BSBRSK501 – Manage Risk

Assessment

Name: Surname:

Student ID:

Qualification: BSB51918

Training Package: BSB Business Service

Due Date: Week 4 Assessment Type:

Assessment Guidelines
Please read the following assessment guidelines carefully.

1. The purpose of this activity is to assess your knowledge and skills in Manage Risk.

2. If you have any considerations that may affect your performance in the assessment, please inform your
assessor immediately. Your assessor will provide you with a suitable alternative to complete this assessment.

3. Your assessor will mark your assessment and provide feedback and a grade to you via the assessment
submission on Moodle.

4. If you feel the decision made by your assessor was incorrect you have the rights to appeal the grading through
filling out an appeals form which will then be handle by the Academic Manager.

5. A “NYS” (not yet satisfactory) result of this task may be returned to you for a re-assessment. Re-assessments
must be submitted by an agreed date with your assessor.

6. The re-assessment work must address the specific performance tasks beyond doubt for the assessor to issue a
satisfactory (pass) result. A repeat NYS outcome could lead to an administration fee for further reassessment.

7. All work must be done individually. Copied work will not be accepted and

By adding my name to this document, I hereby declare the work is my own and has not been copied from
any other source.

Student NAME:_______________________________________ Date:_________________

Page 1 of 21
 BSBRSK501 – Manage Risk

Assessment Overview
In this assessment your knowledge of Manage Risk will be looked at through three main
activities.

You need to use the knowledge you have gained first hand through your own experiences in
the workplace combined with the lecture slides, uploaded on Moodle and the learner guide
to help you answer the questions.

Your assessment once completed needs to be uploaded into Moodle for marking by your
trainer.

Should you experience any issues downloading your assessment or uploading your
assessment please notify your class trainer as soon as possible as all assessments need to be
uploaded into Moodle for marking.

Once your assessment has been marked you will receive notification if your assessment is
competent or Not Yet Competent. If you receive Not Yet Competent your trainer will provide
you with comments guiding, you to which areas need to be fixed before you resubmit the
assessment.

Page 2 of 21
 BSBRSK501 – Manage Risk

Task A – Knowledge-based Questions

1. Provide a brief overview of your organisation’s (or an example organisation’s) current risk
management practices and how these meet organisational needs. (Approximately 150-200
words.)

2. For your organisation (or an example organisation), provide the details of two areas within the
business and the requirements under these that require risk management (e.g. work health and
safety).

Page 3 of 21
 BSBRSK501 – Manage Risk

3. At your workplace (or an example workplace) list the stakeholder types/groups and an issue for
each.

4. How do the following affect risk management in the workplace:

 Political
 Economic
 Social
 Legal
 Technological  Policy?

Page 4 of 21
 BSBRSK501 – Manage Risk

5. For your workplace (or an example workplace), assess the strengths and weaknesses of the
existing risk management process for one area of business (e.g. financial or operations).

6. Following on from Q5, identify three critical success factors that can help achieve good risk
management.

Page 5 of 21
 BSBRSK501 – Manage Risk

7．Write a script that you can use to invite a specific stakeholder group to assist in risk
identification. Provide details of the risk area and the requirements that the stakeholder group will
need to fulfil.

8. Choose a scope (or area) of risk management in the workplace and perform a brief research of
the risks that may be involved. List five risks that you have found.

Page 6 of 21
 BSBRSK501 – Manage Risk

9. Name three analysis techniques that you can use to determine the likelihood of risks occurring.

10. Provide a system of scale that you can use to show the impact of risks.

11. What are the hierarchy of controls?

Page 7 of 21
 BSBRSK501 – Manage Risk

12. How can these help to prioritise risks for treatment?

13. Name three risk control strategies that you can use.

Page 8 of 21
 BSBRSK501 – Manage Risk

14. Name three factors that may affect risk treatments.

15. List five things that may be included in an action plan for risk treatment.

Page 9 of 21
 BSBRSK501 – Manage Risk

16. Why should you keep documentation of the risk management process and activities and how
should you store this information?

17. How can an action plan help in managing risk and what should you include in one?

Page 10 of 21
 BSBRSK501 – Manage Risk

18. Name three things you should monitor when implementing plans.

19. When should you evaluate risk controls?

Page 11 of 21
 BSBRSK501 – Manage Risk

20. Name three things you should consider when evaluating implemented risk controls.

21. What are risk management standards and what are the key elements of these?

Page 12 of 21
 BSBRSK501 – Manage Risk

22. For your organisation, describe the legislative and regulatory needs to fulfil risk management.

23. What do organisational policies and procedures for risk management provide?

Page 13 of 21
 BSBRSK501 – Manage Risk

The mechanism by which risks to resources and revenues of an entity are identified, assessed and regulated is
referred to as Risk Management. Such hazards or dangers may come from a number of different sources, such as
economic instability, legal liability, policy failures, incidents and natural calamities. Hazards pertaining to
Information technology and information challenges to  safety have become a top concern for digitised businesses
hence the need for risk control techniques to overcome them. Consequently, a Risk Management Strategy
increasingly involves the mechanisms used by organisations to detect and monitor risks to their digital properties,
including company records, PIIs and IPs for customers.
Each enterprise and organisation, faced with the possibility of unforeseen, adverse incidents which may cost or
trigger the company to end continuously. Risk assessment enables organisations, by minimising uncertainties and
additional costs, to try to plan for the inevitable before they take place.
A risk assessment strategy will save funds and secure their prospects by determining the different possible threats
or accidents before they arise. A comprehensive risk control strategy can allow an organisation to identify ways to
escape future risks, reduce the effects and deal with the outcomes. This understanding and risk management
capacity allows companies to become more sure in their strategic choices. Good corporate governance guidelines
explicitly focusing on risk control will also help an organisation achieve its objectives.
Risk management actually helps to create a stable and healthy working atmosphere for both employees and clients;
enhances corporate continuity and reduces legal liability; Protects all concerned parties and properties from
possible damage, from incidents which are harmful both to the business as well as to the surroundings; Cover the
insurance needs of the company to save unwanted charges.

Organizational policies and procedures for risk management

Corporate plans and risk control practises are a series of documented actions that an organisation takes to lower the
risk on its workers as they do their work. Such measures could include upgrading facilities, rigorous preparation for
staff or providing a healthier working area.
Corporate risk control plans and practises are just like the rules of a  rugby game. In rugby, certain equipments are
mandatory for a player to  be protected while playing.  has rules that determine what a player can or cannot do
while playing to ensure that they continue to be protected, and the teams are safe as well. Corporate risk
management policies and procedures are players' directives which notify each staff member what their employer is
expecting from them as well as what the organization is doing to keep them protected from any sort of harm whilst
they are working.

The aim of corporate risk assessment procedures is to ensure that any employee has a healthy workplace. Any
occupations include some risks, so any organization has to use organisation, risk assessment plans and practises to
ensure the employee is at a minimal risk as possible.
The main function of Organisational risk management policies and procedures is to help the company in assessing
the, volume of risks associated with the duties it's employees are ought to perform, main component of an
operational strategy and risk control procedure; Establish a series of employee protocols to be followed in order to
eliminate risks related to their jobs; Train staff to take less chances at employment; provide appropriate equipment
to carry out the work safely and maintain the equipment; Enforce emergency protocols in the event of an injury,
serious hazard or a compromises in the worker's situation; Direct each worker to take security measures so that
they know what to do, who must be contacted and where to go in emergencies.

Page 14 of 21
 BSBRSK501 – Manage Risk

The various forms of corporate risk control strategies and procedures include:
Precautions for appliances involving safety instruction, checks and workshops for use
 Detailed histories of the last inspection, maintenance, or retention of machinery used to conduct jobs
 Testing and recruiting of staff
 Seminars, workshops and transition times for employees
 Detailed documents detailing the workers who have been trained and when were they trained
 Emergency contingency planning
 Evaluation and repair of infrastructure and facilities where the employees are ought to work in and as
well as those structures which are used for storage
 Accident emergency plans
 Reports of incidents
 Procedures for reporting of accidents
 Privacy  and secrecy protocols
 Ethics at the job
 Disciplinary measures for employees
 Termination protocols for employees

Policies include higher - level standards or criteria which, as formally agreed by administration, must be followed by a
specific department or operational field of the company. These policies put in place the guiding tone for each division
or business sector.
Procedures are linked to specific strategies which describe procedures of a lesser level such as regular, weekly or
quarterly features and jobs. Procedures put together a collection of related roles and hierarchical structures that can then
be consolidated into a specific category, like recruitment and termination in HR or IT access control.

Processes are generally found in the methods that define in depth the execution of routine business operations, whether
repeatedly or as necessary. A method is starting and ending, showing interconnections and correlations with other
systems and organisational fields or technology. It also gives insight at standard roles and primary risk and compliance
points to be tracked and considered carefully when evaluating, mitigating and auditing risks.

The scope and nature of these systems, practises and procedures is to a certain degree characteristic of corporate
sophistication. They provide a strategic outlook, which identifies the risks and monitors environments. This helps form
the course such that a company can transition from a compliance first "check-the-box" to one that understands risk
management as a key business discipline. Well-defined rules, protocols and processes also serve as a basis to assess
how an entity can move from its present condition toward a target environment. They will help to recognise problems
and boost prospects by detailing existing needs, processes, inter - dependencies, threats and controls. Only then would
companies integrate the best controls throughout the right systems intelligently.
For instance, a company has reported a procedure to stop IT access for a worker leaving the company. This method is
used in a protocol in conjunction with other infrastructure access updates procedures and tracking of jobs and
termination practises.The protocol is used in an overall strategy that establishes the high standards and objectives of the
divisions or functional areas involved. This recorded method and protocol provides specifics that convey, in addition to
existing procedures, information on infrastructure and resource dependency and defined risk management and control
areas. A company can review existing systems and practices to determine resources gaps or limitations, automation,
division or field coordination, technology and the capacity to correct risks associated with processes.The first step in
removing inefficiencies and vulnerabilities that may otherwise be ignored is to become conscious of these constraints.

Page 15 of 21
 BSBRSK501 – Manage Risk

Managers can never grasp the company's internal operations without a thorough understanding of the concepts and
criteria establishing the culture and vision of the company and the granulated awareness of procedures, roles, links,
obligations and risk/control factors. These are considered by several policymakers and assessors to be key business
instruments within an enterprise and intend to be reviewed during routine audits and disclosures.  Regulatory authorities
and compliance officers repeatedly attempt to comply with internally and externally requirements as well as business
standards in a corporate manner and ascertain them. Policies, systems and practises are seen as proof of the
organisational status, effectiveness and enforcement of an organisation.

Initial consideration must be given to organisations who are seeking stricter programmes, practises and processes. This
initiative would probably include the Board members, Executive Board and other important stakeholders in the
company. If there is inadequate paperwork available, a schedule should be developed, prioritising sensitive activities —
in particular those with the greater deficit of protocols, methods and procedures. They would also need to evaluate
whether they have the appropriate skills and tools to manage the reporting project internally. organisations with this in
effect should next deem the final examination and recertification or updating of the organisations. In order to at least
recognise and take the actions appropriate to the organisation, this evaluation and accreditation procedure must be an
annual operation. The concept is to consider the publications as a live, respiratory management instruments.

The next move is to identify existing capabilities for tracking. In normal practises, policies, protocols and procedures
shall be implemented and applied. They must be included in new recruitment preparation programmes. These strategies
and practises should contribute to the decision-making and strategic planning of organisations. The compliance and
administrative evaluations are a popular aspect. If not actively used, corporate and crisis managers must find out
whether or why they don't use it to take effective measures to keep them off the shelves.

In addition to identifying organisational policy governing practises and processes, it is also essential to identify the
responsibilities for recertification and annual evaluation. Risk assessment departments, corporate auditors as well as
other agencies may be involved. The resources would not be correctly used or upgraded without proper guidance and
consistent obligations and over a period of time it will be incorrect. It is essential for organisations to maintain
consistent awareness of the threats that diverse safeguards mitigate by developing or modifying current policies,
practises and processes. This experience is useful in risk reduction strategy, an awareness of existing regulatory
programmes and potential prospects for change.

Lastly, it must be determined if there are sufficient training to convey the procedures, specifications, dependencies,
controls, threats and goals of the priorities and functions defined. If no such initiative exists, the feedback of senior
executives should be established and launched. Although many corporate leaders prefer to look over the mentions of
"policies and practices," they are essential for successful business risk control for any organisation. It can also provide
useful and practical perspectives for organisations into activities for security, streamlining and integration. Better
policy, procedural and process reporting can not only enhance the efficacy and reliability of initiatives in regulatory
enforcement, but it can also activate market performance potential opportunities.

Implementation

Organizations have to ensure they read the rules and protocols to their staff, since this is the first leap towards
enforcement, but it isn't enough by itself. Employees can not fully comprehend or execute a programme. Therefore
it is important for the company to educate its staff on the content of policy and how to carry out procedures in
scenarios of real life.

Page 16 of 21
 BSBRSK501 – Manage Risk

For any new employee during the orientation and training period, extensive instruction on rules and procedures
must take place. Statistics demonstrate that workers receiving comprehensive on-board coaching have greater
productivity, are more qualified and are much more able to match their milestones of success. However, all staff
should have ongoing policy and procedural experience. Based on the sector and scale of the specific company,
training may look a bit different.

For instance, practical possible situation based teaching is of major relevance in sectors such as government
agencies and healthcare. But each institution has material that can be easily learned by workers via online
workshops and training courses. An online learning management programme, enabling staff to complete coaching
individually on their own time, will save the company time and resources. The simplified teaching scheme ensures
that staff are well trained to obey policy and procedures.

Regulation distribution and preparation do not, however, ensure that any person knows regulations properly. An
employee could sign in without understanding the text. This may not be important in the short term, but it will lead
to workers unable to obey policy and protocols in the longer term. Employees cannot obey non-existent protocols,
contradict other rules or do not react to a major technological or practical change. Corporate leadership has to
update practises and processes on a daily basis, to take into consideration emerging legislation, requirements,
technologies and cultural changes.

The Organization must ensure that those protocols are observed every time the policies are updated. Send policy
updates to the workers and integrate them into practice, test them and keep employees responsible. Organizations
must ensure that all workers obey the rules and protocols, but it does not have to be hard.

The use of the decision control and process structure to guarantee that workers know and understand how to
understand the value of organisational risk management policies and procedures is thereby important. The rules
and practises at the workplace continue to establish a policy structure to ensure dignity and equity as problems
occur. Helping you and your company to minimise regulatory and safety threats.

However, note the protocols and practises cannot be interchanged. A strategy expresses the relation between the
mission and ideals of a company and its daily  activities. Workplace protocols clarify basic employee response
plans while a programme is being implemented. Workplace protocols are critical when they advise the staff how
and when to handle a case.

Task B - Role Play

1. Working in a group or directed by your trainer, represent the risk assessment manager
holding a group discussion with stakeholders (eg. Managers, colleagues, employees, etc..)
As risk assessment manager, you will need to choose an area of risk management and seek support
and participation from your stakeholders to assist in risk management activities. Provide information

Page 17 of 21
 BSBRSK501 – Manage Risk

on the support that you will need and how your stakeholders can participate. In your discussion,
you must cover:
a. The area of risk management
b. Information on the support that you will need
c. How your stakeholders can participate
In your discussion, you also need to show your ability to seek support and participation from your
stakeholders to assist in management activities by:
a. Communicating with others
b. Explaining information clearly
c. Clarifying and confirming details
d. Negptiating roles with stakeholders

2. Work in a group or directed by your trainer, discuss the methods, tools and techniques that
you can use to identify the risks for a risk area of your choice.

3. Work in a group or directed by your trainer, explain the risk management process, using
verbal and, if requried, non-verbal techniques (e.g. non-verbal may include use of a chart or
diagram) In the discussion, you should show your:
• Verbal techniques
• Non-verbal techniques
• Skills to ensure understanding

Page 18 of 21
 BSBRSK501 – Manage Risk

Task C-Case Study

Read the case which has been provided for you in Moodle and answer the following:
1. Analyse the information provided and answer the following questions to determine the scope
and context of the risk management process.

a. Which area of business needs to be addressed?

b. What are the individual hazards and where do they originate from?
c. How many times, on average, do specific incidents occur as a result of the hazard each
month or year?
d. When, and in what circumstances, do these incidents tend to occur?
e. Who is most likely to be affected?
f. What kind of a risk to individuals does the hazard pose?

2. Working with your peers (no more than 2-3 people) or directed by your trainer, discuss the
information provided in Case Study and assess the risks.

Page 19 of 21
 BSBRSK501 – Manage Risk

Within your discussion, you should determine and document:

 The key priority of the risk management process  One appropriate risk treatment action.

During the discussion:

 The topic should be related to the case study
 Show your confidence in expressing ideas
 Listen to others and consider ideas of others.

3. Following on from your discussion in Question 2, develop an action plan which aims to treat the
risk(s).

Your action plan should include three steps to treat the risk.

You should use the following template for your plan:

Page 20 of 21
 BSBRSK501 – Manage Risk

Step One Step Two Step Three

Explanation of step

Equipment/resources
required

Other comments

4. You have implemented your plan, and after a month, you find that the number of incidents
being reported has not decreased. Evaluate your action plan and identify one change which
could be made or an additional step which might be added in order to help decrease the number
of incidents.

Recreate your action plan to incorporate this change.

Step One Step Two Step Three Step Four

Explanation of
step

Equipment/reso
urces required to
implement step

Other comments

Page 21 of 21