The document discusses risk management processes including identifying risks, analyzing risks, treating risks, and monitoring risk treatments. It provides examples of common organizational risks and methods for identifying, analyzing, and managing risks. Key steps include brainstorming potential risks, assessing likelihood and impact, prioritizing risks, establishing risk treatments, and regularly reviewing risks and treatments for effectiveness.

1. IDENTIFY RISK AND
APPLY RISK
MANAGEMENT
PROCESSES
h"p://www.flickr.com/photos/cswc/6552142213/

2. Unit Competencies
BSBRSK401A
Identify risk and apply risk management
processes
Identify risks
Analyse and evaluate risks
Treat risks
Monitor and review effectiveness of
risk treatment/s
h"p://www.flickr.com/photos/sportrait/3393579769/

3. Learning Objectives
At the conclusion of this module,
you will be better able to:
Identify risks in a diverse range of
organisational activities
Develop collaborative strategies to
evaluate and mitigate risks
Implement continuous improvement
processes to deal more effectively
with identification, analysis and
mitigation strategies for
organisational risks
h"p-­‐//www.flickr.com/photos/ter-­‐burg/8127175006/
h"p://www.flickr.com/photos/leehaywood/4215672566/

4. It can be a Risky
Business Sometimes
h"p://www.flickr.com/photos/geoliv/11313734716/

5. RISK
is the possibility of events
that may impact
organisational objectives

6. h"p://www.flickr.com/photos/elvire-­‐r/2451784799/
You cannot live your life without risks

7. Some pay off – big time!!!!
h"p://www.flickr.com/photos/geishaboy500/3994803605/

8. Whilst others – not so well!!!!!
h"p://www.flickr.com/photos/darrenkw/7728088440/

9. LIFE
cannot be lived
without risk

10. h"p://www.flickr.com/photos/foshydog/4780493128/
We are all Risk Managers

11. h"p://www.flickr.com/photos/ejazasi/253032421/
Sometimes we understand and accept risk

12. h"p://www.flickr.com/photos/dvids/2881216357/
At other times we take large precautions

13. Despite our efforts
it remains impossible to
ELIMINATE
EVERY RISK

14. RISKS
are everywhere
Health and wellbeing
Job security and payments
Financial arrangements
Relationships
Natural disasters
Rules and regulations
Deliveries and traffic
Disease and accidents
Misadventure and crime
Infrastructure failure
…………………
…………………
…………………

15. Identifying Risks
h"p://www.flickr.com/photos/geoliv/11313734716/

16. h"p://www.flickr.com/photos/12023825@N04/2898021822/
You need to look for risks

17. Look for risks to your
STRATEGIC
PLANS

18. Look for risks to your
OPERATIONAL
PLANS

19. Organisational risks
generally relate to
FINANCIAL
OPERATIONAL &
ENVIRONMENTAL
External risks such as
interest rates,
commodity prices
LEGAL
Internal risks such as
customer payments,
cash flow, asset
depreciation
STRATEGIC
PRIVACY &
INFORMATION

20. Organisational risks
generally relate to
FINANCIAL
OPERATIONAL &
ENVIRONMENTAL
LEGAL
STRATEGIC
PRIVACY &
INFORMATION
Risks such as illness,
retirement, staff
turnover, equipment
breakdowns, systems
failures, natural
disasters

21. Organisational risks
generally relate to
FINANCIAL
OPERATIONAL &
ENVIRONMENTAL
LEGAL
STRATEGIC
PRIVACY &
INFORMATION
Risks such contract
disputes, non
compliance with legal
requirements (WHS
standards, FairWork
Aust, etc)

22. Organisational risks
generally relate to
FINANCIAL
OPERATIONAL &
ENVIRONMENTAL
LEGAL
STRATEGIC
PRIVACY &
INFORMATION
Risks such as changes
in customer demand,
increased competition,
new technologies and
business development
opportunities

23. Organisational risks
generally relate to
FINANCIAL
OPERATIONAL &
ENVIRONMENTAL
LEGAL
STRATEGIC
PRIVACY &
INFORMATION
Risks such as noncompliance with state
and national privacy
laws on recording,
storing and disposing
of customer
information

24. h"p://www.flickr.com/photos/sonson/422595428/
Brainstorming sessions

25. review your business plan
and ask as many
WHAT IF?
questions as you can

26. Flow charting to remove gaps and overlaps
h"p://www.flickr.com/photos/jpaxonreyes/6284836564/

27. Analyse a wide range of
possible future events
and their outcomes
SCENARIO ANALYSIS
economic, political,
legislative and operating
scenarios

28. h"p://www.flickr.com/photos/betobaibich/206960384/
Get out of the office and observe
Ask questions and
listen to people
What are they
thinking?
YOUR TEAM
CUSTOMERS
SUPPLIERS
COMPETITORS
NETWORK

29. When, where, why, and how
are risks likely to occur
in this organisation?
Are the risks internal,
external or random?
Who might be involved or
affected if this occurs?

30. ISSUES ARE
NOT RISKS
…but failing to address
them may be
VERY RISKY

31. Analysing Risks
h"p://www.flickr.com/photos/geoliv/11313734716/

32. What is the likelihood?
What is the predicted outcome?

33. 1
VERY LIKELY
2
LIKELY
3
UNLIKELY
4
HIGHLY UNLIKELY
(could happen frequently)
(could happen, but not frequently)
(could happen, but only rarely)
(could happen, but probably never will)

34. 1
CATASTROPHIC
2
MAJOR
3
MODERATE
4
MINOR
(may ruin the organisation)
(business plans may fail)
(plans may need to be modified )
(can be absorbed - inconvenient)

35. 1
ENORMOUS
2
MAJOR
3
MODERATE
4
MINOR
(may transform the organisation)
(may transform a department)
(may exceed business planning)
(swings and roundabouts)

36. Risk
Number
Very Likely
(4)
Likely
(3)
Unlikely
(2)
Very Unlikely
(1)
Catastrophic
(4)
High
(16)
High
(12)
Medium
(8)
Low
(4)
11+
Urgent
Remedy
Major
(3)
High
(12)
Medium
(9)
Medium
(6)
Low
(3)
6 – 10
Needs
Action
Moderate
(2)
Medium
(8)
Medium
(6)
Low
(4)
Low
(2)
1–5
No Action
Minor
(1)
Low
(4)
Low
(3)
Low
(2)
Low
(1)

37. h"p://www.flickr.com/photos/dtpancio/7443265772/
We all have our own biases – but you must
deal with the facts and remain objective

38. h"p://www.flickr.com/photos/bilfinger/8271241613/
Who needs to to be involved?
Who needs to be consulted?
Who needs to be informed?

39. What stakeholders need to be
involved in assessing the risk
Interest levels
Subject matter expertise
Those involved in the activity
Those that may be
impacted downstream
Those that are upstream
that may need to adjust

40. Your team
Other departments
Customers
Suppliers
Consultants
Statutory bodies
Industry groups

41. Consultative risk analysis
Delivers far more
predictable outcomes

42. h"p://www.flickr.com/photos/eirikso/2217301198/
I hadn’t been paid for two years
of work in starting Flickr, and
we were running out of money.
The only guy getting paid on
a consistent basis was the guy
with three kids.
We mortgaged our house to put
money back into the company.
So it was both a personal and
professional risk.
It could have gone either way.

43. Less than six months
after mortgaging their home
Caterina Fake and her
husband Stewart Butterfield
(Flickr co-founders)
SOLD FOR $50M
Happily – they were able
to repay their mortgage

44. h"p-­‐//www.flickr.com/photos/osde-­‐info/5598738692/
Apple have sold more than 84 million in 3 years

45. h"p://www.flickr.com/photos/newtown_grafiO/4843514662/
Tablets have become
a huge market
People have often queued for hours
Demand has, at times, outstripped supply

46. Many industry analysts predict
tablets to “take over” from
desktop and laptop computers
Microsoft was so confident
about the market sector that it
developed the “Surface” tablet
Risking significant damage to
relationships with it’s traditional
hardware partners

47. h"p://www.flickr.com/photos/13815526@N02/7796228354/
In July 2013, Microsoft announced a $900M
write-down for unsold stocks

48. h"p://www.flickr.com/photos/g_jewels/4465732486/
Historical information can provide great
insights into “What might go wrong”

49. Managing Risks
h"p://www.flickr.com/photos/geoliv/11313734716/

50. Risk
Number
Very Likely
(4)
Likely
(3)
Unlikely
(2)
Very Unlikely
(1)
Catastrophic
(4)
High
(16)
High
(12)
Medium
(8)
Low
(4)
11+
Urgent
Remedy
Major
(3)
High
(12)
Medium
(9)
Medium
(6)
Low
(3)
6 – 10
Needs
Action
Moderate
(2)
Medium
(8)
Medium
(6)
Low
(4)
Low
(2)
1–5
No Action
Minor
(1)
Low
(4)
Low
(3)
Low
(2)
Low
(1)

51. Organisations take steps to
MANAGE RISKS
that they assess as
requiring attention

52. They establish
CONTINGENCIES
for instances that the
risk may occur

53. They conduct regular
AUDITS
To ensure they are complying
with proper standards

54. FINANCIAL RISK
is often managed with
insurances or guarantees
many organisations look
to assign to or share
risk with others

55. WORKPLACE SAFETY
has a very strong
process following
“Hierarchy of Controls”

56. Adopting processes and
training & development
to ensure team members
are competent and informed

57. Governance processes to ensure
issues dealt with at the right level
Procurement processes that include
“rise and fall”, alternative suppliers
enforceable terms and conditions
Marketing resources keep connected
with customer needs and trends
Relationships that focus on
innovations and technology
Business systems that protect
and back-up valuable data
Disaster recovery plans

58. RISK REGISTERS
are designed to maintain a list of
all known risks and their
respective treatments

59. CONTROL MEASURES
are the measures that need to be
designed or established to validate the
effectiveness of the treatment

60. h"p://www.flickr.com/photos/zengei/6957553864/
Hard measures are the most reliable

61. h"p://www.flickr.com/photos/jansco"nelson/3364705313/
Soft measures need to be interpreted

62. h"p://www.flickr.com/photos/look_ma_im_flying_pictures/3714888958/
Without effective measures
How will you know
what to look for?
How things are
progressing?
When to make
adjustments

63. We need to set
measures for the
COST OF RISK
TREATMENTS
and
PREDICTED
BENEFIT

64. In 2010, volcanic ash from Iceland
cost the airline industry $3.6b
How could they have better managed the risk

65. Monitor Risk
Management
h"p://www.flickr.com/photos/geoliv/11313734716/

66. Are the risk
treatments working?
are they having the
desired effect?
are there impacts that
were not considered?
are there adjustments
that are required?

67. h"p://www.flickr.com/photos/cuckove/3307152002/
Things can change
VERY RAPIDLY

68. h"p://www.flickr.com/photos/theaterculture/3789545290/
The butterfly effect

69. h"p://www.flickr.com/photos/theaterculture/3789545290/
What impacts
may occur?
There may be downstream impacts
that you didn’t consider
THE BUTTERFLY EFFECT

70. Review all risks regularly
Risks not considered to be
serious enough to manage can
become high priority
when circumstances change

71. How are we
tracking on the
cost of the
risk controls?
Are the agreed
controls providing
the predicted result?
Do we need to make
adjustments?

72. h"p://www.flickr.com/photos/jugrote/2296138797/
WHEN THINGS ARE NOT
GOING AS PLANNED
DON’T PANIC!!!
STAY OBJECTIVE & WORK
THROUGH THE PROBLEMS –
DON’T MAKE THEM WORSE

73. Reviewing Effectiveness
and Learning Outcomes
h"p://www.flickr.com/photos/geoliv/11313734716/

74. DEAL WITH FACTUAL
INFORMATION FIRST
Only when you have all the facts
do you commence interpreting

75. Did we execute
what we planned?
What changed and why?
What did the risk treatments cost?
Did the treatment deliver the
anticipated result?
What were the unintended impacts?

76. Did we identify the correct risks?
Did we analyse them properly?
Did we get the right stakeholders
involved?
Were the risk treatments appropriate?
Did we manage the process
effectively?

77. Identification
Analysis
Treatment
Management

78. What have we learned?
What do we need to
do differently next time?