Learner Guide
This learner guide is copyright protected and belongs to:
BSBRSK501
MANAGE RISK
Developed by Enhance Your Future Pty Ltd 2
BSBRSK501 Manage risk Version 2
Developed by Enhance Your Future Pty Ltd 3
BSBRSK501 Manage risk Version 2
T A B L E O F C O N T E N T S
TABLE OF CONTENTS............................................................................................................................... 3
COURSE INTRODUCTION ........................................................................................................................ 6
ABOUT THIS GUIDE ..................................................................................................................................................................... 6 ABOUT THIS RESOURCE ..................................................................................................................................................... 6 ABOUT ASSESSMENT ............................................................................................................................................................ 6
ELEMENTS AND PERFORMANCE CRITERIA ...................................................................................... 9
REQUIRED SKILLS AND KNOWLEDGE ................................................................................................ 10
KNOWLEDGE EVIDENCE .......................................................................................................................................................... 10 PERFORMANCE EVIDENCE ....................................................................................................................................................... 10
PRE-REQUISITES ....................................................................................................................................... 11
TOPIC 1 – ESTABLISH RISK CONTEXT .................................................................................................. 12
REVIEW ORGANISATIONAL PROCESSES, PROCEDURES AND REQUIREMENTS FOR
UNDERTAKING RISK MANAGEMENT .................................................................................................. 12
OUTLINE ORGANISATIONAL POLICIES, PROCEDURES AND PROCESSES FOR RISK MANAGEMENT .......................... 12 THE LEGISLATIVE AND REGULATORY CONTEXT OF THE ORGANISATION IN RELATION TO RISK MANAGEMENT
....................................................................................................................................................................................................... 14 Anti-Discrimination and Equal Employment Opportunity (EEO) ......................................................................................... 14 Consumer Protection, Fair Trading and Trade Practices ........................................................................................................... 15 Employment and Industrial Relations ....................................................................................................................................... 16 Environment and Sustainability................................................................................................................................................ 18 Financial Services ..................................................................................................................................................................... 18 Occupational Health and Safety (OHS) ................................................................................................................................... 19 Privacy ...................................................................................................................................................................................... 20
THE PURPOSE AND KEY ELEMENTS OF CURRENT RISK MANAGEMENT STANDARDS ................................................ 21
DETERMINE SCOPE FOR RISK MANAGEMENT PROCESS .............................................................. 22
THE SCOPE DOCUMENT AND ITS COMPONENTS .................................................................................................................. 23 RISK ASSOCIATED WITH PROJECT MANAGEMENT ............................................................................................................... 24
IDENTIFY INTERNAL AND EXTERNAL STAKEHOLDERS AND THEIR ISSUES ........................ 25
REVIEW POLITICAL, ECONOMIC, SOCIAL, LEGAL, TECHNOLOGICAL AND POLICY
CONTEXT ................................................................................................................................................... 26
SPECIFIC RISK AREAS ................................................................................................................................................................. 26
REVIEW STRENGTHS AND WEAKNESSES OF EXISTING ARRANGEMENTS ............................... 31
CONDUCTING A SWOT ANALYSIS ......................................................................................................................................... 31
DOCUMENT CRITICAL SUCCESS FACTORS, GOALS OR OBJECTIVES FOR AREA INCLUDED
IN SCOPE .................................................................................................................................................... 34
OBTAIN SUPPORT FOR RISK MANAGEMENT ACTIVITIES ............................................................. 36
CREATING A SUPPORTIVE WORK ENVIRONMENT ................................................................................................................ 36 INDIVIDUAL OR TEAM APPROACH .......................................................................................................................................... 37 THE IMPORTANCE OF TRAINING ............................................................................................................................................ 38
COMMUNICATE WITH RELEVANT PARTIES ABOUT THE RISK MANAGEMENT PROCESS
AND INVITE PARTICIPATION ............................................................................................................... 40
TOPIC 2 - IDENTIFY RISKS ...................................................................................................................... 42
INVITE RELEVANT PARTIES TO ASSIST IN THE IDENTIFICATION OF RISKS.......................... 42
Developed by Enhance Your Future Pty Ltd 4
BSBRSK501 Manage risk Version 2
RESEARCH RISKS THAT MAY APPLY TO SCOPE ............................................................................... 44
USE TOOLS AND TECHNIQUES TO GENERATE A LIST OF RISKS THAT APPLY TO THE
SCOPE, IN CONSULTATION WITH RELEVANT PARTIES ................................................................ 45
RISK IDENTIFICATION TECHNIQUES ..................................................................................................................................... 45 PROCESS CHARTING .................................................................................................................................................................. 46
Scenario analysis ....................................................................................................................................................................... 47 BENCHMARKING SIMILAR ORGANISATIONS AND ACTIVITIES ........................................................................................... 47
TOPIC 3 - ANALYSE RISKS ....................................................................................................................... 49
ASSESS LIKELIHOOD OF RISKS OCCURRING ..................................................................................... 49
ASSESS IMPACT OR CONSEQUENCE IF RISKS OCCUR ..................................................................... 50
EVALUATE AND PRIORITISE RISKS FOR TREATMENT ................................................................... 51
TOPIC 4 - SELECT AND IMPLEMENT TREATMENTS ....................................................................... 55
DETERMINE AND SELECT MOST APPROPRIATE OPTIONS FOR TREATING RISKS ................ 55
KEY OUTCOMES STEPS .............................................................................................................................................................. 55 Identify treatment options .......................................................................................................................................................... 55
DEVELOP AN ACTION PLAN FOR IMPLEMENTING RISK TREATMENT .................................... 58
SAMPLE RISK TREATMENT ACTION PLAN .............................................................................................................................. 59
COMMUNICATE RISK MANAGEMENT PROCESSES TO RELEVANT PARTIES ............................ 60
COMMUNICATION FACTORS SUCH AS LANGUAGE AND LITERACY ................................................................................... 60 DIVERSITY OF WORKERS .......................................................................................................................................................... 60
ENSURE ALL DOCUMENTATION IS IN ORDER AND APPROPRIATELY STORED ..................... 62
STORAGE OF WHS/OHS INFORMATION.............................................................................................................................. 62
IMPLEMENT AND MONITOR ACTION PLAN .................................................................................... 63
EVALUATE RISK MANAGEMENT PROCESS ........................................................................................ 66
SUMMARY ................................................................................................................................................... 68
REFERENCES ............................................................................................................................................ 69
Developed by Enhance Your Future Pty Ltd 5
BSBRSK501 Manage risk Version 2
Developed by Enhance Your Future Pty Ltd 6
BSBRSK501 Manage risk Version 2
C O U R S E I N T R O D U C T I O N
ABOUT THIS GUIDE
This resource covers the unit BSBRSK501 Manage risk.
This unit describes the performance outcomes, skills and knowledge required to manage risks in
a range of contexts across the organisation or for a specific business unit or area.
This unit addresses the management of the risk across the organisation or within a business unit
or area. It does not assume any given industry setting.
This unit applies to individuals who are working in positions of authority and are approved to
implement change across the organisation, business unit, program or project area. They may or
may not have responsibility for directly supervising others.
ABOUT THIS RESOURCE
This resource brings together information to develop your knowledge about this unit. The
information is designed to reflect the requirements of the unit and uses headings to makes it
easier to follow.
Read through this resource to develop your knowledge in preparation for your assessment. You
will be required to complete the assessment tools that are included in your program. At the back
of the resource are a list of references you may find useful to review.
As a student it is important to extend your learning and to search out text books, internet sites,
talk to people at work and read newspaper articles and journals which can provide additional
learning material.
Your trainer may include additional information and provide activities. Slide presentations and
assessments in class to support your learning.
ABOUT ASSESSMENT
Developed by Enhance Your Future Pty Ltd 7
BSBRSK501 Manage risk Version 2
Throughout your training we are committed to your learning by providing a training and
assessment framework that ensures the knowledge gained through training is translated into
practical on the job improvements.
You are going to be assessed for:
Your skills and knowledge using written and observation activities that apply to your
workplace.
Your ability to apply your learning.
Your ability to recognise common principles and actively use these on the job.
You will receive an overall result of Competent or Not Yet Competent for the assessment of this
unit. The assessment is a competency based assessment, which has no pass or fail. You are either
competent or not yet competent. Not Yet Competent means that you still are in the process of
understanding and acquiring the skills and knowledge required to be marked competent. The
assessment process is made up of a number of assessment methods. You are required to achieve
a satisfactory result in each of these to be deemed competent overall.
All of your assessment and training is provided as a positive learning tool. Your assessor will
guide your learning and provide feedback on your responses to the assessment. For valid and
reliable assessment of this unit, a range of assessment methods will be used to assess practical
skills and knowledge.
Your assessment may be conducted through a combination of the following methods:
Written Activity
Case Study
Observation
Questions
Third Party Report
The assessment tool for this unit should be completed within the specified time period following
the delivery of the unit. If you feel you are not yet ready for assessment, discuss this with your
trainer and assessor.
To be successful in this unit you will need to relate your learning to your workplace. You may be
required to demonstrate your skills and be observed by your assessor in your workplace
Developed by Enhance Your Future Pty Ltd 8
BSBRSK501 Manage risk Version 2
environment. Some units provide for a simulated work environment and your trainer and
assessor will outline the requirements in these instances.
Developed by Enhance Your Future Pty Ltd 9
BSBRSK501 Manage risk Version 2
E L E M E N T S A N D P E R F O R M A N C E C R I T E R I A
1. Establish risk context 1.1 Review organisational processes, procedures and requirements for
undertaking risk management
1.2 Determine scope for risk management process
1.3 Identify internal and external stakeholders and their issues
1.4 Review political, economic, social, legal, technological and policy
context
1.5 Review strengths and weaknesses of existing arrangements
1.6 Document critical success factors, goals or objectives for area
included in scope
1.7 Obtain support for risk management activities
1.8 Communicate with relevant parties about the risk management
process and invite participation
2. Identify risks 2.1 Invite relevant parties to assist in the identification of risks
2.2 Research risks that may apply to scope
2.3 Use tools and techniques to generate a list of risks that apply to the
scope, in consultation with relevant parties
3. Analyse risks 3.1 Assess likelihood of risks occurring
3.2 Assess impact or consequence if risks occur
3.3 Evaluate and prioritise risks for treatment
4. Select and implement
treatments
4.1 Determine and select most appropriate options for treating risks
4.2 Develop an action plan for implementing risk treatment
4.3 Communicate risk management processes to relevant parties
4.4 Ensure all documentation is in order and appropriately stored
4.5 Implement and monitor action plan
4.6 Evaluate risk management process
Developed by Enhance Your Future Pty Ltd 10
BSBRSK501 Manage risk Version 2
R E Q U I R E D S K I L L S A N D K N O W L E D G E
This describes the essential knowledge and skills and their level required for this unit.
KNOWLEDGE EVIDENCE
To complete the unit requirements safely and effectively, the individual must:
Outline the purpose and key elements of current risk management standards
Outline the legislative and regulatory context of the organisation in relation to risk
management
Outline organisational policies, procedures and processes for risk management.
PERFORMANCE EVIDENCE
Evidence of the ability to:
Analyse information from a range of sources to identify the scope and context of the
risk management process including:
o Stakeholder analysis
o Political, economic, social, legal, technological and policy context
o Current arrangements
o Objectives and critical success factors for the area included in scope
o Risks that may apply to scope
Consult and communicate with relevant stakeholders to identify and assess risks,
determine appropriate risk treatment actions and priorities and explain the risk
management processes
Develop and implement an action plan to treat risks
Monitor and evaluate the action plan and risk management process
Maintain documentation
Developed by Enhance Your Future Pty Ltd 11
BSBRSK501 Manage risk Version 2
P R E - R E Q U I S I T E S
This unit must be assessed after the following pre-requisite unit:
There are no pre-requisites for this unit.
Developed by Enhance Your Future Pty Ltd 12
BSBRSK501 Manage risk Version 2
T O P I C 1 – E S T A B L I S H R I S K C O N T E X T
REVIEW ORGANISAT IONA L PROCESSES, P ROCE DU RES AND
REQUIREMENTS FOR UND ERTAKING RISK MANAGE MENT
Most organisations are exposed to some level of risk. Some of these risks are consistent across
organisations, and some are organisation-specific. Risks may relate to:
Commercial relationships
Economic circumstances and scenarios
Human behaviour
Individual activities
Legislation
Management activities and controls
Natural events
Political circumstances
Technology
OUTLINE ORGANISATION AL POLICIES, PROCEDU RES AND PROCESSES
FOR RISK MANAGEMENT
Before beginning a project to manage the various risks to which your organisation is exposed, it
is important to take the time to review your organisation’s risk management policies, procedures
and processes. Read the following definitions:
A policy is a written statement which explains why workers within an organisation should
undertake a task in a certain way
A procedure is a written statement which explains how workers within an organisation
should undertake the task
A process is a series of actions or steps which workers should undertake to achieve a
particular outcome; processes for different tasks, including those related to risk
Developed by Enhance Your Future Pty Ltd 13
BSBRSK501 Manage risk Version 2
management, may be outlined in your organisation’s procedures, or they may exist as
separate documents
You must be familiar with where your organisation’s risk management policies, procedures and
processes are stored – for example, they are often located in soft-copy on a shared computer
drive, or in hard-copy in folders in a main office, etc. You must know how to access these key
documents, and how you are expected to apply them in your work – and in particular, when
assessing risk, and when planning to manage risk.
Your organisation’s policies, procedures and processes for risk management will provide you
with the following types of important information:
They will tell you about the risks associated with specific areas or the organisation as a
whole, and these should be included in your risk management assessment. They may also
provide information on how risks change over time, in response to different
circumstances and events in your organisation
Different organisations create different levels of expectation for risk management
strategies, along with specifying cost effectiveness versus acceptable risk; knowing this
information means you can keep the risk management project in line within the
company’s guidelines and objectives
They may provide information on past risk management activities undertaken in your
organisation, and the impacts these had on organisational risk
When reviewing risk management procedures you should also look for specific formatting
requirements for contingency plans. Areas such as emergency services (Ambulance, Fire, SES
and Police departments) often create contingency plans for different potential emergencies. They
always follow the same format in all of their plans. This allows the reader of the plan to quickly
find the information that they need.
If you need to implement contingency plans, then following standard formats may save time.
People will not have to search for information or understand the format before implementing
their part of the plan the only thing they need to do is open the plan to the section they need,
and find what they are looking for.
If there are other risk management assessments that have been done in parallel parts of the
organisation, you may need to consider accessing a copy of them in order to help you with the
new plan. Often, the risk management plans created for other areas of the company can be
adapted to suit your needs. This also provides for a cost saving to the company, because it means
Developed by Enhance Your Future Pty Ltd 14
BSBRSK501 Manage risk Version 2
work already done does not need to be repeated.
Your organisation’s policies, procedures and processes for risk management should also provide
you with a great deal of information about how your final documentation should be filed, who
should receive copies, where they should be located, and how they should be distributed. All are
important factors in a risk management project.
THE LEGISLATIVE AND REGULATORY CONTEXT O F THE
ORGANISATION IN RELA TION TO RISK MANAGEM ENT
In your role, it is important that you are familiar with the legislation and regulations which apply
to your organisation in relation to risk management. Working within legislation and regulations is
essential to reducing the risks to which your organisation is exposed, and it can also assist you to
identify strategies to effectively manage risks.
There may be particular pieces of legislation and regulations that apply in the organisation /
industry or the State / Territory where you work. If this is the case, it is essential that you
familiarise yourself with this – for example: by reading about it online (e.g. on the Federal
Register of Legislation), or by speaking with relevant people (e.g. your work supervisor /
organisation manager, legal professionals, etc.). Read the following about some more general
legislation / regulations which may apply to you:
ANTI-DISCRIMINATION AND EQUAL EMPLOYMENT OPPORTUNITY (EEO)
Discrimination refers to the unjust or prejudicial treatment of a person on the grounds of a point
of difference (e.g. race, colour / ethnicity, gender, sexual preference, age, physical or mental
disability, marital status, family / carer responsibilities, pregnancy, religion, political opinion,
national extraction, social origin, etc.). Under a range of legislation, discrimination is illegal in
Australia. Read the following:
Over the past 30 years the Commonwealth Government and the state and territory governments have introduced laws to
help protect people from discrimination and harassment.
The following laws operate at a federal level and the Australian Human Rights Commission has statutory responsibilities
under them:
Age Discrimination Act 2004
Australian Human Rights Commission Act 1986
Disability Discrimination Act 1992
Racial Discrimination Act 1975
Sex Discrimination Act 1984.
The following laws operate at a state and territory level, with state and territory equal opportunity and anti-discrimination
agencies having statutory responsibilities under them:
Developed by Enhance Your Future Pty Ltd 15
BSBRSK501 Manage risk Version 2
Australian Capital Territory – Discrimination Act 1991
New South Wales – Anti-Discrimination Act 1977
Northern Territory – Anti-Discrimination Act 1996
Queensland – Anti-Discrimination Act 1991
South Australia – Equal Opportunity Act 1984
Tasmania – Anti-Discrimination Act 1998
Victoria – Equal Opportunity Act 2010
Western Australia – Equal Opportunity Act 1984.
Commonwealth laws and the state/territory laws generally overlap and prohibit the same type of discrimination. As both
state/territory laws and Commonwealth laws apply, you must comply with both. Unfortunately, the laws apply in slightly
different ways and there are some gaps in the protection that is offered between different states and territories and at a
Commonwealth level. To work out your obligations you will need to check the Commonwealth legislation and the state or
territory legislation in each state in which you operate.1
A concept closely associated with anti-discrimination is equal employment opportunity.
Diversity in the workplace means having employees from a wide range of backgrounds. This can include having employees
of different ages, gender, ethnicity, physical ability, sexual orientation, religious belief, work experience, educational
background, and so on.
In Australia, national and state laws cover equal employment opportunity and anti-discrimination in the workplace.
You're required by these laws to create a workplace free from discrimination and harassment. It's important that as an
employer, you understand your rights and responsibilities under human rights and anti-discrimination law. By putting
effective anti-discrimination and anti-harassment procedures in place in your business you can improve productivity and
increase efficiency.1
Equity and diversity principles state that all people must be treated equally and fairly, regardless
of diversity such as gender, disability, etc. This applies also in relation to employment. All States
and Territories in Australia have equal employment acts; you should familiarise yourself with
those which apply to you in your role.
CONSUMER PROTECTION, FAIR TRADING AND TRADE PRACTICES
Australian consumer laws protect consumers in relation to the products and services they
purchase. They require people / organisations selling products and services to utilise fair trading
/ fair trade practices. Under the Australian consumer laws, organisations have a responsibility to
offer guarantees on the products and services they sell. Read the following:
Products must be of acceptable quality, that is:
1 Australian Human Rights Commission, 2017.
Developed by Enhance Your Future Pty Ltd 16
BSBRSK501 Manage risk Version 2
Safe, lasting, with no faults
Look acceptable
Do all the things someone would normally expect them to do
Acceptable quality takes into account what would normally be expected for the type of product and cost. Products must also:
Match descriptions made by the salesperson, on packaging and labels, and in promotions or advertising
Match any demonstration model or sample you asked for
Be fit for the purpose the business told you it would be fit for and for any purpose that you made known to the
business before purchasing
Come with full title and ownership
Not carry any hidden debts or extra charges
Come with undisturbed possession, so no one has a right to take the goods away or prevent you from using them
Meet any extra promises made about performance, condition and quality, such as life time guarantees and money
back offers
Have spare parts and repair facilities available for a reasonable time after purchase unless you were told otherwise
Services must:
Be provided with acceptable care and skill or technical knowledge and taking all necessary steps to avoid loss and
damage
Be fit for the purpose or give the results that you and the business had agreed to
Be delivered within a reasonable time when there is no agreed end date2
There are some exceptions to these guarantees; you can read more about these on the Australian
Competition and Consumer Commission’s (ACCC) website.
In some circumstances when an organisation has failed in relation to its responsibilities when
selling a product or service, a customer may be entitled to a refund or an exchange. To refund a
customer means to return the money they have paid for the product or service they are
dissatisfied with. To exchange means to provide the customer with another product or service to
replace the one they are dissatisfied with.
EMPLOYMENT AND INDUSTRIAL RELATIONS
The Australian national workplace relations system establishes a safety net of minimum terms
and conditions of employment, and a range of other workplace rights and responsibilities. Read
the following:
2 Australian Competition and Consumer Commission, 2016.
Developed by Enhance Your Future Pty Ltd 17
BSBRSK501 Manage risk Version 2
The national workplace relations system is established by the Fair Work Act 2009 and other laws and covers the
majority of private sector employees and employers in Australia. As set out in the Fair Work Act 2009 and other
workplace legislation, the key elements of our workplace relations framework are:
A safety net of minimum terms and conditions of employment
A system of enterprise-level collective bargaining underpinned by bargaining obligations and rules governing
industrial action
Provision for individual flexibility arrangements as a way to allow an individual worker and an employer to
make flexible work arrangements that meet their genuine needs, provided that the employee is better off overall
Protections against unfair or unlawful termination of employment
Protection of the freedom of both employers and employees to choose whether or not to be represented by a third
party in workplace matters
Australia’s workplace relations laws are enacted by the Commonwealth Parliament. The practical application of the Fair
Work Act in workplaces is overseen by the Fair Work Commission and the Fair Work Ombudsman:
The Fair Work Commission is the independent national workplace relations tribunal and has the power to
carry out a range of functions in relation to workplace matters such as the safety net of minimum conditions,
enterprise bargaining, industrial action, dispute resolution and termination of employment
The Fair Work Ombudsman helps employees, employers, contractors and the wider community to understand
their workplace rights and responsibilities and enforces compliance with Australia’s workplace laws3
It is important that you are familiar with the industrial relations laws and processes which apply
in the context in which you work
3 Australian Government Department of Employment, 2017.
Developed by Enhance Your Future Pty Ltd 18
BSBRSK501 Manage risk Version 2
ENVIRONMENT AND SUSTAINABILITY
We all have a moral and ethical responsibility to safeguard the environment. For many
organisations, environmental protection is also a legal responsibility. Read the following:
The Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act) is the Australian Government's key
piece of environmental legislation which commenced 16 July 2000. The EPBC Act enables the Australian Government
to join with the states and territories in providing a truly national scheme of environment and heritage protection and
biodiversity conservation. The EPBC Act focuses Australian Government interests on the protection of matters of
national environmental significance, with the states and territories having responsibility for matters of state and local
significance. The Australian Government Department of the Environment (the Department) administers the EPBC Act.
The objectives of the EPBC Act are to:
Provide for the protection of the environment, especially matters of national environmental significance
Conserve Australian biodiversity
Provide a streamlined national environmental assessment and approvals process
Enhance the protection and management of important natural and cultural places
Control the international movement of plants and animals (wildlife), wildlife specimens and products made or
derived from wildlife
Promote ecologically sustainable development through the conservation and ecologically sustainable use of natural
resources
Recognise the role of Indigenous people in the conservation and ecologically sustainable use of Australia's
biodiversity
Promote the use of Indigenous peoples’ knowledge of biodiversity with the involvement of, and in cooperation
with, the owners of the knowledge4
It is important that you work in a manner consistent with the EPBC Act, as well as any other
environmental protection legislation which applies to your context of practice.
FINANCIAL SERVICES
Your organisation may provide a variety of different financial services; in your role, you may be
responsible for managing these financial services. When considering financial services, it is
important that you consider financial probity. Probity is a strict adherence to a code of ethics,
and undeviating honesty, in commercial (monetary) matters. It is important that you familiarise
yourself with your organisation’s policies and procedures for financial probity. Financial probity
involves considerations such as:
4 Australian Government Department of Environment and Energy, 2017.
Developed by Enhance Your Future Pty Ltd 19
BSBRSK501 Manage risk Version 2
Acting in a manner consistent with the real estate code of ethics / code of conduct
relevant to the context in which you work; there are a variety of general codes of ethics /
conduct online, and you are encouraged to read these
Not making improper use of your position – for example, avoid placing yourself in a
situation where there is the potential for claims of bias
Not accepting hospitality, gifts or benefits, etc., from any potential suppliers
Not seeking benefit from practices that may be dishonest, unethical or unsafe
Treat all people equitably – this means fairly, not necessarily equally
Manage conflict of interest and risks appropriately and effectively
Keeping comprehensive documentation about financial matters
OCCUPATIONAL HEALTH AND SAFETY (OHS)
Occupational health and safety (OHS) refers to the legislation and guidelines in place to keep
yourself and others safe in the workplace. Formerly, each Australian State and Territory has its
own work health and safety (WHS) laws. However, as of 1 January 2012 a number of Australian
states and territories are working collaboratively to develop a harmonised Occupational Health and
Safety (OHS) Act which can be applied consistently across these jurisdictions. States and
Territories which follow this harmonised legislation – known as the Work Health and Safety
(National Uniform Legislation) Act 2011 – include the Australian Capital Territory, New South
Wales, the Northern Territory, Queensland and South Australia. The Work Health and Safety
(National Uniform Legislation) Act 2011 underpins a number of other legislation and regulations.
Under the Work Health and Safety (National Uniform Legislation) Act 2011, your legislative
requirements may include those related to:
Provisions of federal, state / territory OHS Acts / regulations
Guidelines and procedures administered by statutory / regulatory authorities
Industry OHS standards and guidelines
Health and safety representatives, committees, supervisors
Licences, registration or certificates of competency
National safety standards
Acting within your scope of practice to ensure the health and safety of all those attending the
organisation you work for is a fundamental aspect of your duty of care. You should familiarise
yourself with the Work Health and Safety (National Uniform Legislation) Act 2011 and / or the
applicable legislation in your State or Territory, as well as the organisational policies and
procedures which explain how you are expected to apply this legislation in your day-to-day work.
Developed by Enhance Your Future Pty Ltd 20
BSBRSK501 Manage risk Version 2
PRIVACY
Under The Privacy Act (1998) (Commonwealth), and related State / Territory legislation, you are
required to maintain the confidentiality of the clients who attend your organisation, as well as
that of other staff members, the program itself and the wider community (as applicable).
Fundamentally, this means protecting their right to privacy, and avoiding sharing private
information unnecessarily. Confidentiality is an important aspect of your duty of care.
Amendments to the Privacy Act (1988) – the Privacy Amendment Act (2000) – describe how services
should treat their clients’ personal information. These principles include:
Only collecting information necessary to provide a service
Not using this information other than to providing a service
Collecting such information lawfully, fairly and unobtrusively
Obtaining informed consent to collect and store records
Maintaining people’s rights to request access to their records
Ensuring records are kept safe (e.g. in a locked filing cabinet)
Ensuring records are shared appropriately, with relevant people
Ensuring records are shared with the consent of the client
Ensuring records are not discussed in public spaces
Informing clients about the reasons why records are collected
Informing clients of what is done with the records collected
Ensuring that clients are informed about situations where disclosure of confidential
information without their consent is legally mandated
In essence, confidentiality is about protecting a client’s right to privacy. However, there are
circumstances where you are legally permitted to disclose information without the client’s
consent. This includes situations where you required by law to disclose confidential information
– for example, where you are subpoenaed (ordered) by a court to do so. Depending on your role,
you may also have a legal obligation to disclose confidential information if you have a reasonable
belief that a client may be at risk of harming themselves or others, for example. You may also be
legally required to disclose situations where you believe a colleague is impaired to the extent that
they may cause harm to clients. You should familiarise yourself with your legal obligations related
to your role as a mandatory reporter in your State or Territory.
Developed by Enhance Your Future Pty Ltd 21
BSBRSK501 Manage risk Version 2
THE PURPOSE AND KEY ELEMENTS OF CURRENT RISK MANAGEMENT
STANDARDS
The previous section of this unit discussed the legislative and regulatory context of your
organisation in relation to risk management. Closely related to legislation and regulations are
standards. Read the following about standards:
Standards are documents setting out specifications, procedures and guidelines. They are designed to ensure products, services
and systems are safe, reliable and consistent. They are based on industrial, scientific and consumer experience and are
regularly reviewed to ensure they keep pace with new technologies. They cover everything from consumer products and
services, construction, engineering, business, information technology, human services to energy and water utilities, the
environment and much more. There are three kinds of standards:
International standards are developed by International Organisation for Standardisation (ISO) and other
organisations. Countries can adopt these standards directly for their national use. Wherever possible, Standards
Australia embraces the development and adoption of international standards
Regional standards are prepared by a specific region. Joint Australian/New Zealand standards can be
considered regional standards
National standards can be developed by a national standards body (like Standards Australia) or other
accredited bodies5
The current risk management standard in Australia is AS / NZS ISO 31000 : 2009. This standard
provides important principles and general guidelines which should be considered when you are
developing risk management frameworks and programs.
It is likely that your organisation will have a copy of AS / NZS ISO 31000 : 2009 – either in
hard-copy, or in soft-copy. It is important that you access this standard, and read it for
understanding. In particular, you should understand how you can – and, indeed, are expected to
– apply this standard in your work managing risk in your organisation.
5 Standards Australia, 2017.
Developed by Enhance Your Future Pty Ltd 22
BSBRSK501 Manage risk Version 2
DETERMINE SCOPE FOR RISK M ANAGEMENT PROC ESS
Every risk management project has limitations. It is impossible for one person to identify all
possible risks that exist for a company. This process is usually broken down into sub-projects.
It is important to determine the scope of the risk management project first because there are
always risk factors which arise, that are outside of the person or teams authority who are
performing the risk analysis.
If you try to be all inclusive in your scope, you’ll never complete the project. Each new risk that
presents itself can open the doors to whole new areas of risks to plan for.
The scope that you create or that is assigned by the organisational policies will create the limits
for your risk management project. Anything that doesn’t fall within that scope is not your
responsibility and you should not begin developing plans for these areas.
You should forward the list of risks that are outside your scope of management to the person
who is responsible for risk management within your organisation; this could be the Health and
Safety Rep.
When determining the scope of your risk management process, you need to think along practical lines that are in agreement with your organisations operational plan. Trying to develop a risk management program that extends across geographical separation, business units or different projects can be extremely difficult. Your scope may apply to:
A specific project
An individual business unit or area
Specific functions such as:
o Financial management
o WHS
o Governance
External environment – for facilities
Internal environment – also for facilities
Developed by Enhance Your Future Pty Ltd 23
BSBRSK501 Manage risk Version 2
Or, in the case of a small organisation, it can cover the whole organisation
As you proceed in your risk management process, be sure to keep that scope in mind. It might be a good idea to print it out and have it by your side. That scope becomes the rule to which you compare every risk you encounter. If it is within the scope, you deal with it if it is outside the scope; you pass it on to others.
THE SCOPE DOCUMENT A ND ITS COMPONENTS
A scope document shows the extent, of a project. Below is an example:
The scope document includes the following key sections:
Scope statement - This clearly states the project goal, objectives and deliverables.
Project constraints - These are any limiting factors that prevent the project from
moving in a particular path.
Assumptions - These are aspects that the project manager builds into the scope
document to allow for any uncertainties that may occur.
Tasks list - You need to specify a list of tasks (and deliverables) to be achieved during
the project.
Developed by Enhance Your Future Pty Ltd 24
BSBRSK501 Manage risk Version 2
Estimates - You need to make initial estimates in relation to cost, time and human
resource requirements.
Contract statement - This will include the names of those authorised to initiate
contract work, sign contracts and completion acceptances.
RISK ASSOCIATED WITH PROJECT MANAGEMENT
Risk management is a vital part of project management. It is important to identify as many risks
as possible and be prepared if something happens that is out of the ordinary.
Here are some examples of common project risks:
Time and cost estimate too optimistic
Customer review and feedback cycle too slow
Unexpected budget cuts
Unclear roles and responsibilities
Stakeholder input is not sought, or their needs are not properly understood
Stakeholders changing requirements after the project has started
Stakeholders adding new requirements after the project has started
Poor communication resulting in misunderstandings, quality problems and rework
Lack of resource commitment
Risks can be tracked using a simple risk log. Add each risk you have identified to your risk log
and write down what you will do in the event it occurs and what you will do to prevent it from
occurring. Review your risk log on a regular basis adding new risks as they occur during the life
of the project. Remember, when risks are ignored they don't go away.6
6 http://www.gru.edu/ie/epmo/documents/steptwoplanprojectpdf.pdf
Developed by Enhance Your Future Pty Ltd 25
BSBRSK501 Manage risk Version 2
IDENT IFY INTE RNAL AN D EXT ERNAL STAKEH OLD ERS AND
THEIR ISSUE S
The term “stakeholders” typically, refers to the people who have an interest or share in the project. In the case of risk management, we can include anyone and everyone whose lives and businesses can be negatively impacted by the risks or actions of the business.
This means that stakeholders can be either internal or external. Stakeholders may includeee:::
Staff and employees
Owners,
Shareholders
Customers
Suppliers
The community
Anyone who could be affected by your company taking a negative turn can be considered a
stakeholder. Different stakeholder groups will have different concerns and not all will be
financial.
The most important of these is health. Risks to health can be extremely dangerous, even to the
point of death. While that is rare, it does exist more so in some industries than others.
Nobody can see all possible risks that exists, that is why you need to involve others in the risk
management process, it should not be your responsibility alone.
Developed by Enhance Your Future Pty Ltd 26
BSBRSK501 Manage risk Version 2
REVIEW P OLIT ICAL, E C ONOMIC, SOCIAL, LEGAL ,
TECHNOL OGICAL AND P O L ICY CONTEXT
Many factors external to your company can create risks. While you must accept that these exist and that they are outside of your control; that doesn’t mean that you should just ignore them, or hope that they will never be a problem.
Therefore, as part of your risk management analysis, you need to take into account as many outside influences as you possibly can. These may include:
Political climate
What effect a downturn in the economy will have to your company or project
New applications for existing technologies that can invalidate existing products
How trends, fads and other changes in society can negatively affect your company
Potential upcoming changes in the political climate
The state of the economy
Proposed legislation, and how it can affect your company
New technologies being introduced into the marketplace7
SPECIFIC RISK AREAS
Commercial and strategic risks arising from:
Competition
Market demand levels
Growth rates
Technological change
Stakeholder perceptions
Market share
7 http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establi...
Developed by Enhance Your Future Pty Ltd 27
BSBRSK501 Manage risk Version 2
Private sector involvement
New products and services and
Site acquisition
Economic risks arising from:
Discount rate
Economic growth
Energy prices
Exchange rate variation
Inflation
Demand trends
Population growth and
Commodity prices
Contractual risks arising from:
Client problems
Contractor problems
Delays
Insurance and indemnities and
Joint venture relations
Financial arising from:
Debt/equity ratios
Developed by Enhance Your Future Pty Ltd 28
BSBRSK501 Manage risk Version 2
Financing costs
Taxation impacts
Interest rates
Investment terms
Ownership
Residual risks for government and
Underwriting
Poverty arising from:
Weak governance
Remoteness
Low incomes
Gender inequalities
Social and ethnic inequalities
Low education
Poor infrastructure
Weak institutions
Inadequate policy framework and
Human rights infringements
Environmental arising from:
Amenity values
Approval processes
Community consultation
Site availability/zoning
Endangered species
Developed by Enhance Your Future Pty Ltd 29
BSBRSK501 Manage risk Version 2
Conservation/heritage
Degradation or contamination
Environmental emergencies and
Visual intrusion
Political risks arising from:
Parliamentary support
Community support
Government endorsement
Policy change
Sovereign risk and
Taxation
Social arising from:
Community expectations and
Pressure groups
Activity initiation
Analysis and briefing
Functional specifications
Performance objectives
Innovation
Evaluation program and
Stakeholder roles and responsibilities
Procurement planning arising from:
Industry capability
Developed by Enhance Your Future Pty Ltd 30
BSBRSK501 Manage risk Version 2
Technology and obsolescence
Private sector involvement
Regulations and standards
Utility and authority approvals
Completion deadlines and
Cost estimation
Procurement and contractual Arising from:
Contract selection
Client commitment
Consultant/contractor performance
Tendering
Negligence of parties
Developed by Enhance Your Future Pty Ltd 31
BSBRSK501 Manage risk Version 2
REVIEW ST RENGTHS AND WEAKNESSES OF EX IST ING
ARRANGEMENT S
In most cases, there will be an established risk analysis from which you will begin. However, even
if you are creating a totally new analysis, there are probably some contingency plans already in
existence.
There may be already plans in existence for some of the risks that you are going to be working
on. If so, there is no reason not to use them. However, if this plan is not strong enough, you will
have to revise it.
Realistically speaking, there’s no such thing as a perfect plan. All plans have strong points and
weak ones. Experience in creating plans can help reduce the number of weak points in a given
plan, but the fact that there are too many variables which are outside of your control precludes
creating a perfect plan.
So, once you have identified the risk, there are two general approaches that you can choose from
to begin the decision-making process.
Will you:
Control the risk?
Transfer the risk?
CONDUCTING A SWOT ANALYSIS
To determine the best control measures for risks you should perform a SWOT analysis. A
SWOT analysis is the best tool to identify the internal strengths and weaknesses and external or
environmental threats and opportunities to any organisation. The SWOT allows an organisation
to answer the question: ‘where are we now?’
When analysing the best control measures for risk, you should ask the following questions:
What are the strengths of this control measure?
What are the weaknesses of this control measure?
What are the opportunities provided by using this control measure?
What are the threats involved in using this control measure?
Developed by Enhance Your Future Pty Ltd 32
BSBRSK501 Manage risk Version 2
The SWOT analysis can comprise five major categories and can be compiled using the following
matrix:
When reviewing existing contingency plans, it is helpful to identify which items are flexible and which are rigid. A good plan will often have the first elements rigid and consistent, so that the people who have to react to those plans won’t have to think about which option to take. At the same time, follow-up parts of the plan will have the flexibility to overcome weaknesses caused by the difference between the expected emergency used in creating the plan, and the actual crisis that erupts. For example, let’s say that there is an emergency plan for dealing with weather or natural disaster damage to a facility. Since the type of weather damage can vary, we really don’t know all the details of how the facility may be damaged. However, there are some things which should always be done, for reasons of safety. These can include shutting off the assembly line, shutting off power and natural gas to the facility, evacuating personnel and a final sweep through the facility to determine that everyone has vacated. No matter what sort of disaster strikes the facility, these elements are always
done. 8
Once you have completed the above steps you may then be able to move some personnel back
into the facility, key data may be removed from the facility, or materials in the process may be
removed from equipment, to avoid damaging that equipment.
8 http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establi...
Developed by Enhance Your Future Pty Ltd 33
BSBRSK501 Manage risk Version 2
The method of implementing the flexible elements of the contingency plan will depend upon the
severity of the crisis, how rapidly the crisis is developing and a number of safety factors. It may
seem extreme to force everyone out of the facility but it will ensure everyone’s safety. Machines,
technology and materials can be replaced, people can’t.
As part of your review of existing plans, you need to seek out possible issue related to your plan.
Those things that could put people, material or critical data at risk. Pay special attention to
systems which have been put into place since the creation of that plan, as those are the most
likely places to encounter these issues.
For example, a risk management plan may contain contingency plans for backup of data that is in
the IT computer cloud. However, it might not deal at all with information stored on personal
computers. At the time that the original plan was created, there was no risk of that, because all
critical data was stored in IT; however, changes in operations have created new types of data
storage on departmental servers or individual computers. That creates a “hole” in the plan, which
needs to be “plugged” in the new plan.9
9 http://tae.fortresslearning.com.au/?page_id=4945
Developed by Enhance Your Future Pty Ltd 34
BSBRSK501 Manage risk Version 2
DOCUMENT CRITICAL SU CCES S FACTORS, GOAL S OR
OBJECT IVES FOR ARE A INCLUDED IN S COPE
Risk management, like other aspects of project management, will need success criteria. Without
these, you won’t know if the project has ended. When putting together a project management
plan, if key points or activities on that plan do not have success criteria, then it will be hard to
assess how easily they can be met i.e. where the risk areas are.
Once criteria have been identified, the project management team will need to agree how they are
measured. If the objectives are not clear, criteria for its completion cannot be set. Even if the
objective and success criteria are clear, the measurement may not be easy.
Any difficulty in setting objectives and criteria will result in higher risk as there will be a lack of
confidence in completion. How do we find out the exact nature of the objective, criteria and
measurement techniques? There is no short cut, we have to ask the people that know (for
objectives) and agree criteria and measurement techniques with them.
You can decide which factors are the most critical by determining how great an impact it will
have on your company to not have those things functioning correctly. Some things, like cleaning
the offices, will only create an inconvenience for your staff. Others, like the computer system
going down, can totally shut down your business. Can you imagine the impact of having the
computer system of an e-commerce business go down?
As part of determining the impact of risks, it is important to determine the critical success
factors, goals and objectives. They are the most important factors for your company to have
contingency plans for. The following questions might assist you in this process:
Where does my company’s income come from?
What affects my company’s reputation in the marketplace?
What functions are critical to ensuring that my company can continue operations?
Are there some that we can do without for a day or a week?
Which company goals are essential to ensure continued operations? How would a
delay in the completion of those goals affect the company?
How many shareholders are affected by the temporary cessation of this function?
Every risk that you encounter will end up needing to be compared to each of these critical
factors. Any risk factor can affect a number of different factors, each of them to a different
extent, with a different overall impact to the company’s operations.
Developed by Enhance Your Future Pty Ltd 35
BSBRSK501 Manage risk Version 2
Developed by Enhance Your Future Pty Ltd 36
BSBRSK501 Manage risk Version 2
OBTAIN SUPPORT FOR R ISK MANAGEMENT ACTIVITIE S
Once risk management activities have been planned, you will need to obtain support to
implement them.
You might obtain support from:
Management
Supervisors
Stakeholders
CREATING A SUPPORTIV E WORK ENVIRONMENT
A supportive work environment is a key component of continuous learning. Valuing is learning
from experience, sharing best practices and lessons learned, and embracing innovation, and
responsible risk-taking characterises an organisation with a supportive work environment. An
organisation with a supportive work environment would be expected to:
Promote learning:
By fostering an environment that motivates people to learn
By valuing knowledge, new ideas and new relationships as vital aspects of the
creativity that leads to innovation; and
By including and emphasising learning in strategic plans
Learn from experience:
By valuing experimentation, where opportunities are assessed for benefits and
consequences
By sharing learning from past successes and failures; and
By using "lessons learned" and "best practices" in planning exercises
Demonstrate efficient leadership:
By selecting leaders who are great coaches, mentors and trainers
Developed by Enhance Your Future Pty Ltd 37
BSBRSK501 Manage risk Version 2
By demonstrating commitment and support to employees through the provision of
opportunities, resources, and tools; and
By making time, allocating resources and measuring success through periodic reviews
INDIVIDUAL OR TEAM A PPROACH
Safety culture is described as the attitudes, values, norms and beliefs which a particular group of people share with respect to risk and safety. All workers are the key to a successful safety culture. Risk Management will only work if all team members are committed to the process. The first step in the process of risk identification is to form a risk management team, as per direction of the governing group. However in some smaller organisation the responsibility of risk identification is allocated to one worker or contracted to an external risk management team. A team approach works better because the diversity of skills that various staff have will strengthen the risk management process. The skills mix in an organisation may include:
Financial expertise
OH&S expertise
Emergency services expertise
HR expertise
Legal knowledge
Board or management committee
Industry Expertise
Staff representation
Board or management committee representation (governance)
Staff representation from the ground up
Management
Volunteer representation
Developed by Enhance Your Future Pty Ltd 38
BSBRSK501 Manage risk Version 2
Other specialist expertise, depending on the work context, for example, appropriate
responses to violent/potentially violent clients, hazardous chemicals, etc.
Whether the process is driven by a risk management team, more common –even in smaller organisations with few staff or an individual, the role is as follows:
Identifying risks
Identifying exposures
Documenting risks
Developing an action plan
Putting it into practice
Monitoring
Review
THE IMPORTANCE OF TR AINING
Risk management training is important in the workplace in order for employees:
To understand the overall Management of Risk Process
To be able to apply a variety of techniques to determine and quantify potential risks
To be able to develop alternative solutions and use a variety of techniques to
determine which one(s) to implement
To understand the importance of planning and implementing identified actions
Topics which should be covered during risk management training include:
What is 'Risk'?
Positive Risk taking
Business Risks versus project Risk
The 'Management of Risk' model
Developed by Enhance Your Future Pty Ltd 39
BSBRSK501 Manage risk Version 2
The steps in Risk analysis
Numeric versus discrete levels when estimating risks
Evaluating Risks
The steps in Risk management
Risk response and action planning
Risk assessment methods (advanced)
The people side of Risk
Putting it into practice
Another important part of the process of risk management is ensuring that managers and
employees can:
Recognise a hazard when they encounter one
Assess the risk that each hazard poses
Develop controls appropriate to the risk
Implement those controls; for example, carry out safe work procedures accurately
Each of these steps requires skills specific to the task and to the organisation. While recruitment
processes can deliver staff with some of these skills, others will need to be developed during their
employment with you, and will need to be refreshed or increased as part of continuous
improvement.
Developed by Enhance Your Future Pty Ltd 40
BSBRSK501 Manage risk Version 2
COMMUNICATE WITH REL EVANT PART IES ABOUT THE RISK
MANAGEMENT PROCES S A ND INVITE PART ICIP AT ION
Identifying stakeholders and developing communication strategies are critical to the successful
implementation of a risk management plan. It is important to consult with stakeholders and keep
communication pathways open so that you foster a supportive environment for risk management
activities. You must ensure communication is continuous during the process with all those
relevant to the successful implementation of risk management plans.
Earlier we discuss who stakeholders might include so refreshing your memory now would be
beneficial to this section. Briefly stakeholders may include:
All staff
Internal and external stakeholders
Senior management
Specific teams or business units
Technical experts
Communication basically means providing information through training, newsletters, emails,
meetings, presentations, etc. The way to communicate information is to make sure you:
Accept and involve consumers as legitimate partners
Plan carefully and evaluate your efforts
Listen to the specific concerns
Be honest, frank, and open
Coordinate and collaborate with other credible sources.
Meet the needs of the media (if required)
Speak clearly and with compassion
Communication and consultation are essential elements of risk management. They are critical to
every step to ensure all the participants understand and contribute to the process.
Consultation gives everyone the opportunity to influence decisions. It is an effective way to
gather useful input and ensure that all viewpoints are taken into account when identifying and
Developed by Enhance Your Future Pty Ltd 41
BSBRSK501 Manage risk Version 2
evaluating risks. Communication and consultation are essential to the overall risk management
process as well as each individual step in that process.
Developed by Enhance Your Future Pty Ltd 42
BSBRSK501 Manage risk Version 2
T O P I C 2 - I D E N T I F Y R I S K S
INVITE RELEVANT PART IES TO ASSIST IN THE
IDENT IFICAT ION OF RI SKS
Identifying potential risks is best achieved through a brainstorming session. Just like with any
other brainstorming session, the more people you can get involved in the process, the better. By
having a group of people involved, you can generate more ideas.
People who may be involved to assist in the identification of risks are:
Stakeholders:
Managers
Supervisors
Health and safety and other employee representatives
WHS/OHS committees
Employees and contractors
The community
Key personnel is:
People who are involved in WHS/OHS decision-making or who are affected by
decisions.
WHS/OHS technical advisors:
Risk managers
Health professionals
Injury management advisors
Legal practitioners with experience in WHS/OHS
Engineers (such as design, acoustic, mechanical, civil)
Security and emergency response personnel
Developed by Enhance Your Future Pty Ltd 43
BSBRSK501 Manage risk Version 2
Workplace trainers and assessors
Maintenance and trade persons
WHS/OHS specialists:
Safety professionals
Ergonomists
Occupational hygienists
Audiologists
Safety engineers
Toxicologists
Occupational health professionals
When you encourage people to participate in risks identification procedures you will need to
ensure you use use a wide variety of people. Each department will have its own view of things,
some of which can be quite unique and provide information that you may not have thought of.
Purchasing and engineering don’t see things the same way, nor do production and maintenance.
However, between all those different viewpoints, you are more likely to identify potential risks.
Developed by Enhance Your Future Pty Ltd 44
BSBRSK501 Manage risk Version 2
RESEARCH RISK S THAT M AY AP PLY TO SCOPE
Every idea that is brought forth in your brainstorming session has some merit. You won’t really
know how much merit each idea has until you research the likelihood of that problem happening.
For the ideas that were brought forth in your brainstorming session, you’ll need to research. That
research may include:
Data or statistical information
Information from other business areas
Lessons learned from other projects or activities
Market research
Public consultation
Review of literature and other information sources
Accurate research will provide you with a real image of the risks involve in your area or
organisation. Don’t guess, do your research and get it right the first time.
Developed by Enhance Your Future Pty Ltd 45
BSBRSK501 Manage risk Version 2
USE TOOLS AND TECHNI QUES T O GENE RATE A LIST OF
RISKS THAT APP LY TO THE S COPE, IN CONSUL T ATION W ITH
RELEVANT PARTIES
RISK IDENTIFICATION TECHNIQUES
The terms ‘hazard’ and ‘risk’ tend to be used interchangeably, but risk represents more than a
hazard. Risk takes into account scale, consequences, frequency, duration, extent, the probability
of occurrence, and time range. There are some general tools that can be used to identify risk.
These can be incorporated into established risk management processes in any organisation and
include:
Inspections: walking through and conducting inspections of each task, location, team, group or
process within an organisation. This can be done by individual managers or team leaders and
supervisors. It can also be done by senior or executive management.
Consultation: a process that allows evidence on unreported incidents to be gathered, for example,
injuries, machine breakdown. Again these meetings can be held in a local or team or group or senior
management level. The results of a number of these meetings can then be incorporated in further
meetings with managers at different levels.
Safety or management audits: these can be conducted by individual managers or team leaders
and focus on their own or associated areas, or can be conducted by members of the organisation who
specialise in this area.
Testing: of plant and equipment in an operational context, or of staff in a service area. This also
can be accomplished as part of the local group or team approach or can be part of a wider
organisation-wide approach.
Scientific or technical evaluation or expert instruction in up-to-date methods
(service industry): these are usually provided by third parties or consultants and often form part
of the training process of the organisation.
Collection and evaluation of material: from suppliers, manufacturers, designers, and from
safety organisations, unions, interest groups and employer organisations.
Expert advice: engaging professional consultants and advisors, lawyers, engineers, safety experts,
process experts.
Seeking government or regulatory information and help: from government
departments, investigatory and regulatory bodies, royal commissions, commissions of inquiry, coronial
inquests, industrial commission hearings, statistical bodies and ‘think tanks’.
Developed by Enhance Your Future Pty Ltd 46
BSBRSK501 Manage risk Version 2
Networking: with other members of the market, or users of similar machines or processes.
Benchmarking is a process of seeking out and identifying the best practices of the organisation’s
competitors, where those best practices represent a higher quality level or performance. The process
means that the organisation, having identified the best practice in the industry then uses that
‘benchmark’ as the quality standard to be obtained within its industry.
Brainstorming; the brainstorming process can take various forms, but one of the most effective is
in meetings of staff in an environment where there is freedom to experiment with ideas and to express
opinions. Brainstorming is usually a process of energetic interaction with the goal of forming and
discussing ideas and concepts in a round-table or group dynamic. It allows examination of existing
and emerging risk by using the ideas and experience of fellow workers, managers, experts, other
stakeholders and the users of the process or service.
Audits and physical inspections; Regulatory based risk management procedures often
include regular audits and inspections, for example, Occupational Health and Safety, activities of
brokers and traders on the Australian Stock Exchange register and the regulation of Registered
Training Organisations. 10
PROCESS CHARTING
The fishbone diagram provides a good example of a process chart, sometimes called a cause and
effect diagram. Each line or ‘fishbone’ represents an area that may have caused a problem.
10 http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CC0QFjAC&url=http% 3A%2F%2Fwww.frontlinecaresolutions.com%2FLiteratureRetrieve.aspx%3FID%3D79124&ei=1t0QVNy jJcnkuQTXlIKQCA&usg=AFQjCNEbqowMjuyZ1sWuyetgB4l7OFmMcQ&sig2=WHkkQk3u5k6MfynEdjfitA& bvm=bv.74894050,d.c2E
Developed by Enhance Your Future Pty Ltd 47
BSBRSK501 Manage risk Version 2
SCENARIO ANALYSIS
Scenario anaysis is a process of examining options and competing scenarios based on an
assessment of future events. The focus is on the future and may take into account past and
present events as elements of the examination.
BENCHMARKING SIMILAR ORGANISATIONS AND A CTIVITIES
Benchmarking is a process of identifying the industry best practice, and setting that as the
standard for the particular organisation. The process involves significant industry knowledge and
an ability to examine competitors’ processes in order to identify why that market is dominant or
produces the leading product or service.
Developed by Enhance Your Future Pty Ltd 48
BSBRSK501 Manage risk Version 2
System or process flow charts are especially useful in recognising and identifying potential areas
of the problem within the process flow.
Influence diagrams –demonstrate the influence that different aspects of a process have on each
other.
All the above are examples of tools that can be used to evaluate or identify risks in the
workplace.
Developed by Enhance Your Future Pty Ltd 49
BSBRSK501 Manage risk Version 2
T O P I C 3 - A N A L Y S E R I S K S
ASSESS LIKEL IH OOD OF RISKS OCCU RRING
The next step of the risk assessment is to determine or estimate both the likelihood of a risk
arising and its potential consequences. All available data sources should be used to understand
the risks. These may include historical records, procurement experience, industry practice,
relevant published literature, test marketing and market research, experiments and prototypes,
and expert and technical judgement and independent evaluation.
The risk analysis involves:
An estimate of the likelihood of each risk is arising. This might be done initially on a
simple scale from 'rare' to 'almost certain', or numerical assessments of probability
might be made
An estimate of the consequences of each risk. This might be done initially on a
simple scale from 'negligible' to 'severe', or quantitative measurements of impacts
might be used11
Analysis of risk levels can be conducted on the inherent risks (assuming no controls are in place)
or on residual risk (that remaining after considering existing control strategies). The former ‘zero-
based’ approach would be appropriate at the outset of an activity or when considering a
possibility of revising controls. The latter would be appropriate when monitoring management
action or reviewing implementation.
The purpose of analysing risk is to provide information to enable the evaluation of risks, using
predefined likelihood and consequence criteria. Risk analysis uses judgments and assumptions,
which may involve uncertainty and be based on incomplete information. Therefore, the best
available information sources and techniques should be used. Wherever possible the confidence
placed on estimates of levels of risk should be included.
11 http://portals.wi.wur.nl/files/docs/ppme/ausguidelines-risk_management.pdf
Developed by Enhance Your Future Pty Ltd 50
BSBRSK501 Manage risk Version 2
ASSESS IMPACT OR CON SEQUENCE IF RI SKS OCCUR
Impact itself can be assessed in terms of its effect on:
Cost
Quality
Time
o This includes the time taken to:
Identify, record and report the risk
Analyse and assess the risk
Address the risk
Either reduce its impact or remove it completely from a potential risk
Risk proximity is about:
When and where the risk will occur
It's role in the process or system
It's damage or potential damage reaches
Our first step in assessing a risk is to determine the likelihood of the risk occurring, meaning
what are the chances. See below for a scale to gauge how likely the risk is:
1. Not likely - 10%
2. Low likelihood - 30%
3. Likely - 50%
4. Highly likely - 70%
5. Near certainty - 90%
Just as we did with the likelihood of a risk occurring, the impact or consequences of the risk
needs to be rated. In this case, we are dealing with the amount of disruption to normal business
operations that the event can cause.
Developed by Enhance Your Future Pty Ltd 51
BSBRSK501 Manage risk Version 2
The following table shows that the impact of risk is generally ranked from ‘minimal’ (level 1) to
‘severe’ (level 5). You can see from the detail descriptions that these levels focus on the degree to
which the business is affected in regards to its financial and service capability.
LEVEL DESCRIPTOR EXAMPLE DETAIL DESCRIPTION
1 Minimal No service impact; low financial loss
2 Minor Minimal disruption to service capability; medium financial loss
3 Moderate Interruptions in service delivery; high financial loss
4 Significant Loss of service capability; major financial loss
5 Severe Loss of business continuity; huge financial loss
Analysing the risk will help you decide the impact of the risk on your company and will enable
you to control for this when required.
EVALUATE AND PRIORIT ISE RIS KS FOR TREATM ENT
Developed by Enhance Your Future Pty Ltd 52
BSBRSK501 Manage risk Version 2
A simplified risk analysis can be conducted using probability theory:
Likelihood X consequence = Risk Score
By using these two scales, any potential risk can be rated with a risk score. For example, if we live
in an area which commonly has severe thunderstorms, which disrupt electrical service to our
distribution facility for 2 to 3 hours, we might assign a likelihood score of 5 and an impact score
of 3. That would give us a risk score of 15, considering the maximum score we can get with this
system is 25, that’s a fairly high-risk score.
The criteria for ranking and recording includes:
Taking into consideration whether the risk falls within established or accepted
guidelines
Differentiating between risks that have high impact/consequence/likelihood and
those having low impact/consequence/likelihood
Assigning value to identified risks using available tools
Assessing consequences and likelihoods
A risk that has been analysed as having a ‘catastrophic impact’(loss of business continuity; huge
financial loss) is ranked as an ‘extreme ‘level risk if the probability is ‘likely ‘but ‘high ‘if the
probability is ‘rare’. Immediate action is required, involving senior management, to manage the
risk.
Sample Level of Risk Matrix
EXAMPLE OF RISK TABLE OF DEFINITIONS
E Extreme risk; immediate action required
H High risk; senior management attention needed
M Moderate risk; management attention must be specified
L Low risk; manage by routine procedures
Acceptability Risk level
Acceptable Low and Moderate
Not acceptable High and Extreme
Risk Criteria include:
Scope of the risk policy
Developed by Enhance Your Future Pty Ltd 53
BSBRSK501 Manage risk Version 2
Internal and external contexts
Internal and external stakeholders
Corporate objectives, policies, values and visions
Standards and laws
Resource availability
Social, economic, environmental, and political factors
Another type of scale describes risk in terms of acceptable levels:
Broadly acceptable level of risk
Best achievable level of risk
As low as reasonably practicable (ALARP)
Generally intolerable level of risk
B.F. Hough (1985)
developed the following
diagram to show the
relationship between cost
and risk. This type of
reference can contribute
to the evaluation and
prioritisation process by
representing different
factors relating to risk.
Each risk decision and its implementation will depend on your organisation and its guidelines on
what is acceptable. The cost of implementing some changes may be so great, that it is not
possible. In those cases, mitigation of the impact may consist of buying insurance against that
event occurring, this then transfers some of the risk to an insurance company and lessens the
load on the organisation.
Developed by Enhance Your Future Pty Ltd 54
BSBRSK501 Manage risk Version 2
Developed by Enhance Your Future Pty Ltd 55
BSBRSK501 Manage risk Version 2
T O P I C 4 - S E L E C T A N D I M P L E M E N T T R E A T M E N T S
DETERMINE AND SELECT MOST APPROPRIATE OP TIONS
FOR T REATING RISKS
Risk treatment involves identifying the range of options for treating risk, assessing those options,
preparing risk treatment plans and implementing them. It is probable that a combination of
options will be required to treat complex risks. Once a risk is understood, you will need to treat
the risk, to do this you may need a detailed analysis of treatment options. There are usually be
several options, each with different costs and benefits and each will offer different levels of risk
mitigation.
KEY OUTCOMES STEPS
IDENTIFY TREATMENT OPTIONS
The purpose of evaluating risks is to prioritise the need for the development of a treatment plan.
Once that is completed, it is time to determine the best treatment plan option for that particular
risk.
The control or management of risk can be different on an organisational or industry basis.
However, there are seven commonly used approaches:
APPROACH DESCRIPTION 1. Elimination / reduction
management In this approach, the risk is either reduced to its lowest
possible level to enable it to be managed or it is eliminated A variation in this approach is not to eliminate the risk if
that is too difficult or too late, but to reduce or eliminate its effect
2. Assumption of risk Insurance companies assume risk as part of their operations. Here the expression ‘assume risk’ means to knowingly accept the risk as part of the agreement with the person/company that pays the premium. Organisations unused to risk may assume or accept its effect because to fail to do so might negatively affect the organisation’s operations
Once again, the decision to assume a risk must be taken bearing in mind the competing issues of cost, proximity and extent of the risk
3. Transfer risk Insurance is a means of transferring the risk, through the payment of insurance premiums, to an insurance company
It is important to understand that this is generally a way of managing financially based risk. The insurance company can
Developed by Enhance Your Future Pty Ltd 56
BSBRSK501 Manage risk Version 2
only really assume a financial risk. It is not able to assume risk that relates to culture, personnel or manufacturing for example
So if the risk of the factory burning down is identified, then the financial risk can be transferred to the insurance company, but the actual risk of losing specific or specialist machinery cannot
Often organisations only transfer part of the financial risk having assessed the insurance premium cost as too high to transfer it all
To offer a personal example, this may be compared with a householder insuring the contents of the house against fire, but not paying extra for the loss of specialist jewellery or stereo equipment. It then falls on the householder to fund the replacement of such items
4. Changing processes Risk can be avoided by changing processes, or refraining from an activity. This is often an ongoing process of change from risk identification
Organisations with a positive risk identification and management culture are ready and willing to change or remove processes that demonstrate a greater degree of risk or risk potential
Changing a process to avoid an activity also requires a positive risk management culture as this can be confronting and expensive, particularly if the process needs to be replaced
The change or replacement of a process in order to manage a risk must also be undertaken using risk management procedures. In other words, the new process must not create or support the same or similar risk it was designed to eliminate
5. Delaying An organisation may defer a risk, by delaying it until such time as it is able to assume the risk or deal with it in a better and more positive way
An organisation may believe that research or development It’s undertaking will make it more able to deal with the risk
at a later time
6. Sharing risk Organisations may seek to share risk with other organisations by way of joint ventures or cooperative options
A good example of this is seen in the construction and maintenance of motorways in capital cities where government and private industry come together to share the expense
Similarly in recent times wine and beer companies have combined with manufacturing industries associated with wine and beer production when entering new markets such as China
7. Spread and minimise locations of the risk
An organisation may attempt to spread and minimise locations of the risk, e.g. a company may spread its outlets and workforce to a number of areas in order to spread or reduce the risk of an incorrect decision in relation to geographic marketing. For example, a retailer may have outlets in a number of locations in a town to
Developed by Enhance Your Future Pty Ltd 57
BSBRSK501 Manage risk Version 2
ensure the product is available to as many potential customers as possible
Regardless of the final decision ensure that all relevant parties have signed off on it. Although you may be in charge of developing the risk management plan, this is a group project, with group decisions.
Developed by Enhance Your Future Pty Ltd 58
BSBRSK501 Manage risk Version 2
DEVELOP AN ACTION P L AN FOR IMPLEMENTING RISK
TREATMENT
The action plan formalises the risk management process. The specific format of the risk
management action plan will vary from one organisation to another, but the following is an
example of a relatively straightforward methodology.
Risk
Date identified
Level of risk
Reason for risk rating
Risk priority /risk ranking
Action (what is to be done)
What resources are required
Who is responsible for the action
Timeline-when should the action be completed
Strategy for informing relevant stakeholders- i.e. staff volunteers, board, corporate
sponsors, etc.
Review date
A risk control action plan is essential for the effective and systematic introduction of risk control
actions. Remember to compare the levels of the risk control hierarchy with the time frame when
determining target dates.
Developed by Enhance Your Future Pty Ltd 59
BSBRSK501 Manage risk Version 2
SAMPLE RISK TREATMEN T ACTION PLAN
Developed by Enhance Your Future Pty Ltd 60
BSBRSK501 Manage risk Version 2
COMMUNICATE RISK MAN AGEM ENT PROCESSES TO
RELEVANT PARTIES
Earlier we discussed the importance of good communication with stakeholders. You should
revisit that section now to refresh you knowledge.
Risk management communication is the sharing of information about risk and risk management
between the decision makers and others.
COMMUNICATION FACTOR S SUCH AS LANGUAGE A ND LITERACY
Effective communication is obviously critical to genuine participation. The specific needs of
individuals in the workplace need to be taken into account. Individuals will have different levels
of literacy, and either may not speak much English or may not have English as their first
language. For example, induction and instruction in policies and procedures need to reflect the
language and literacy levels of each person, and things like safety and emergency warning signs,
which are for the whole workplace, need to be based on easily understandable pictures, rather
than complex language.
Communication must be a two-way street. If individuals are to be able to participate in
WHS/OHS activity in a meaningful way they need access to information in a format they can
understand, and they need to be able to communicate back to WHS/OHS representatives,
supervisors, WHS/OHS advisers and others easily. 12
DIVERSITY OF WORKERS
Employees may come from different cultural, age and educational backgrounds with different
views about personal responsibility and authority; they will have different previous experiences,
knowledge and skills and may have different learning styles. They may have external pressures
and stresses in their lives or pre-existing physical injuries. All these factors need to be taken into
consideration in designing and developing participative arrangements.
Your risk management plan must be distributed to all appropriate personnel; especially those
who have a part in implementing the plan.
12 http://institute.safetyline.wa.gov.au/pluginfile.php/1642/mod_label/intro/BSBOHS503B.pdf
Developed by Enhance Your Future Pty Ltd 61
BSBRSK501 Manage risk Version 2
In order to diseminate information to key personnel you should be face-to-face with them. In
this way you can provide them with a brief outline of the plan containing the key information.
Any details con be provided in written form.
Developed by Enhance Your Future Pty Ltd 62
BSBRSK501 Manage risk Version 2
ENSURE ALL DOCUMENTA TION IS IN ORDER AND
APPROPRIATEL Y STORE D
Not only do you need to distribute the risk management plan to relevant parties, you’ll need to
ensure that copies are created and stored in your company’s information management system. In
many companies, this is a computerised system for the storage of all important information.
Since part of your risk factors include the possibility of something happening to the company’s
computer systems, you should also ensure that hard copies are created and stored in the
appropriate place.
STORAGE OF WHS/OHS INFORMATION
In storing information, it is important to remember that information is being stored so that it can
be used. It is important not to create ‘data cemeteries’. So when deciding how to store
information keep in mind:
Why is the information being stored?
Who will want to use it?
When and how often will they want to access the information?
What protections (privacy, confidentiality) are required for the information?
What ‘links‘, or other factors, need to be considered for the data to be meaningful?
What technology is available?
What are the skills of the people in using the technology?
This will then lead to the following questions:
What is the best medium (electronic; hard copy) for storage?
What is the best format for organising the information?
What skills and technology will be required to access the information?
Most organisations will have some records, such as incident and injury reports, workplace
inspections and/or newsletters, in hard copy.
Hard copy formats tend to be used where:
The original record is in handwriting
The original requires a signature; and
Developed by Enhance Your Future Pty Ltd 63
BSBRSK501 Manage risk Version 2
The material is ‘for information’ and is usually circulated or left in an open location
for people to read (i.e. newsletter)
Even in the smallest community services organisation is likely to have electronic storage for any
information or records that meet one or more of the following criteria.
The record or document has to be:
Communicated to somebody else
Retained for legal reasons
Collated to identify a trend; and
Used for planning
There are many software options for storing electronic WHS/OHS information. These options
may range from simple spreadsheets to highly interactive purpose-designed software packages
that may incorporate functions such as incident reporting, injury management, chemical and risk
registers, asset and maintenance registers and training records.
Having determined the format for storing WHS/OHS information (i.e. the nature of the
software) the next question is whether it should be on a single computer or networked hardware
for an intranet type system.
It is beyond the scope of this unit to compare the relative features of the various systems, but
some factors to consider are:
Who needs to access the information?
Do they have access to the hardware?
Do they have the skills to access the system?
What level of technological support is required/available?
IMPLEMENT AND MONITO R ACTION PLAN
Developed by Enhance Your Future Pty Ltd 64
BSBRSK501 Manage risk Version 2
Once risks have been identified and given a reading that indicates that risk’s potential to be
problematic and has been documented for recording and reporting (and audit) purposes, a
treatment plan should be developed. A treatment plan would include rectification elements.
Having done all the work outlined above (and kept any relevant/necessary stakeholders,
management, committees informed during the process), it's now time for those nominated to do
so, to present the risk management plan to whomever has the delegation to authorise its
implementation. This may be a supervisor, a manager or a complains or risk manager. They will
then consider the plan, clarify any questions it has, and after making any necessary adjustments,
endorse the plan.
Once endorsed, the next step is to implement the plan. This will involve:
Issuing a risk management statement - A good starting point is to let everyone in the
organisation know that your organisation is serious about risk management and to
outline the key risk management strategies. The risk management statement should
also outline the proposed timetable and key contact people, and procedures for
contributing to the risk management process.
Training - It is likely that training was identified as a key risk management strategy in
addition to the introduction of new practices will often require training. Training for
risk management needs to be carried out in the context of your organisation's overall
training activities.
Establishing and documenting procedures - Your risk management plan will have
identified areas where written procedures need to be developed and/or documented.
To implement the plan, it will be necessary for staff, volunteers and management
committee members to work together to develop these procedures. Existing
procedures should be reviewed to ensure that they are consistent with new
procedures.
Allocating specific responsibilities - A risk management plan requires specific
allocation of tasks to ensure no gaps in the process leave room for further risk -
different people within your organisation should be given responsibility to implement
different parts of the plan. It should be clear to all those involved in the process,
who is responsible for each aspect of implementation for the risk management plan.
Developed by Enhance Your Future Pty Ltd 65
BSBRSK501 Manage risk Version 2
Hopefully, there will be some overlap in different action items, where the same action item may
deal with several different risks.
While there are parts of the risk management plan which require your direct involvement to
implement, there are other parts which will be implemented by others. You will still want to track
these areas, to ensure that they are actually completed and not derailed mid-stream.
Once the action items have been implemented, you also need to check and monitor, to ensure
that they will function as expected. There are always a certain number of plans that don’t work
out the way we expect. Should that happen, be willing to admit your fault and try something else.
Developed by Enhance Your Future Pty Ltd 66
BSBRSK501 Manage risk Version 2
EVALUATE RISK MANAGE MENT PROCES S
Risk management is a continual process. Reaching a point of completion in a risk management
project, only means that it’s time to go back and review everything over again.
It is critical to constantly monitor and review the processes and outcomes. Monitoring and
reviewing risk management processes helps to include risk management as a valuable part of the
company. The risk management process in not static but is taken in the context of the internal
and external environments. As these environments change, the variables affecting risk also
change.
Evaluating the process of risk management can be assigned to individuals within departments or
to dedicated staff depending upon the nature of the organisation and the resources available.
Consultants may be brought in at critical times to evaluate processes and institute changes based
on risk contexts or environmental, social and political changes.
In addition to planned and scheduled monitoring and review sessions to examine new risk,
review of the management plan must be ongoing in order to stay relevant. As policies,
procedures, and visions of a corporation change, risk changes. As external contexts change, risks
change. Suitability and cost factors for treatment options change. Treatment options or
contingency plans may lose relevancy throughout the process. External variables such as
legislative actions may develop which creates a different context under which to analyse and
evaluate risk.
Examination of successes and failures in relation to anticipated outcomes is a necessary
component of the risk management process. It increases the probability that future risks can be
evaluated with higher levels of accuracy and greater success. An inability to achieve outcomes
does not indicate failure but provides an opportunity to gain valuable knowledge regarding
process change. Duplication of ineffective processes leading to a repetition of unachieved
outcomes indicates a failure to learn. That can be tragic when corporations, and the people that
depend on them, are at risk.
One of the key components of the risk management process is keeping an accurate record of
documentation relating to the communications, justifications, analyses and relevant information
pertaining to risk. Remember how we began the risk assessment process? With research relating
to:
Data or statistical information
Information from other business areas
Developed by Enhance Your Future Pty Ltd 67
BSBRSK501 Manage risk Version 2
Lessons learned from other projects or activities
Market research
Previous experience
Public consultation
Review of literature and other information sources
Monitoring is not only a practical requirement but a legal obligation, as the common law duty of
care and WHS legislation requires that the employer “provide and maintain a working
environment that is safe”.
All organisations should ensure that risk identification, assessment analysis, evaluation techniques
and the change arising from these processes fall within the culture of the organisation. This
requires commitment from the most senior levels of management in the organisation, and it
requires communication throughout all ranks of the organisation.
Leadership and coaching are two of the most commonly used processes to engage an
organisation in a cultural change to embrace the issues of risk identification and management and
the issues arising from the change that flows from these procedures.
Developed by Enhance Your Future Pty Ltd 68
BSBRSK501 Manage risk Version 2
S U M M A R Y
Life is full of risks. Everything we do, from buying a car, to crossing the street carries some
degree of risk. Therefore, it shouldn’t surprise us that our business activities have risk associated
with them as well. While some of those business activities carry very little risk, others come
loaded with risk at every turn. Some risks have a great potential for impact while the impact of
others can hardly be seen.
While the risks in our personal life can cause problems for us and our families, even the smallest
business risks carry a much broader potential for causing damage. Employees, customers and
even people who seem unrelated to our business can end up being hurt by the risks associated
with the business.
We had a perfect example of this with the earthquake and tsunami that hit Japan in March of
2011. Millions of lives were affected by what happened; first by the earthquake, then the tsunami,
and then by the damage to the nuclear power plant. Not only workers in the plant were affected,
but millions of customers, everyone who lived within 20 miles of that nuclear plant, even people
as far away as the western part of the United States were affected by what happened in that
event.
Even without the destruction and eventual meltdown of the nuclear power plant, the tsunami
itself wreaked havoc on the north eastern part of the Japanese home island of Honshu. Over five
million families lost their homes, with over 15,000 lives lost.
"In many cases, there is nothing we can do to stop these disasters from happening. Risk
management isn’t about that; it’s about understanding the potential risks and managing
how a company deals with that risk."
If you have any questions about this resource, please ask your trainer. They will be only too
happy to assist you when required.
Developed by Enhance Your Future Pty Ltd 69
BSBRSK501 Manage risk Version 2
R E F E R E N C E S
10 Foundations for Risk Management (N.D.) Retrieved on 12th January 2016 from:
http://civilengineerblog.com/foundation-risk-management/
ASSIST IN THE DESIGN AND DEVELOPMENT OF OHS PARTICIPATIVE
ARRANGEMENTS (N.D.) Retrieved on 12th January 2016 from:
http://institute.safetyline.wa.gov.au/pluginfile.php/1642/mod_label/intro/BSBOHS503B.pdf
Managing Risk (N.D.) Retrieved on 12th January 2016 from:
http://portals.wi.wur.nl/files/docs/ppme/ausguidelines-risk_management.pdf
Establish Risk Context (N.D.) Retrieved on 12th January 2016 from:
http://students.fortresslearning.com.au/bsbrsk501a-manage-risk/section-1-establi...
(N.D.) Retrieved on 12th January 2016 from:
http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CC0QFjA
C&url=http%
(N.D.) Retrieved on 12th January 2016 from:
http://www.gru.edu/ie/epmo/documents/steptwoplanprojectpdf.pdf