BSBPMG536 Manage project risk

Assessment for this unit

BSBPMG536 Manage project risk describes the skills and knowledge required to manage risks that
may impact achievement of project objectives. It involves identifying, analysing, treating and
monitoring project risks, and assessing risk management outcomes.
For you to be assessed as competent, you must successfully complete two assessment tasks:

● Assessment Task 1: Knowledge questions – You must answer all questions correctly.

● Assessment Task 2: Project – You must work through a range of activities and complete a
project portfolio.

Assessment Task 1: Knowledge questions

Information for students

Knowledge questions are designed to help you demonstrate the knowledge which you have
acquired during the learning phase of this unit. Ensure that you:

● review the advice to students regarding answering knowledge questions in the Business
Works Student User Guide

● comply with the due date for assessment which your assessor will provide

● adhere with your RTO’s submission guidelines

● answer all questions completely and correctly

● submit work which is original and, where necessary, properly referenced

● submit a completed cover sheet with your work

● avoid sharing your answers with other students.

Questions
Provide answers to all of the questions below:

1. Identify at least two project risks for each of the following risk categories:
 ● Scope risk

● Scheduling risk

● Resource risk

● Technology risk

Certainly! Here's a table with five project risks for each of the specified risk categories:

Risk
Category Project Risk 1 Project Risk 2 Project Risk 3 Project Risk 4 Project Risk 5

Inadequate Lack of Ambiguous

Requirement Requirements Stakeholder Project Insufficient Scope
Scope Risk Creep Definition Involvement Objectives Management

Scheduling Dependencies Unrealistic Inaccurate Task Resource Inadequate

Risk and Delays Timeframes Estimations Overloading Project Planning

Resource Insufficient Inadequate

Resource Lack of Skilled Allocation Training or Resource
Risk Resources Conflicts Expertise Staff Turnover Availability

Incompatibility Insufficient
Technology Integration Emerging with Legacy Vendor Testing and
Risk Challenges Technology Risks Systems Dependency Quality Assurance

2. Outline three examples of tools or techniques that could be used to identify risks as
part of a risk assessment process.
 Tool/Technique Description

A collaborative technique where project team members generate a list of

Brainstorming potential risks through open and creative thinking.

A structured approach that assesses the project's internal strengths,

SWOT Analysis weaknesses, and external opportunities and threats to identify risks.

Pre-defined lists of potential risks specific to an industry, domain, or

Risk Checklists project type that serve as a reference guide for risk identification.

3. Outline three sources of information that can be used to gather information on potential
risks within the workplace.

Incident Reports: Incident reports document details of past incidents, accidents, near-misses,
or injuries that have occurred in the workplace. Analyzing these reports can help identify
patterns, root causes, and potential risks associated with certain tasks, equipment, or work
areas. Incident reports provide valuable firsthand information on specific risks and help in
implementing preventive measures.

Safety Data Sheets (SDS): Safety Data Sheets contain detailed information about hazardous
substances used or stored in the workplace. They provide information on the properties,
handling, storage, and safety precautions related to chemicals, materials, or products.
Reviewing SDSs can help identify potential risks associated with specific substances and guide
the implementation of proper handling procedures and protective measures.

Workplace Inspections and Audits: Regular workplace inspections and audits involve assessing
the work environment, equipment, processes, and procedures to identify potential hazards
and risks. Inspections can be conducted by internal safety teams, external consultants, or
regulatory bodies. These inspections provide an opportunity to identify unsafe conditions,
non-compliance with safety regulations, and potential risks that need to be addressed.

4. Explain each of the key components of a risk management plan.

Component Description

Systematically identifying potential risks that could impact the project or

organization. This involves techniques such as brainstorming, checklists,
interviews, and historical data analysis. The identified risks are
Risk Identification documented with clear descriptions.

Evaluating and analyzing identified risks to determine their potential

impact and likelihood of occurrence. This component helps prioritize
risks based on their significance and guides resource allocation for risk
mitigation. Techniques like probability-impact matrices, qualitative or
Risk Assessment quantitative analysis, and risk scoring are used to assess and rank risks.

Outlining strategies and actions to reduce the likelihood or impact of

identified risks. This component involves developing risk response plans
and implementing preventive or corrective measures. It includes
identifying risk owners, defining mitigation actions, establishing risk
reduction targets, and determining contingency plans. Strategies can
Risk Mitigation include risk avoidance, transfer, reduction, or acceptance.

Tracking and reviewing risks throughout the project or organization to

ensure the risk management plan remains effective and relevant. This
component includes regular risk assessments, monitoring of risk
indicators, evaluating the effectiveness of mitigation measures, and
updating the risk register. It also involves communication and reporting
Risk Monitoring mechanisms to keep stakeholders informed about the status of risks and
and Control mitigation efforts.

Proper documentation and communication of the risk management plan.

This includes maintaining a risk register or database to track risks, their
status, and mitigation actions. It also involves communicating the risks,
their potential impacts, and mitigation strategies to project teams,
Documentation stakeholders, and relevant parties. Documentation ensures
and transparency, accountability, and a shared understanding of risks across
Communication the organization or project.
5. Summarise the purpose of Australia/New Zealand Standard for Risk Management
(AS/NZS ISO 31000:2009) and identify the key principles underlying this risk
management standard.

Purpose of AS/NZS ISO 31000:2009: The purpose of AS/NZS ISO 31000:2009 is to provide
organizations in Australia and New Zealand with a systematic framework for managing risk
effectively. It aims to assist organizations in achieving their objectives, making informed
decisions, and improving their overall resilience in the face of uncertainty.

Key Principles of AS/NZS ISO 31000:2009:

1. Risk Management Creates Value: Risk management should be seen as an integral part
of organizational processes and contribute to the creation of value by supporting informed
decision-making and enhancing performance.

2. Risk Management Is an Integral Part of Organizational Processes: Risk management

should be integrated into all levels and functions of the organization. It should be aligned
with the organization's objectives and embedded in its culture and activities.

3. Risk Management Is Structured and Systematic: Risk management should follow a

structured and systematic approach. It involves establishing a clear framework, policies,
and processes for identifying, assessing, treating, and monitoring risks.

4. Risk Management Considers Human and Cultural Factors: Risk management should
consider the human and cultural aspects of the organization. It recognizes that people's
perceptions, behaviors, and the overall organizational context play a significant role in
managing risks effectively.

5. Risk Management Is Transparent and Inclusive: Risk management should be

transparent and inclusive. It involves the active participation of stakeholders, ensuring that
different perspectives are considered, and promoting open communication about risks and
risk management activities.

6. Risk Management Is Dynamic, Iterative, and Responsive: Risk management is not a

one-time exercise but a continuous and dynamic process. It should be flexible and
adaptive to changing circumstances, new information, and emerging risks. Regular review
and improvement are essential.

7. Risk Management Facilitates Continuous Improvement: Risk management should be a

driver for continuous improvement. It aims to enhance the effectiveness of risk
identification, assessment, treatment, and monitoring processes. Lessons learned from
managing risks should be applied to enhance future risk management practices.
6. Describe the characteristics, techniques and appropriate applications of both
quantitative and qualitative risk analysis.

Risk Analysis Appropriate

Type Characteristics Techniques Applications

1. Monte Carlo Simulation:

Uses mathematical models
and random sampling to
simulate various scenarios 1. Projects with
and calculate probability well-defined data
Involves assigning distributions. 2. Decision and historical
numerical values to Tree Analysis: Evaluates records. 2. Financial
risks and their complex decisions with risk analysis. 3.
impact, providing a multiple possible outcomes Engineering and
Quantitative quantitative and assigns probabilities to technical risk
Risk Analysis assessment of risk. calculate expected values. assessments.

1. Risk Probability and

Impact Assessment: Assigns 1. Early stages of a
Focuses on subjective ratings to risks project when
descriptive based on their probability of detailed data is
assessments of occurrence and potential limited. 2. Initial risk
risks, considering impact. 2. Risk Matrix: Uses identification and
their impact, a matrix to categorize risks prioritization. 3.
likelihood, and based on likelihood and Assessing risks
Qualitative other qualitative impact, providing a visual subjectively based
Risk Analysis factors. representation. on expert judgment.
7. Outline the key steps involved in a risk management process.

Risk Identification:

 Identify and document potential risks that could impact the project or organization.
 Use techniques such as brainstorming, checklists, interviews, and historical data
analysis.
 Develop a comprehensive list of risks with clear descriptions.

Risk Assessment:

 Analyze and evaluate identified risks to determine their potential impact and
likelihood of occurrence.
 Use techniques such as qualitative or quantitative analysis, risk scoring, and
probability-impact matrices.
 Prioritize risks based on their significance and potential impact on objectives.

Risk Mitigation Planning:

 Develop strategies and action plans to manage and reduce identified risks.
 Assign responsibility to appropriate individuals or teams for each risk.
 Determine appropriate risk mitigation measures and establish risk reduction targets.

Risk Mitigation Implementation:

 Implement the identified risk mitigation actions and measures according to the
established plans.
 Monitor the progress of risk mitigation activities and ensure they are being executed
effectively.
 Adjust plans or strategies if necessary based on emerging information or changing
circumstances.
 Risk Monitoring and Review:

Continuously monitor and review the status of identified risks throughout the project or
organizational life cycle.

 Use risk indicators and metrics to track the progress of risk mitigation efforts.
 Regularly review the effectiveness of risk management strategies and make
adjustments as needed.
  Communicate risk information to stakeholders and ensure transparency in the risk
management process.

8. Explain five options for controlling risk.

Certainly! Here's an explanation of five options for controlling risk presented in a

table format:

Risk Control
Options Explanation

Risk avoidance involves taking actions to eliminate or avoid the risk entirely. This can
Risk be done by choosing not to engage in activities or projects that pose significant risks.
Avoidance It aims to prevent the occurrence of the risk and its potential negative consequences.

Risk reduction involves implementing measures to lessen the likelihood or impact of

a risk. This can include implementing safety procedures, using protective equipment,
Risk conducting training programs, or implementing redundancy measures. The goal is to
Reduction minimize the risk's potential impact.

Risk transfer involves transferring the risk to a third party, such as through insurance
or contractual agreements. This shifts the financial or operational burden of the risk
to another entity, reducing the organization's exposure to potential losses or
Risk Transfer liabilities.

Risk acceptance occurs when an organization acknowledges the existence of a risk

but decides not to take any specific action to mitigate it. This option is typically
Risk chosen when the potential costs or efforts of risk control outweigh the potential
Acceptance impact of the risk.
 Risk Control
Options Explanation

Risk mitigation involves implementing measures to lessen the negative consequences

of a risk. This can include implementing controls, contingency plans, emergency
Risk response procedures, or backup systems. The aim is to reduce the severity or impact
Mitigation of the risk if it occurs.

9. Complete the table below to provide examples of risk classification and risk context for
a variety of industries. The first row has been completed as an example.

Industry Risk context examples (at least Risk classification

two each)
(Environmental, Geopolitical,
Societal, Economic,
Technological, Operational,
Resource, Security)

Politics New Labour policies implemented Societal risks, Economic risks

New Labour policies implemented Societal risks

Trade war between countries Economic risks

Education Government funding cuts Economic risks

Increased competition from online
Technological risks
learning platforms

Environmental regulations Economic risks, Technological

impacting operations risks
Geopolitical instability affecting
resource access

Mining Environmental regulations Environmental risks

tightened
Economic risks
Volatile commodity prices
Industry Risk context examples (at least Risk classification
two each)
(Environmental, Geopolitical,
Societal, Economic,
Technological, Operational,
Resource, Security)

- Decreased government
funding<br>- Shift to online
learning due to technological
advancements
Assessment Task 1: Checklist

Student’s name:

Did the student provide a Completed

sufficient and clear answer successfully? Comments
that addresses the
suggested answer for the Yes No
following?

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Task outcome: Satisfactory Not yet satisfactory

Assessor signature:

Assessor name:

Date: