Assessment Task 2

BSBRSK501B Manage risk

``Risk analysis

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 1 of 15

Assessment Task 2

BSBRSK501B Manage risk

Submission details
Candidates
name

Phone
no.

Assessors
name

Phone
no.

Assessment
site
Assessment
date/s

Time/s

The Assessment Task is due on the date specified by your assessor. Any
variations to this arrangement must be approved in writing by your
assessor.
Submit this document with any required evidence attached. See
specifications below for details.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 2 of 15

Assessment Task 2

BSBRSK501B Manage risk

Performance objective
In this assessment you are to analyse the risks identified in the case study,
to assess likelihood and consequence of risks, evaluate and priorities risks,
and determine options for treatment. You are also required to develop an
action plan for treatment of risks, and communicate it to relevant parties.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 3 of 15

Assessment Task 2

BSBRSK501B Manage risk

Assessment description
Using the information gathered in Assessment Task 1 and the case study
provided, examine the likelihood and consequences of identified risks,
prioritise the risks and determine options for treatment of each risk. Using
this information you are required to develop an action plan for
implementing risk treatment, document the plan as required, and
communicate the risk management plan to relevant parties.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 4 of 15

Assessment Task 2

BSBRSK501B Manage risk

Procedure
1. Using the case study information provided in this assessment and in
Assessment Task 1, develop a report for your manager (assessor) with
the headings as described below:
a. Likelihood For each risk, assess the likelihood of the risk
occurring.
b. Consequence For each risk, assess the consequence of the
risk occurring.
c. Priorities Use a risk calculation table to assist in prioritising
the risks.
d. Options For each prioritised risk, outline at least two suitable
options for treating the risk.
In your report, include an explanation of the process you used to
identify risks and assess likelihood, consequence, priority. Also
include an explanation of why options you suggest for
controlling risk are:
i. likely to be effective
ii. feasible for the organisation.
2. Develop a risk management plan by completing the table included in
this task and attaching it to your report.
3. Communicate the plan to your organisation by submitting your report
and the risk management plan to your manager (your assessor) for
internal distribution.
When submitting the report and plan, to assist the organisation to
properly store and retrieve the report, you need to ensure that:
a. your report is titled Risk analysis and management plan
b. your report is in order, with the Risk management table attached
to the back of your report
c. your report is submitted as required by your organisation (your
training provider).

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 5 of 15

Assessment Task 2

BSBRSK501B Manage risk

Specifications
You must provide:
a completed risk analysis report as outlined above
a completed risk management table, in the required format.

Your assessor will be looking for:

evidence that you analysed and identified the risks relevant to the

case study, and established suitable plans for managing the risks.

Adjustment for distance-based learners

No variation of the task is required.
A follow up interview may be required (at the discretion of the

assessor).
Documentation can be submitted electronically or posted in the mail.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 6 of 15

Assessment Task 2

BSBRSK501B Manage risk

Case Study
The board has reviewed the previous report you developed, and has
requested further information for several of the identified risks, including
options for reducing the risk levels. These are as follows.
Banking risk theft of cash left on premises.
Managers travel risk physical injury.
By-law Compliance risk reputation/brand loss and fines.

Time lines to consider are based on risk priority levels and include the
following.
Pre-settlement date of legal transfer of the business.
Opening week first week of company operations.
Within 3 months after the opening week.
Within 6 months after the opening week.

Responsibilities for actions include the following.

Financial, insurance and banking issues financial controller.
Legal issues Goldsmith Partners.
Expenditure >$5,000 MacVille board.
New policy CEO with MacVille board.
On-site management, training store manager.
Changes to MacVille cafe Queensland operations CEO.
External audits CEO with MacVille board.

Develop a report for the board that examines these risks and describes
ways that each can be treated, and forward a copy of your report to your
manager to table at the next board meeting.

Further case study information

Hurleys Cafe
You revise your notes from the meeting with James Mansfield and identify
the following points:
In the context of MacVilles investment here $4,000 would be

considered to be of minor consequence if it were burgled from the

closed premises overnight.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 7 of 15

Assessment Task 2

BSBRSK501B Manage risk

Meeting with Ron Langford

You revise your notes from the meeting with Ron Langford and identify the
following points.
He also said that the Council water patrols meant that it is likely that

stores not complying with the by-law would be discovered.

Senior management team meeting

You go back over your notes compiled with the senior management team
and note the following.
Further feedback from Paula included that the water compliance risk

was one where significant time and resources would be required and
the board would view it having moderate consequences for MacVilles
cafes in Queensland. She also indicated that the board views any
potential risk that could result in the death of an employee as having
a catastrophic consequence.
Looking at the hierarchy of control the senior management team were able
to give you some good brainstorming ideas to pursue. These include the
following.
Installing native plants to cut down water use.
Making it a company policy to bank every day and eliminate the need

to carry overnight.
Install a teleconferencing system.
Install a water tank and reduce dependence on council water.
Change banks to the nearer one to avoid the long walk.
Install dual flush toilets.
Insure overnight cash holdings.
Finish management meetings at 3:00pm.
Introduce new processes on water use and conservation.
Change assistant management times to the morning.
Write new policy and procedures for water use in Toowoomba.
Install a water usage graph in the staff room.
Give the manager an excusal letter allowing them to leave any

meeting at no later then 3:00pm every day.

Replace the dishwasher with a 56 stat (WELS) rating.
Have Goldsmith Partners apply for time to make good.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 8 of 15

Assessment Task 2

BSBRSK501B Manage risk

RISK ANALYSIS AND MANAGEMENT PLAN

1. A) Likelihood: Once risks are identified, the next step is to determine the
likelihood that the potential vulnerability can be exploited. Several factors need to
be considered when determining this likelihood. First, the auditor needs to
consider the source of the threat, the motivation behind the threat, and the
capability of the source. Next, auditors need to determine the nature of the
vulnerability and, finally, the existence and effectiveness of current controls to
deter or mitigate the vulnerability. The likelihood that a potential vulnerability could
be exploited can be described as high, medium, or low.

Rare risk means that highly unlikely, but it may occur in

exceptional circumstances. It could happen, but probably
never will.
Unlikely risk means that not expected, but there's a slight
possibility it may occur at some time.
Possible risk means that the event might occur at some time
as there is a history of casual occurrence at the University &/or
similar institutions.
Likely risk means that there is a strong possibility the event
will occur as there is a history of frequent occurrence at the
University &/or similar institutions.
Frequent risk means that very likely. The event is expected
to occur in most circumstances as there is a history of regular
occurrence at the University &/or similar
institutions/Organizations.
According to the Case Study, there are:
i. Banking Risk There is possibility of theft of cash that is left
on premises as the banking in Caf was not done every day
and often $4000 was kept on the premises overnight in the
cash register. It is a possible risk.
ii.
Managers Travel Risk It is an unlikely risk that the
manager would involve in an accident in spite of being a
competent driver because of the steep narrow climb up the
range with trucks blocking the way that is quite difficult in
daylight hours.
2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 9 of 15

Assessment Task 2

iii.

BSBRSK501B Manage risk

By-law Compliance Risk It is an unlikely risk that if the

employees or the manager use more water, they could get the
fines for excessive usage of water and consequently
breaching the current by-law will occur.

B) Consequence: Failing to address risk can lead to consequences

that span the spectrum from mere inconvenience to grave danger.
The general level of consequence are Catastrophic, Major, Minor,
and Insignificant.
Catastrophic Risk like multiple injuries, regulatory intervention,
net revenue loss or asset damage exceeds $x, damage to reputation
at international level and long-term environmental damage.
Major Risk such as single stakeholder, breach of licenses,
legislation, regulation or mandated standards; net revenue loss or
asset damage between $xxx, damage to reputation at national level
and medium-term (1-5yr) environmental damage.
Minor Risk like breach of internal procedures, net revenue loss or
asset damage between $x-$xx, adverse news in local media and
environmental damage which requiring up to $250,000.
Insignificant Risk like no breach of licenses, standards, guidelines
or related audit findings; net revenue loss or asset damage $x,
public awareness may exist, but there is little public concern and
negligible environmental impact.
According to the Case Study, there are
i. Banking Risk There is a possibility for theft of cash left on
the premises and it is also dangerous to the employees in the
Caf. So, it is a major risk of not banking money every day.
ii.
Manage Travel Risk - There is a possibility for the manager
to have an accident because of the long drive and also the
navigating the steep narrow climb up the range. If there is any
accident occurs, the company has to insure the manager as
well as to find a substitute for the manager and this will slow
down their Caf business. So, it is major risk.
iii.
By-law Compliance Risk If the company didnt use the
water effectively, they will end up paying the fines up to
$50,000 according to the current by-law and it would be a loss
for the company as well as a drawback for their organization.
So, it is a minor risk.

C) Priorities:
Now that you have determined both the likelihood and consequence
of risk, the two are combined to determine the rating. The most
2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 10 of 15

Assessment Task 2

BSBRSK501B Manage risk

effective method of risk analysis is to generate a risk matrix. A risk

matrix is shown below, where the identified consequence meets the
identified likelihood, a risk rating is given.
Likelihood
CONSEQUENCE
INSIG
NIFIC
ANT
High

MINO
R

MODERA
TE

MAJOR CATASTROP
HIC

High

Extreme

High

High

Moderate

Mediu
m
Low

High

Unlikely
Rare

Low
Low

Mediu
m
Low
Low

Extre
me
Extre
me
Extre
me
High
High

Almost
certain
Likely

Medium
Medium

Extreme
Extreme
Extreme
Extreme
High

The allocation of a risk rating should prompt a decision to be made

about the action to be taken, as below.
Extreme immediate senior management action, e.g. multiple
deaths of employees.
High Action plan needed, allocated responsibilities, e.g. damage to
valuable assets.
Medium Risk requires only monitoring and review, e.g. loss of
assets due to staff theft.
Low Risk accepted but not ignored, e.g. a paper cut.

Priorities
Extreme

Reasons
Banking risk, Keeping cash of
$4000 on the premises is an
extreme risk as there is
possibility for theft and
dangerous to employees.

High

Managers travel risk is a high

risk because of the long drive.
Then, the company has to
substitute for the manager as
well as to do the insurance for
the manager in order to support
the manager.
By-law compliance risk is a
medium risk as it is important to

Medium

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 11 of 15

Assessment Task 2

BSBRSK501B Manage risk

use the water effectively;

otherwise the company will end
up paying the fines up to
$50,000.

D) Options: The options for treating the risk which is likely to be

effective and feasible for the organization are action plan early and
internal control procedures.
The following need to be considered when choosing an appropriate
treatment for a risk: acceptability to all, administration efficiency,
capacity compatibility, continuity of effects, contracts, cost
effectiveness, economic and social environment, equity, individual
freedom, jurisdictional authority, objectives, regulatory, risk creation
and timing.
Develop an action plan for treating risks
Plan Early
Experienced operators know that risk management is a proactive
process. It is not the thing you do when a risk emerges because by
then it may be too late. Effective risk action plans are those that are
part of the operations of the organization.
Problems that start small can escalate into large threats, or a risk
may appear suddenly that threatens the reputation of the entire
organization. Having risk management processes and planning in
place when these happen could stop the escalation and minimize
the impact from the sudden disaster.
The risk action plan outlines how the risk is to be managed and a
timeline for this process to take place. It should include: the risk, risk
rating, treatment activity or controls, roles and responsibilities for
those involved, timeline, and monitoring arrangements.
Internal Control Procedures
Risk Management and Internal Controls The Company is
committed to the identification, monitoring and management of
risks associated with its business activities. Management is
ultimately responsible to the Board for the Companys system of
internal controls and risk management. The Companys risk
management policies and procedures cover regulatory, legal,
property, treasury, financial reporting and internal controls. A clear
organizational structure exists detailing lines of authority and control
responsibilities. Each business unit is responsible and accountable
for implementing procedures and controls to manage risks within its
2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 12 of 15

Assessment Task 2

BSBRSK501B Manage risk

business. Company management has established within its

management and reporting systems a number of risk management
controls. These include:
Formal operating and strategic planning processes for all
businesses within the Company;
Annual budgeting and periodic reporting systems for all businesses
which enable the monitoring of progress against financial and
operational performance targets and metrics and evaluation of
trends;
Guidelines and limits for approval of capital expenditures and
investments;
Policies and procedures for the management of financial risk and
treasury operations; and
Standards of Business Conduct which are applicable to all
employees.
Certain risks cannot be mitigated to an acceptable level by internal
controls. Such risks are transferred to third parties in the
international insurance markets to the extent considered
appropriate. An internal audit function operates under a charter
which defines the purpose, authority and responsibility of the
Corporate Audit Department. The Corporate Audit Departments
mission is to provide an independent, objective assessment of risk
and evaluation of the effectiveness of internal operating and
financial controls within the Companys various operating
businesses. The areas of emphasis for the conduct of the
assessment include the:
appropriateness, efficiency, and effectiveness of the internal
control environment and the susceptibility of that environment, on a
sample basis, to frauds, failures in internal controls, or breaches in
authority;
reliability and integrity of financial and other operating controls;
extent of compliance with Company policies and procedures;
accuracy and integrity of and security over data and information;
accountability for the Companys assets to safeguard against loss;
adequacy of reviews made by the operating companies to ensure
an effective internal controls environment is fostered; and
economy and efficiency with which resources are employed.
The results of each audit and agreed-upon management action plan
are reported on a timely basis to the management responsible for
implementing changes. The Corporate Audit Department reports to
the Companys Audit Committee and meets with them at least four
times a year to review the annual Corporate Audit Plan and the
results of its activities. The activities of the Corporate Audit
Department are separate and distinct from those of the Companys
independent registered public accounting firm. However, active
coordination between the two groups is recognized as essential in
order to maximize the Companys return on investment for audit
services.

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 13 of 15

Assessment Task 2

BSBRSK501B Manage risk

Risk management plan

Risk

Assess Risk
(L, M, H, E)

Controls

Monitoring

Timelines

Responsible

Banking Risk

Extreme

Depositing the
money in the
bank every day.

By getting the
weekly bank
statement

2 weeks

Financial
Controller

Managers Travel
Risk

High

Work should be
finished before
3pm, so that the
manager doesnt
have to drive at
peak hours.

By checking the
meeting times
like what time the
manger is
finishing up the
shift.

1 week

CEO, New Policy

By-law
Compliance Risk

Medium

Educating the
employees about
the effective
usage of water.

By checking the
water usage bills
monthly

1-2 weeks

Goldsmith
Partners,

Familiarise the
employees with
policies and
procedures in
Caf and
educating them
about the right

By checking the
water usage bills
monthly and
supervising the
employees

1-2 weeks

Efficient water
uses

Medium

2012 Innovation and Business Industry Skills Council Ltd

Store Manager

Store manager,
CEO,

1st edition version: 1

Page 14 of 15

Assessment Task 2

BSBRSK501B Manage risk

usage of water

2012 Innovation and Business Industry Skills Council Ltd

1st edition version: 1

Page 15 of 15