Assessment 1
Activity 1.
1. What is the meaning of the following terms:
a. Risk.
b. Risk management.
c. Risk appetite.
d. Risk capacity.
2. Comment on the following saying in relation to the risk management policies and practices of an organisation: 'Organisations that fail to plan, plan to fair.
Activity 2.
You work for Australia Wide Taxations Solutions-a company of 1,500 employees offering taxation services across the country. The company is divided into five divisions: personal taxation, small business taxation, corporate services, personal wealth creation and corporate asset management. It is a highly regulated industry and there are many laws that must be adhered to.
You have been asked to undertake a risk management process for the entire organisation. What advantages, difficulties and challenges does a scope of this size pose? How else might you approach the management of risk at Australia Wide Taxations Solutions?
Activity 3.
Why is it advantageous to consider stakeholders' issues throughout the risk management process design?
Activity 4.
Comment on the influence/ impact each of the following factors has on an organisation's risk profile:
• political
• economic
• social
• legal
• technological
• policy
Activity 5.
1. Conduct a SWOT analysis for the current risk management practices of an organisation with which you are familiar.
SWOT analysis
Name of organisation:
Brief description of core function of the organisation:
2. Summarise the findings of your SWOT. Are the current arrangements adequate? Why/ why not? What steps do you recommend be taken and why?
Activity 6.
Nautilus Boat Hire is a small business which is family-owned and operated. It is located in a marina at the mouth of a major river and has been operating for five years.
The business is based on:
• hire of eight aluminium runabouts (tinnies) to youth groups, anglers and tourists
• hire of two deep-sea vessels to serious anglers and scuba divers
• hire of fishing gear
• sale of bait and scuba tank refills
Nautilus Boat Hire is researching whether to expand the business offerings to include hire of three houseboats to families and groups of young adults. A survey that they recently conducted revealed that a significant number of clients are tourists from interstate or overseas. Most clients are once-only hirers who have no knowledge of local waters and weather conditions.
As part of their business planning, Nautilus Boat Hire determined the following risks to the new business offerings:
• people who are not strong swimmers, especially children, drowning
• houseboat clients getting lost and/or stuck on sandbanks
• clients finding the houseboats very difficult to control in high winds-resulting in damage to the houseboat and/or land structures
• clients being sunburned and dehydrated on hot, sunny days
• clients making a lot of noise when moored and residents complaining
Using the information that you have been provided, recommend the goals and objectives of managing these risks that Nautilus Boat Hire could adopt.
Activity 7.
1. Getting people on board and keeping them engaged is a key part of managing risk. Explain the importance of getting support for risk management plans and processes.
2. Create your own checklist for the qualities of a risk management champion.
Activity 8.
You have been asked to oversee the management of risk for your team/ department at work.
Identify the key stakeholders that you will need to communicate with. For each of them describe:
• their interests
• the primary and secondary communication methods that you will use with them
• the key messages appropriate to them
• the contributions that you can expect from them
Activity 9.
Security 'R' Us is a small security provision service company operating in an older part of the western suburbs. Security 'R' Us have recently moved to new work premises due to expansion in their business.
The activities carried out by Security 'R' Us include, providing:
• security guards at banks, hospitals and the local university
• armed guards for valuables, transport escorts
• security patrols to many industrial premises and schools in the greater metropolitan area
With the move came the need for modification to the new workplace. The building had been constructed some 90 years ago. The asbestos register indicated that there are significant amounts of asbestos still in situ.
In considering how to best manage the refurbishment project the managing director is considering using a contract maintenance team to make modifications to the building, which requires removing two walls and part of the floor.
Works will be carried out during normal working hours, with approximately half of the workforce including guards, administrative staff and the management team likely to be exposed to significant dusts that will be created during the works from drilling, sawing, manual dusting and sweeping.
Identify the people at Security 'R' Us who should be consulted or involved in identifying the risks involved in the relocation and the reasons for their involvement. Suggest appropriate mechanisms for their involvement.
Activity 10.
1. What is the danger of attempting to manage risks without researching them?
2. List at least eight factors that should be included in the research of any given risk.
3. Describe some common methods of researching risk. Give an example of when each would be suitable to use.
Activity 11.
1. Prepare a flow chart showing the various steps involved in the following process. Use flow chart symbols. Your flow chart can run horizontally or vertically.
Process name: Determining the best way home.
Background information: There are several routes that Kane can take to get from his office to his home. His choice of which way to go is influenced by the amount of congestion, the time of day and the weather.
If the weather is clear, it is before 5 pm and, after checking the road reports, his primary route is not congested, Kane goes that way. If the road report says the traffic is bad, he takes alternate Route B.
If the weather is bad or if the weather is fine but it is past 5 pm, Kane knows his primary route will be congested so he automatically takes alternate Route A home.
2. Using the flow chart you prepared, identify the risks that Kane faces.
3. Choose a problem/ issue you wish to investigate further. Create a cause and effect diagram to visually depict the issue, main categories of causes and the causes.
4. Create a check sheet that could be used to record data in the following scenario:
You are counting the number of defects on a production line that is turning out gadgets. There are three main types of defects that are seen, these are: misshapen gadgets, undersize gadgets and oversize gadgets. You will collect data for three, 12-hour shifts, but need to be able to separate the data for each of the shifts.
Activity 12.
Using the guide that is given in the following table, rank the risks that have been identified for the Nautilus Boat Hire company's houseboat project.
The risks have been identified as:
• people who are not strong swimmers, especially children, drowning
• houseboat clients getting lost and/or stuck on sandbanks
• clients finding the houseboats very difficult to control in high winds-resulting in damage to the houseboat and/or land structures
• clients being sunburned and dehydrated on hot, sunny days
• clients making a lot of noise when moored and residents complaining
Activity 13.
1. Plotting your business risks on a risk Matrix is widely recommended. What are the benefits of doing this?
2. Continuing with the Nautilus Boat Hire company scenario, transfer your likelihood assessments of each risk and add an assessment of the severity of impact for each of the identified risks on to the matrix shown.
3. Plot the risks on the matrix shown.
Activity 14.
Prioritising actions
1. Using the severity and likelihood matrix that you created for Nautilus Boat Hire, list the risks in priority order and give reasons for your rankings.
2. Comment on some of the problems that you might encounter when trying to determine priority of risks.
Activity 15.
1. Describe what the ALARP principle means and give an example of it in practice.
2. Give examples of risks that could be managed by each of the following treatment strategies:
a. Avoid the risk: Choose not to borrow money to finance a project.
b. Reduce the risk: Install warning signs to alert people of a possible risk.
c. Share the risk: Contract multiple suppliers for each product.
d. Retain the risk: Agree that the small risk of a client defaulting on payment is worth taking to obtain a new line of business that can then be used to prospect for other clients.
3. Describe a situation from your own experience where you applied a control to a risk. Explain the nature of the risk, which type of control that you chose to use, what you actually did and how successful it was.
Activity 16.
1. Using the template, create an example action plan to show how you would implement two risk management strategies of your choosing.
2. Risk management is an integral part of any planning process. What sorts of things should risk recovery plans encompass?
3. Describe the three key components of a solid risk recovery plan.
4. Who should be involved in the design and development of risk recovery plans fora project? Why?
5. List three areas of risk an organisation can develop a contingency plan for.
Activity 17.
The senior accountant at Abacus Accounting, a small accountancy firm, has their laptop stolen from an interstate restaurant where they were conducting a dinner meeting with clients. The laptop contains nearly four weeks of data that had not been backed up. This is a significant loss of a large amount of personal information regarding clients and business opportunities. In addition to this loss, the accountant is now without use of a laptop and still has much client work to conduct.
As a result of this loss, Abacus Accounting undertakes a risk management process and decides to implement an action plan to ensure all identified risks are minimised.
For example, the firm recognises that the use of laptops by accounting staff is critical, as is the information the laptops contain.
Amongst other things, the plan contains details of:
• protocols for safeguarding laptops whilst travelling
• protocols for backing up of data
• procedures for updating the asset register with laptop warranty and insurance details
• procedures for how to report the loss of the laptop and how to expedite replacement
Explain who the action plan, and its associated details, needs to be communicated to and when and how this could be best achieved.
Activity 18.
1. Why should all documentation be in order and appropriately stored?
2. What is the basis for a good documentation storage system?
Activity 19.
I. Why is it important to monitor an action plan once it has moved into its implementation phase?
2. Using the review scope and frequency triangle, give at least two examples of activities that could be performed at each level.
3. At what point is the best to consider the monitoring aspects of a risk management plan and what factors should be included?
Activity 20.
Comment on the following statement:
'Audits conducted by external companies are just another academic exercise designed to create employment for consultants.'
Question 1
What is the purpose of the standard AS/NES ISO 32000-2000 risk management?
Question 2.
There are a number of key provisions of relevant legislation and regulations from all levels of government that may affect aspects of business operations, such as:
a. Duty of care.
b. Company law.
c. Contract law.
d. Environmental law.
e. Freedom of information.
f. Industrial relations law.
g. Privacy and confidentiality laws.
h. Legislation relevant to the organisation's operations.
i. Legislation relevant to operation of a business entity.
j. Anti-discrimination legislation.
k. Ethical principles.
I. Codes of practice.
m. Health and safety legislation.
Why is it necessary to have a working knowledge of the legislation involved in business? Construct appropriate research to explain what duty of care means and how it applies in the workplace.
Question 3
What is risk management? Why must risk management procedures to be followed?
Question 4.
What are the advantages and disadvantages of carrying out a risk assessment for a whole organisation and its overall operations? On what basis/ scope might risk assessments be carried out if they are not carried out for an entire organisation?
Question 5.
Employees with a disability have the same rights as other employees to a safe and healthy workplace and they also have the right to workplace modifications or adjustments that ensure their safety. Employers must be aware of the legislation that supports the right of employees with a disability.
Conduct appropriate research to identify the relevant Acts and to explain what it means that adjustments to the workplace can be made to accommodate the needs of emloyee to say a disability. p s with
Question 6.
Businesses can take out a variety of insurances that will indemnify them and/or their employees, customers, members of the public in the case of an accident or other adverse occurrence. Conduct appropriate research to determine the types of insurance that can be taken out. What companies offer insurance for businesses? (Name at least three.)
Assessment 2
Project 1.
This project entails you planning, conducting and evaluating a risk management program for an organisation. For the purpose of this project, the term organisation can include a small business, work team or division in a large organisation, sporting group, or family. Complete each of the sections in as much detail as is possible.
Part 1-Plan for enterprise risk management:
• describe the organisation's current risk management policies, procedures and processes and comment on the strengths and weaknesses of these arrangements
• describe the scope for risk management process that you will conduct-explain why you decided upon this scope
• discuss the impact that each of the following has on the organisation's approach to risk management:
- political environment
- economic climate
- social factors
- legal factors
- technological advancements
- policy context
• document critical success factors, goals or objectives for area included in scope
• identify each of the internal and external stakeholder groups and for each make a list of their issues
• discuss how you will communicate with each of these stakeholder groups, include details of:
- key messages
- delivery strategies
- how you will encourage input/ participation
• describe what level and type of support you need in order for your risk management plan to be effective and discuss the strategies that you will use in order to obtain that support
Part 2-Identify the risks:
• using a SWOT diagram, identify the risks that face the organisation
• research these risks and provide any necessary background/ further detail
• make a list of the other tools and techniques you could use in order to generate a list of risks that apply to the scope
Part 3-Analyse the risks:
• assess the likelihood of the risks occurring
• assess the impact or consequence if risks occur
• depict the risks on a risk matrix
• evaluate and prioritise risks for treatment
Part 4-Select and implement treatments:
• determine the most appropriate option/s for treating the top three risks that you have identified
• develop an action plan for implementing those risk treatments
• explain how you will communicate the action plan information to the relevant parties
• what documentation is needed and how will it be completed and stored
• describe the steps that you will take to implement your risk management action plan
• discuss how you will monitor the action plan to ensure that it meets its identified goals
• explain how you will evaluate the process that you have used to manage these risks