BSBRSK501B Manage Risk

Assessment tool 3 (AT3): Project (s)

Project 1
This project entails you planning, conducting and evaluating risk management
program for an organisation. For the purpose of this project, the term
organisation can refer to a small business, work team or division in a large
organisation, sporting group, or family. Complete each of the sections below in as
much detail as is possible.

Part 1 Plan for enterprise risk management:

Describe the organisations current risk management policies, procedures
and processes and comment on the strengths and weaknesses of these
arrangements.
The chosen risk management policy was created in July of 2011; it refers back
quite heavily to AS/NZS 4801:2001 being the Australian standard. It details on its
involved contents, document history, amendment and approval table procedure,
description and scope of document, responsibility charts, triggers, definitions,
references, legal references, activity descriptions being hazard identification etc.
Reviewing the procedure and the way it is mapped out is quite easy for anyone
to follow, whether in the event of a risk or just during an audit the procedures
allows for easy efficient use. The only weakness I can find is that the
responsibilities chart is not detailed enough, it does not advise where or how to
find the relevant person responsible for the application of that hazard.
Describe the scope for risk management process that you will conduct
explain why you decided upon this scope
The risk management process conducted will;

Establish a Risk management plan

Establish a Risk register
Appoint a Risk manager
Develop a Risk management & communication strategies

After establishing a risk management strategy containing all the above elements
the following would be measures;

Ensure that monitoring of adherence in accordance with the relevant

OH&S legislation
Ensuring that assessing the risks involved and developing appropriate
controls to either eliminate or minimise the identified risks.

The scope was chosen as there are clear monitoring points to refer back to
relevant national and state standards, which can be easily referable and

BSBRSK501B Manage Risk

therefore make the risk management process more efficient and effective within
the chosen organisation.

Discuss the impact that each of the following has on the organisations
approach to risk management:
- Political environment
Due to the organisations industry being heavily governed by the government
there chance of organisational change is medium to high. For example the
First Home Owners Grant being abolished in July of 2012 has impacted the
industry and this organisation sales and cash flow in the last 12 months which
has resulted in staff loses and company down turn.
- Economic climate
Due to recent economic recession and population under spending the
company have a high risk with the current economic climate. This is because
if people are not spending money on the little things required in everyday life
then they will surely not purchase a new home or available land.
- Social factors
Some example of Social risk factors would include unemployment,
homelessness, physical/mental disability, financial destitution, divorces, lack
of basic education & population health problems. The main social factor that
could potentially harm the organisation is financial destitution as it impacts a
large portion of the business.
- Legal factors
As any organisation is governed by legality the construction industry relies
quite heavily upon it, for example complying with Australian standard 4801,
DCP levys, council requirements, attorneys, building commission, HIA,
solicitors, surveyors and the general public taking legal action against the
organisation. Due to this it can impact the industry very heavily due to the
heavy reliance upon all of those risks.
- Technological advancements
As the market changes and technology evolves the construction company is
starting to find that they rely very heavily on technology to allow the
particular projects to keep moving in the office & out on site. It is also vital for
scheduling, payments, client contact, customer service etc. Using on site
tablets or laptops as well as in office computers they have to be heavily
secured with passwords, firewalls, anti-virus protection & relevant locking
mechanisms.
- Policy context
Due to recent staff lose the organisation has had to involve and evolve there
policies and procedures to remove the risk of an audit. This involves updating

BSBRSK501B Manage Risk

all the current policies as well as creating new ones for procedures such as
OH&S, IT policies, Email, Bullying, Sexual harassment and so on. All staff is to
be made aware of these policies via email and placing them on a network
drive for staff accessibility.

Document critical success factors, goals or objectives for area included in

scope
Reviewing the organisation and the success of the risk management scope I
would say the critical success factor is Successfully merging the construction
and handover of a superior product. This is the companys strong success factor
in the market at the moment; they provide a superior product to clients by
merging the construction and handover procedure into 1 team which enables
quality homes at a quicker rate of construction.
The main objective which is clear within the risk management policy scope is; To
increase profit margin & customer experience.
The organisation seems to have 3 main goals;
1. To reduce and identify the situations and events associated primarily with
Watersun Homes building activities that could give rise to the potential of
injury & illness.
2. Removing the scope of hazard in stages of the construction including but
not limited to design changes, on site changes, introduction of new or
modified processes or plant and equipment, customer service experience
and profit margins.
3. Elimination of hazards that are grouped as physical, ergonomic, economic,
chemical, environmental & biological.
Identify each of the internal and external stakeholder groups for each
make a list of their issues
Internal Stakeholders
Directors, Senior Management, COO, General Manager, senior management
team, office staff, supervisors on site, board committee members & customer
service
External Stakeholders
Local Authority, councils, Providers, customers, suppliers, labourers, trades,
funders, quality assessors, banks, debtors, surveyors, attorneys & government
Internal Stakeholder issues
Monetary (Making sure they are paid on time by the organisation), success of the
company in the competitive market, personal wellbeing and health issues,

BSBRSK501B Manage Risk

preventing injury, completion of a project that can enable company success
which in turn provides personal satisfaction.
External Stakeholder issues
Monetary (Making sure they are paid on time by the organisation, success of the
company they are being paid by to ensure future work, and organisation doesnt
encroach on federal or national laws, paying loans and debts on time, having a
strong financial asset backing.

Discuss how you will communicate with each of the stakeholder groups,
include details of:
- key messages
- delivery strategies
- how you will encourage input / participation
To internal & external stakeholders of the company I would provide an article that
is distributed via email and company handout. This email and handout would
provide information to the target audience being the employees of the
organisations and external stakeholders with the view to approach the relevant
risk management, the benefits of email and handout is the organisation can then
know that all employees received the message and are aware of the message
and email to external so they are aware and keep track of who has received it.
To input participation I would request that the stakeholders complete a feedback
survey at the end of the key message that is delivered via email. The survey
would encourage stakeholder participation via there active feedback as it makes
them aware that there view is looked at and actioned by the board of directors.
Describe what level and type of support you need in order for your risk
management plan to be effective and discuss the strategies that you will
use in order to obtain that support
To have an effective risk management plan I will need to define a certain person
as the risk champion. This person will be able to promote management plans
benefits back to the directors or board of management as well as its possible
flaws and how the organisation can overcome them.
Then I will need this particular risk champion to raise awareness to all the
stakeholders in different ways relevant to their status within the organisation of
the current risks, for example;

BSBRSK501B Manage Risk

Sitting with the CEO of an organisation to discuss the scope of the risk
management plan or discussing with employees regarding possible future risks
or present risks during a team meeting.
With the support obtained via awareness to stakeholders of all types the risk
champion can then develop a business case. Sitting with the board of directors
the risk champion will convey the risks that need to be managed, the
background of the current risk management strategy related to each
organisational risk, the business benefits, the options considered to each risk
being beneficial or rejectable, the expected costs and the consequences of not
adopting the proposed future risk management plan.

Part 2 Identify the risks:

Using a SWOT diagram, identify the risks that face the company
Strengths
A small personnel team that can
concentrate on the important aspects
of building & construction
Wide availability to different projects &
developers which increases sales and
cash flow
Single storey construction specialists
but with more inclusions at a cheaper
rate
Opportunities
Due to economic downturn & limited
single storey sales the organisation can
now branch out into different
developments
Financial backing with the government
accreditation which can enable the
company to provide clients with small
deposit homes

Weaknesses
Customer service is severe lacking
Cash flow availability which limits
payments to suppliers and trades but
also finances
Not enough speciality knowledge in
projects which limits the organisations
building capacity to take on
challenging profit filled work

Threats
The competition is branching out into
the project and medium density
division and due to their finance
backing & marketing resources it can
become a large problem
Cash flow problems which limit our
payments to suppliers & trades is
making them no longer work for the
organisation

BSBRSK501B Manage Risk

The construction of disability homes
and make it a special division of the
business as no one in the market has
looked into that field of work

Limited knowledge being a large

weakness which restricts the company
taking on larger jobs, our own internal
stakeholders is a threat

Research these risks and provide any necessary background / further

detail
These risks were actually determined by performing a SWOT analysis at the
organisation, as well as researching the companys website and current risk
assessment plan.
Make a list of the other tools and techniques you could use in order to
generate a list of risks that apply to the scope
The other techniques you could use for a scope are the following;
1. Fishbone Diagram: Also referred to as the cause and effect diagram or
the Ishiwaka diagram this is an effective tool for determining the risks
occurred and not the history or symptoms of a risk.
2. Process Mapping: Gathering information a model can be constructed of
the activities that take place during the risk process. A very useful
communication tool to the involved team as it allows them to map the
ICOR (Input, output, controls & resources)
3. Process Flowcharting: A great visual tool to establish why the current
process operates the way it does and also to conduct an objective
analysis to identify potential risks.
4. Force Field Analysis: Created by American social psychologist Kurt
Lewin this process allows an organisation or team to identify the forces
that affect the process and risks. It assesses the forces preventing
making the change and create a plan to overcome them.
5. Checklists: A good tool for raw data and enabling to structure data with
a purpose, to collect facts in the most efficient way yet and the most
effective way. There are confirmation sheets, process distribution,
frequency sheets & defect location sheets.
6. Scenario Analysis: Using analysis tools to predict possible future events
and then considering alternative possible scenarios for that set risk.
White it can be a demanding exercise due to no one being able to
predict the future it does have benefits to analyse any possible
outcome.
7. Markov Chains: A mathematical concept to risk solution that examines
probabilities, time, process or system spenditure and the expected
transitions between states.

BSBRSK501B Manage Risk

Part 3 Analyse the risks:
Assess the likelihood of the risks occurring
To assess the risks we need to determine the probability of them occurring by
placing them into 5 different categories being rare, unlikely, possible, likely and
very likely for example below;
Risk
Complete loss of
company revenue
Vulnerability in
organisational product
knowledge
External sources stealing
via technological means
Information systems
crashing on employees
Spending money on
extras to site that could
be avoided

Heading

Likelihood

Rare

0 5%

Unlikely

6 20%

Possible

21 40%

Likely

41 80%

Very Likely

81 100%

Assess the impact or consequence if risks occur

If any of the risks occur that are above 40% and higher the company can go into
possible receivership or shut down as they can greatly put the company at huge
risk. Risk being either through profit, employee loss, sustainability, and
organisation revealed secrets and many more.
Depict the risks on a risk matrix
MEDIUM
Incident at a worksite
LOW
New marketing sales
release date pushed back
LOW
Director away with illness

HIGH
Worksafe shutting down
a site
MEDIUM
Employee knowledge in
company product

CRITICAL
Loss of cash flow &
profits
HIGH
Government abolishment
of the FHOG bonus

LOW
Payments to suppliers
are delayed

MEDIUM
Air conditioning unit
effecting staff members
with illness

BSBRSK501B Manage Risk

Evaluate and prioritise risks for treatment

By reviewing the above risk matrix we can see that the most critical of all risks is
a complete loss of company cash flow & profits, the reason this is the most
critical to address and make as a priority is that if the organisation loose profit
then the company will shut down. After this the 2 highest to address is worksafe
shutting down a production high end site and the federal government abolishing
the first home owners grant, again these 2 are tied into cash flow which will
greatly affect the business putting us at risk of bankruptcy.

Part 4 Select and implement treatments:

Determine the most appropriate options for treating the top 3 risks that
you have identified
The top 3 risks I have identified are;
1. Loss of sales and cash flow to the business
Treatment for this risk would be to avoid the risk. Trying to avoid this risk
by creating possible new finance options to prospective clients that would
allow them to provide part payments upfront and then balance on
completion for a small deposit. Also creating possible contingency plans to
reduce costs during construction of large end projects.
2. Worksafe shutting down a large project
Treatment for this risk would be to share the risk. To share this risk we
would have to create on site daily toolbox meetings with all trades, from
there all trades or suppliers are advised of the practicing OH&S procedures
and that if any regulations are broken it will be acted on them and not the
company.
3. Government abolishing the FHOG bonus
Treatment for this risk would be to retain the risk. Unfortunately this risk
cannot be avoided by the organisation or the industry as it is a ruling from
the federal government, reduction of the risk is not possible as we have no
control, sharing the risk is not possible as its not something we can share
with suppliers or trades so all the organisation can do is retain it and
possibly create plans that will not impact the business to much due to that
abolishment.

BSBRSK501B Manage Risk

Develop an action plan for implementing those risk treatments

Firstly we must set the goals for each risk, the goal must be specific,
measureable, achievable, and realistic and be able to be tracked in time, it must
be SMART.
1. Loss of sales and cash flow to the business
To reduce possible loss of sales and cash flow the organisation must
increase profits within the next financial year, reduce expenditure,
company overheads and increase productivity.
2. Worksafe shutting down a large project
To reduce or eliminate this risk of worksafe shutting down a site which in
turn affects cash flow the organisation must take measures to ensure that
worksafe procedures are adhered too and all work sites are a safe
environment.
3. Government abolishing the FHOG bonus
By creating marketing campaigns and greater exposure of the
organisation we can be sure we provide a stable product and produce
quality without reduction of possible sales.
Now that the goals have been determined for each risk a plan must be put into
action that will provide us the necessary steps, methods, processes and
timeframes suitable to complete our goal. For example below is an action plan
that can be used for risk 1;
Loss of sales and cash flow to the business
Action to be
By whom
By when
Resources
taken
Working group Sales Manager June
Sales team
established

Sales team to
discuss
solutions
Research
conducted

Working party

June

Meeting room

Working party

July

Draft policy

Working party

August

Final policy

Director

September

Internet, past
history, other
companies
Computers
and other
sales staff
Nil

KPI
Sales team
established
and
understanding
of the meeting
SWOT analysis
taken on the
organisation
Best possible
practice
identified
Draft policy
written
Final policy
approved and
placed into

BSBRSK501B Manage Risk

practice

BSBRSK501B Manage Risk

Explain how you will communicate the action plan information to the
relevant parties
I would communicate the action plan to the relevant parties with an in house
meeting; this meeting will have a chairperson being the risk champion who is
aware of the full scope of the risk and in extension the action plan. This risk
champion should have the following qualities;
1.
2.
3.
4.
5.
6.
7.
8.
9.

Be balanced and honest to the relevant parties and all involved

Focus on the specific issue/risk
Pay attention to what the audience already knows
Be tailored to the specific needs of the audience
Place the risk in the appropriate context to the most relevant parties
involved
Contain the specific information related to the risk
Be respectful in tone and recognise that people have views and
opinions
Be honest about the limits of data and research
Consider and address the broader social dynamics of the risk

Once the risk champion can portray the above characteristics during the meeting
than the action plan can be provided to all relevant parties who can then walk
away with a clear and concise understanding of their involvement in the risk
treatment.
What documentation is needed and how will it be completed and stored
The following documentation should be completed and stored for risk
documentation;
1.
2.
3.
4.
5.
6.
7.

Meeting agenda
Meeting minutes
Research papers & documents
Task of duties to the working party of the risk management process
Duty description for all members involved
Old procedure
New updated policy & procedure

Once all the above documentation has been read, completed and accurately kept
it can be stored on a public network drive as well as having a hard copy available
with a backup on hard & soft copies availably ready. The documentation will be
kept up to date by the risk champion or governed OH&S employee who will
update the records at every meeting, conversation, new documentation or any
situation that will amend the policy & procedures.

BSBRSK501B Manage Risk

Describe the steps that you will take to implement your risk management
action plan
The following 7 steps will be applied to implement my risk management plan;
1.
2.
3.
4.
5.
6.
7.

Establish a context for the risk management in my organisation

Communicate the risk management plan to the organisation stakeholders
Identify the risks
Analyse the risks
Evaluate the risks
Treat the risks
Monitor and review the risks

Once the above 7 steps have been done within the organisation then the action
management plan has been fulfilled, now the organisation can move forward
making sure the risk management plan put in place is working and achieving the
goal.
Discuss how you will monitor the action plan to ensure that it meets its
identified goals
There are 3 types of monitoring for an action plan;
1. Ongoing daily monitoring by all personnel whom will ensure continuous
monitoring that is embedded into daily methods of working.
2. Line management review at designated points of time which can be driven
by a risk profile spanning the managers control levels.
3. An internal or external audit perhaps during an annual business planning
session performed by a third party or stakeholder.
By performing constant reviewing and monitoring of the action plan the
organisation can have daily and perhaps annually review sessions that can
ensure there goals are achieved. Also they are able to see changes in
circumstances when they happen in real time via either internal or external
sources which can then trigger a review of the action plan.
The review though should be broad enough that it will encompass the risk
implications of all activities, products, services of the organisation and the
changing environment. This can ensure that the goals of the action plan can be
effectively met all the way through the monitoring process.

BSBRSK501B Manage Risk

Explain how you will evaluate the process that you have used to manage
these risks
To evaluate the entire process the selected auditor whether they be a manager,
OH&S manager, OH&S committee or an independent auditor they must evaluate
the entire enterprise wide risk management process and not just the nominated
action plan. The audit process can be conducted by the chosen auditor on a 3
year annually basis or more frequently depending on the organisation and the
risks they face.
The nominated persons job is to determine the following;
1. The current risk identification process is comprehensive
2. The process to assigning severity and likelihood ratings is appropriately
designated
3. Processes in place are sufficient enough to control all risks
4. Process and procedures are followed as intended