Professional Documents
Culture Documents
BSBOPS504 Student Guide (Ver. 1) PDF
BSBOPS504 Student Guide (Ver. 1) PDF
BSBOPS504 Student Guide (Ver. 1) PDF
GUIDE
BSBOPS504
MANAGE BUSINESS RISK
First published 2020
RTO Works
www.rtoworks.com.au
hello@rtoworks.com.au
0452 157 557
This resource is copyright. Apart from any fair dealing for the purposes of private study, research, criticism or review
as permitted under the Copyright Act 1968, no part may be reproduced by any process without written permission as
expressed in the RTO Works License Agreement.
The information contained in this resource is, to the best of the project team’s and publisher’s knowledge true and
correct. Every effort has been made to ensure its accuracy, but the project team and publisher do not accept
responsibility for any loss, injury or damage arising from such information.
While every effort has been made to achieve strict accuracy in this resource, the publisher would welcome
notification of any errors and any suggestions for improvement. Readers are invited to write to us at
hello@rtoworks.com.au.
Business Works is a series of training and assessment resources developed for qualifications within the Business
Services Training Package.
Contents
Overview 4
Topic 1: Overview of risk management 5
Topic 2: Establishing risk management in an organisation 17
Topic 3: Addressing risks in an organisation 33
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 3
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Overview
The Student Guide should be used in conjunction with the recommended reading and any further
course notes or activities given by the trainer/assessor.
Learning goals
Learning goals include:
You are able to establish the risk context to manage risk in a work area or organisation.
You are able to identify and analyse risks within a pre-determined scope.
You are able to select and implement risk treatments and monitor and evaluate the risk
management process.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 4
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Topic 1: Overview of risk management
Managing risk in business is about using sound judgement and decision-making skills to reduce
the consequences of risk while still making the most of the opportunities available to you.
It is not about completely eliminating risks, as they are inevitable in business (and life!). It is
about establishing, mitigating and responding to risks and setting up a plan to deal with them.
Activity: Reflect
Think about some of the risks in your personal and work/study life.
Have you deliberately taken any risks that have been a success?
Have you taken any risks that have caused you to fail?
Have you taken any steps to avoid or manage any of the risks you’ve thought
about?
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 5
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
What is risk?
Before we continue, make sure you understand what risk is.
could prevent the organisation from achieving goals it has set for itself.
Examples of goals that may be involved with risk can relate to service delivery standards,
production specification of items, sales and/or revenue budgets, safety targets and attainment of
workplace objectives.
Examples of negative outcomes of a risk eventualising may be financial loss, damage to the
reputation of the company, loss of property, cash or data and breach of legislated obligations.
Risks come in different forms and in business, there are different types of risks. The risks for your
business or organisation will depend on:
the industry
There are four main types of business risk: strategic risk, compliance risk, financial risk and
operational risk.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 6
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Take a look at the next table to understand more about these risks.
Financial risk These risks affect the Customers not paying CFO
financial health of a on time (or paying in
Financial controller
business (cash flow, instalments).
liquidity, financial Managers/supervisors
position, debt burden
etc.)
Operational These risks are Targets not being met Head of operations
risk associated with a because a machine
Managers/supervisors
business or breaks down.
organisations’ systems
and processes.
Activity: Brainstorm
In small groups:
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 7
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Reflect
Do you have any personal experience of any of the types of risks listed above?
natural causes (e.g., flooding disrupts a delivery service, dust storm causes a truck driver to
have an accident, pandemic results in extended business closure)
human causes (e.g., strikes result in unfilled customer orders, mistake when manually entering
invoices into the accounting system, spillage in the office kitchen results in someone slipping
and hurting themselves).
economic causes (price of raw materials increases making product manufacture more
expensive, labour costs increase with new regulations, rising interest rates affect a business or
organisation’s ability to repay debt).
Activity: Practical
Look at the examples of risk sources and answer the questions that follow.
bushfires, contractual breaches, terrorist attack, computer network failure, online
security, staff conflict, consumer preference changes, power failure, WHS
1. Classify each risk as internal or external.
2. Which category does each risk fall into (natural, human, economic)?
3. Who would be responsible for the risk?
Work in pairs to compare your answers.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 8
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Why is risk management important?
Activity: Discuss
Did you know that the cost of risk management is often less than the costs associated with a risk
eventualising (such as fines, lawsuits, loss, reputational harm and the potential for business
closure)?
Depending on the consequences of the risk, risks should be taken or avoided. When the
consequences of risks we take are negative, we can learn from the outcome and plan for the
future.
Managers are under a legal obligation to:
demonstrate to the workforce they are effectively managing the business through the risk
management actions they take – giving workers a sense of reassurance and confidence in
management.
discharge a common law “Duty of Care” to take action to avoid allowing foreseeable harm to
impact individuals or the company.
demonstrate responsible corporate governance in the way they run the organisation.
Risk management ensures the ongoing viability of a business by making sure its goals and
objectives can be achieved regardless of the obstacles that get in their way.
Risk management has become even more important over recent years as a result of:
an increasingly volatile and competitive business environment where there are more
competitors and their capacity to compete has massively increased due to inexpensive and
pervasive digital marketing options.
greater awareness among the business community that risks can be identified and actively
managed rather than simply be allowed to happen.
realisation that unmanaged risks can seriously impact a business if they materialise, and can
even bring about an end to the company – and that managed risks provide the business with
plans to exploit opportunities that arise rather than see them slip by.
changes to a raft of legislation that has placed obligations on senior managers carrying with
those responsibilities sever penalties of hundreds of thousands of dollars and imprisonment.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 9
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
What process should I follow to management risk?
Given the importance of risk management (including the legal obligations), a deliberate and
consistent approach is required to identify, mitigate and respond to risk. In many businesses a risk
management team is put together and charged with heading up the process.
The typical risk management process essentially comprises of four steps or stages. The names
given to the four steps/stages can differ but the basics of the model remain the same. The steps
(shown in the next figure) are:
risk identification
risk analysis
The process is an ongoing one in that regular and scheduled evaluation and reviews of risks and
the associated risk management occur.
Activity: Reflect
In the ICT industry “Garbage in, garbage out” (GIGO) is the concept that flawed or
incorrect input data produces flawed or incorrect output or "garbage".
Reflect on how this concept applies to sourcing reliable information when managing
risk in a variety of contexts in an organisation.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 10
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Learning Description
opportunity
Stakeholders All people who are involved in identify, mitigating and responding to risk.
Stakeholders can be seen as any person or body who:
Legislation These are laws that have been made by the state and/or country and must be
followed. Legislation in Australia may be state-based or national (Federal).
Most businesses engage the services of legal practitioners to assist them in
identifying and understanding their legal obligations.
The government agencies or bodies responsible for enforcing the various
pieces of legislation can also provide valuable insight and have lots of
information freely available on their websites.
Failure to conform with these legislated obligations can lead to warnings,
fines or more dire consequences for serious, continued or intentional and
deliberate action (including imprisonment in some cases). It can also involve
negative media publicity when non-compliance becomes public especially in
terms of the impact of social media.
Where an individual (worker or customer or other) is wronged or injured by
the organisation they have the right to proceed against the business under
civil law.
This action is commonly taken against the business for negligence where
they have breached their Duty of Care.
Legislative examples include: Fair work Act, WHS Acts, Corporations Act,
Privacy Act, Environmental legislation, Discrimination legislation
Regulations and Regulations are directly related to legislation. They are the ongoing
codes of processes of monitoring and enforcing the law (in other words the very act of
practice enforcement through a regulatory authority).
Codes of practice provide information on a specific issue and help you
achieve legal standards. It is a practical guide on how to comply with legal
duties.
Regulatory authorities often provide information on codes of practice.
Examples include WHS codes of practice, Work health and safety regulations
2011
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 11
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Learning Description
opportunity
Organisational These are workplace documents created by management and are relevant to
documentation risk management. Organisational policies and procedures are put in place to
make sure everyone is as safe as possible and to ensure a successful
outcome for the business or organisation.
For example: Strategic plan, operational plan, policies and procedures (e.g.,
document storage, privacy, confidentiality, recruitment, performance
appraisal, work health and safety)
Best practice The concept of “best practice” refers to good practices, procedures or
examples guidelines that have been proven to achieve successful results.
For example: Literature reviews, case studies, analogy thinking (such as
“Uber of public transport”).
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 12
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Research
choose an industry or work area you work in or are interested in (e.g. mining,
ICT, finance, education, sales etc.).
research any regulatory bodies and codes of practice associated with the work
area or industry.
share your findings with the larger group (your trainer will provide guidance on
how to do this e.g. PowerPoint presentation or document sharing etc.).
Activity: Read
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 13
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Discuss
Activity: Explore
Explore a few of the policies and procedures that may apply to a risk management:
Website 1: https://dlb.sa.edu.au/tsftfmoodle/pluginfile.php/922/mod_imscp/content/
1/shared/resources/manual/confidentiality.htm
Website 2: https://www.oaic.gov.au/about-us/our-corporate-information/key-
documents/privacy-policy/
Website 3: https://www.rba.gov.au/about-rba/our-policies/risk-management-
policy.html
Website 4: https://www.servicesaustralia.gov.au/organisations/about-us/corporate-
publications-and-resources/work-health-and-safety-policies
Website 5: https://policy.vu.edu.au/document/view.php?id=3
As the risk process is being established, time must be taken to ensure there is support for the
process and for the activities that will need to be undertaken.
This support may either need to be actively sought or may be implicitly provided through
statements in, for example, the organisation’s Risk management policy. Obtaining practical support
for risk management activities can include:
being able to obtain constructive and meaningful input from stakeholders in a timely manner
being allowed to take whatever time is necessary to engage in the required risk management
activities
having permission to write or re-write operational procedures etc as the need to do so arises
to minimise or address risk.
receiving input from management when undertaking any aspect of the process where their
contribution is essential
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 14
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
While most times businesses and organisations take every step possible to mitigate risk,
sometimes it’s still not enough and consequences occur. At times like this, it’s vital to learn from
mistakes and to identify ways to minimise future risk.
The explosion in Beirut, Lebanon on 4 August 2020 is an example of a terrible tragedy that could
have been prevented with better risk management. After the Beirut explosion, an official of the
Lebanese Higher Defence Council quoted the Lebanon Prime Minister Diab saying:
“…because it isn’t acceptable that a shipment of ammonium nitrate — estimated to be 2,750 tons
— was in a depot for the past six years without precautionary measures being taken.”
(source: https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html)
Activity: Read
If you’re not familiar with the details of the explosion, read more in the news report
below.
News report: https://www.nytimes.com/2020/08/04/world/middleeast/beirut-
explosion-blast.html
Activity: Practical
Consider the article you’ve just read about the Beirut explosion. To complete this
activity, work in small groups.
1. Describe the importance of risk management for the warehouse involved in the
explosion.
2. What type of business risk was involved?
3. Identify any legislative and regulatory requirements that may have applied to the
warehouse safety (answer as if Australian law applies).
4. List the possible organisational policies and procedures related to risk
management that may have existed for the warehouse .
5. Think about the risk process discussed previously in this topic. How did (or did
not) the warehouse follow each step in the process?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 15
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Image by Pixabay on Pexels
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 16
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Topic 2: Establishing risk management in an
organisation
In the previous topic, we looked at the four general steps in a risk management process. This topic
addresses the first two steps in the process (identify and analyse risk).
Before you can identify risks however, you must determine the scope of the risk management
process by:
establishing goals and objectives for the area included in the scope
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 17
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Risk context Description
element
the risk management standard/s used as for guiding the risk management
activities of the business
the risk appetite of the business and their orientation to tolerance of risk –
some businesses are quite risk averse while others are prepared to take
certain risks.
Defining the Risk can be present across a range of areas for a business (such as record
risk keeping, recruitment and WHS) and can be both internal and external to the
management organisation.
scope
‘Risk management scope’ refers to the parameters of risk management the
business will address.
It is practically not feasible for a business to manage all risk it faces (this would
be too time consuming, too expensive and make the practical day-to-day
operation of the organisation impossible due to all the restrictions, checks and
precautions to be taken) so a decision must be taken about what risks are ‘in’
and will be managed, and those that are ‘out’ and will not be managed.
Scope can be viewed as:
the structure and operations of the business (for example, projects they
are engaged in, departments in the organisation, different work sites
and/or the organisation as a whole)
risks the business will and will not manage (for example, some businesses
will not manage risk for industrial relations or staff retention but will
manage it for WHS and finances).
Identifying Stakeholders are identified by understanding the possible risks facing the
stakeholders organisation. When all internal and external stakeholders have been identified,
and their action should be taken to:
related issues
determine how they might provide input to the risk management process
(such as identifying possible risks, helping describe their impact and
suggesting ways to prevent or mitigate risks)
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 18
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Risk context Description
element
describe the possible issues they will/might have if a risk event occurs (for
example, employees will still want to be paid, customers may still need
your products or services and banks will still need to be paid for loans
etc).
Analysing the Analysis of the external environment will provide information to identify,
external analyse, prioritise and monitor risk. The analysis should include:
environment of
the political context, including:
the business
o the state of political stability or unrest in the country, or state/territory
o the political will towards (for example) stimulating and supporting
businesses or taking action to rein in or control them.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 19
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Risk context Description
element
the policy context (this is allied strongly to the political and economic
contexts) for decisions that:
o governments make (such as decisions about tax rates, whether or not
to make grants, loans or subsides available, imposition of tariffs on certain
imported goods, and the support given for ‘Buy local’ or ‘Buy Australian’
campaigns).
o made by other businesses (which might be to move into or out of
certain markets, whether to expand or down-size, or take an aggressive,
price-centred focus on acquiring more sales or greater market share).
A tool such as PESTLE/PESTLE analysis can be used for undertaking this
analysis.
(Watch the video: https://www.youtube.com/watch?v=GFVKKTwkANY (03:17)
for more information)
Assessing This involves analysis of situations and arrangements within the organisation
internal that have the potential to create or impact risk. For example:
conditions
the state or condition of buildings and physical resources owned or used
by the business
the strategies it has in place to retain stop and stop/limit the flow of staff
(knowledge, expertise and intellectual property) from the company to an
opposition business
the size and quality of the customer database the business has
the amount of funds available to the business and the potential it has to
raise more or borrow money
the state of any debts it has and its projected ability to repay them
the number and nature of the strengths and weaknesses the business has
including:
o the capacity to capitalise on or exploit strengths and turn them into
opportunities.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 20
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Risk context Description
element
Think back to the practical activity you did at the end of Topic 1 (Beirut explosion -
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html).
Assume the explosion has not yet occurred.
1. Analyse the external environment of the business
2. Analyse the internal environment of the business for strengths and weaknesses.
3. Define the scope for risk management at the warehouse.
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 21
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Strategic and operational goals:
help create the context of the risk to be managed (type, size, timing and topic)
provide the basis for ensuring all areas within the determined scope have been addressed
prevent ‘creep’ caused by non-scope risks being included in the risk management process
give all those involved in the risk management process certainty about the focus of their
activities.
Activity: Reflect
How can the strategic and operational goals and objectives can be identified?
Hint: Look back to the section on “Sources of information” in topic 1.
Once strategic and operational goals and objectives have been established, specific risk
management goals and objectives can be created. Because it is impossible to address all risks in a
business, it is useful to set goals for the risk management plans that are developed.
specify the type of protection appropriate (for example, by stating the amount of loss that
will be allowed, the contingency plan that will be implemented or quantifying the amount of
money that will be made available to offset a negative event that occurs).
In-keeping with standard practice, these goals are formulated in accordance with the SMART
acronym. This is further explained below:
S = Specific • They must state clearly what the organisation seeks to achieve.
T = Timely • The objectives need to have a start and finish date attached to them.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 22
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
How do I establish critical success factors?
Critical success factors (CSF) are the things the business must do correctly or ‘get right’ in order for
the organisation to succeed. CSFs need to be comprehensively documented so that everyone
understands what success requires. Remember that a CSF is NOT the same as success criteria.
Activity: Watch
Activity: Practical
Think back to the practical activity you did previously in this topic (Beirut explosion -
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html).
Assume the explosion has not yet occurred:
1. List at least two possible strategic and/or operational goals of the warehouse.
2. For each strategic and/or operational goal, write a risk management goal or
objective.
3. What are potential CSFs for managing risk at the warehouse?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 23
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
All risks should be considered, regardless of how significant or insignificant they may seem.
As for all business processes, consultation with relevant stakeholders is necessary to create a
comprehensive risk management plan. This includes:
involving the stakeholders to identify as many risks within the scope as possible.
Activity: Brainstorm
Look back to the list of stakeholders identified in Topic 1 (go to the “Sources of
information” section). Work together with a partner to brainstorm:
When you communicate, use appropriate, professional and friendly language and encourage
everyone to present their views. The figure below highlights a few general principles to consider as
you communicate.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 24
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Remember to apply active listening and use questioning to check and confirm understanding.
Activity: Watch
As stakeholders cannot be expected to know when you need their input, invitations need to be
issued to them. These invitations may be issued verbally or via any digital option that is acceptable
to the stakeholder. The invitation may include:
date
location
matters to be discussed
conducting a series of meetings with the stakeholders you have identified and invited
referencing previous risk management documentation to see what other risk management
teams considered
referencing what has happened in similar local, national and overseas organisations
noting the decisions of court cases where significant damages were awarded or serious
penalties issued
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 25
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
discussing new obligations imposed by legislation with the company’s legal advisor
Activity: Discuss
As a group, discuss:
what sources of information can be used for the methods that involve research?
Take notes and keep them for future reference.
Activity: Read
Are you interested in industry specific risks? The links below provide helpful insight
for further reading.
https://www.business.qld.gov.au/running-business/employing/employee-
rights/personal-safety
https://www.business.qld.gov.au/running-business/whs
https://www.business.qld.gov.au/running-business/protecting-business/risk-
management/it-risk-management
https://www.business.qld.gov.au/running-business/protecting-business/risk-
management/environment-climate
Activity: Read
Read the articles that explain tools and techniques to help identify risks.
Article 1: https://www.inconsult.com.au/risk-identification-made-simple/
Article 2: https://www.itmplatform.com/en/blog/a-dozen-techniques-to-identify-risks/
Article 3: https://www.greycampus.com/opencampus/certified-associate-in-project-
management/risk-identification-tools-and-techniques-in-capm
Take any notes keep them for future reference.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 26
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Research and discuss
Work together in a small group. Choose ONE tool or technique that can be used to
identify risks in an organisation or work area. Do research to:
obtaining information that can be used to establish a framework for addressing the risk
identifying what others have done in regard to the same or similar risks.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 27
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Strategies for researching risk can include:
talking to management from other organisations who can be expected to have similar risks or
who are known to have suffered an adverse event
talking to anyone who has first-hand experience with the risk being considered
reviewing previous internal risk analysis reports and risk control/treatment records of risks the
business has previously identified
Activity: Practical
Think back to the practical activity you did previously in this topic (Beirut explosion -
https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-blast.html).
Assume the explosion has not yet occurred:
1. Identify stakeholders who may be involve in a risk management process.
2. Select one stakeholder and explain how they may provide input.
3. Invite the stakeholder to participate in identifying risks (e.g. email, draft
telephone conversation).
4. Use one tool or technique to identify all the risks for the warehouse.
Now assume the explosion has occurred.
5. Search the internet to find examples of similar explosions in the past.
6. How were these explosions managed?
7. List ways the tragedy in Beirut could have been avoided.
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.
potential outcomes
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 28
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
prioritising risks
Words Numbers
Rare 1
Unlikely 2
Likely 3
Very likely 4
Establishing the likelihood of the risk occurring requires the risk management team to decide
how likely or probable it is that the risk will materialise into an actual negative event.
Making these decisions requires the exercise of personal judgement using as many legitimate
reference points as possible. Keys to making this decision include:
examining internal historical records about the occurrence and timing of similar scenarios
referencing industry-wide records relating to the occurrence and timing of similar scenarios
asking managers in professional networks of contacts how they rate the same or similar
likelihoods and what they base their ratings on
working with government bodies to determine if they have any guidelines in this regard
being as realistic and objective as possible (striving to be neither optimistic nor pessimistic)
seeking qualitative and quantitative input from stakeholders and other professionals and
experts
realising some risks will be more difficult to decide probability to than others (some require
more detailed analysis or consideration).
Activity: Read
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 29
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
How do I establish the impact or consequence of a risk
eventuating?
The ‘likelihood’ and ‘impact’ are normally worked out at the same time. The same principles
described above for deciding ‘likelihood’ apply again here. An example of descriptive words and
numbers that may be used to describe the impact of the risk are:
Words Numbers
Minor 1
Moderate 2
significant 3
Catastrophic 4
Activity: Read
Take a look at the example and make sure you understand how risk is calculated.
Once a risk has been analysed, you can choose to address the higher rated risks first (see the risk
matrix below).
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 30
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
A risk matrix is the graphical representation of the risk impact and likelihood for each of the risks
that have been addressed. It:
allows everyone to quickly and easily see the level of risk presented by each risk.
The risk matrix can be used to assist with prioritisation for example in the following way:
High risks are treated Moderate risks are Low risks are treated
within 24 hours. treated within a week. within 30 days.
the potential cost to the business if the risk is allowed to continue un-treated ‘as is’ in the event
that the risk actually occurs
legislated obligations
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 31
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Practical
Continue working on the practical activity you did previously in this topic (Beirut
explosion - https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-
blast.html).
Assume the explosion has not yet occurred.
1. Establish the potential outcomes for two of the risks you identified risk.
2. Assess the likelihood of each risk occurring.
3. Assess the impact if each risk occurs.
4. Calculate each risk (likelihood x impact).
5. How will you prioritise the two risks?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 32
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Topic 3: Addressing risks in an organisation
In the previous topic, we looked at the first two steps in the risk management process. This topic
explores the last two steps: control and monitor (Figure 8).
Treatment of risk refers to the way the business will handle the risk.
Depending on the risk and its consequences, different actions can be taken to address it (in other
words mitigate the risk). These actions are usually one of the following:
avoid the risk (for example, avoid the risk of employees being distracted by not allowing them
access to any social media sites during business hours)
prevent the risk (for example, prevent data leakages by limiting the number of people who
have access to sensitive information)
contain the risk (for example, contain the risk of hackers accessing data by installing a
stronger firewall)
accept the risk (when the risk level is very low, when the treatment cost is much higher than
the cost of the damage or when the benefit of taking the risk far outweighs the potential
damage)
transfer the risk (for example, seeking legal advice about employee contracts).
Activity: Brainstorm
As a group, brainstorm risk examples of where each the actions “avoid risk”, “prevent
risk”, “contain risk” and “transfer risk” are applicable.
Can you think of any situations when you should accept a risk?
Your trainer will facilitate a group discussion to create a comprehensive list of
examples. Take notes and keep them for future reference.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 33
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Factors to consider when deciding on a risk treatment option include:
continuity of effects
cost effectiveness
timing necessities
Activity: Reflect
Prior to COVID-19, most organisations would not have anticipated and planned for
the impact the pandemic has had.
How do you think COVID-19 has changed or shaped future risk management?
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 34
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Procedures that a company could use to minimise risk include:
implementation of policies and procedures to ensure that staff understand and follow
appropriate procedures
implementation of quality and compliance processes, for example, regular auditing to ensure
that risk management standards are met
providing staff induction, ongoing training and performance management in relation to risk
management
ongoing monitoring of risk through a range of measures such as historical data, team
meetings or performance reviews
implementing quality assurance procedures and systems to ensure that risk management
processes are regularly checked, reviewed and monitored on an ongoing basis.
As you decide how to treat a specific risk, you may be required to consult and negotiate with
stakeholders.
Activity: Reflect
Activity: Watch
Activity: Discuss
As a group, discuss how the video you’ve just watched is similar AND dissimilar to
workplace negotiation.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 35
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Read
Activity: Read
Activity: Practical
Activity: Discuss
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 36
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
An action plan will:
give performance measures that will be used to decide effectiveness of the plan
identify reporting requirements (when reports to be made, how, to who and contents).
notify those involved/impacted about the plan (provide them with a copy, explain their roles
and responsibilities, highlight timelines to be observed and provide rationale)
promote the plan/s (sell the benefits and emphasise impact on the business of failing to
implement the plan/s).
provide the resources (as identified in the plan so those with responsibilities can take the
action necessary)
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 37
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
What does the monitoring and evaluation of risk management
actions involve?
Activity: Brainstorm
Work together in small groups. Make a list of data that may result from an action plan
being implemented and that is relevant for monitoring risk.
Your trainer will facilitate a group discussion to create a comprehensive list of data
that may be used to monitor risk management.
do it regularly
be seen doing it
involve others.
As you monitor the risk management process, evaluate each step to:
Goals-based (judging the success or effectiveness of plans based on how close they came to
achieving their stated goal/s).
Outcomes-based (looking at all the results and effects of the plan: the positive and the
negative).
The focus of evaluation can include:
processes followed in the risk management process to see if they are being implemented as
intended, and whether or not they are working
the scope of risk management that was decided to see if anything has changed necessitating
an increase or decrease in that scope
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 38
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
the business environment within which the organisation is operating to see if new risks have
emerged or if identified risks have varied significantly
treatment options applied to see whether they remain viable and legitimate or if they need to
be changed
Activity: Practical
Continue working on the practical activity you did at the end of topic 2 (Beirut
explosion - https://www.nytimes.com/2020/08/04/world/middleeast/beirut-explosion-
blast.html).
Assume the explosion has not yet occurred.
1. Say how you will address (treat) each of you two chosen risks.
2. Choose one risk and develop an action plan for implementing the chosen risk
treatment.
3. Explain how you would communicate risk management actions to relevant
parties.
4. List any data that could be available for future monitoring.
Assume that the explosion has now occurred.
5. How can the risk of a similar tragedy happening again be minimised in the
future?
Your trainer will facilitate a group discussion to summarise the group’s views and
answers.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 39
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
Activity: Summary
Congratulations! You have now completed all the content required to successful
apply your knowledge.
Create a mind map to summarise what you’ve learnt.
Activity: Develop
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 40
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021
prioritising the chosen risks.
6. Suggest at least one viable treatment option for each of the three risks.
7. Prepare an action plan for implementing each of the treatments selected and:
give details of how the three plans would be implemented to ensure their
effectiveness.
explain how the action plan would be shared with stakeholders (identify
who these would be).
explain negotiation principles you may use to negotiate details of the action
plan with stakeholders.
8. Describe the evaluation and monitoring protocols that would apply to the three
action plans.
9. List all the documents the business would generate and maintain as part of their
risk management process.
The information should be presented in the form of a written report.
The information must be professionally presented and in a clear, easy to follow
structure.
Your trainer will provide any submission requirements or details.
Hilton Academy: Level 6, 250 Collins Street, Melbourne, VIC. 3000, Australia.
Email: info@hilton.edu.au | Website: www.hilton.edu.au
BSBOPS504 Manage business risk | 41
RTO: 40735 CRICOS: 03796A ABN: 24 111 139 578
Version 1.0 – Updated on 01 March 2021