Case Study NatureCareNatureCare Products is an Australian company based in Brisbane. The company commenced business in 1996 and manufactures and e

Case Study NatureCareNatureCare Products is an Australian company based in Brisbane. The company commenced business in 1996 and manufactures and eco-friendly, high quality beauty skin care products. The business was established to cater for a growing demand for skin products that contain eco-friendly and natural ingredients. There is also an emphasis on eco-friendly packaging.

The company sells its products in health food shops across the country, as well as on-line through its own web site. The company targets customers that want high quality, eco-friendly products. Market research and NatureCares basic customer database has identified that around 70% of customers are professional women aged 25 to 55.

The company currently has a small range of products that include:

Cleansing creams to soothe skin during make-up removal. Primary ingredients include Shea butter to nourish the skin and plants extracts that are also rich in essential oils with regenerating and anti-inflammatory properties. This product will be for delicate and mature skins and could also be used as a baby cream.

Multi Protection Day Moisturizing Creams for dry to normal skin types that help protect the skin during the day and includes Shea butter and extracts from fragile green algae that provides hydrating and protective properties.

Regenerating facial scrub to clean off dead skin cells to promote regeneration of healthy new cells. This product will be used for most skin types.

The strategic objectives of the company are to increase market share by 20% At a recent board meeting the two company shareholders and the CEO discussed options for expanding the business and have decided to establish a chain of retail outlets in central Sydney, Brisbane and Melbourne within the next six months. The CEO has confirmed that the banks are willing to loan 70% of the capital required and the shareholders have committed to finding the remaining 30%.

The company is also currently developing more products focusing on a range of products to meet particular skin needs rather than a one-size fits all. The new products are timed to be ready for sale at the same time as the opening of the new retail outlets. Suppliers (based in China, Philippines and New Zealand) have all indicated their ability to supply and fill additional orders.

Currently the company employs the following staff: Accounts Manager, Marketing Manager, Marketing Assistant, Sales Manager, four customer service representatives, Office Manager, Administration Assistant, Operations Manager, Financial manager, Payroll administrator, Finance assistant (accounts payable and receivable etc.) as well as the CEO and two shareholders as indicated above.

As the Finance manager, the CEO has asked you to investigate the risks associated with this venture, with a particular focus on financial activities performed by the finance team. General activities and responsibilities of the finance team include payroll, banking, accounts payable (supplier payments), account receivable (customer receipts) and statutory compliance. Currently, due to the small size of the business, IT falls within the responsibility of the finance team but does not need to be assessed for risk.

Due to the quick timeframe allocated to establish the retail outlets, the CEO has asked all managers and the administration assistant to prioritise any requests you (Financial manager) make regarding the risk management task. The risk management process budget has made a $20 000 provision for a technology advancement (e.g. RPA) but any other spending should be kept to a minimum. The customer service representatives frequently move on to other opportunities and need to be recruited and replaced on a regular basis.

The company currently has a Risk Management Policy and Procedures in place that incorporates the AS/NZS ISO31000:2018 Risk Management Principles and Guidelines.

Information relevant to identify risks:

At a team meeting, the Finance manager met with the payroll officer and finance administrator. Together they identified risks and associated outcomes.

The finance administrator was concerned that the theft of stock or cash from retail outlets would result in cashflow problems and criminal charges (negative publicity). A few of the treatment alternatives discussed included security cameras, using well referenced staff, doing frequent audits of the storage room and taking out insurance.

The payroll officer was mostly worried about an increase in the workload and wandered whether more staff should be employed.

The Finance manager had recently attended a professional development training session about using automated processes to do mundane finance related tasks (RPA). As such, he mentioned that due to an increased workload and demand on the finance staff, there would be incorrect invoicing of suppliers. This would result in delayed payment and weakening of the supplier relationship and may affect staff retention and work performance. Treatment alternatives that were discussed included to train and reward staff and to automate processes where necessary.

The payroll officer and finance administrator requested that priority be given to the increased work load on the finance team.

Information relevant to assessing the risks

At the same meeting (to identify risks), the finance manager asked the team to estimate the likelihood and impact (severity) of each risk:

Risk Potential outcome Finance Manager Payroll officer Finance assistant

Likelihood Impact Likelihood Impact Likelihood Impact

Theft of stock or cash from retail outlets cashflow problems 2 3 1 2 2 2

criminal charges 1 1 2 1 2 1

Incorrect invoicing of new suppliers delayed payment 4 2 2 2 1 2

weakening of the supplier relationship 4 3 3 3 3 3

Increased demand on payroll and accounts receivable/payable staff staff retention issues 3 3 2 2 3 2

work performance 3 3 3 4 4 3

Information relevant to monitoring and evaluating the risk management process/project

NatureCare stores were opened in Sydney, Brisbane and Melbourne within the six months requested by the CEO and the stores have been operating for three months.

An invoicing RPA system was implemented in the finance department one month after stores opened. There have been no invoicing issues since it was implemented. Implementation of the system cost $25 000.

After stores have opened and have been operating for three months, incidents recorded showed that there had been three instances of store room theft across three stores. The CEO has raised concerns that the risk management process did not adequately control this risk.

The finance administrator had taken seven days of sick leave since the implementation of RPA 2 months before (as opposed to an average of 1 per month in the past). When questioned about the leave, the finance administrator admitted to feeling overwhelmed by the new technology.

The operations manager mentioned at a recent executive team meeting that one of the regular container suppliers had merged with another company and would no longer be producing the containers NatureCare ordered.

Risk Management Policy and Procedures

Purpose

To provide information and guidance on Risk Management. This Policy applies to all NatureCare Products employees.

Principles

The following principles form the foundation of the NatureCare Products Risk Management Policy and Procedures:

A commitment to implement risk management effectively:

NatureCare Products is committed to managing and minimising risk. This will be done by identifying, analysing, evaluating and treating risk exposure that may impact on NatureCare Products achieving its objectives and/or the efficiency and effectiveness of its operations.

NatureCare Products will incorporate risk management into its planning and decision-making processes and it must also be included as a consideration in operational planning as a delegated line management responsibility.

NatureCare Products staff must implement risk management according to relevant legislative requirements and appropriate risk management standards.

A commitment to training and knowledge development in the area of risk management:

NatureCare Products is committed to ensuring that all staff, particularly those with management, advisory and decision-making responsibilities, obtain a sound understanding of the principles of risk management and the requisite skills to implement risk management effectively.

A commitment to monitor performance and review progress in risk management:

NatureCare Products will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation as a basis for continuous improvement.

Responsibilities

Risk must first and foremost be managed at the corporate level as part of the NatureCare Products good governance and corporate management processes. Risk management is considered an integral part of all management and decision-making functions within NatureCare Products. The responsibility for the identification of risk and the implementation of control strategies and follow up remains a delegated line management responsibility. All stakeholders have a significant role in the management of risk. This role may range from initially identifying and reporting risks associated with their own jobs to participation in the risk management process.

Aims and Objectives

NatureCare Products aims to integrate risk management into the management culture of NatureCare Products and foster an environment where staff assume responsibility for managing risks.

To secure its commitment to implement risk management effectively, NatureCare Products aims to implement risk management across all aspects of NatureCare Products in accordance with best practice guidelines.

To secure its commitment to training and knowledge development in the area of risk management, NatureCare Products aims to ensure that performance in risk management is a consideration in the NatureCare Products' performance management systems and other stakeholders have access to appropriate information, training and other development opportunities in the area of risk management.

To secure its commitment to monitoring performance and reviewing progress, NatureCare Products aims to ensure that appropriate monitoring, review and reporting processes are in place in the area of risk management.

The objectives of risk management are to:

provide a structured basis for strategic, tactical and operational planning across NatureCare Products, enhancing its governance and corporate management processes;

enable NatureCare Products to effectively discharge its statutory and legislative financial management responsibilities;

provide a practical framework for managers to assess risks inherent in the decisions they take;

assist and motivate decision makers, at all levels, to make good and proactive management decisions that do not expose NatureCare Products to unacceptable levels of risk of unfavourable events occurring which adversely impact on the attainment of organisational goals

encourage and commit decision makers to identify sound business opportunities that will benefit NatureCare Products without exposing the company to unacceptable levels of risk;

minimise the risks of not identifying sound business opportunities

protect NatureCare Products from unacceptable costs or losses associated with its operations, while safeguarding its resources: its people, finance, property and reputation

assist NatureCare Products in achieving its strategic objectives

create an environment where all staff assume responsibility for risk management

Procedures

Corporate

Risk management is a whole of Organisation Process. It must first and foremost be managed at the corporate level as part of NatureCare Products' good governance and corporate management processes. This process, coordinated and facilitated by the CEO, will involve the following key steps:

an annual risk identification exercise undertaken by the CEO. This involves assessment of the consequence and likelihood of risk, the development and/or review of individual risk management plans for the risks identified which exceed the NatureCare Products 's defined acceptable risks

wherever practicable, the inclusion of a Risk Management Assessment for all business activities

the incorporation of risk management into strategic planning, as well as operational and resource management planning processes

ensure risk management processes are incorporated into the quality assurance and improvement systems of NatureCare Products

clearly define and document escalation procedures for risk management

ensure a consistency in approach of responses to the same risk by different sections of NatureCare Products

test documented risk management procedures at appropriate intervals.

Management

Risk management is a delegated line management responsibility. It is the responsibility of all line managers to continually monitor their areas of responsibility to ensure that risks are identified and managed. Line managers should ensure that a contribution is made to NatureCare Products risk management process, on behalf of their areas of responsibility, that identifies risks at all levels.

The sharing of documented responses to risks and knowledge of risk management principles and procedures will be fostered between line managers to ensure consistency across the NatureCare Products.

On an annual basis, line managers should review all activities to ensure that any unacceptable risk exposures are identified and managed at an appropriate level. All operational sections will be required to report on risk management as part of the NatureCare Products 's annual operational and resource management process.

Individual

Each employee or other stakeholder throughout NatureCare Products has a role in the risk management process and is responsible for actively participating in the risk management process as appropriate to their position within the organisation.

New Opportunities

In addition to the risks that already exist, NatureCare Products is continually exposed to new risks, particularly from the introduction of new activities.

New risks should be incorporated into the initial planning and assessment processes conducted prior to undertaking the activity and, subsequently, into the annual risk management assessment at the appropriate level(s) of activity and management. A risk management plan must then be developed.

The risk management process is a collaborative process whereby all managers and supervisors identify risks and then meet to discuss and evaluate risks.

To identify risks, the following questions must be considered:

Threats or opportunities in the current economic climate that may impact on the business area?

What could go wrong with the expansion in regard to the business area?

What issues relevant business area could prevent the expansion from occurring?

What is the worst-case scenario in terms of the business area and the expansion?

Principles

The principles of risk management shall be applied to all areas of risk exposure, insurable and non-insurable, and shall include, but not be limited to the following areas:

Insurable Risks Non-Insurable Risks

Insurable workplace health and safety risks

Insurable fraud and corruption prevention activities

Unauthorised use of resources which represent an insurable risk

Reputation and image as an insurable risk

Fire prevention measures and security precautions

Property loss and damage

Computer security

Professional negligence

Other liability exposures

Legal liability Non-insurable workplace health and safety risks

Non-insurable fraud and corruption prevention activities

Unauthorised use of resources which represent a non-insurable risk

Reputation and image as a non-insurable risk

Crisis contingency planning and disaster recovery

Accounting controls that are not cost effective

Loss of key staff and intellectual property

Management system inadequacies and poor work quality

Failure or disruption of a major income source or investment

Risk assessment

For all risks the business elects to manage, the likelihood of each risk occurring must be estimated. Risk likelihood must be calculated by taking the average of at least two stakeholder estimations. This must be done using the following scale:

Rare 1

Unlikely 2

Likely 3

Very likely 4

Similarly, the risk impact must be calculated by taking the average of at least two stakeholder estimations using the following scale:

Minor 1

Moderate 2

significant 3

Catastrophic 4

Risk will be prioritised using the risk matrix:

Extreme and high risks should receive high priority.

Moderate risks should receive medium priority.

Low and very low risks should receive low priority.

Review

The CEO will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation.

Guidance

The CEO will ensure that, through its monitoring, review and reporting functions, NatureCare Products maintains a consistent approach to its assessment of acceptable risk.

Documentation

Each stage of the risk management process shall be appropriately documented. The extent of documentation required is dependent on the nature of the risk. Documentation will be controlled, and become part of an auditable quality management process. Risk registers must contain:

risk

potential outcomes

likelihood

impact

calculated risk

priority

treatment.

Compliance

A representation and compliance statement should be provided by each manager as formal acknowledgement of their responsibility to comply with risk management policies and procedures.

Each employee should have included in their Position Description a responsibility for risk management, and Annual Performance Appraisals should include an appropriate assessment thereof.

Staff Development

Management shall ensure that staff have available to them appropriate information and training opportunities in risk management as appropriate to their position and role within NatureCare Products.

Internal Communication Policy and Procedures

NatureCare aims to enhance and streamline communications (internal and external) to reinforce the vision and strategic priorities. As such, we will continue to develop and trial new communication platforms, channels, and tools to improve information sharing and collaboration between all staff members.

This policy is to be implemented in a way that ensures compliance with relevant legislative requirements and standards of best practice.

NatureCare expects that staff will use the channels and for business purposes only and comply with all relevant policies and procedures, the Code of Conduct.

Communication channels

NatureCare has a number of internal communication channels available, including:

Channel Purpose

Project or action plans All plans should be communicated verbally to those responsible for steps in the plan. Action plans must be updated to show completion of each action/process or task.

Executive team meetings Information relevant to all line managers should be discussed at the weekly executive team meeting and a summary report of the issue provided to each line manager. (If urgent, an email should be sent instead).

Team meetings Information relevant to a specific team should be discussed at the weekly team meeting (If urgent, an email should be sent or a telephone call made instead).

Staff bulletin This contains Information from the executive to staff which is important and relevant to their interests, including training, employment vacancies and important announcements.

Contributions for the Staff Bulletin must be approved in advance by the contributors relevant manager before being sent to the communications officer for review and inclusion.

Staff surveys These are used to gather information and feedback from all staff members. Surveys should be sent to staff via email link.

NatureCare intranet The intranet provides important information for staff in an easily accessible location.

The intranet is to be used for conveying information which is important and relevant from the executive team to staff. It is the responsibility of the person contributing the content to ensure the content is factually correct. All contributions must be approved in advance by the contributors relevant manager.

Enterprise social networks (e.g. Yammer, Facebook) These may be used by groups of staff to collaborate and communicate on projects online (e.g. to share and comment on work-related ideas, news and activities). Personal use of these platforms may not be used during work hours. Use of these networks must comply with the Social Media Policy.

All Staff emails Emails are used for messages to and between staff. Staff are required to read all their work-related emails.

Email distribution lists Email distribution lists may only be used by the executive team and should adhere to the Privacy policy.

Record Keeping Policy and Procedures

Purpose

This policy describes guidelines to create, preserve and access NatureCares records. Its purpose is to ensure that all records are accurate and secure.

Scope

A record is any type of file (document, spreadsheet, database entries) that NatureCare stores in its systems. This includes files both employees and external sources create, all legal and business documents and formal internal and external communications.

This policy applies to employees who may create, access and manage records. The HR and finance departments, which manage sensitive and critical information, are primarily responsible for keeping accurate and secure records.

What records do employees need to create?

Creating and storing certain types of records are mandatory. Employees should keep records that:

Are mandated by law

Are necessary for them or other employees to perform their jobs

Indicate internal or external changes that affect operations, employees, partners or customers

Include decisions, reports, data and activities that are important to the business

Describe business ventures, deals and communication with regulatory bodies or the public

Employees, teams and departments may keep other records if they decide theyre useful to their jobs.

Employees should:

Ensure that information is accurate and complete

Store records in appropriate mediums

Name, categorize and share records properly

Mark appropriate records as confidential

Clarify whos authorized to access records

Authorisation

Records may have different levels of authorization that limit their accessibility. The authorisation level is determined by the employee who create the records and the law where the law always take precedence.

The following records are strictly confidential and require a high-level authorization:

Employment records e.g. remuneration, performance review, skills assessment

Unpublished financial data

Customer/ vendor/ partner/ job applicant information and contracts

Other types of records, like company performance metrics and internal policies, may be accessible by all permanent employees. Employees must not disclose records to people outside of our company, unless authorized.

Physical records

Printed records must be stored safely in filing cabinets or closed offices. Important, confidential files mustnt be left in open office areas.

Electronic records

Electronic records will be protected by passwords, firewalls and other security settings (both locally and in the cloud.)

Employees are responsible for keeping these records intact. For example, if an employee shares a Google spreadsheet, they must decide whether to give colleagues permission to edit, view or comment.

Also, when employees access electronic, confidential records outside of our offices, they should ensure that both their devices and networks are secure. They should not leave their screens and devices unattended while logged in to our companys accounts.

Data retention period

As a general rule, NatureCare will keep all records for a minimum of three years unless otherwise stated by law. The following records must be preserved indefinitely:

Internal policies

Employment contracts

Partnership and vendor contracts

Financial statements and annual reports

Results of audits and legal investigations

Discarding records

Records may also be discarded upon request from a stakeholder.

Naming convention

All employees are required to use NatureCares templates for all workplace documentation.

Documents should be named [Department_Type_Detail_Version]

Documents are to be saved using NatureCares cloud-based storage system.

Feedback

In-built software review functionality should be used, and all comments recorded in a feedback register. Feedback register should contain the date, project number, name of reviewer, person receiving feedback, comments and action required.

RTO No: 91223

-410210400748500

Student Guide

BSBOPS504 Manage Business Risk

Contents

Section 1: Establish risk context5Section 2: Identify and analyse risk8Section 3: Implement and monitor risk treatment11Student name: Assessor: Date: Business this assessment is based on: Risk management project/process: Documentation reviewed as preparation: Section 1: Establish risk context

Provide a brief overview of the business or organisation you are basing your portfolio on.

What is the name of the business or organisation?

What is the main focus of the business?

What role will you assume as you investigate risk for your chosen risk management process/project?

Determine the scope of your chosen risk management process/project.

What does your chosen risk management process/project involve?

Which departments or work areas are involved in the process?

Are there any risks the business will not manage (for example, staff retention)?

Evaluate organisational requirements and standards for managing risk.

Which organisational policies and procedures provide input on how you approach your chosen risk management process or project e.g. Risk management, Record keeping etc.?

Are there any processes you need to follow?

Attach policies and procedures to this section of your portfolio.

What are the legal requirements associated with your chosen risk management process or project?

Explain the legislation you need to comply with.

Do any regulations apply?

Is there the potential for new laws to be introduced or existing ones to be amended or rescinded?

Which risk management standard/s are used or guide the risk management activities of the business?

List the resources available for you to use as you plan, implement and monitor risk.

Are template documents available to support your risk management process/project?

Do you have budget allocation or restrictions for the risk management process/project?

Which employees are available to assist you?

What other resources are required?

Establish objectives and critical success factors for your risk management process or project.

List two objectives.

List three critical success factors for the risk management process or project.

Identify stakeholders who will be part of the risk management process.

Who is able to shed light on or assist with risk identification, risk analysis and/or risk control?

Who is likely to be impacted by an adverse risk event?

How will each stakeholder provide input to the risk management process (such as identifying possible risks, helping describe their impact and suggesting ways to prevent or mitigate risks)?

What influence does each stakeholder have on risk management decisions?

What are the possible issues each stakeholder may have if a risk event occurs (for example, employees will still want to be paid, customers may still need your products or services and banks will still need to be paid for loans etc)?

Communicate with relevant stakeholders.

Who will you communicate to (at least two stakeholders) regarding:

Explanation of the risk management process or project?

Invitation to assist in risk identification.

How will you consult with each stakeholder?

If not already viewed in person by your assessor, attach proof (e.g. draft email, telephone conversation recording, video of meeting etc.) of your explanation of the risk management process/project to the stakeholders.

If not already viewed in person by your assessor, attach proof of your invitation to stakeholders to assist in the identification of risks (e.g. draft email, telephone conversation recording, video of meeting etc.).

Note: If suitable, 8.3 and 4.4 can be completed as one communication.

Analyse the external environment of your risk management process/project.

Note: You may choose to perform any external environmental analysis (e.g. PESTLE analysis) to answer this question instead of the questions below.

What is the political situation like (e.g. unrest, government support of small business, government policies)?

What is the current and predicted economic situation (e.g. state of local and other applicable economies, interest rates, exchange rates, employment rates etc.)?

Are there any social considerations (e.g. changing values, beliefs, attitudes and habits)?

How are technological advances affecting the business (e.g. internet, RPA, risk control)?

What are competitors doing?

Establish the strengths and weaknesses within your business that have the potential to create or impact risk.

Note: You may choose to use any relevant analysis tool (e.g. SWOT analysis) to answer instead of the questions below.

Are the current risk management policy/procedures complete and comprehensive?

What is the state or condition of business resources relevant to your risk management process or project?

How effective are existing communication mechanisms between management and the workforce?

How loyal are staff?

What is the size and quality of the customer data base?

What is the business ability to fund or raise funding?

What is the business cashflow situation?

Are supplier relationships strong and reliable?

Attach: Policies and procedures

Communication to explain risk management process to stakeholders (if relevant)

Communication to invite stakeholders to identify risks (if relevant)

Section 2: Identify and analyse risk

Plan to discuss risks with invited stakeholders (identified in Section 1).

Choose a tool or technique to facilitate the group discussion to identify risks within the scope of the risk management process

Note: At the meeting, you will collaboratively choose three risks to focus on as a group.

List what will be discussed (e.g. identify risks, assess risks, risk treatments, priorities etc.)

What method and scale will you use to assess the likelihood and severity of the risks?

What will guide how you prioritise risk (e.g. risk matrix)?

What are you prepared to negotiate?

How will you negotiate?

Explain questioning and listening techniques you will use to elicit opinion and clarify understanding.

Summarise risks.

Summarise at least three risks identified at the meeting that apply to the scope of your risk management process or project. For each risk:

Identify which type of risk it is.

Identify who may be responsible for the risk.

List at least two potential outcomes should the risk eventuate.

What treatment alternatives were discussed?

How do the stakeholders want to prioritise the risks?

If not already viewed in person by your assessor, attach proof of your stakeholder meeting (e.g. video of meeting etc.).

Complete the table below to assess the identified risks (using an appropriate scale and stakeholder input).

Note, you may enter relevant information into the table below, or use any other appropriate format. If you use another format (e.g. MS Excel spreadsheet), attach proof to this section of your portfolio

Risk Potential outcome Students role Stakeholder 2 Stakeholder 3 Combined value (e.g. average)

Likelihood Impact Likelihood Impact Likelihood Impact Likelihood Impact

Research risks

Research each of the identified risks to learn more about the risk and any related risk treatment options (e.g. speak to stakeholders, do an internet search, review best practice examples, check policies and procedures, view past incidents, research technology solutions etc.).

Note: You must access at least two different sources of information.

Summarise the research done for each identified risk.

List the options available to you to treat your identified risks.

Attach proof of your research to this section of your portfolio.

Use digital technology to document and calculate risk (e.g. a risk register). Include the risk, potential outcomes, likelihood, impact/severity, risk calculation, treatment actions and priority of each treatment action.

Note: Risk is calculated (likelihood)x(impact).

Attach: Proof of your research (2 sources)

Stakeholder meeting

Risk assessment (likelihood and impact) if you did not use the table provided

Digital risk documentation e.g. risk register

Section 3: Implement and monitor risk treatment

Complete the action plan below for ONE of your selected risk treatments (in your Risk register in

Section 2).

Note: If your business already has an action plan template or other specific documentation requirements, use them instead and attach your work to this section of the portfolio.

Risk:

Action:

Desired outcome:

Overall person responsible:

Step: Person responsible: Timeframe: Resources: Performance measure: Outcome requirements: Done?

Communicate the action plan to relevant parties (each person responsible for a step in the action plan).

To who will you communicate?

How will you communicate (e.g. face-to-face discussion, email)?

If not already viewed in person by your assessor, attach proof of your communication to this section of the portfolio (e.g. email with attachment, project schedule, video of team meeting etc.).

Implement your action plan.

What are the organisational policy and procedure requirements to implement an action plan?

Must any documentation be maintained or named in a specific way?

If not already viewed in person by your assessor, attach proof of implementation to this section of your portfolio (e.g. notify HR, schedule resources, recording of telephone conversation etc.).

Monitor your risk management process or project.

What data is available?

Have any new risks emerged?

Have any incidents been recorded?

Have you (or other stakeholders) received or provided feedback?

Evaluate your risk management process or project.

Are you identified risks still relevant?

Have your risk treatments been successful?

Are there any new risks?

How satisfied are stakeholders with your action taken to manage risks?

Are your selected treatment options still in line with best practice?

Is any other risk treatment necessary?

Write a report on the outcomes of the evaluation and attach it to this section of your portfolio. In you report, include:

a summary of the risk process/project and associated risks and risk treatments

a summary of the progress of the action plan

a summary of new risks

a summary of risks no longer valid

any additional risk treatments required.

Attach: Action plan (if relevant)

Proof of communicating action plan

Evaluation report

RTO No: 91223

-5406891432060

Assessment Task 1

BSBOPS504 Manage business risk

Assessment Task 1 Cover SheetStudent Declaration

To be filled out and submitted with assessment responses

I declare that this task is all my own work and I have not cheated or plagiarised the work or colluded with any other student(s).

I understand that if I am found to have plagiarised, cheated or colluded, action will be taken against me according to the process explained to me.

I have correctly referenced all resources and reference texts throughout these assessment tasks.

Student name Student ID number Student signature Date Assessor declaration

I hereby certify that this student has been assessed by me and that the assessment has been carried out according to the required assessment procedures.

Assessor name Assessor signature Date Assessment outcome S NS DNS Resubmission Y N

Feedback

Student result response

My performance in this assessment task has been discussed and explained to me.

I would like to appeal this assessment decision.

Student signature Date A copy of this page must be supplied to the office and kept in the students file with the evidence.

Assessment Task 1: Knowledge questions

Information for studentsKnowledge questions are designed to help you demonstrate the knowledge which you have acquired during the learning phase of this unit. Ensure that you:

review the advice to students regarding answering knowledge questions in the Business Works Student User Guide

comply with the due date for assessment which your assessor will provide

adhere with your RTOs submission guidelines

answer all questions completely and correctly

submit work which is original and, where necessary, properly referenced

submit a completed cover sheet with your work

avoid sharing your answers with other students.

ii Assessment information

Information about how you should complete this assessment can be found in Appendix A of the Business Works Student User Guide. Refer to the appendix for information on:

where this task should be completed

the maximum time allowed for completing this assessment task

whether or not this task is open-book.

Note: You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix C of the Student User Guide. However, if your RTO has provided you with an assessment cover sheet, please ensure that you use that.

Questions

Provide answers to all of the questions below:

Explain the risk management process. You may answer using a labelled diagram or in words (or both) and must include:

a definition of risk management.

a list or illustration of the steps in a risk management process.

a description of what each step involves.

Describe a current risk management standard. In your answer:

name the standard.

explain the purpose of the standard.

list key elements of the standard.

Complete the table below to describe the types of business risk.

Type of risk Description Example Key responsibility

(at least two people)

Strategic risk Compliance risk Financial risk Operational risk Complete the table to explain three different tools and techniques that may be used to identify risk. The first row has been completed as an example for you to follow.

Technique/tool Description

Brainstorming A group discussion to produce as many ideas or solutions to problems in a pre-determined amount of time.

Explain four options that a company could use to take to control risks.

Explain how legislation and its related regulatory requirements relate to risk management. In your answer:

identify two different legislative and regulatory requirements that may apply to risk management.

for each legislative requirement, explain how it relates to risk management.

provide one example of how regulations support one of the legislation.

Explain the purpose of risk management policies and procedures in the workplace as they relate to risk management.

Complete the table below to summarise how three policies and procedures relate to risk management.

Policy/procedure Description

Record keeping policy and procedure WHS policy and procedure Confidentiality policy/procedure

Assessment Task 1: Checklist

Students name:

Did the student provide a sufficient and clear answer that addresses the suggested answer for the following? Completed successfully? Comments

Yes No Question 1 Question 2 Question 3 Question 4 Question 5 Question 6 Question 7 Question 8 Task outcome: Satisfactory Not satisfactory

Assessor signature: Assessor name: Date:

RTO No: 91223

-5406891432060

Assessment Task 2

BSBOPS504 Manage business risk

Assessment Task 1 Cover SheetStudent Declaration

To be filled out and submitted with assessment responses

I declare that this task is all my own work and I have not cheated or plagiarised the work or colluded with any other student(s).

I understand that if I am found to have plagiarised, cheated or colluded, action will be taken against me according to the process explained to me.

I have correctly referenced all resources and reference texts throughout these assessment tasks.

Student name Student ID number Student signature Date Assessor declaration

I hereby certify that this student has been assessed by me and that the assessment has been carried out according to the required assessment procedures.

Assessor name Assessor signature Date Assessment outcome S NS DNS Resubmission Y N

Feedback

Student result response

My performance in this assessment task has been discussed and explained to me.

I would like to appeal this assessment decision.

Student signature Date A copy of this page must be supplied to the office and kept in the students file with the evidence.

Assessment Task 2: ProjectInformation for students

In this task, you are required to demonstrate your skills and knowledge by working through a number of activities and completing and submitting a project portfolio.

You will need access to:

your learning resources and other information for reference

Project Portfolio template

Simulation Pack (if you need a case study).

Ensure that you:

review the advice to students regarding responding to written tasks in the Business Works Student User Guide

comply with the due date for assessment which your assessor will provide

adhere with your RTOs submission guidelines

answer all questions completely and correctly

submit work which is original and, where necessary, properly referenced

submit a completed cover sheet with your work

avoid sharing your answers with other students.

ii Assessment information

Information about how you should complete this assessment can be found in Appendix A of the Business Works Student User Guide. Refer to the appendix for information on:

where this task should be completed

how your assessment should be submitted.

Note: You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix B of the Student User Guide. However, if your RTO has provided you with an assessment cover sheet, please ensure that you use that.

ActivitiesComplete the following activities:

Carefully read the following:

This project requires you to lead one business risk process or project for an organisation or work area. As part of the assessment, you will maintain relevant organisational documentation as you:

choose a risk management process or project to work on

establish the scope of the risk management process or project

analyse information from a range of sources to establish the internal and external context of your risk management process or project

consult and communicate with stakeholders to identify, assess, treat and prioritise risks

develop and implement an action plan to treat the risks

monitor and evaluate the risk management process and action plan.

Vocational education and training is all about gaining and developing practical skills that are industry relevant and that can help you to succeed in your chosen career. For this reason, we are giving you the choice to base this project on your own business, one you work in or a familiar with, or you can use the case study provided. This will mean that you are applying your knowledge and skills in a relevant, practical and meaningful way to your own situation!

It is important that you are able to access enough information for your chosen business in order to be able to do your assessment. As a minimum this should include workplace documentation relating to risk management (e.g., risk management policy and procedures). You will also need data to monitor and evaluate risk management process and related action plan.

You will need to communicate with people who are involved with the risk management process. Your communication may be either directly with actual staff members or fellow students/your assessor can play the roles of relevant people/parties. Communication can be in any appropriate format (e.g. face to face, video conference, email) as long as it meets the requirements outlined in the Project Portfolio.

You will be collecting evidence for this unit in a Project Portfolio. The steps you need to take are outlined below.

Preparation

Make sure you are familiar with the organisation you are basing this assessment on and have read through the necessary background information. For the case study business, this is all of the documents included in the Simulation Pack. If its your own business or a business where you are working or are familiar with, have your business or case study approved by your assessor.

Choose an appropriate risk management process or project and complete Page 4 of your Project Portfolio for this unit.

Read through the requirements of Section 1, 2 and 3 of your Project Portfolio.

Establish the risk context

Complete Section 1 of your Project Portfolio. To do this, you need to:

determine the scope of your chosen risk management process/project

evaluate organisational requirements and standards for managing risk

determine the legal requirements of your risk management process/project

list resources available to address risk

establish objectives and critical success factors of the risk management process/project

identify stakeholders who will be part of the risk management process.

communicate with at least two stakeholders to:

explain the risk management process/project

invite stakeholders to help identify and assess risk.

Continue completing Section 1 of your Project Portfolio. To do this, you need to

analyse the external environment of the risk management process/project.

establish the strengths and weaknesses within your business that have the potential to create or impact risk.

Make sure you have answered all questions in Section 1. Submit to your assessor for review.

You are also required to attach certain documents as part of your evidence review the documents you need to attach as outlined in Section 1 of the Project Portfolio and make sure you attach these when you submit this section.

You will use the work done in this section of the Portfolio to consult with stakeholders to assess and address risk.

In preparation, read through step 4 and Section 2 of your Project Portfolio and complete the first question (plan to discuss risks with invited stakeholders).

Identify and analyse risk

Make sure you are ready to use the tool/technique and risk scale identified at the end of step 3 prior to this meeting.

Meet with at least two of the stakeholders you identified as part of Section 1 of your Project Portfolio.

Consult with stakeholders to:

use an appropriate tool/technique to identify at least three risks within the scope of your risk management process/project.

establish at least two potential outcomes for each risk.

assess risk using an appropriate scale.

discuss treatment options for each risk.

prioritise risks.

ii This meeting should take 20 minutes.

As part of your consultation, you are required to negotiate and use questioning and listening techniques to elicit opinions and confirm/clarify your understanding. You will be assessed on this.

This meeting may take place with actual people who work for/are associated with your chosen business. Alternatively, classmates or your assessor may play the role of one or more team members. This can either be viewed in person by your assessor or you may like to video record the session for your assessor to watch later. Your assessor can provide you with more details at this step. Make sure you follow the instructions above and meet the timeframes allocated. If this session is not viewed in person by your assessor, you will attach proof of the meeting to Section 2 of your Project Portfolio.

Continue completing Section 2 of your Project Portfolio. To do this, you need to:

summarise the outcomes of the meeting and assess likelihood and impact/severity of the risk.

research the risks to find out more about them.

use digital technology to document risk (e.g. a risk register using MS Excel).

Make sure you have answered all questions in Section 2. Submit to your assessor for review.

You are also required to attach certain documents as part of your evidence review the documents you need to attach as outlined in Section 2 of the Project Portfolio and make sure you attach these when you submit this section.

You will use the work done in this section of the Portfolio to consult with stakeholders to create an action plan for one of your risks and then monitor and evaluate the plan and your risk management process/project.

Implement and monitor risk treatment

Complete Section 3 of your Project Portfolio. To do this, you need to:

complete an action plan for one of the risk treatments in the risk register

communicate the action plan to relevant stakeholders.

Continue completing Section 3 of your Project Portfolio. To do this, you need to:

follow organisational policy and procedures to implement the action plan (e.g. (e.g. notify HR, schedule resources, recording of telephone conversation, save risk register using appropriate naming conventions etc.).

ii Assume a period of time has passed.

If you are basing this on your own business, make sure you have data available to monitor and evaluate the risk management process/project and its associated action plan.

If you are basing this on the case study, information is provided in the simulation pack.

Continue completing Section 3 of your Project Portfolio. To do this, you need to:

monitor and evaluate the action plan and risk management process/project

write a report on the outcomes of the evaluation.

Make sure you have answered all questions in Section 3. You are also required to attach certain documents as part of your evidence review the documents you need to attach as outlined in Section 3 of the Project Portfolio and make sure you attach these upon submission.

Submit your completed Project Portfolio

Make sure you have completed all sections of your Project Portfolio, answered all questions, provided enough detail as indicated and proofread for spelling and grammar as necessary. Remember to submit all necessary attachments as indicated.

Assessment Task 2: Checklist

Students name:

Did the student: Completed successfully? Comments

Yes No Establish the risk context by:

determining the scope of their chosen risk management process/project.

evaluating organisational requirements and standards for managing risk.

determining the legal requirements of their risk management process/project.

listing resources available to address risk.

establishing objectives and critical success factors of the risk management process/project.

identifying stakeholders who will be part of the risk management process

communicating with at least two stakeholders to:

explain the risk management process/project.

invite stakeholders to help identify and assess risk.

analysing the external environment of the risk management process/project (political, economic, social, technological and policy).

establishing the strengths and weaknesses within the business that have the potential to create or impact risk. Identify and analyse risk by:

Consulting with stakeholders to:

use an appropriate tool/technique to identify at least three risks within the scope of the risk management process/project.

establish at least two potential outcomes for each risk.

assess risk using an appropriate scale.

discuss treatment options for each risk.

prioritise risks.

summarising the outcomes of the meeting

assessing likelihood and impact/severity of the risk.

researching the risks to find out more about them.

documenting risk using digital technology (e.g risk register). Implement and monitor risk treatment by:

completing an action plan for one of the risk treatments in the risk register.

communicating the action plan to relevant stakeholders.

implement the action plan.

monitor and evaluate the action plan and risk management process/project.

write a report on the outcomes of the evaluation.

Demonstrate effective oral communication skills, including:

Uses listening and questioning techniques to confirm that you understand the views of others correctly.

Negotiate with stakeholders about risk management process and outcomes. Task outcome: Satisfactory Not satisfactory

Assessor signature: Assessor name: Date:

Final results recordStudent name: Assessor name: Date Final assessment results

Task Type Result

Satisfactory Unsatisfactory Did not submit

Assessment Task 1 Knowledge questions S U DNS

Assessment Task 2 Project S U DNS

Overall unit results C NYC Feedback

My performance in this unit has been discussed and explained to me.

I would like to appeal this assessment decision.

Student signature: Date:

I hereby certify that this student has been assessed by me and that the assessment has been carried out according to the required assessment procedures.

Assessor signature: Date:

Risk calculation Template.

Risk Potential outcome Likelihood Impact Risk calculation Treatment actions Priority

(high, medium, low)

Example