1

BSBOPS504
Manage Business Risk

Section 3: Knowledge Requirement

Ans1: Section 19 of the Work Health and Safety Act 2011 set out statutory duties that apply

to an organisation for observing ‘duty of care’ for its workers. Work health and safety rules

impose obligations on employers, enterprises, and anybody else who qualifies as a "person

conducting a business or activity" (PCBU). Some responsibilities includes:

● adopting health and safety processes and programmes, as well as adhering to all legal

obligations for health and safety.

● Making ensuring that no work poses a risk to the health or safety of the workers by

planning to complete all tasks safely

● determining the health and safety training needed for a particular activity and ensuring

that employees receive the proper and relevant safety training

● workers' opinions on health and safety.

Ans2. Thorough compliance management strategy includes effective handling of

non-compliance incidents as a critical component.

● Taking all claims seriously,

● conducting prompt, thorough investigations,

● impartially evaluating the evidence,

● imposing appropriate reprimands and punishments.

Ans.3. 7 key elements are explained below:-

 2

1. Clarify the situation: Setting the context entails organising the remaining steps of the

procedure, including the exercise's parameters, the identities and goals of the

stakeholders, the criteria used to assess risks, as well as setting the process' framework

and agenda for identification and analysis.

2. Identifying: Identification of risks necessitates knowledge of the organisation, the

market in which it competes, the legal, social, economic, political, and climatic

environments in which it operates, its financial strengths and weaknesses, its

susceptibility to unforeseen losses, the manufacturing processes, and the management

systems and business mechanisms by which it operates.

3. Evaluating: To appropriately prioritise the implementation of the risk management

strategy during the assessment phase, it is essential to make the most educated

assumptions feasible.

4. Potentially treating risks: Risks should be properly analysed and treated in the best

possible manner.

5. Set up the strategy: A schedule for control implementation and the individuals in

charge of those actions should be included in a strong risk management plan.

6. Implementation: Adhere to every planned strategy for reducing the impact of the

risks.

7. Plan review and assessment: Changes in the plan will be necessary as a consequence

of practise, experience, and real loss results. These factors will also give information

that could help with alternative decision-making in coping with the risks being

encountered. Results of risk analyses and management plans should be updated on a

regular basis.

Ans4. 3 risks that apply to managing document and storage are explained below:-
 3

1. Not enough room for storing: Companies frequently struggle to decide which files to

preserve because storage space is expensive and restricted.

2. Rules and regulations not being followed: The risk of records management being

compliant with laws like HIPAA or SOX is one of the most serious. The

consequences for the business and its employees if these rules are broken might be

catastrophic.

3. Deletion by Accident:- The prevention of unintentional or intentional record deletion.

In order to prevent accidental record deletion, this can be accomplished by automating

the deletion procedure.

Ans.5. Six key elements are discussed below:-

Elements Description

Identify Risk In order to help decision-makers develop

effective risk responses, an enterprise risk

assessment process identifies and prioritises

the risks that the company faces. This

process also provides quality inputs, such as

knowledge of the capabilities currently in

place for managing priority risks, to help

them make informed decisions.

Source Risk It is simpler to design risk metrics and

preventative risk responses at the source if

management is aware of the risk drivers.

 4

Measure Risk The development of quantitative and

qualitative risk measures is a frequent

technique to increase transparency because

not all risks can be quantified.

Evaluate Risk The following stage involves management

picking the best risk response based on the

prioritised risks identified, their drivers or

root causes, and their susceptibility to

measurement.

Mitigate Risk Management determines any gaps in risk

management capabilities and fills those gaps

as necessary to accomplish the risk

response, depending on the risk response

option. It is important to keep track of how

effective risk reduction measures are over

time.

Monitor Risk For the purpose of building a risk

management dashboard or scorecard that

risk owners, unit managers, and executive

management may utilise, models, risk

analytics, and web-enabled technologies

enable the aggregation of risk information

using common data elements.

 5

Ans.6. Business risks and its potential impact on business

Type of business risk Definition How the risk may impact

business

Economic Economic risk is the risk It leads to downfall of

exposure associated with an business, sometimes

investment made in a temporarily but in some

foreign nation as a result of cases, permanently.

shifting business conditions,

the unfavourable impact of

macroeconomic factors like

government policies or the

fall of the present

government, and a

substantial swing in

exchange rates.

Compliance Infractions of laws, rules, It might have an impact on

conduct codes, or its earnings, which might

organisational standards of result in a loss of credibility,

behaviour pose a harm to a of business chances, and of

company's bottom line, market value.

organisational health, or

reputation. This is known as

compliance risk.
 6

IT security The possibility of illegal Your company could suffer

access, use, disclosure, severe losses as a result of a

disruption, alteration, or successful cyberattack. It

destruction of information may have an impact on your

and/or information systems financial situation as well as

poses a risk to organisational the reputation of your

operations (including company and customer

mission, functions, image, confidence.

and reputation),

organisational assets, and

personnel.

Financial The ability of your company It may cause interested

to control its debt and fulfil parties to lose money.

its financial commitments is

referred to as financial risk.

This kind of risk often

develops as a result of

market instability, losses, or

changes in stock prices,

currencies, interest rates, etc.

Sales Forecasting Sales forecasting is the While forecasting lessens

practice of estimating future uncertainty, it also increases

income by projecting how the danger of having too

 7

much a sales unit—which much inventory, making less

can be a single salesperson, money, or other unique

a sales team, or an entire concerns.

company—will sell over the

course of the upcoming

week, month, quarter, or

year.

Ans.7. Definitions for treating risks

Options for treating risks Definitions

Risk avoidance Eliminating risks, exposures, and activities

that could harm a company's assets and

operations is known as risk avoidance.

Risk reduction Risk reduction, commonly referred to as

loss control, refers to actions taken to lessen

the frequency or severity of losses.

Risk sharing Risk sharing entails the division of

premiums and losses among a group of

policyholders in accordance with a

predetermined formula. If there is no

correlation between the premiums paid into

 8

a captive and the policyholder, the risk is

seen as shared.

Risk acceptance When a company or person recognises that

the possible loss from a risk is not sufficient

to justify spending money to avoid it, this is

known as accepting risk or risk acceptance.

Ans.8. 3 strategies to monitor and implement risk management in a workplace are given

below:-

1. Risk assessment

2. Risk Audit

3. Technical performance measurement

Ans.9. Guidelines for managing risk that companies confront are provided by ISO

31000:2018. Any organisation's context and use of these rules can be catered to. Without

regard to industry or sector, ISO 31000:2018 offers a general method for handling any kind of

risk.

Ans.10. 8 risk management principles that relate to ISO31000:2018 Risk management

guidelines are defined below:-

Principles Description

1. Integrated Risk management is integrated into the

organisation's core functions and procedures

 9

and influences every department's

decision-making.

2. Structured and Comprehensive A systematic approach to risk management

promotes effectiveness, consistency, and

understanding among all parties involved

within the company.

3. Customised For a business to achieve its goals, risk

management practices must be customised

to the internal and external context of the

firm.

4. Inclusive By including stakeholders, it is possible to

take into account their knowledge and

opinions, ensuring that risk management is

current and pertinent.

5. Dynamic An organisation's context and knowledge

should be recognised as dynamic and

subject to change.

To keep up with change and sustain

effectiveness, risk management must adapt

quickly.

6. Best Available Information While an organisation will never have all

the information required, it must respond

 10

when it has the best data available.

Information from the past and the present,

as well as their limits, must be considered.

7. Human and Cultural Factors To achieve, or hinder, the business's goals,

risk management must take into account the

organisation's capabilities as well as the

goals of the individuals inside and around it.

8. Continual Improvement The organisation's resilience is ensured by

continuous learning from experience.

Ans.11. 3 components of risk management outlined in are:

Type of component Purpose

1. Risk management and analysis In order to preserve assets, enhance

decision-making, and maximise operational

efficiency across the board, an

organisation's risks must be effectively

assessed and analysed. This can result in

cost, time, and resource savings.

2. Risk evaluation An organisation's existing risk criteria are

compared against estimated hazards in a

risk review.
 11

3. Risk treatment Risk management is the practice of putting

policies and processes in place that will

assist people avoid or reduce hazards. Risk

transfer and risk financing are included in

the treatment of risk.

Ans.12. The risk's implications can be evaluated by giving it a probability. You may get an

idea of how serious a danger is by multiplying its likelihood by its unfavourable effects. This

is how probability is used as a risk management tool.

Ans.13. By calculating the probability that is multiplied by the hazard of occurrences to

calculate risk, the event tree analysis can be utilised in risk assessments. Event Tree Analysis

makes it simple to determine which system's pathway has the highest likelihood of failing.

Ans.14. In addition to assisting businesses in analysing the state of the market, PESTLE

analysis can also be a component of the diligence check as a proactive risk analysis. A

number of nations are involved in production and selling along supply chains, which

frequently form large networks, especially in an era of globalisation.

Ans.15. 3 steps to establish the context in which the risk management process can take place

are:

1. Break the huge picture down.

2. Speak with a professional.

3. Conduct internal and external research

 12

Ans.16. Any risk evaluation's primary goal is to prevent risks. Control measures should be

implemented after identifying hazards and analysing the risks they pose because it is the

obligation of employers to mitigate or eliminate risks in the workplace.

TASK-1: Report on Risk

To be submitted:

1. Risk review report

2. Email communication to stakeholders

3. Summary notes from consultation with CEO

 13

Risk Review Report

 14

Table of Contents
 15

Company Overview

Australian company MacVille specialises in providing coffee. The business imports coffee and

provides cafes and restaurants with premium coffee that has been produced and delivered in accordance with the

highest social and environmental standards. MacVille hopes to become Australia's top coffee supplier for

upscale cafes and eateries within the next five years.

Background Analysis of Risks

MacVille pvt. Ltd. wants to expand its operation in Queensland with purchase and re-branding of a cafe in

Toowoomba,West of Brisbane after its great success in the Central Business Districts of Brisbane and Sydney.

There are so many potential risks that might occur at the time of takeover. These threats need to be identified

and eliminated on a prior basis to avoid further damage.

Stakeholders involved and their role

List of Stakeholders Role

CEO- Paula Kinski Assigning the tasks and monitoring

Assistant Manager- Ash Prepare Risk review report

James Mansfield Current senior supervisor, answering queries and

providing necessary information.

Ron Langfold Landlord, informing about laws, rules and

regulations that need to be followed.

FARM Committee Discuss relevant issues and problem solving

Employees Accountable and Responsible towards the company

Potential Operational Risks and their impacts

Operational Risks Impacts

 16

Far Location 1. It will hinder delivering fresh food on time.

2. Time taking journey.

Lack of proper equipments 1. Improper food preparation

2. May lead to wastage

Absence of safety and security 1. Attract thieves

2. Financial loss

Unavailability of Medical safety 1. Loss of life

kits 2. Contamination of food

Uninterested Staff members 1. Loss of reputation

2. Damage customer-manager relationship

Positive points for Business Expansion

● Opportunities for opening more cafes in future

● Business favouring laws to be implemented in Toowoomba soon.

● Good logistics support

● Great ambience.

● Presence of International chain

Risk review and Analysis

Potential operational risks pose a threat to expansion. But considering positive points for business expansion,

risks can be eliminated on a prior basis. Some suggestions to improve infrastructure are:-

● Improving security system by controlling, monitoring and recording

● Rules should be made to comply with safety standards

● Policies and rules should be written to avoid confusion and non-compliance

● Establishing a professional business culture

● Review meetings to discuss various dimensions

Email communication to Stakeholders

 17

From: abcMacVille@[Link]

To:xyzStakeholder@[Link]

Subject: To discuss about business expansion in Toowoomba

Dear Stakeholder

It gives me immense pleasure to welcome you on board. Congratulations.

As a part of the team, we need to come together and discuss jointly about the expansion of the cafe in

Toowoomba. A meeting will be held on 18.10.2022 in the office where your presence is highly solicited.

Agenda for the meeting is to discuss potential operational risks and its elimination at the time of takeover. As a

stakeholder, your opinion matters a lot. We request you to collect related information that will be discussed in

the meeting.

Regards

Summary Notes from the consultation with CEO

● Risk review report was presented in the meeting.

● Potential risks and its impacts on the business were discussed.

● Financial losses and gains were discussed.

● Risk management process and plans were discussed.

● Financial assistance to revamp infrastructure was talked upon.

● How to increase participation in eliminating and preventing risks were considered and plans were

made.

● Major policies were discussed and positive points for business expansion were talked through.

TASK 2:- Analyze and Treat Risk

To be submitted:-
 18

1. Risk analysis Report

2. Complete Risk management Action Plan.

3. Implement One Risk treatment

Part A:-

[Link] Analysis Report

This risk assessment report lists potential threats and weaknesses that could affect.

Additionally, it determines the overall risk level, evaluates the effect of these threats and

vulnerabilities, and estimates the possibility that a vulnerability can be exploited. Three steps

make up the process: risk assessment, risk management, and risk communication. Risk

assessment is a method based on science and includes the following steps: Risk

characterization, exposure assessment, hazard identification, hazard characterization, and

hazard characterisation.

Identified Likelihood Consequence Risk Matrix Treatment Effectiveness

Risks of risks options and
occurring feasibility

Far Location 3 4 12 Increase the This will

number of lead to easily
delivery reaching
people. customers.

Allow
delivery only
for nearby
locations.
 19

Lack of 4 3 12 Provide This will

proper equipment. help ease the
equipments work.
Training
should be
given to
efficiently
use and
protect
equipment
from
damage.

Absence of 4 4 16 Install This will

safety and cameras help in
security protecting
Recruit the cafe from
security theft.
guards.

Unavailabilit 5 5 25 Provide This will

y of Medical medical help in
safety kits safety kits. reducing
health
WHS rules hazards.
should be
followed.

Uninterested 3 3 9 Proper This will

Staff training. lead to better
members coordination
Engage them and
in activities. communicati
on among
employees.

Unregulated 3 3 9 Draft proper This will

business rules and help in
environment regulations. proper
reviewing
Monitor and
compliance. following
rules.

Lack of 4 4 16 Improve This will

proper facilities. help in
infrastructur grabbing the
e Add attention of
something customers.
new to
 20

attract
customers.

2. Risk management Action Plan.

Risks Action to be When? Responsible Status

taken person

Far Location Recruitment of 24.08.2022 HR Work in

more delivery progress

people

Lack of proper Provide good 31.08.2022 Manager Action taken

equipments quality

equipments

Lack of safety Installation of 10.09.2022 Manager Action taken

and security CCTV cameras

Absence of Provide proper 18.09.2022 Manager Action taken

medical kits medical kits

Uninterested Organising 20.09.2022 Manager To be held twice

Staff members activities and in a month

seminars

Unregulated Written rules 28.09.2022 CEO Work in

business and regulations progress

 21

environment and monitoring

Lack of proper Revamp 3.10.2022 CEO Work in

infrastructure infrastructure progress

and interior

design

Part B: Implement one risk treatment plan

Step 1: Establish the context (Safety and Security)

Step 2: Identify risk (Lack of proper safety and security may lead to theft)

Step 3: Analyse the risk (This will lead to financial loss and also loss of reputation in the

market)

Step 4: Evaluate the risk (After communicating with stakeholders, measures should be

taken to provide a safe and secure environment to employees and customers. )

Step 5: Treat the risk (After proper evaluation, risk should be treated properly. Measures

should be taken to install CCTV cameras everywhere,any suspicious activity needs to be

reported and a security guard should be recruited to keep a check on everything.)

TASK 3: Monitor Risk and Evaluate process

To be submitted: A written report to CEO

 22

Risk monitoring report

Identified Risks Plan Implementation Outcome Evaluation

(Risk

assessment

matrix)

Far location Increase the Recruit more Risk reduced 9

number of delivery people.

delivery people.

Lack of proper Provide Good quality Risk reduced 9

equipment equipment and equipment

training should provided.

be given to

efficiently use

and protect

equipment from

damage.

Lack of safety Increase Cameras Risk reduced 14

and security security installed

Recruitment of

security guard

Absence of Provide medical Proper medical Risk reduced 15

 23

medical kits safety kits kits provided.

Uninterested Engage them in Activities and Risk reduced 6

Staff members activities seminars to be

organised twice

a month.

Poor Revamp and Contract given Risk reduced 14

infrastructure redesign to a company to

revamp and

redesign

TASK 4: Lead the assessment process

To be submitted: Risk assessment process checklist

Risk assessment process Checklist

Assessment Location of Date of Equipment Roles Actions

process assessment assessment and materials required

required

Identificatio Toowoomba 2.09.2022 Risk register Manager Preparation

n of hazard of list of

hazards
 24

Assessment Toowoomba 5.09.2022 Root cause Assistant Detailed

of risk analysis manager study of

risks

Risk control Toowoomba 10.09.2022 Risk impact Assistant Preparation

matrix manager of risk

control plan

Record your Toowoomba 17.09.2022 Risk data Assistant Preparation

findings quality manager of checklist

assessment

Review Risk Toowoomba 22.09.2022 Risk Assistant Monitoring,

control assessment manager inspection

report and regular

meetings