Diploma of Business
Unit BSBRSK501A
Manage Risk
Housekeeping
? Emergency Procedures
? Mobiles, Security Issues
? Break times / Smoking policy
? This course is “interactive” – ask questions
? Respect, Confidentiality, Practice
? Ground Rules:
? Smile
? Support other learners
? Patience with others
? Be on time
? Speak to trainer if any concerns
Establish risk context
1.1 Review organisational
processes, procedures
and requirements for
undertaking risk
management
AS/NZS 4360:2004 was replaced
with ISO31000:2009 Risk
Management Principles and
Guidelines
Still using AS/NZS 4360:2004
But you should know what ISO 31000
builds upon as this is the way Risk
Management is going
ISO31000:2009
? ISO means International Standard
Organisation
? Aims to improve and advance risk
management through
benchmarking and the evaluation
of organisational practices
Risk is defined
? By ISO31000 as “effect of
uncertainty on objectives”
? By AS/NZS 4360 as “the
chance of something
happening that will impact on
objectives.”
Purdy’s (2011) five steps to ISO31000
implementation
1. Changing the paradigm for risk and risk management
2. Take stock
3. Evaluate your maturity
4. Develop your plan to start
5. Develop your plan to keep it going
For risk to succeed:
? Management must support the process
? Management should be aware of big risks in the organisation
? For ISO31000 reporting must be on risk management, not
on risks such as used in AS/NZS 436
This unit, we use Federal OHS
legislation
? However, each State/Territory that you work or operate in has
different OHS Legislation and Regulations
? It is your responsibility to know the difference
The Legislative Framework
Code Of
Practice
Standards
Acts
Regulation
Practice
The Act aims to:
? Ensure that all employees are secure and safe at work
? To protect employee's from risk arising from their roles
? To assist employers/employees and other persons who
require assistance as per their obligations under law.
? To provide remedies when obligations at not met, through
civil remedies.
Regulations provide you with:
? The Health and Safety Representative election
processing
? Statutory notices; and
? The details about incident notifications
Codes of Practice
? can provide sufficient evidence to demonstrate that you are
following the law.
? The code of practice based on the OHS Act 1991 (Cwlth) is the
Occupational Health and Safety Code of Practice 2008.
Aim of the OHS Code of practice
Is to build on the
Legislative Framework
The Code of Practice provides you
with:
? Easier to read and follow guidance
? Provide guidance to areas previously excluded
? Only refers to AS/NZ Standards where necessary for technical
matters
? Allows for greater flexibility in achieving compliance
Standards Australia
? A standard is how specifications and procedures are designed
to make sure that methods and materials are fit for the
purpose intended. They are documents that are published to
make sure that the standards are consistent across Australia
? The guide for managing risk is the Australian Standard AS
4360: 2004. Your organisation will influence the design and
implementation of risk through its objectives, its
products, services and the processes that it utilises.
Under AS/NZS 4360:2004, The
Risk Management Process evolves
into:
Legislation
? The Risk Management Process contains:
? Hazard Identification
? Risk Assessment
? Implementation of Risk Control Measures:
? The hierarchy of controls
E ? E Elimination
? S Substitution
? I Isolation
? E Engineering
? A Administrative
? P PPE
? Review the effectiveness of the Risk Management Process in your
workplace as part of your organisations continuously
improvement process.
Risks may include those relating to:
? Commercial relationships
? Economic circumstances and scenarios
? Individual activities
? Political circumstances
? technology
? Human behaviour
? Management control
? Natural events
? Methods to support continuous improvement
A widely used tool for continuous improvement is the
four step quality model – the plan-do-check-act
(PDCA) cycle, also known as the Deming Cycle
Plan
Act Do
Check
Act
Establish risk context
1.2 Determine scope for risk
management process
Risks to your organisation
? Legal
? Financial
? Safety
Define the scope
? Get scope wrong, risk management plan will be wrong
? Is not easy
? All risks need to be quantifiable
? Provides details of processes regarding risks and deliverables
? Is built on the Risk Management Plan
Risk Management Plan identifies
? Your stakeholders,
? The impact the external environment
will have on your organisation within the
industry that you work in,
? How the risk management plan shall be
communicated; and
? The process of obtaining support to
ensure the ongoing success of the
organisation.
The scope may apply to:
? Given projects
? Specific business unit or area
? External environment
? Internal environment
? Whole organisation
The scope will help define:
? What areas should be covered
? What should be covered within a specified time period
? The resources that are needed
? Will you need the expertise of external specialists, if so who?
? Who the stakeholders are
? How risk shall be evaluated
? What records need to be kept and how
? How much analysis do you need to complete the assessment
safely?
? What needs to be evaluated and why?
Establish risk context
1.3 Identify internal and
external stakeholders and
their issues
Internal and External Stakeholders
? Internal stakeholders are people who support the
organisation and who are internal to the
organisation, including employees, investors and
management.
? External stakeholders include people who are impacted by
the organisation including the consumer and the community.
? It is important to know each perspective and their objectives
so that you can address their needs in the Risk Management
Plan.
? Take the time to work out what each party’s interest in
risk management is and use it to determine their
objectives
Internal stakeholders include:
? Employees
? Internal investors
? Management
External stakeholders include:
? Customers
? Suppliers
? Creditors
? Government
Next, Identify the stakeholders
objectives by:
? Consulting with industry experts to clarify information
? Being familiar with the legislation relating to your industry.
? Using information provided by professional associations to keep
up to date in regards to industry trends
? Consulting with stakeholders to determine objectives. You could
use contracts and agreements to assist you in identifying these
objectives.
? Implementing feedback and consultation procedures to allow you
to keep in touch with your stakeholders requirements.
Establish risk context
1.4 Review
political, economic, social, le
gal, technological and policy
context
Successful management
Rests on the ability of
your organisation to
adapt rapidly to the
pressures to the external
environment.
Time is a highly regarded
commodity
Use environmental scanning to
save time
Environmental scanning can be
utilised to:
? Control the flow of information
? Keep managers up to date
External organisations:
? May be used to monitor the external environment
? May include stakeholders, professional associations and
government bodies
Streams of information gathered in the
external market will usually include:
? The Economic System
? The Social System
? The Policy Context
? The Political/Legal System
? The Technology System.
The Economic System
? Comprises of the allocation, consumption, distribution and
production of resources
? Is the organisation of the economy to allocate scarce
resources.
? Is divided into capitalism and socialism
The capitalist economic system
is concerned with the production of profit maximisation
through investments and competition with other business
owners. These systems may be both regulated and
unregulated.
The socialist economic system
produces goods and services upon demand
and ensures that sufficient production is
carried out for this end. This system is
based on capital accumulation seeking to
control or direct the system through state
ownership or cooperative control.
Decisions of an economic nature
can be influenced by:
? The decision making structure of the organisation
? Who makes the decisions
? Whether decision making is centralised or decentralised; or
both; and
? How resources are allocated.
The Social system
? The social system is the use of attitudes, behaviours and ideas
influenced by human relationships.
? The incentive structure can be influenced by the social
system.
? The social system is initialised through empowerment.
Empowerment is the process of increasing the capacity of
individuals or groups to make choices and transform those
choices into desired outcomes and actions.
(PovertyNet, 2011).
The Political/Legal System
? creates the rules and frameworks within which business
operates.
? Government policy supports and encourages some business
activities e.g. enterprise, while discouraging others e.g. the
creation of pollution.
? “ A political system is a system of politics and government
that is usually compared to a legal or social system”
(Wikipedia, 2011).
The Australian Constitution defines the
following responsibilities including those
of the:
The Federal Government
Foreign affairs, trade, defence and immigration
Government of states and territories
For all matters not assigned the Commonwealth
Government, and they too adhere to the principles of responsible
government.
The High Court
arbitrates on disputes between the commonwealth and states.
Many courts decisions have expanded the constituitional powers
and responsibilities of the federal Government.
The Australian Constitution sets out the
powers of government into three chapters .
The The The
legislature
The
executive
The
judiciary
There are four main political
parties in Australia. They are the:
The Australian
Labour
Party(ALP )
•is a social democratic party founded by
the Australian labour movement
The Liberal Party • is a party of the centre right
The National
Party of Australia
•were formerly the Country Party, is a conservative
party representing rural interests
The Australian
Greens
• are a left-wing and environmentalist party
The legal system in Australia has three
sources that you may need to refer to.
The sources are:
? The laws which are made in
parliament;
? Delegated legislation; and
? The decisions made by judges in
courts which are published in volumes
of law reports
The Technological System
? refer to material objects such as machines and hardware that
are used by employees to ensure that they are productive
within their industry.
? The aim of the technological system is to ensure that the
human environment such as the materials, tools, techniques
and sources of power utilised to make life easier and local
more productive.
? may also be described as a network of agents interacting in
the economic/industrial area under a particular institutional
infrastructure and involved in a generation, diffusion and
utilisation of technology.
The aim of the study of
technological systems is
? to understand the linkages between technological
systems and economic growth.
? This linkage can be observed after your
organisation purchases new technology.
? If the organisation aims to improve productivity
then a purchase of equipment to allow the
organisation to meet the demand means
organisation will be able to take a larger share of
the market ultimately improve their profits.and
The Policy Context
? is the course of action the business takes in the decision
making process that influences the way in which they make
decisions and the actions that they take.
? The policy context comes into play here when the processes
of the organisation will have an impact on the final decision
made.
Consider the two options:
1. New equipment equals blowout in the organisations budget
2. New processes equal cost savings, empowered staff and
improve productivity equivalent to the new technology
found in the equipment.
Establish risk context
1.5 Review strengths and
weaknesses of existing
arrangements
SWOT is an acronym for
? strengths, weaknesses opportunities and threats which make
up the four factors of the SWOT matrix.
? The aim of this tool is to produce a model that can serve to
provide direction in the development, formulation and
assessment of risk management plans.
? As an important step in the planning process, many
organisations tend to undervalue or omit it from the risk
management plan.
Swot Matrix
Establish risk context
1.6 Document critical success
factors, goals or objectives
for area included in scope
Critical success factors (CSF)
? is the term for an element that is necessary for an
organisation or project to achieve its mission.
? are those few things that must go well to ensure success for
an organisation and, therefore they represent those
enterprise areas that must be given special and continual
attention to bring about high performance”
(Wikipedia, 2011).
? aim to assist organisations in narrowing their “results, and if
their results are satisfactory, the organisation will ensure the
successful competitive performance for the organisation”
(Rochart, 1979, p.84).
Grabowski and Roberts (1999)
? suggests that the following four factors are designed to
ensure the high level of performance that your organisation
needs. These factors include:
? Organisational Structuring And Design
? Communication
? Organisational Culture
? Trust
Top management support
If management demonstrates the appropriate support for the
organisation’s risk management culture then the level of team
members who follow organisational procedures should
increase.
The importance of culture within
effective risk management is
? that knowledge transference
requires individuals to come
together to interact, exchange ideas
and share knowledge with one
another.
? Moreover, culture creates
individuals who are constantly
encouraged to generate new
ideas, knowledge and solutions
(Muller, 2009).
Trust
? is an important prerequisite to “changing
those related alliances, thus mitigating risk, as
organisations are unwilling to adopt alliance-
like organisational structures that make them
vulnerable to the fluctuation of the
environment” (McAllister, 1995).
? For trust as a critical success factor to succeed
it is essential that risk management processes
include cooperation and teamwork
To measure the success and/or failure
of the organisations critical success
factors
the organisation must under the Section 69 of the OHS Act
1991 maintain records of actions and dangerous occurrences.
Establish risk context
1.7 Obtain support for risk
management activities
One of the final critical success
factors is
Management support and commitment which needs to give
constructive feedback to team members
To give constructive feedback to team
members it is important to make sure
that your feedback is:
? Timely
? Supported with positive words
? Descriptive and gives facts
? Aimed at supporting collaboration so that new
ideas for improvement are devised
To create an environment where
people are:
? Empowered
? Productive
? Contribute happily to risk management
To reinforce this environment,
you must:
1. Demonstrate that you value them
2. Share their vision
3. Share goals and directions
4. Trust people
5. Provide information for decision making
6. Delegate authority
7. Provide continuous improvement
8. Focus on the problem, not the people
9. Listen and ask questions
10. Reward and recognise empowered behaviour
Establish risk context
1.8 Communicate with
relevant parties about the
risk management process
and invite participation
Relevant parties may include:
? All staff
? Internal and external stakeholders
? Senior management
? Specific teams or business units
? Technical experts
Keep employees up to date:
? Supply them with information
? Give them a chance to ask questions to clarify information
? Make sure they are up to date on the communication process
and give them an opportunity to see how their contributions
impact on the organisation
2. Identify risks
2.1 Invite relevant parties to
assist in the identification of
risks
Use consultation
As a way in which management not only
provides staff with up to date information, but
also provides stakeholders and any relevant
parties with the opportunity to assist in the
identification of risk.
Consultation
With employees ensures that the organisation is proactive in
regards to risk management
The Consultation Process Includes:
? OHS representatives and committees
? Workplace health and safety officer
? Other agreed arrangements including:
? Employees seeking industrial representation in regards to
obtaining assistance in OHS issues
? Regular meetings
? Brief talks about hazards and risks on a regular basis
? Work groups
? Job task training
2. Identify risks
2.2 Research risks that may
apply to scope
Research
? To keep employees and stakeholders up to date
so that they can make informed decisions
? Aims to assist you in discovering, interpreting
and developing methods and systems in a
systematic way
Research may include:
? Data information (Qualitative)
? Statistical information (Quantitative)
? Information from other business areas
? Lessons learned from other projects and activities
? Market research
? Previous experience
? Public consultation
? Review of literature; such as journals, articles, texts and
websites
2. Identify risks
2.3 Use tools and techniques
to generate a list of risks that
apply to the scope, in
consultation with relevant
parties
Should work in consultation with:
? Employees
? Owners
? Suppliers
? Investors
? Contractors
? Industry sources
Consult using the following tools
and techniques including:
? Brainstorming
? Checklists
? Fishbone diagrams
? Flowcharts; and
? Scenario analysis
Brainstorming
? is an excellent tool that can be used to generate
creative problem solving. It is good to use
brainstorming to bring together a wide range of
personnel so they can bring their diverse experience
and meaning to solving the problems that you face.
? Also assists in ensuring that you look at a problem
from a different perspective.
? Aims to get personnel out of their comfort zone and
come up with innovative and different ideas to
resolve problems.
To run a group brainstorming
session, you should:
? Make sure that you provide the relevant parties with a comfortable
environment
? That one member of the team is assigned with writing ideas in your
organisation’s preferred format
? Clearly define the problem that you would like to resolve.
? Use icebreakers if people are not comfortable working together
? Do not criticise and try to make sure that everyone contributes new
ideas
? Encourage people to have fun during the brainstorming session
? Make sure that are sufficient ideas to work with
? Take regular breaks if your brainstorming session is going to be a long
one.
Checklists
? are informational job aids aimed at compensating for a
human’s lack of memory or attention. It would help you in
performing the steps of a task or can be used as a schedule.
? should be utilised to develop formal procedures that can
assist you in look at the internal risk of activities.
? Control their length or they are exhaustive
Fishbone diagrams
Fishbone diagrams are also known as
Ishikawa Diagrams or Cause and Effect
Diagrams and look like a skeleton of a fish
as shown below.
http://www.project-management-skills.com/fishbone-diagram.html
To build a successful tree or
fishbone, you need to:
? Make sure that everyone knows what the problem is
? Be clear
? Pursue each line of causality back to its root cause
? Make sure that the cause of each category is added to the tree
? For control, if the branches become overcrowded, split them.
? Reflect and determine which has merit and pursue them.
Flowcharts
Flowcharts are representative of a process
and are used to demonstrate the steps
involved in the process.
High level Flowcharts
Detailed flowchart demonstrating steps
of all of the decisions in a process
Deployment flowcharts organised by
columns assigned by individuals or
departments responsible
Design a flowchart effectively by:
? Defining the process starting and ending points
? Completing the picture by filling the details
between the start and end
? Making sure that each step is clear and honest
? Identifying steps that do not add value or time
lags that may impact on the steps of the process;
and
? Passing the flowchart to other stakeholders
involved in the process and obtains feedback from
them.
Scenario analysis
? involves the assessment of various potential future events and
the development of scenarios that will be likely to pass if
specific events took place.
? can be helpful in risk management by reflecting on your
analysis of the internal and external environment and
determining the events that may impact on your
organisation’s risk management plan.
The five steps of scenario analysis
are:
1. Define the problem
2. Gather data
3. Separate certainties from the uncertainties
4. Develop scenarios
5. Use the scenarios as part of your planning process
3. Analyse risks
3.1 Assess likelihood of risks
occurring
Once risks are identified, they
should be:
? Eliminated
? Minimised or
? controlled
Risk assessments should be
conducted when:
? New substances and plant is
introduced
? New work practices and procedures
are introduced
? Changes are made to
process, equipment and substances.
Employers need to consider:
? How often the hazard has the potential to harm
? The number of people exposed to the hazard
? The length of exposure to the hazard
? Amount of materials or exposure points
? The position of the employees in relation to the hazards
? The skills and experience of the people exposed
? The special characteristics of the people exposed
? Any elements that could distract personnel in the work environment
? Environmental conditions
? The work organisation – like rostering, shift arrangements and the pace in
which work should be performed
? The introduction of new work processes and procedures
? The effectiveness of existing control measures.
The likelihood may refer to:
? Probability of a given risk
occurring, such as:
? Very likely (exposed to hazard constantly)
? Likely (exposed to hazard occasionally)
? Unlikely (could happen but only rarely)
? Highly unlikely (could happen but
probably never will).
3. Analyse risks
3.2 Assess impact or
consequence if risks occur
Consequence
is the means outcome or impact
of an occurrence. In other
words, you need to be able to
make a judgement about how
much harm that workers may be
exposed to if they are exposed to
the hazard.
Consequences may be related as:
a. A fatality
b. Major or serious injury (serious damage to health that may
be irreversible, requiring medical attention and ongoing
treatment). This is likely to involve significant time off
work;
c. Minor injury (reversible health damage that may need
medical attention but limited ongoing treatment). This
means that it is less likely to spend more than a day off
work.
d. Negligible injuries (might sustain slight injury and may
require only primary first aid) and no time off work
Variations of consequences in states
and/or territories may include:
Significance of outcomes if the risk occurs, such as:
? Disastrous
? Severe
? Moderate impact
? Minimal impact
If there is uncertainty, you should
consider:
? Whether there is more information available
? What specialists are available to consult
? Whether surveys, environmental and medical monitoring is
needed
? The records and data that should be reviewed including
employee complaints, staff turnover, unscheduled absences
and sick leave
? Whether the organisations culture and the behaviour of its
staff add to the risk or are the actual risk factor; and
? Assess the training levels and competency of the team.
3. Analyse risks
3.3 Evaluate and prioritise
risks for treatment
Familiarise yourself with the risk
management process
Make sure that you understand
your organisations procedures
The risk analysis is the study of the
likelihood and consequences where you
should ask:
? What is the likelihood of an incident occurring?
? If an accident occurs, what would be the magnitude of its
consequence?
You may need more information
about the level of risk from:
? Available records
? Results from inspections carried out
? Statistical data from various sources
? Relevant experience
? Research
? Specialist and expert judgement
? Experiments
Types of Risk Analysis
Qualitative analysis would be used in most cases. This type of analysis
is used:
? As an initial screening exercise to identify risks that require more
detailed analysis
? Where the level of risk does not justify the time and effort spent on
a more detailed analysis
In the same way, consequences arising from an incident occurring
may be qualitatively measured. An example of a consequence
measure is:
When the likelihood and consequence are put
together, you have an example of the analysis
matrix.
Risk analyses
? Are usually aimed at the negative consequences of risk
? The consequence measure therefore reflects the losses and
undesired outcome that may arise
? However risk management is increasingly applied to identify
and prioritise opportunities as the risk associated
? When considering the opportunities, the likelihood measure
need not change, as it will describe the chance that a benefit
will arise.
? The consequence, however, must still be adjusted.
An example is as follows:
When risks and opportunities are being
considered together, a two directional measure of
consequence may be appropriate.
Legend (for opportunities)
L = low opportunity, manage by
routine procedures
M = moderate
opportunity, management
responsibility must be
specified
H = high opportunity, detailed
planning required at senior
levels to prepare for and
capture opportunity.
The risk priority rating should
consider:
? Cost benefit analysis to determine the acceptance or rejection of
treatment
? Development of a risk action plan
? Possible risk treatments/controls in order of priority of
resolution
? Preferred options for treatment of risks
? Timetable for implementation
4. Select and implement
treatments
4.1 Determine and select most
appropriate options for
treating risks
If you cannot eliminate a risk, you
should minimise it by:
? Controlling employees exposure to the risk
? Do not make changes just so they create a new hazard; and
? Allows employees and contractors to work in a safe and
comfortable work environment.
The Hierarchy of Control assists
employers to control risk
Eliminate
Substitute
or modify
Isolate
Engineer
Eliminate the Hazard to prevent:
? Human error,
? Lack of awareness,
? Stress,
? Fatigue,
? From influencing the selection of control
measures
? From acting in an uncontrolled manner; and
? Giving priority to operational or production
plans
Examples of elimination in OHS
COP (2008) are:
? Removing trip hazards cluttering
? Disposing of unwanted chemicals
? Removing hazardous plant or substances
? Promptly repairing damaged equipment;
and
? Increasing the use of e-mail to reduce
excessive photocopying and collation
Substitute or modify the hazard
? Substitution or modification of a hazard ensures that the
hazard is minimised.
? Substitution or modification should only be considered when
risk to employees has been identified and when the changes
will decrease the level of risk for the person performing the
task.
The OHS COP (2008) gives the following
examples of substitution .
? Substitution of a hazardous chemical with a
less hazardous chemical
? Substitution of telephone headsets with
headsets in a reception area
? If this is not possible, then;
? Substitute of smaller package or container
to reduce the risk of manual lifting injuries
like back strain.
Isolate the hazard
The aim of isolation is to separate the employees from the
hazard. This can be performed by putting up signs and barricades
or placing the hazard in a separate room; thereby removing the
hazard from the main work area.
Examples of isolation as per the
OHS COP (2008)
? Use of a fume cupboard to isolate and
store chemicals, and
? Use of remote handling equipment for
hazardous substances and procedures.
Use engineering controls to control
the hazard at its source
? Engineering controls is the next control
option to minimise risk within the
hierarchy of controls.
? Engineering controls include engineering
modifications to plant or to a system of
work needing to be changed.
The OHS COP (2008) gives the
following examples of engineering
controls:
? Modification to plan
? Installation of guarding on
machinery; and
? Use of a ventilation system to
remove chemical fumes or dust.
Use Administrative controls
? Administrative controls include changing procedures and
practices to minimise risk.
? Administrative controls should be used to back-up and
supplement other controls that have been put in place. These
control measures may be needed when your employer waits
for the evaluation and implementation of other control
measures.
Examples of administration controls
found in the OHS COP (2008) include
? Regular maintenance of equipment and plant;
? Written procedures for all equipment and work
procedures; and
? A training, education and supervision program
for employees/contractors, which includes
preventative maintenance and housekeeping
procedures
Use personal protective equipment
(PPE)
? The final control measure under the hierarchy of control
pyramid is the use of personal protective equipment (PPE).
? PPE should only be used when the higher control measures
are not appropriate or adequate. They can be used as a final
barrier between the hazard and the employee.
? The use of PPE may require your employer to make sure that
you change your behaviour as PPE does not control the
hazard.
? The PPE must be appropriate for the type of work the
employer is doing.
4. Select and implement
treatments
4.2 Develop an action plan for
implementing risk treatment
The Risk Management Plan should
include:
1. Introduction
Purpose of the Action Plan
This should include what the risk management plan is for. You
may even write a Risk Management Statement
Goals of the organisations Risk Management
What are the organisation’s goals? I.e. to ensure that the
highest levels of risk are identified and properly
management, risk is focused where it is needed.
2. Context and Background
What Risk Management is.
Define risk management and its importance to the
organisation.
Benefits of the plan
How does your Risk Management Plan benefit your
organisation? E.g. meet your legal obligations
Organisations background
What is the organisation’s background and the area’s where risk
has been applied in the organisations and how. E.g. may include
policy and procedures, the use of specification, equipment
checks, tests and quality assurance.
3. Risk Management at your organisation
Overview of the Risk Process
How Risk is handled in the organisation
Organisation
Risk Management
Objectives
Organisation
Risk Management
Objectives
Risk Management Plan &
Program
Risk Management Plan &
Program Risk Management
Objectives
Risk Management
Objectives
Program
“Risk Register” & Risk
Treatment Action Plans
“Risk Register” & Risk
Treatment Action Plans
Risk Assurance &
Performance Reports
Risk Assurance &
Performance Reports
3. Risk Management at your organisation
Risk Management Structure and Responsibilities
How the plan is implemented
Timeframe
a Monitoring and review
4. Initial risk identification and risk treatment
Risk criteria
In this section, you need to prioritise the importance of Risk
Management in terms of how it can impact on the organisation.
For example, if too many people are injured in the workplace
then the organisation’s reputation will be negatively affected or
how management and accountability for risk is quintessential to
the organisation.
Financial
Technology
Residual Risk
This section should include the
risk exposures present within the
organisation as demonstrated by
the above pictorial. The meaning
of the graph includes:
k Residual risk – the remaining
level of risks after risk measures
have been undertaken.
Under Action – A plan is in place
for the action to be done
including who is doing the
plan, the resources needed, the
4. Initial risk identification and risk treatment
0% 20% 40% 60% 80% 100%
Management Activities
Contractual Relationships
Under action
Controlled
plan, the resources needed, the
costs and timing targets.
d Controlled – Refers to the level of
risks that have been controlled
and maintained at an acceptable
level.
Based on the findings, the scope
would probably need to be
reviewed so the progress is
maintained within the Risk
Management Plan
4. Initial risk identification and risk treatment
A detailed report of the organisations Risk Management Plan
should be shown on a bar chart with individual appraisals of
the risks. These should be demonstrated in the organisation’s
Risk Register.
4. Select and implement
treatments
4.3 Communicate risk
management processes to
relevant parties
Make sure that you follow
procedures and communicate
? The information in your job description
? The information in the organisations policies and procedures
Information should be
communicated to stakeholders to:
? Ensure that they are aware of a problem and what
impact it may have on their activities
? Ensure that they have sufficient information to
consider alternatives and the feasibility of
suggestions.
Communicate only relevant
information to:
? Workers, supervisors and health and safety representatives
? Stakeholders who may be exposed to the control measure
? Consult and monitor incident reports; and
? Review safety committee meetings where possible
4. Select and implement
treatments
4.4 Ensure all documentation
is in order and appropriately
stored
include external reporting where the
organisation will:
? To their external stakeholders
on a regular basis
? To government bodies if an
incident arises from a hazard
Risk is recorded to:
? Ensure that the risk management process follows the correct
legislative requirements
? Provide management and decision makers with a plan that
ensures that risk exposures are addressed in a logical manner
? Provide an audit trail in the case that processes are followed
up
? Share and communicate risk management activities to
employees and other stakeholders
? Provide accountability that supports the organisations
strategic and risk management plans
? Facilitate continuous monitoring and review of risk
management
Reporting documentation can
include:
? Compliance and due diligence statement
? First Aid/medical post records
? Hazardous substances registers
? Health surveillance and workplace environmental monitoring
records
? Maintenance and testing reports
? Manufacturers’ and suppliers’ information, including MSDS
and dangerous goods storage lists
? Mentoring and auditing documents
? OHS audits and inspection reports
Reporting documentation can
include:
? Records of instruction and training
? Risk management policy statement
? Risk register
? Risk treatment and action plan
? Safety bulletins or notices
? Workers’ compensation and injury
management records
Documents leave a
Trail the provides evidence that the organisation is complying
with their legal obligations
4. Select and implement
treatments
4.5 Implement and monitor
action plan
Information that should be
communicated may include:
? Decisions made in regards to resolving a hazard
? How a change in a procedure is implemented and why the
change is implemented.
? How the benefits of the change will benefit all parties. Research
has shown that if stakeholders understand how a specific change
impacts on them, they will be more than inclined to take
ownership of the change
? The benefits of working safely
? The consequences if they fail to follow the control measures
To implement an action plan, you
should:
1. Create a communication plan
2. Raise awareness
3. Build capacity
4. Motivate
5. Track and monitor
4. Select and implement
treatments
4.6 Evaluate risk management
process
To monitor and review risk
procedures through
? Self-assessments
? Physical inspections
? Checking and monitoring success of actions
? Audit and reassessment of risk to achieving objectives; and
? Key dates, time frames and deadlines should be set for
communicating, monitoring, reporting and review.
Ask the following questions
? Have the chosen control measures been implemented as
planned?
? Are the chosen control measures working?
? Are there any new problems?
? Has the risk management process added value to your
organisation?
? Are the outcomes of the program measurable?
? Would you make a decision to contract or expand the risk
program based on this information?
