BS B PM G 5 1 7 – M A N A G E

P R O J EC T R IS K S
 Determine risk objectives and standards, with input from
stakeholders

TOPIC 1 –
IDENTIFY Organisational and industry standard risk frameworks
PROJECT
RISKS
Before beginning a project to manage the various risks to which
your organisation is exposed, it is important to take the time to
review your organisation’s risk management policies, procedures
and processes.
 Read the
the following definitions:

A policy is a written statement which explains why workers within an organisation should undertake
undertake aa task in aa certain way

A procedure is a written statement which explains how workers

workers within
within an
an organisation should undertake the task

A process is a series of actions or

or steps which workers should undertake
undertake to
to achieve
achieve aa particular outcome; processes
processes for different
different tasks,
tasks, including
including
those related to risk management, may be outlined in your organisation’s
organisation’s procedures, or they may exist as separate documents.

Policy, Procedures and Process

 Risk Management
Your organisation’s policies, procedures and processes for risk
management will provide you with the following types of important
information:
◦ They will tell you about the risks associated with specific areas or the
organisation as a whole, and these should be included in your risk
management assessment.
◦ Different organisations create different levels of expectation for risk
management strategies, along with specifying cost effectiveness
versus acceptable risk; knowing this information means you can keep
the risk management project in line within the company’s guidelines
and objectives
◦ They may provide information on past risk management activities
undertaken in your organisation, and the impacts these had on
organisational risk.

(https://www.nexuslawyers.com.au/wp-content/uploads/2016/11/Legal-Risk-Management-for-Start-Ups.jpg)

There is a wide variety of standards,
regulations, legislation and policies
and procedures that may relate to
your organisation in relation to risk
management.
Standards and Legislation/Regulations That May Apply
to Risk Management
Standards may include:
• Australian and international standards
• Enterprise and industrial agreements
• Industry Codes of Practice
• Industry standards
• Organisational and industrial agreements
• Organisational policies, systems and procedures
• Regulations and legislation.
Legislation/Regulations
There may be particular pieces of
legislation and regulations that apply to
the organisation/industry or the
State/Territory where you work.
Read the following about some
more general
legislation/regulations which
may apply to you:
• Anti-Discrimination and Equal
Employment Opportunity (EEO)
• Consumer protection, fair trading and
trade practices
• Employment and industrial relations
• Environment and sustainability
• Financial services
• Occupational health and safety
(OHS)/ work health and safety (WHS)
• Privacy.
 Anti-Discrimination and
Equal Employment
Opportunity (EEO)
Discrimination refers to the unjust or prejudicial
treatment of a person on the grounds of a point
of difference (e.g. race, colour/ethnicity, gender,
sexual preference, age, physical or mental
disability, marital status, family/carer
responsibilities, pregnancy, religion, political
opinion, national extraction, social origin, etc.).
Under a range of legislation, discrimination is
illegal in Australia.

(https://omghcontent.affino.com/AcuCustom/Sitename/DAM/095/discrimination-MIN.jpg)
 Diversity in the It's important that as
workplace means In Australia, National an employer, you
having employees from and State laws cover understand your rights
a wide range of equal employment and responsibilities
A concept closely backgrounds. This can opportunity and anti- under human rights and
associated with anti- include having discrimination in the anti-discrimination law.
discrimination is an employees of different workplace. You're By putting effective
equal employment ages, gender, ethnicity, required by these laws anti-discrimination and
opportunity. physical ability, sexual to create a workplace anti-harassment
orientation, religious free from procedures in place in
belief, work experience, discrimination and your business, you can
educational harassment. improve productivity
background, and so on. and increase efficiency.

Equal Employment Opportunity

 Australian consumer laws protect consumers in relation to
the products and services they purchase.

Consumer They require people/organisations selling products and

Protection, services to utilise fair trading/fair trade practices.

Fair Trading
and Trade Under the Australian consumer laws, organisations have a
responsibility to offer guarantees on the products and
Practices services they sell.

In some circumstances when an organisation has failed in

relation to its responsibilities when selling a product or
service, a customer may be entitled to a refund or an
exchange.
 The Australian The national
national workplace workplace relations
As set out in the
relations system system is
Fair Work Act 2009
establishes a safety established by the
and other
net of minimum Fair Work Act 2009
workplace
terms and Read the following: and other laws and
legislation, the key
conditions of covers the majority
elements of our
employment and a of private sector
workplace relations
range of other employees and
framework are:
workplace rights employers in
and responsibilities. Australia.

Employment and Industrial Relations


A system of enterprise-level
collective bargaining
A safety net of minimum terms
underpinned by bargaining
and conditions of employment
obligations and rules governing
industrial action
Provision for individual flexibility
arrangements as a way to allow
an individual worker and an
employer to make flexible work
arrangements that meet their
genuine needs, provided that the
employee is better off overall

/ Protection of the freedom of both

Protections against unfair or employers and employees to
unlawful termination of choose whether or not to be
employment represented by a third party in
workplace matters.

Employment and Industrial Relations

 Employment and Industrial
Relations
Australia’s workplace relations laws are enacted by the
Commonwealth Parliament. The practical application of the
Fair Work Act in workplaces is overseen by the Fair Work
Commission and the Fair Work Ombudsman:
• The Fair Work Commission is the independent national
workplace relations tribunal and has the power to carry
out a range of functions in relation to workplace matters
such as the safety net of minimum conditions, enterprise
bargaining, industrial action, dispute resolution and
termination of employment
• The Fair Work Ombudsman helps employees, employers,
contractors and the wider community to understand their
workplace rights and responsibilities and enforces
compliance with Australia’s workplace laws.
(https://cdn-triplem.scadigital.io/media/19746/fairwork-commiss.jpg?preset=MainImage)
(https://www.fairwork.gov.au/images/UserUploadedImages/fair-work-ombudsman-stacked-white-teal%20line.png)
Environment and Sustainability
For many organisations,
environmental protection is also
a legal responsibility.
The EPBC Act enables the
Australian Government to join
with the States and Territories in
providing a truly national scheme
of environment and heritage
protection and biodiversity
conservation.
The Environment Protection and
Biodiversity Conservation Act
1999 (EPBC Act) is the Australian
Read the following:
Government's key piece of
environmental legislation which
commenced 16 July 2000.
The EPBC Act focuses Australian
Government interests on the
The Australian Government
protection of matters of National
Department of the Environment
environmental significance, with
(the Department) administers
the States and Territories having
the EPBC Act.
responsibility for matters of state
and local significance.
 Your organisation may
It is important that you
provide a variety of different
familiarise yourself with
financial services; in your
your organisation’s policies
role, you may be responsible
and procedures for financial
for managing these financial
probity.
services.
Financial
Probity is a strict adherence
Services
When considering financial
to a Code of Ethics, and
services, it is important that
undeviating honesty, in
you consider financial
commercial (monetary)
probity.
matters.
 Occupational Health and Safety
(OHS)/ Work Health and Safety
(WHS)
Occupational health and safety (OHS) refers to the legislation and
guidelines in place to keep yourself and others safe in the
workplace.
Formerly, each Australian State and Territory has its own work
health and safety (WHS) laws.
However, as of 1 January 2012, a number of Australian States and
Territories are working collaboratively to develop a harmonised
Occupational Health and Safety (OHS) Act which can be applied
consistently across these jurisdictions.
Legislation Act 2011 – include the Australian Capital Territory, New
South Wales, the Northern Territory, Queensland and South
Australia.

(https://sourceable.net/wp-content/uploads/2014/01/engineering-safety1.jpg)
 Work Health Under the Work Health and Safety (National Uniform Legislation) Act
2011, your legislative requirements may include those related to:
◦ Provisions of Federal, State/Territory OHS Acts/Regulations
and Safety ◦ Guidelines and procedures administered by statutory/regulatory
authorities
(National ◦ Industry OHS standards and guidelines
◦ Health and safety representatives, committees, supervisors
Uniform ◦ Licenses, registration or certificates of competency
◦ National safety standards.
Legislation)
Act 2011

(https://www.eatrightny.org/assets/images/banner-legislation.jpg)
 Privacy
Under The Privacy Act (1998) (Commonwealth), and
related State/Territory legislation, you are required to
maintain the confidentiality of the clients who attend
your organisation, as well as that of other staff
members, the program itself and the wider community
(as applicable).
Fundamentally, this means protecting their right to
privacy, and avoiding sharing private information
unnecessarily.
Confidentiality is an important aspect of your duty of
care. Amendments to the Privacy Act (1988) – the
Privacy Amendment Act (2000) – describe how services
should treat their clients’ personal information.

(https://hobi.com/wp-content/uploads/2014/01/hacker.gif)
 Depending on your
role, you may also
This includes
have a legal
However, there are situations where
obligation to
circumstances you required by law
In essence, disclose
where you are to disclose
confidentiality is confidential
legally permitted to confidential
about protecting a information if you
disclose information – for
client’s right to have a reasonable
information example, where you
privacy. belief that a client
without the client’s are subpoenaed
may be at risk of
consent. (ordered) by a court
harming
to do so.
themselves or
others, for example.

Confidentiality
The Purpose
and Key
Elements of The previous section of this unit discussed the
Closely related to legislation and regulations are
legislative and regulatory context of your
standards.
organisation in relation to risk management.
Current Risk
Management
Standards
Standards are documents setting out specifications, procedures and guidelines.
They are designed to ensure products, services and systems are safe, reliable and
consistent.

The Purpose
They are based on industrial, scientific and consumer experience and are
regularly reviewed to ensure they keep pace with new technologies. and Key
They cover everything from consumer products and services, construction,
Elements of
engineering, business, information technology, human services to energy and
water utilities, the environment and much more. There are three kinds of
standards:
Current Risk
• International standards are developed by International Organisation for
Standardisation (ISO) and other organisations. Countries can adopt these standards
Management
directly for their national use. Wherever possible, Standards Australia embraces the
development and adoption of international standards
• Regional standards are prepared by a specific region. Joint Australian/New Zealand
Standards
standards can be considered regional standards
• National standards can be developed by a national standards body (like Standards
Australia) or other accredited bodies.
Risk management techniques can be either quantitative or qualitative.

In quantitative risk analysis, an attempt is made to numerically determine the probabilities of

various adverse events and the likely extent of the losses if a particular event takes place.

Qualitative risk analysis, which is used more often, does not involve numerical probabilities or
predictions of loss.

Characteristics, Techniques and Appropriate Applications of Quantitative

and Qualitative Risk Management Techniques and Approaches
 When you analyse risk, you are deciding whether it is
an acceptable or unacceptable risk.

Risk After identifying the wide range of risks that exist, you
then need to analyse and prioritise the risks to
Analysis determine the level of that risk and the relationship
between consequence and likelihood.

The risk may be identified as:

•• Probability
Probability – The likelihood of occurrence
•• Impact
Impact – Damage
Damage that
that risk will cause
cause
•• Frequency
Frequency – When the risk will occur.
occur.
Establish Project Risk Context to Inform
Risk Management Processes
To inform the risk
management process, you
will first need to identify and
establish the project risk
context.
The project risk context may include:
• Legislation and regulation controls - in some
cases legislation and regulatory controls may
preclude some methods of control.
• Nature of project - sometimes it is simply the
nature or reason for the project that can
impede the controls.
• Organisational risk policies and procedures -
your policies and procedures may restrict the
methods used to control risk.
• Project environment - in some cases the
environment may limit the controls used to
minimise risk in your project.
• Stakeholder expectations - all stakeholders
have their own opinions and ideas.
All projects are planned and implemented in a social, economic,
environmental, political and international context.

Cultural and Social Environment is that how a project affects the people

Project
and how they affect the project.

International and Political Environment refers to the knowledge of

International, National, Regional or Local laws and customs, time zone Environment
differences, teleconferencing facilities, level of use of technology, National
holidays, travel means and logistic requirements.

Physical Environment is the knowledge about local ecology and physical

geography that could affect the project, or be affected by the project.
 Identify Project Risks Using Valid
and Reliable Risk Identification
Methods
Identify project risks in a range of risk categories
Project risks may include:
◦ Predicted future events
◦ Threats
◦ Opportunities
◦ Hazards.

(https://www.projectsmart.co.uk/img/risk.png)
Risk Associated with Project
Management
Risk management is a vital part of project management.

Here are some examples of common project risks:

• Time and cost estimate too optimistic

• Customer review and feedback cycle too slow
• Unexpected budget cuts
• Unclear roles and responsibilities
• Stakeholder input is not sought, or their needs are not properly understood
• Stakeholders changing requirements after the project has started
• Stakeholders adding new requirements after the project has started
• Poor communication resulting in misunderstandings, quality problems and rework
• Lack of resource commitment.
 Risk management, like other aspects of project
management, will need success criteria.

Identifying Once criteria have been identified, the project

management team will need to agree how they are
the Objectives measured.

For the Risk Any difficulty in setting objectives and criteria will result
Assessment in higher risk as there will be a lack of confidence in
completion.

You can decide which factors are the most critical by

determining how great an impact it will have on your
company to not have those things functioning correctly.

As part of determining the impact of
risks, it is important to determine the
critical success factors, goals and
objectives.
Identifying the Objectives For the Risk Assessment
The following questions might
assist you in this process:
• Where does my company’s income come
from?
• What affects my company’s reputation in
the marketplace?
• What functions are critical to ensuring
that my company can continue
operations?
• Which company goals are essential to
ensure continued operations?
• How many shareholders are affected by
the temporary cessation of this function?
Every risk that you encounter will end up needing to be compared to each of these critical
factors.

There are several ways that you can search for risks associated with your project. Risk-
identification methods may include:
• Conducting or supervising qualitative and/or quantitative risk analysis
• Lessons learned from previous projects
• Personal experience input /
• Previous risk registers
• Risk workshops
• Subject matter experts
• Using specialist risk-analysis tools to assist in the decision-making process.

Risk-Identification Methods
 Risk The terms ‘hazard’ and ‘risk’ tend to be used interchangeably,
but risk represents more than a hazard.

Identification Risk takes into account scale, consequences, frequency, duration,

extent, the probability of occurrence, and time range.

Techniques There are some general tools that can be used to identify risk.

(https://worksmart.org.uk/sites/default/files/hazardandrisk.gif)
 Risk Management
Processes
These can be incorporated into established risk management
processes in any organisation and include:
◦ Inspections
◦ Consultation
◦ Safety or management audits
◦ Testing
◦ Safety or management audits
◦ Testing
◦ Scientific or technical evaluation or expert instruction in up-
to-date methods (service industry)

(https://www.fastweb.com/uploads/article_photo/photo/2034595/10-college-safety-tips-every-student-should-know.jpg)
Collection and evaluation of material

Expert advice

Risk
Seeking government or regulatory information and help
help

Networking
Management
Benchmarking Processes
Brainstorming

Audits and physical inspections.

Process
Charting
The fishbone diagram
provides a good example of
a process chart, sometimes
called a cause and effect
diagram.
Each line or ‘fishbone’
represents an area that may
have caused a problem.
Scenario Analysis

Scenario analysis is a
The focus is on the future
process of examining
and may take into
options and competing
account past and present
scenarios based on an
events as elements of the
assessment of future
examination.
events.
Benchmarking Similar
Organisations and Activities
Benchmarking is a process of identifying the industry best
practice and setting that as the standard for the particular
organisation.
System or process flow charts are especially useful in
recognising and identifying potential areas of the problem
within the process flow.
Benchmarking
Similar
Organisations
and Activities
Influence diagrams –
demonstrate the influence
that different aspects of a
process have on each other.
Industry sector risk classifications and relate these to

Classify
different risk contexts

Once you have identified the objectives of the risk

Project Risks
assessment, you will need to categorise these into
groups.
Within
Agreed Risk
Each industry sector will probably have very different
risks associated with their project, and even within an Categories
organisation, each project can have very different risks
and risk categories.
 Grouping of different risks according to their estimated cost or likely impact, the
likelihood of occurrence, countermeasures required, etc.

Risk categories may include:

Health and Human Organisational
Communications Compliance Environmental Finance
safety resources brand.

Risk Classification
 Physical

Political

Project
Risk assumptions

Classificatio Project constraints

n Project process
risks

Quality

Technology.