Provide answers to all of the questions below:

1.Provide a definition of risk as identified in the Australia/New Zealand Standard for Risk Management (AS/NZS ISO 31000:2009).

Response should broadly cover the following:

The Australia/New Zealand Standard defines a risk for Risk Management (AS/NZS ISO 31000:2009) as the effect of uncertainty on objectives.

2.Explain the purpose of Australia/New Zealand Standard for Risk Management (AS/NZS ISO 31000:2009) and identify the key principles underlying this risk management standard.

Response should broadly cover the following:

The AS/NZS ISO 31000: 2009 provides organisations with principles and general guidelines to be considered when developing risk management frameworks and programs. These are broadly as follows:

Creates value

Integral part of organisational processes

Part of decision making

Explicitly addresses uncertainty

Systematic, structured and timely

Based on the best available information

Tailored

Takes human and cultural factors into account

Transparent and inclusive

Dynamic, iterative and responsive to change

Facilitates continual improvement and enhancement of the organisation

3.Outline at least five benefits of risk management.

Response should include at least five of the following:

minimising potential harm to people, property and equipment

more efficient use of resources

supporting strategic and business planning

promoting continuous improvement

fewer shocks and unwelcome surprises

quick grasp of new opportunities

reassuring stakeholders

4.Outline three general areas of risk for a business.

Response should include at least three of the following:

Financial risks: These risks include both external risks, such as changes in interest rates or commodity prices, and internal risks such as cash flow shortages, customers defaulting on payments, depreciation of assets.

Operational and environmental risks: These risks cover a range of environmental, human, systems and procedural impacts such as illness or retirement of key staff, equipment breakdown, natural disasters and software failures.

Legal risks: These risks include contractual breaches and non-compliance with regulationssuch aschanges to workplace health and safety standards.

Strategic risks: These risks relate to your business strategies such as changes in customer demand, increased competition, adopting new technology and pursuing new business opportunities.

Privacy and information risks: These risks relate to non-compliance with state and national privacy laws on recording, storing and disposing of customer information.

5.Outline three examples of tools or techniques that could be used to identify risks as part of a risk assessment process.

Response should include at least three of the following:

Brainstorming with the team

Risk identification checklists

Scenario analysis to identify possible outcomes

What if analysis to identify potential outcomes

6.Outline three sources of information that can be used to gather information on potential risks within the workplace.

Response should include at least three of the following:

business records

industry practice and experience

legislation

market research

published literature

specialist or expert advice from government agencies and industry associations

7.Outline the key steps involved in a risk management process.

Response should broadly cover the following:

Establishing the context to determine the boundaries within which the risk management framework will operate

risk identification to ensure that all risks are identified

risk analysis to assess the severity and likelihood of the risk

risk evaluation to determine which risks should be treated and priority

risk treatment to identify appropriate control measures

communication and consultation on the risk management process

monitoring and review to determine whether risks still exist or if new risks have arisen.

8.Explain five options for controlling risk.

Response could include the following:

Avoiding the risk - do not take the course of action that involves the risk

Reducing the risk - take action to reduce the likelihood of the risk occurring or the severity of the potential consequences

Transferring the risk - transfer the responsibility for the risk to another party

Financing the risk - cover the financial consequences of risk

Retaining the risk - run the risk that the event may occur and bear the consequences.

9.Outline five ways in which an organisation can minimise risk.

Response should include at least five of the following:

implementation of policies and procedures

quality and compliance processes

staff induction, ongoing training and performance management

ongoing monitoring of risk

continuous improvement processes

implementing quality assurance procedures and systems

10.Outline the requirement under WHS legislation to manage risks.

Response should broadly cover the following:

The WHS Act and Regulations require persons who have a duty to ensure health and safety to 'manage risks' by eliminating health and safety risks so far as is reasonably practicable, and if it is not reasonably practicable to do so, to minimise those risks so far as is reasonably practicable

11.Outline the purpose of auditing risk within an organisation.

Response should broadly cover the following:

Auditing risk focuses on the reviewing the risk management and assurance processes that are in place, rather than the risk management itself.