BSBRSK501 Guo Ailan Sample Assignment


Q1: Outline the key purpose and key elements of current risk management standards in Australia.

A number of standards have been developed worldwide to help organisations implement risk management systematically and effectively. Risks affecting organisations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Managing risk effectively will help organisations to perform will in an environment full of uncertainty.

The key elements of risk management include:

  • Develop the risk management plan in collaboration with stakeholders (policy and operational)
  • Establish clear ownership of risks
  • Identify risks early
  • Consider both operational and strategic risks
  • Roles and responsibilities
  • Budgeting
  • Timing
  • Scoring and interpretation
  • communication
  • tracking and auditing

Q2: Outline the AS/NZS ISO 31000: 2009 Risk Management Principles and Guidelines and each of the 11 principles.

The AS/NZS ISO 31000:2009 standard provides the internationally accepted basis for best practice risk management. The standard is non-prescriptive or generic in its application which provides a methodology of managing risk which is applicable for all types of organizations including governments.

In 2005 an international working group was established to produce an international standard of risk management which built upon the already successful foundation of the AS/NZS 4360 document. The core risk identification and treatment process elements within AS/NZS 4360, the process, remain unchanged. The new standard (AS/NZS ISO 31000:2009) now provides explicit guidance on risk management principles and a risk management framework that were not as obvious in the previous document.

The introduction of the 11 Principles of risk management

  1. Creates and protects value

    Good risk management contributes to the achievement of an agency’s objectives through the continuous review of its processes and systems.

  2. Be an integral part of organizational processes

    Risk management needs to be integrated with an agency’s governance framework and become a part of its planning processes, at both the operational and strategic level.

  3. Be part of decision making

    The process of risk management assists decision makers to make informed choices, identify priorities and select the most appropriate action.

  4. Explicitly address uncertainty

    By identifying potential risks, agencies can implement controls and treatments to maximize the chance of gain while minimizing the chance of loss.

  5. Be systematic, structured and timely

    The process of risk management should be consistent across an agency to ensure efficiency, consistency and the reliability of results.

  6. Based on the best available information

    To effectively manage risk it is important to understand and consider all available information relevant to an activity and to be aware that there may be limitations on that information. It is then important to understand how all this information informs the risk management process.

  7. Be tailored

    An agency’s risk management framework needs to include its risk profile, as well as take into consideration its internal and external operating environment.

  8. Take into account human and cultural factors

    Risk management needs to recognize the contribution that people and culture have on achieving an agency’s objectives.

  9. Be transparent and inclusive

    Engaging stakeholders, both internal and external, throughout the risk management process recognizes that communication and consultation is key to identifying, analyzing and monitoring risk.

  10. Be dynamic, iterative and responsive to change

    The process of managing risk needs to be flexible. The challenging environment we operate in requires agencies to consider the context for managing risk as well as continuing to identify new risks that emerge, and make allowances for those risks that no longer exist.

  11. Facilitate the continual improvement of organizations

    Agencies with a mature risk management culture are those that have invested resources over time and are able to demonstrate the continual achievement of their objectives.

Q3: Outline the key legislations and regulatory context of the organisation in relation to the risk management.

A number of stakeholders will have requirements in place that must be taken into account in any risk management process. This is especially so where the environment or human life is at risk. Legislators and regulatory bodies are stakeholders in any risk management process.

Laws have been put in place to ensure that organizations and individuals meet a minimum standard of care to ensure their activities do not result in harm or loss to others. Breaches of these laws can result in fines, jail or both.

Requirements for the organization will be defined during the establishment of the emergency risk management context. This stage may also highlight the requirements of stakeholder organizations. Clarification of stakeholder organizations’ requirements will be refined through ongoing consultation.

All employees, contractors, suppliers, clients, etc. will be required to know what the legal, regulatory and organizational requirements are and to work within them. Breaches of organizational policies and procedures can result in injury or death, legal action being taken by an affected stakeholder or a stakeholder organization withdrawing their support.

Examples of legislative and regulatory requirements may include:

  • Legislation dealing with
    • disasters, emergencies
    • occupational health and safety
    • the environment
    • equal employment opportunity
    • privacy.
  • Local government requirements dealing with
    • land use planning
    • building and planning permits
    • business permits
    • community interaction
    • noise limits
    • traffic management
    • use of community facilities and event permits.
  • Safety standards
  • Operating procedures
  • Emergency procedures
  • Management procedures

Q4: Outline the factors that must be taken into account in determining risk control measures for hazardous manual tasks as stated in the model Work Health and Safety Regulations 2011.

Under Work Health and Safety Legislation persons in control of businesses or undertakings (PCBUs)must ensure the health, safety and welfare of workers and others in relation to manual handling. This includes reviewing safe working environments, furniture and equipment, work practices, and the provision of training. Under the Model Code of Practice for Hazardous Manual Tasks organizations are required to manage manual handling risks in a systematic way by identifying hazards, assessing or quantifying the risks(if not known) and applying risk control strategies.

A manual task is hazardous if it involves any of the following characteristics

  • Repetitive or sustained force
  • High or sudden force
  • Repetitive movement
  • Sustained and/or awkward posture
  • Exposure to vibration.

To determine the risk factors as the following questions:

  • Does the task involve repetitive movement, sustained or awkward posture or repetitive or sustained forces
  • Does the task involve long duration
  • Does the task involve high or sudden force
  • Does the task involve vibration

Q5: Outline the purpose of risk management policies and procedures in the workplace.

The purpose of organizational policies and procedures for risk management is to ensure every worker a safe place to work. Some jobs do come with some risk, but each employer must utilize organizational policies and procedures for risk management to insure that the amount of risk for the employee is as low as possible.

Q6: List three examples of the impact of risks for a workplace if risks are not identified or actioned.

It's a good idea to understand the different types of risks your business may face so you can recognize and plan ahead for them.

Risks can be:

Opportunity-based – This type of risk comes from taking one opportunity over others. By deciding to commit your resources to one opportunity, you risk:

  • missing a better opportunity
  • getting unexpected results.

Uncertainty-based – This type of risk comes from uncertainty around unknown or unexpected events. It’s hard to predict these events and the damage they can cause. It’s also hard to control the damage once these events occur.

Examples of uncertainty-based risks include:

  • Damage by fire, flood or other natural disasters
  • Unexpected financial loss due to an economic downturn, or bankruptcy of other businesses that owe you money
  • Loss of important suppliers or customers

Hazard-based: These types of risks come from dangerous situations in the workplace. Some common examples include:

  • Physical hazards caused by high noise levels, extreme weather or other environmental factors
  • Equipment related hazards caused by faulty equipment or poor processes when using equipment such as machinery

Q7: Outline step by step procedures that companies can use for analysing risks.

A pivotal piece of building a solid foundation is built for your business is to conduct a risk analysis on a regular basis. I like to do this at least once a year for each business I run; for startups (or established businesses in rapidly changing industries such as tech) I recommend doing this at least twice a year or more because the environment around you will be shifting rapidly.

Step 1: "KEY RISK": What is the risk factors facing your business? Risk factors should include your competition (rising costs, lower prices, surplus inventory), the economy, your industry (how susceptible is it to change?), technological changes, consumer preferences, rising costs, key personnel within your organization

Step 2: "RISK SCORE": How do I weigh this risk on a scale of one to 10? After careful consideration, you should score each risk factor you identify so you can sort by rank once you are done. This does not mean a risk factor you rank as a two is to be neglected for the risk factor you assign a score of nine.

Step 3: "CONTINGENCY PLAN": What is my contingency plan for this risk? Ask yourself, "What can be done if this does actually happens?" and then begin to compose the steps you think are necessary to alleviate or deal with the risk. Keep in mind some risk factors are out of your control and have terrible mitigation plans.

Step 4: "PERSON ACCOUNTABLE": Which person in my organization is responsible for this risk? Some risk factors may not be something any one person can be accountable for, such as economic downturns, or a major change in technology, but regardless, try to identify a key person to assign to each risk factor you identify in your business. This will help you visualize how the risk management is spread throughout your organization.

Step 5: "DEADLINE": What is the deadline for executing a mitigation plan for this risk factor? Putting an "If then, then what" action plan into place will help serve as a guide if and when the risk factor surfaces. Some risk factors can be completely wiped out from your organization.

Q8: Outline three sources of information that a company could use to gather information on potential risks.

Risk identification is a process for identifying and recording potential project risks that can affect the project delivery. This step is crucial for efficient risk management throughout the project. The outputs of the risk identification are used as an input for risk analysis, and they reduce a project manager's uncertainty. It is an iterative process that needs to be continuously repeated throughout the duration of a project. The process needs to be rigorous to make sure that all possible risks are identified.

An effective risk identification process should include the following steps:

  1. Creating a systematic process - The risk identification process should begin with project objectives and success factors.
  2. Gathering information from various sources - Reliable and high quality information is essential for effective risk management.
  3. Applying risk identification tools and techniques - The choice of the best suitable techniques will depend on the types of risks and activities, as well as organizational maturity.
  4. Documenting the risks - Identified risks should be documented in a risk register and a risk breakdown structure, along with its causes and consequences.

Q9: Outline three examples of tools or techniques that a company could use to identify risks as part of a risk assessment process.

The given techniques are similar to the techniques used to collect requirements. Lets look at a few of them:

  • Brainstorming:

    Brainstorming is done with a group of people who focus on identification of risk for the project.

  • Delphi Technique:

    A team of experts is consulted anonymously. A list of required information is sent to experts, responses are compiled, and results are sent back to them for further review until a consensus is reached.

  • Interviewing:

    An interview is conducted with project participants, stakeholders, experts, etc. to identify risks.

Q10: Outline five options that a company could take to control risks.

A Risk treatment is an action that is taken to manage a risk. Risk management processes all include steps to identify, assesses and then treat risks. In general, there are four types of risk treatment:

  • Avoidance: You can choose not to take on the risk by avoiding the actions that cause the risk. For example, if you feel that swimming is too dangerous you can avoid the risk by not swimming
  • Reduction: You can take mitigation actions that reduce the risk. For example, wearing a life jacket when you swim
  • Transfer: You can transfer all or part of the risk to a third party. The two main types of transfer are insurance and outsourcing. For example, a company may choose to transfer a collection of project risks by outsourcing the project
  • Acceptance: Risk acceptance, also known as risk retention, is choosing to face a risk. In general, it is impossible to profit in business or enjoy an active life without choosing to take on risk. For example, an investor may accept the risk that a company will go bankrupt when they purchase its bonds
  • Sharing: Risk sharing is the distribution of risk to multiple organizations or individuals. This is done for a variety of reasons including insurance products and self-insurance strategies

Q11: Outline key organisational policies, procedures and process for effective risk management system.

The Policies and Procedures that your association executes rely upon numerous elements, including your industry and government directions. Yet, there are essential hazard exposures that most associations need to address. Think about the accompanying regular arrangements and systems:

  • Screening and hiring of employees and/or volunteers
  • Business continuity or contingency plans
  • Inspections and maintenance of buildings and/or premises
  • Employee training
  • Analysis of existing contracts to limit liabilities
  • Emergency plans
  • Incident plans
  • Financial management
  • Privacy
  • Ethics
  • Employee discipline and dismissal

Task 2

1. NatureCare Products

Risk Briefing Report


NatureCare Products’ strategic priorities focus on business diversification and growth. They aim to increase their market share by 10%, and to expand the existing product range to attract more customers. At a recent board meeting, the two company shareholders and the CEO discussed options for expanding the business, including establishing a chain of retail outlets. The idea is to initially set up a retail outlet in central Sydney, Brisbane and Melbourne. Now we need to undertake a risk analysis on establishing a chain of retail outlets.


Step 1: Identify the risks. Identify and describe the risks that may affect the project or its outcome. Use many techniques to find project risks. In this step, the preparation of the project risk registration form will begin.

Step 2: Analyze the risk. Once the risks are identified, the likelihood and consequences of each risk can be determined. Understand the nature of risk and its potential to influence project objectives. This information is also entered into the project risk registration form.

Step 3: Evaluate or rank risk. The risk is assessed or ranked by determining the degree of risk, which is a combination of likelihood and consequences. Decide if the risk is acceptable or if the risk is serious enough to require treatment. These risk rankings are also added to the project risk register.

Step 4: Treat the risk. This is also known as the risk response plan. In this step, the highest ranked risk is assessed and a plan is developed to process or modify these risks to achieve an acceptable level of risk. How to minimize the possibility of negative risks and increase opportunities? Risk mitigation strategies, prevention plans, and contingency plans can be created in this step.

Step 5: Monitor and check the risks. This is the step to obtain a project risk registration form and use it to monitor, track and review risks.

PESTLE Analysis

In terms of policy, the risk of opening a chain store is that it needs to meet the policy needs of different places, and it will be difficult to implement.

Economically, opening a chain store requires a lot of liquidity.

In the society, opening a chain store requires more social responsibility.

Technically speaking, opening a chain store is difficult to manage.

In terms of the environment, the decoration will bring certain pollution to the environment.

Legally speaking, different places have different legal requirements, so it is necessary to be cautious in meeting local legal requirements.


As for economic risks, I believe that in the case of opening a chain store, we need to pay close attention to the financial report and determine the liquidity permit, in order to further open a chain store.

And every region needs to have a finance director to monitor the financial situation at all times.

Internal and external stakeholders

Currently, the company employs the following employees: account manager, marketing manager, marketing assistant, sales manager, four customer service representatives, office manager and administrative assistant, operations manager, and the above-mentioned CEO and two shareholders.

Opening a chain store, Internal and external stakeholders must share the pros and cons, have money to share, and lose money together.

Strengths and weaknesses

The advantage of opening a chain retail: the advantage is that it can expand the sales range, enhance the company's visibility and increase turnover.

The downside is that a lot of liquidity is needed, and not every retail store can get a profit.

Critical success factors

Our goal this time is to increase sales by 10%, so opening a chain store will help achieve the goal in the short term. However, the costs incurred in the middle are immeasurable, so long-term monitoring is needed to know if this strategy is desirable.

2. Email

BSBRSK501 Guo Ailan img1

3. Email

BSBRSK501 Guo Ailan img2

5. NatureCare Products

Risk Management Plan

The risk management process will be used by the management team to ensure risk control methods are included in all organisational planning, management of operations and governance.


ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.


Opening a chain of retail stores may lead to insufficient liquidity. Insufficient liquidity can easily lead to difficulties in other work, which in turn has a series of impacts on the company.


50% probability of occurrence


First of all, if the opening of chain retail stores is too fast, it will lead to liquidity breaks, and the break of liquidity will affect the healthy development of the company. By then, not only will the turnover decline, but it will also lead to the company's other businesses not doing well.

If the chain retail store has achieved remarkable results, it can increase the company's liquidity, enhance the company's visibility, and steadily increase the company's turnover for a long time.

Risk assessment

Therefore, the risk of opening a chain retail store is mainly due to the stability of liquidity. If there is no problem with liquidity, it can achieve a 10% increase in turnover and at the same time enhance the company's image. However, there are problems with joining liquidity, which requires further risk management.

Risk treatment/control methods

Reduce the likelihood of occurrence.

To reduce the possibility of risk, you need to prepare an emergency fund before opening each branch. This will not be awkward when liquidity breaks.

Risk management process

The systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risk.

Risk assessment legend

BSBRSK501 Guo Ailan img3


Risk register

Document at least five risk and treatment measures. Evaluate each risk as to whether it is high, medium or low priority and assign an order for treating risks.

Scope of assessment:

Opening a chain store

Critical success factors:

Managing the liquidity chain

Internal & external stakeholders:

Customers and company employees



Severity Rating

Likelihood Rating

Treatment or control methods

Priority rating (high, medium or low)

Order of priority

Capital chain break

The company is not working properly



Prepare emergency funds


Staff shortage

Retail store is not working properly



Do a good job of talent reserve


Unsatisfactory sales

Retail store is not working properly



Good fund reserve


Cost too high

Low profit margin



Adjust marketing strategy at any time


Management is not strict

Causing company management confusion



Establish a chain management team in advance


Risk action plan

Each of the risks identified above should be included in the table below and actions shown. The table should be copied and pasted for each risk.

Description of risk

Capital chain break

Summary of recommended response and impact

Opening a chain store is too fast, the capital is broken

Proposed actions

Prepare emergency funds

Resource requirements





All the time



Description of risk

Staff shortage

Summary of recommended response and impact

Chain stores are opening too fast, staff shortage

Proposed actions

Do a good job of talent reserve

Resource requirements



HR manager


All the time



6. Email

BSBRSK501 Guo Ailan img4

Task 3

1. Staff Training: Reports and Recommendations


The Implementation Leading Group recommends that the following training that facilitates the redefinition process be prioritized. This is not a list of rankings.

  1. Project management. Leaders and members of the working group and other implementation groups (such as ISPs) should be encouraged to participate in this training as much as possible.
  2. Master the meeting. Where appropriate, new staff members should be sent to the supervisory meeting plan as a matter of policy, and existing staff members who have not yet participated in these plans should be encouraged to do so.
  3. Measurement techniques. As the redefinition process continues, the specific needs of the training will be determined by the relevant personnel.
  4. Technical skills. The continuous development of technical skills by staff is critical to the success of the redefinition process. Examples of these skills include network skills for internal communication coordinators and others; Microsoft Project for those involved in complex project planning and execution; FileMaker Pro for Processing Office selector support; and demonstration of PowerPoint skills development.

We also recommend that although the sample size is small, other perceived personnel need to be carefully considered.


Determining training needs and developing training policies related to redefinition of public services will be an important factor in redefining project success. With this in mind, the Implementation Leading Group formed a team to investigate and redefine the relevant staff training needs and make recommendations for further action.


The process of reviewing training needs begins with the implementation of the leadership team's discussions and initial brainstorming. Then a group meeting will be held to discuss further action plans.

2. Email

BSBRSK501 Guo Ailan img5

3. Email

BSBRSK501 Guo Ailan img6


4. Training evaluation report

Based on the survey results, we found that employees felt that the training was very effective.

Both employee 1 and employee 2 responded positively to the training.

For example, they all like the theoretical management model that can be applied to the workplace, and the practical aspects of work guidance are good.

Although they sometimes have difficulty adapting to all homework and regular counseling sessions related to the Assignment.

In general, the training is great enough to allow them to make progress in ways never before possible.

In addition, this training allowed them to learn practical skills, apply them to their work, and learn some interesting theoretical management models.

Employees believe that they want to learn more about talent management in the future, because this will be a good way for the company to ensure the company's outstanding employees.

For employees, this is a highly competitive world, which will be a good way to ensure that the company gains an extra competitive advantage through highly qualified employees.

5. Email

BSBRSK501 Guo Ailan img7

6. Monitor risk control measures

According to the explanations of the departing employees, they all think that the salary increase is too small and the workload is too much, so they leave.

In response to this, I believe that the company can improve performance management in order to retain excellent employees. More work must be a company's personnel management guidelines.

Furthermore, employees feel that they have no good platform development after receiving training, so I think that for excellent employees, the company should give more opportunities so that employees can better serve the company and contribute to the company.

7. Email

BSBRSK501 Guo Ailan img8

Task 4 Risk management evaluation report

A. Evaluate the overall risk management process.

  • Was it easy or difficult to identify risks?

    It is difficult to identify risks.

  • Was staff input (at the meeting) helpful?

    Yes, it is really helpful.

  • How confident are you that all the risks have been identified?

    Half Half confident.

B. Consider whether the process indicated in the NatureCare Products’ current Risk Management Policy and Procedures is sufficient to guide the risk management process used for the business expansion project. Explain why or why not.

At present, our risk management policy is to carry out talent reserve. Although this training method is currently good, it needs to be strengthened from the perspective of the resignation staff. For example, strengthen system management after training, complete performance management, and so on.

C. Explain whether the principles of risk management in the NatureCare Products risk management policy and procedure consistent with AS/NZS ISO31000:2009 Risk Management Principles and Guidance.

It complies with the ISO31000:2009 risk management principle because we have confirmed the risks ahead of time and have taken risks in advance.

D. What changes would you recommend to the risk management process.

I will further refine the risk process, improve the performance management after the talent training, and form a systematic talent management method.

In addition, it is necessary to strictly control the management of funds to avoid the occurrence of financial breaks.

BSBRSK501 Guo Ailan img9