Critical Success Factors, it is imperative that they receive ongoing
support and training. This is part of an employer’s duty of care for each State and/or Territory. Effective
risk management plans have communication procedures in place that give clear expectations for staff.
Communication ensures that team members understand and support not only where the team is now
but also where they want to be (Clutterback and Hirst, 2002).
Communication needs to also be addressed, with regards to any party that has an impact on the Risk
Management Plan. Relevant parties may include:
All staff
Senior management
Technical experts.
Professionals, both inside and outside the organisation, also need to be informed about what is
happening. Communication does not only need to be verbal. It is essential for professionals to be
supplied with the information required to perform the correct tasks under the WHS Act as part of their
duty of care. Communication could include the update of procedures or required participation in
training.
It is also imperative to ensure that relevant parties are given a chance to clarify information, so that
they can improve the organisation’s channels of communication.
Team members need to use the communication process to understand their roles and responsibilities in
the risk management process. A clear understanding of the communication process is required so that
team members can be given an opportunity to see how their contributions impact on the organisation.
Learning Task 6
Under the table supplied below, outline the how your organisation has developed their procedures with
regards to the five critical success factors. If your organisation has no procedure in place, write N/A. In
the third column, write what procedures they should put in place if there are none. Where there are
procedures in place; identify a way in which procedures can be improved.
Procedures or improvements
Critical Success Factor Procedure
recommended
Organisational Culture
Organisational Structure
Trust
Management support
Communication
Identify risks
2.1 Invite relevant parties to assist in the identification of risks
2.3 Use tools and techniques to generate a list of risks that apply to the scope, in consultation
with relevant parties
A part of good management, with regards to risk management, is management’s ability to work in
consultation on the subject of promoting a safe and healthy workplace. Using the government
legislation that encourages the team approach to the consultation process creates effective
communication, which in turn improves productivity and encourages workers to build a sense of
ownership where their contributions are made.
Consultation with employees ensures that the organisation is proactive with regards to risk
management. Employers need to consult with employees during each step of the consultation process.
All types of hazards need to be identified and methods to eliminate or control the workplace
environment hazards and risks need to be created.
The WHS Acts and Regulations of each state and/or territory will contain legislation with regards to
consultation within your relevant State/s and/or Territory/ies. Even though they will vary in each State
and/or Territory, the following overview should be part of the consultation process including:
Workplace Health and Safety Officer are trained to identify risk and
to provide expert advice on hazards and the risks involved and the
ways in which to either eliminate or control the risk. They can also
clarify any areas in which the WHS representatives and committees
need assistance.
Regular meetings may be either a preventative measure against unsafe acts by the
education of employees on how to perform their job roles and responsibilities safely.
Staff, WHS committee and representative meetings should be held to ensure that
hazards and risks are eliminated or controlled as soon as possible.
Brief talks about hazards and risks on a regular basis. These talks may be either formal
or informal. The aim is to provide employees with up-to-date information and to ask if
they have identified any risks and hazards within the workplace. Talks may include
whether they have reported the risk or hazard and if the organisation has actioned
steps to minimise the risk.
Work groups include groups working together to meet a common goal. This could
include a whole department, an entire section or personnel from each department,
who work together to minimise a problem that requires different perspectives.
Job task training includes the training of employees to learn the tasks involved in their
job role. Specific attention will usually be aimed at ensuring that employees are trained
in WHS issues attached to the job task.
Note that each form of contact includes employers and employees consulting with each other. During
the consultation process, team members may use a variety of tools and methods to explore the options
that could be available to them.
Research is the search for knowledge through a systematic investigation, with an open mind, to
investigate ways to eliminate or control risk within the organisation’s procedures and legislative
requirements. The purpose of research is to discover, interpret and develop methods and systems with
regards to risk in a systematic manner.
For example, the repeated flooding of the shop floor in the back room, the WHS
representative gave the WHS Committee three recommendations with regards to
either eliminating or controlling the flooding. These recommendations may include:
o Purchasing a sign and allocating a staff member to maintain the area to minimise
the chance that anyone will slip;
o Hiring a pump to siphon the water into the drain behind the factory.
o Consequence analysis
o Influence diagrams
o Probability analysis.
You research the policies and procedures. The price of the equipment exceeds the
budget allocated for the department. The cost of a pump is negligible and suitable for
the short term. In today’s high pressured globalised economy, money is usually scarce
and reallocating a member of your team to maintain the area, to minimise risk, will
make your resources scarcer.
In your search, you find that your organisation prioritises all WHS issues as the highest
priority. Failure to meet your industry’s minimum standards and a record of a member
of your team being injured could have a negative impact on the organisation. As such,
it is important to make sure that your decision ensures that the WHS issue is resolved
as soon as possible.
As reassigning a staff member and pumping the water from the area is a short-term
resolution, you may need to either purchase a new unit or obtain a second opinion to
determine if there are other viable options. When you are trying to make a decision on
which avenue you will take, it is important to make sure that you are going to meet
your objectives, but also that your decision is not going to eat away at your profit. This
means that you may need to research through other avenues, such as those listed
below.
o Structured questionnaires.
You may even need to review them so that you can identify what methods have been
used to resolve a hazard or risk in the past. There are times when procedures become
obsolete, as technology evolves. However, over time the procedure that became
obsolete, may come back into currency under a completely different set of
circumstances.
Historical records of projects and activities can also be used to review the procedures
that may have been rejected in the past, but may prove current due to the changing
structure of the organisation.
Instead approach employees to find out if they have been exposed to a risk and/or
hazard. When a team member is familiar with a problem and how it was resolved, you
may either use their knowledge to resolve your organisation’s internal issues, or as a
starting point to resolve the organisation’s internal issues.
o Journals, such as industry journals, that may identify and explain how to resolve
industry risks and best practice to resolve hazards and risks inherent in your
industry; and
o Texts providing industry advice and assistance with ensuring that WHS standards
are maintained
2.3 – Use tools and techniques to generate a list of risks that apply to the scope,
in consultation with relevant parties
Once you have completed your research you should also work in consultation with the stakeholders
of the work area. This can include:
Employees
Owners
Suppliers
Investors
Contractors
Industry sources.
Any other relevant party should also be consulted, so that a list of risks can be identified. These risks
should be relevant to the scope of the risk management process. When gathering information, you may
find yourself handling a lot of data. To be systematic in your approach, you should take advantage of the
tools and techniques that are available to you.
Brainstorming aims to get personnel out of their comfort zone and come up with
innovative and different ideas to resolve problems. Make sure that staff are very clear
that no criticism is allowed during the brainstorming session. Take the time to make
sure that all incorrect ideas are clarified and employees know the limits of the problem.
o That one member of the team is assigned with writing ideas in your
organisation’s preferred format
o Give people time to generate ideas so that they can generate as many ideas as
possible
o Do not criticise and try to make sure that everyone contributes new ideas
Checklists. These are informational job aids, aimed at compensating for a human’s lack
of memory or attention. It can help you in performing the steps of a task in order and
can be used as a schedule. Checklists should be utilised to develop formal procedures
that can assist you in looking at the internal risk of activities.
Care should be taken when developing a risk, to ensure that you focus on a checklist
that helps you perform your task. They can be exhaustive. For this reason, you should
control how long they are.
Fishbone diagrams. These are also known as Ishikawa diagrams or Cause and Effect
diagrams and look like a skeleton of a fish, as shown below:
: www.project-management-skills.com/fishbone-diagram.html
Cause and effect diagrams can also be drawn to look like a tree. As with the fishbone,
the trunk of the tree or fish should lead to a final outcome. The large branches should
represent major categories and then the smaller links lead to smaller ideas that fall
under that category.
o Be clear
o Make sure that the cause of each category is added to the tree
Flow charts
Flow charts are representative of a process and are used to demonstrate the steps
involved in the process.
Note that each step in the process is divided by arrows that connect the symbols. Flow
charts aim to demonstrate the steps in a process and the visual of the flow chart will
allow you to view problems in the process, so that you can take appropriate corrective
action.
Flow charts can also assist you in identifying when there are areas that are inaccurate,
unnoticed and ignored. Flow charts do not have to be accurate; they just need to give
workers a pictorial diagram from which to work from. There are three main types of
flow charts and they are:
o High level flow charts used to map the major steps in a process for a good
overview.
C R M
H a is i
az
u k n
ar
s is i
d
o Detailed flow charts that demonstrate a step by step mapping of all of the
decisions in the process:
Hazard is identified
Yes No
Problem resolved
o Deployment flow charts that are organised by columns, each column is assigned
a person or department who is responsible for the process.
As a flow chart is developed, flaws shall come to light. Flow charts should be created
using different types of shapes which mean different types of steps in the process.
Shapes usually include: ovals, rectangles, diamonds and clouds.
o Completing the picture by filling the details between the start and end
o Identifying steps that do not add value or time lags, which may impact on the
steps of the process; and
o Passing the flow chart to other stakeholders involved in the process and obtains
feedback from them.
Flow charts must have a clear indication of each step of the process, so that everyone is
very clear on how the process works. When you complete a flow chart ask yourself the
following questions. If you answer “no” for any of these questions, you should review
the process.
4. Have any minor or major inputs from the brainstorming been viewed
in a cause and effect diagram?
Scenario analysis
Scenario analysis involves the assessment of various potential future events and the
development of scenarios that will be likely to pass if specific events took place.
Scenario analysis can be helpful in risk management by reflecting on your analysis of
the internal and external environment and determining the events that may impact on
your organisation’s risk management plan.
Based on the information that you acquire, you will be able to predict possible
scenarios that will impact on your Risk Management Plan. There are five steps to the
scenario analysis process. They are:
o Defining the problem – Know precisely what you want to achieve and when you
want to achieve it.
o Gathering data – Identify trends, key factors and uncertainties that may impact
on your plan. Use the information you would find in Section 1.4 of this Learner
Guide. Another name for the study of the external market is called the PEST –
political, economic, socio-cultural and technological factors that could impact on
your plan.
o Separating certainties from the uncertainties – Separate the factors that you
believe are certain to happen from the ones that you are uncertain about. Adopt
these certainties into the plan. Prioritise the uncertainties (from highest to
lowest) and consider what impact they will have on your plan.
o Using scenarios in your planning – Consider the scenarios and the level of risk
that they may have to your business and start to include them tentatively in your
planning process.
When developing these scenario plans, make sure that you use evidence to back up
your ideas. To presume is not sufficient grounds upon which to develop your plan.
Learning Task 7
(Note that the aim of this assessment is for you to demonstrate that you understand the research and
consultation process of a risk. You also need to identify tools and techniques that you believe are
appropriate for the research you are undertaking. You can use your own work environment to be more
specific in answering these questions, or you can be generic in your answers.) This means that you can
use your work environment to answer these questions.
Your organisation is considering the purchase of new robots for the production of your products. You
have been asked to research the risks involved in both using and the implementation of the robots.
What research methods could you use to determine the risks involved in using and implementing the
robots?
What tools and techniques would you recommend to determine ways to minimise any possible risk?
Why would you use these tools and techniques?
Demonstrate your understanding of the research process by using the space below and drawing a flow
chart to demonstrate the steps that you have just completed in this Learning Task. Review and discuss
with your team or teacher.
3. Analyse risks
3.1 Assess likelihood of risks occurring
3.1 – Assess
likelihood of
risks occurring
Once a list of risks has been
identified, you will
need to learn how to
analyse the level of
risk so that you can
identify how to
minimise, control or
eliminate the risk. It is
the role of your employer
to ensure that a risk
assessment is
conducted. Risk
assessments should
also be conducted when3:
3
All notes are taken from the Occupational Health and Safety Code of Practice 2008
When you consider the level of risk, you should consider the injury or disease causing the hazard. As the
level of risk rises, so too does the level of the hazards – this means that there will be more chance that
the risk will cause an injury. Part of your Risk Management Plan needs to address risk assessments. The
risk assessment needs to determine the likelihood and level of injury (severity) or disease that can result
from exposure to the hazard. When a hazard is identified, your employer should make sure that they
follow the regulations that deal with that hazard. There are usually specific regulations that deal with
the risk management of occupational electricity, driver fatigue, falls from heights, confined spaces,
construction and storage and handling of dangerous goods, noise and plant. When you are unable to
find any regulations for a hazard, then a risk assessment should be performed.
Environmental conditions
The work organisation – like rostering, shift arrangements and the pace in which work
should be performed
When talking about the likelihood, we are describing the probability or frequency of an injury or illness
occurring.
Risk Matrix
CONSEQUENCES Level of Risk
5 Fatality H E E E E
4 Major Injury H H E E E
3 Moderate Injury M M H H E
2 Minor Injury L L M H H
1 Negligible injury L L L M H
E
D C B A
Highly
Unlikely Possible Likely Very Likely
Unlikely
LIKELIHOOD
LEGEND
Remember, these may vary between states and territories. For the rest of this Learner Guide, risk
management shall draw from the federal WHS Act, 2011, WHS Regulations 2011 and the WHS Code of
Practice 2011. You should refer to the appropriate legislation of your State and/or Territory so you are
clear on the health and safety in your area.
Once you understand the likelihood of the hazard, you should also consider the consequences of each
injury in respect to its type.
Major or serious injury (serious damage to health that may be irreversible, requiring
medical attention and ongoing treatment). This is likely to involve significant time off
work.
Minor injury (reversible health damage that may need medical attention but limited
ongoing treatment). This means that it is less likely to spend more than a day off work.
Negligible injuries (might sustain slight injury and may require only primary first aid)
and no time off work.
Moderate Injury Consequence and possible likelihood form part of standard Risk Management, but you
can decide if they meet your requirements.
4
All notes are taken from the Occupational Health and Safety Code of Practice 2008
Disastrous
Severe
Moderate impact
Minimal impact.
If there is an uncertainty about the level of risk, or a lack of information about the level of exposure
to the risk after a risk assessment, your employer will need to consider:
Whether there is more information available
The records and data that should be reviewed including employee complaints, staff
turnover, unscheduled absences and sick leave
Whether the organisation's culture and the behaviour of its staff add to the risk, or are
the actual risk factor; and
The risk analysis is the study of the likelihood and consequences where you should ask:
What is the likelihood of an incident occurring?
The level of risk created by an incident is determined by the analysis of combined impact of likelihood
and consequence. To properly identify levels of risk, the best information can be found in the types of
areas that you researched in Section 2 of this Learner Guide and may have included:
Available records
Relevant experience
Research
Experiments.
Much of this information can be obtained through the consultative process that you have developed
with stakeholders, using the techniques discussed above.
There are three types of risk analysis. They are qualitative, semi-quantitative and quantitative. The type
of analysis that you do will depend on the data available. In practice, most organisations will generally
use qualitative analysis to obtain an indication of risk levels. It is only when more specific and precise
indicators are required that quantitative analysis is applied.
Qualitative analysis uses scales to analyse the likelihood of an event occurring and its consequences.
These can be used to analyse different risks in different circumstances by simply varying, adapting and
adjusting them to suit.
Qualitative analysis would be used in most cases. This type of analysis is used:
As an initial screening exercise, to identify risks that require more detailed analysis
Where the level of risk does not justify the time and effort spent on a more detailed
analysis.
Expression Attributes
In the same way, consequences arising from an incident occurring may be qualitatively measured. An
example of a consequence measure is:
Expression Attributes
A fatality Death
Minor injury (Reversible health damage that may need medical attention
but limited ongoing treatment). This means that it is less likely
to spend more than a day off work
Negligible injuries Might sustain slight injury and may require only primary first
aid, and no time off work
When the likelihood and consequence are put together, you have an example of the analysis matrix.
Risk Matrix
CONSEQUENCES Level of Risk
5 Fatality H E E E E
4 Major Injury H H E E E
3 Moderate Injury M M H H E
2 Minor Injury L L M H H
1 Negligible injury L L L M H
E
D C B A
Highly
Unlikely Possible Likely Very Likely
Unlikely
LIKELIHOOD
LEGEND
Risk analyses are usually aimed at the negative consequence of risk. The consequence measure
therefore reflects the losses and undesired outcome that might arise. However, risk management is
increasingly being applied to identify and prioritise opportunities, as the risk associated with not
exploiting an opportunity or embarking on a particular business strategy can be high. In many instances,
the ‘upside risks’ are potentially more serious than the risk that bad events will occur (i.e. the ‘downside
risks’).
When considering the opportunities, the likelihood measure need not change, as it will describe the
chance that a benefit will arise. The consequence measure must, however, be adjusted.
An example is as follows:
Expression Attributes
When risks and opportunities are being considered together, a two directional measure of consequence
may be appropriate.
-H -H -H -M M H H H
-H -H -M -M M M H H
-H -M -M -L L M M H
-M -M -L -L L L M M
Fatality
Fatality
Major
Minor
Minor
Major
Negligible
Negligible
Likelihood
H = high opportunity, detailed planning required at senior levels to prepare for and capture opportunity.
Another way to measure risk includes the hierarchy of control. The hierarchy of control will be discussed
in more detail in Section 4 of this learner guide.
There will be times when you will not have the skills, knowledge and experience to complete a risk
assessment of a work area. When this occurs, then you may need to consult with an expert. Expert
advice may include:
Federal, state and local government regulatory authorities
Once you have evaluated the level of risk, it is important that you develop a priority rating. This means
that the level and acceptability of risk associated with a given event should be based only on a
recommended timeframe for management of the risk, according to the assessment and on expert
advice. Once risk level has been analysed and evaluated, it is important to prioritise the risk. Risks
should be categorised into low, medium and high risks that will be create a risk priority rating. This can
also be called a risk profile.
o Proposed actions
o Resources required
o Responsibilities
o Timing
Preferred options for treatment of risks – Your organisation may have a preferred
treatment for risks. These should be considered when you are determining which
control measure or treatment you are going to recommend.
Management and staff will be in the best position to determine and evaluate the risk
profile of your organisation, operation, program, project or individual. Before
implementing a risk management strategy, you should spend time determining what
the risk profile will be.
Learning Task 8
Identify a hazard in the workplace. What is the hazard?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Complete a risk assessment for the hazard and answer the following questions. Use the tables
provided to answer the following questions:
Expression Attributes
What is the likelihood that an incident will arise from the hazard?
Expression Attributes
A fatality Death
Minor injury (Reversible health damage that may need medical attention
but limited ongoing treatment). This means that it is less likely
to spend more than a day off work
Negligible injuries Might sustain slight injury (may require only primary first aid)
and no time off work
If an incident occurs due to an incident, what rating would you give the incident?
Based on the answers to the last two questions, what is the likelihood and consequence of the incident?
-H -H -H -M M H H H
-H -H -M -M M M H H
-H -M -M -L L M M H
-M -M -L -L L L M M
Fatality
Fatality
Major
Minor
Minor
Major
Negligible
Negligible
Likelihood
Now consider the positive and negative consequences. Do you think the positives outweigh the
negatives? In your answer, make a recommendation on whether you believe that immediate action
should be taken and why?
4.1 – Determine and select most appropriate options for treating risks
There are times when the most effective control measure cannot be implemented immediately. Lack of
funds, resources or physical means that employers will need to identify and prioritise the
implementation of a control measure – this will be determined according to the organisation’s risk
profile for the hazard. High-level risks should be implemented before medium and low-level risks.
Remember, a risk profile is how the organisation rates the hazards, such as whether a risk is low,
medium or high level risk.
Your employer has a duty of care to ensure that employees have a safe work environment to work in.
This means that part of their Risk Management Plan is to eliminate the risk and, if they are unable to
eliminate the risk, they need to minimise it by:
Controlling employees exposure to the risk
To do this, employers should use the Hierarchy of Control pyramid. The Hierarchy of Control pyramid
aims to assist employers with the appropriate way in which to control risk. It includes:
The following section is adapted from the WHS Code of Practice 2011. Employers need to start at the
top of the hierarchy and work their way down. The hierarchy of control pyramid is structured in the
following way.
Lack of awareness
Stress
Fatigue
Elimination includes:
Removing trip hazards
The best time in which to use elimination is at the design stage of a process, equipment or plant. This is
referred to as a safe design; these practices are applied all at once and have a positive impact on health
and safety in the workplace. When no hazards exist, no risk, injury or illness exists. When elimination is
not appropriate, then your employer should minimise the risk by substituting or modifying he hazard.
If this is not
possible, then:
Substitute of smaller package or container to reduce the risk of manual lifting injuries
like back strain.
If this is not
possible, then:
The aim of isolation is to separate the employees from the hazard. This can be performed by putting up
signs and barricades or placing the hazard in a separate room; thereby removing the hazard from the
main work area.
If this is not
possible, then:
Engineering controls is the next control option to minimise risk within the hierarchy of controls.
Engineering controls includes engineering modifications to plant or to a system of work needing to be
changed.
If this is not
possible, then:
Administrative controls include changing procedures and practices to minimise risk. Administrative
controls should be used to back up and supplement other controls that have been put in place. These
control measures may be needed when your employer waits for the evaluation and implementation of
other control measures.
If this is not
possible, then:
The final control measure under the hierarchy of control pyramid is the use of personal protective
equipment (PPE). PPE should only be used when the higher control measures are not appropriate or
adequate. They can be used as a final barrier between the hazard and the employee. The use of PPE
may require your employer to make sure that you change your behaviour, as it does not control the
hazard. The PPE must be appropriate for the type of work the employer/employee is doing.
Employers should train employees and contractors in the correct use and maintenance of PPE.
Supervision would also be needed, to make sure that staff are compliant in the use of the Personal
Protective Equipment.
Learning Task 9
A member of your team is confused about the options under the hierarchy of control. Use the options
below to assist her in understanding the hierarchy of control pyramid. Briefly explain why you chose the
control measure/s you have.
This should include what the risk management plan is for. You
may even write a Risk Management Statement
What are the organisation’s goals? I.e. to ensure that the highest
levels of risk are identified and properly management, risk is
focused where it is needed.
How does your Risk Management Plan benefit your organisation? E.g. meet your legal
obligations
What is the organisation’s background and the areas where risk management has been
applied? E.g. may include policy and procedures, the use of specification, equipment
checks, tests and quality assurance.
How is your risk management plan structured? Who is responsible for individual tasks and
in what areas? Who is each party accountable to? Does your organisation, for example,
have a Risk Management Steering Committee?
How is the plan implemented? At what level is it implemented at? How is it documented?
What levels of risk are acceptable? How is risk management recorded and documented?
What contingency plans does the organisation have in place?
3.4. Timeframe:
The timeframe should consider who obtains copies of the Action and Risk Management
Plan? When? Other factors that may be included are: training, timeframes for review and
when documentation should be completed and submitted to the Board/Manager,
depending on the size of the organisation.
Most organisations review their plans annually and align it with their planning process.
Continuous improvement is a legislative WHS requirement, so organisations must
demonstrate that they are working to improve their operations.
In this section, you need to prioritise the importance of Risk Management, in terms of
how it can impact on the organisation. For example, if too many people are injured in the
workplace, the organisation’s reputation will be negatively affected.
This section should include the risk exposures present within the organisation, as
demonstrated by the above graph. The meaning of the graph includes:
o Residual risk – the remaining level of risks after risk measures have been
undertaken.
o Under action – A plan is in place for the action to be done, including who is doing
the plan, the resources needed, the costs and timing targets.
o Controlled – Refers to the level of risks that have been controlled and
maintained at an acceptable level.
o Based on the findings, the scope would probably need to be reviewed, so the
progress is maintained within the Risk Management Plan
A detailed report of the organisation’s Risk Management Plan should be shown on a bar
chart, with individual appraisals of the risks. These should be demonstrated in the
organisation’s risk register.
For example, a line worker would only need the information to perform their duties and tasks correctly.
Line supervisors would need sufficient information to make sure that their team has the knowledge to
perform their tasks correctly. This would also include making sure that their team had access to
documentation and procedures, so that the empowered team member would be able to make informed
and up-to-date decisions, with regards to their jobs and their work area.
The information that will be communicated will vary between organisations and may include the
following internal reporting and communication:
Risk Management Coordinating the regular formal updating of Business Unit and
Committee corporate Risk Registers and Risk Treatment Action Plans and
compiling a master set;
Maintaining corporate risk and risk control information;
Ensuring that all relevant risk areas are considered, including those
emanating from the services of external providers and contractors;
Analysis and reporting to the organisation’s executive;
Ensuring appropriate linkages to the organisation’s business and
corporate planning processes and, where necessary, to budget
processes.
Information must be made available to all stakeholders, so that all members of the team are protected
from risk. The more current the information is, the better position stakeholders will be in to provide
informed decisions.
When providing information to team members, it is important to make sure that they do not access
information that exceeds their level of authority. Breach of privacy of personnel and stakeholders can
bring with it hefty fines and, in some cases, fines. If you are in a position where you are not aware of the
level of authority that a stakeholder has, consult your organisation's policies and procedures or consult
with management. If necessary, consult with your client to obtain permission for external parties to
help in managing risk.
Ensure that they have sufficient information to consider alternatives and the feasibility
of suggestions.
When you communicate information, make sure that it is in a format that is easy to
access and understand. For example, if you are required to provide personnel with a lot of
facts and figures, then the information will be easier to read if it is in a graph to
demonstrate a change in trends, a variation in the level of risk staff are exposed to or
other variables. This information can be used to demonstrate when a hazard becomes a
risk.
The way in which information is communicated will vary according to the policies and
procedures of the organisation. Emails are an excellent way to keep a record of staff that
have received their emails and allow the organisation to maintain a trail to demonstrate
their continuous improvement process.
As a part of the consultative process, it is important that you discuss the hazard with relevant
stakeholders, with regards to the evaluation of the Risk Management Plan. This means that you should
communicate with:
Workers, supervisors and health and safety representatives – What staff should you
consult with? Do you have a reporting structure that you need to follow, with regards
to the site? Does your client have safety representatives that need to be consulted
with, if you make changes to the way in which a task is performed? If you answered yes
to any of these questions, then it is important to consult with appropriate personnel
and communicate any changes that you may implement.
Consult and monitor incident reports – Communicate your findings, as your relevant
stakeholders may have important information that they can add to improving the Risk
Management Plan. Incident reports can also assist in identifying the impact changes to
procedures which can be sourced from an increase or variation of incidence in a work
area. If stakeholders are aware of these incidents, then they will be able to take steps
to control the risk.
Review safety committee meeting meetings where possible – The review process
needs to integrate key performance indicators of the organisation. The risk
management plan needs to link personal performance and drivers, to make sure that
they are measurable to the organisation. For example, by changing the way a
procedure is performed, you will save the organisation money with a decrease in
injuries. This ensures that public liability insurance does not increase and that work
health and safety legislation is not breached, avoiding fines.
Learning Task 10
What risk management processes are
communicated to you?
Do you believe that this information is appropriate or should you receive more or less information?
Why? Why not?
The organisation's documentation will include external reporting, where the organisation will:
To their external stakeholders on a regular basis setting out the organisation's risk
management policies and the effectiveness of its objectives. Many stakeholders now
look to the organisation to provide non-financial information, such as its community
affairs, human rights, employment practices, health and safety and the environment.
This is usually a part of good governance, where the organisation protects the interests
of their stakeholders
Other records, such as health and safety in the workplace, should be kept as part of the risk
management process. It is important to make sure that your team and any other personnel within your
organisation are aware of the organisation's record-keeping requirements, where the records can be
found and how to access to them. Record keeping is a good work practice and should increase the
efficiency of the workplace.
Documents are recorded to ensure that the State/Territory WHS Act is complied with. Risk is recorded
to:
Ensure that the risk management process follows the correct legislative requirements
Provide management and decision makers with a plan that ensures that risk exposures
are addressed in a logical manner
Management will usually write individual work area reports on the progress of risk management
programs for the risk management or workplace health and safety committee. These reports will, in
most instances, include:
Compliance and due diligence statement
Manufacturers’ and suppliers’ information, including SDS and dangerous goods storage
lists
Risk register
These documents leave a trail. This trail provides evidence that the
organisation is complying with their legal obligations. The aim of this evidence is to ensure that your
Demonstrate that the risk assessment process is conducted properly
Provide management and other decision makers with a plan that addresses the key
exposures for the organisation in a logical and prioritised way
Provide an audit trail for the follow-up of key actions related to the exposures being
addressed
Share and communicate risk management activities among all staff members, most
particularly with staff.
Documentations are important to an organisation. They not only leave an audit trail, they provide a
historical account of risk management processes for the organisation, which can be used to improve its
risk management policies and procedures.
Files need to be secured, to ensure that unauthorised personnel cannot access them. To ensure that the
organisation’s confidentiality and the privacy of the team members and external specialists are
maintained, files are usually kept under lock and key, in a secured location. This may be a storage facility
separate from the organisation or a secured room designated for the files.
Learning Task 11
What is the importance of making sure that your documentation is completed and processed correctly?
The information that you need communicate in every step of the process includes:
Decisions made, with regards to resolving a hazard
How the benefits of the change will benefit all parties. Research has shown that if
stakeholders understand how a specific change impacts on them, they will be more
than inclined to take ownership of the change
For your action plan to succeed, you need to make sure that you gain the support and cooperation of
key personnel at all levels. This means that you need to make sure that you communicate your action
plan to key personnel and that you create awareness of the plan.
2. Raise awareness by assigning key personnel with authority over different sections of
the action plan. If necessary, provide them with training and support while they learn
their roles and responsibilities. By allocating key personnel with charge of an area, they
will become involved in the action plan and will feel like they are making a difference in
how the organisation works, meaning they will take more ownership in the success of
the action plan.
Another way to further awareness is to obtain the support of management. Not all
managers will be involved with the action plan. They may not even be aware of the
plan. What you need to do is increase their awareness, so that employees will become
empowered. One way you can improve awareness is through communicating the
action plan with methods applicable to the audience, such as in formal meetings, to
keep the managers up-to-date on progress and changes to the action plan.
4. Motivate. Motivation is also another important tool for developing staff participation
in the implementation of the action plan. This can be done by empowering your team.
o Offering bonuses and rewards for goals that have been met
o Letting stakeholders know the cost if they do not follow procedures; and
5. Track and Monitor. Tracking should be used to demonstrate that the organisation is
monitoring the success and/or failure of the action plan. Tracking should be centralised
and aimed at measuring progress, with regards to meeting the organisation’s
deadlines, goals and milestones.
Once a problem in the action plan is identified, corrective action should be taken and a
reassessment completed, to ensure that the corrective action has done what it was
supposed to do.
This means that you should perform regular updates to make sure that the corrective
action is appropriate, conduct periodic reviews to make sure that risk management and
ensure action plan goals are being met and that the corrective action is still
appropriate.
Learning Task 12
When an action plan is implemented; awareness and motivation need to be communicated to your
stakeholders. How would you create this awareness and motivate your team into becoming empowered
in the implementation of the plan? Why would you do this?
Good risk management places emphasis on monitoring and reviewing all current organisational plans,
strategies, systems and controls. Monitoring ensures that, as risks change, new control measures are
introduced.
Ongoing review of the risk management process is required, to ensure that the plan remains relevant to
the workplace. Factors that may impact upon risk assessments and control measures can also change
over time. This means that the risk management process should be repeated regularly, to ensure that
the risk management process remains effective.
There are many methods that can be used to monitor and review procedures and these should be
considered part of your management plan. You can complete:
Self-assessments
Physical inspections
Key dates, time frames and deadlines should be set for communicating, monitoring,
reporting and review.
When you monitor the effectiveness of control measures, it is helpful to ask the following questions:
reduced?
problems?
Comments
Would you make a decision to contract or expand the risk program based on this
information?
Learning Task 13
Congratulations!
References
Australian Government
Department of Foreign Affairs and Trade
URL Address: http://dfat.gov.au/pages/default.aspx
Access Date: 18.09.2014
Brown, A., & Weiner, E. (1985). Supermanaging: How to harness change for personal and organisational
success. New York: Mentor
Empowerment – Defined
URL Address:
http://web.worldbank.org/WBSITE/EXTERNAL/TOPICS/EXTPOVERTY/EXTEMPOWERMENT/0,,conte
ntMDK:20245753~pagePK:210058~piPK:210062~theSitePK:486411,00.html
Access Date: 18.09.2014
Galorath, D. (2006). “Risk Management Success Factors”, PM World Today, Vol 8(11),
URL Address: http://www.pmforum.org/library/tips/2006/PDFs/12-06-Galorath-
Risk_Management_Success_Factors.pdf
Access Date: 18.09.2014
Grabowski, M and Roberts, K. (1999), “Risk mitigation in virtual organisations” Organisational Science.
Vol 10(6). PP.704-722.
Mayer, R.C., Davis, J.H., & Schoorman, F.D. (1995). “An integrative model of organisational Trust”,
Academy of Management Review. Vol. 20 (3), pp. 709 – 734
McAllister, D. J. (1995), “Affect and cognition-based trust as foundations for interpersonal cooperation
in organisations,” Academy of Management Journal, Vol. 38(1), pp.24-59
Muller, R. (2009), Critical Success Factors for effective risk management procedures in financial
industries: A study from the perspectives of the financial institutions in Thailand. Umea University.
Master Thesis
Raising the standard – the new ISO risk management standard (Purdy, G. 2009)
URL Address: http://www.acera.unimelb.edu.au/sra/2009/Presentations/Purdy.pdf
Access Date: 18.09.2014
Rochart, J.F. (1979). “Chief executives define their own data needs”, Harvard Business Review, Vol 57
(2), pp.81-93.