BSBRSK401 – Treat risks

BSBRSK401 – Treat risks


Element 3 – Treat risks 

This section addresses the following performance criteria:

  • Determine appropriate control measures for risk and assess for strengths and weaknesses
  • Identify control measures for all risks
  • Refer risks relevant to whole of organisation or having an impact beyond work responsibilities and area of operation to others as per established policies and procedures
  • Choose and implement control measures for own area of operation and/or responsibilities
  • Prepare and implement treatment plans


Read through the material and look at the assessment activities,

After learner have read and understood the information provided they should take the opportunity to practise the skills referred to within this section prior to undertaking the assessment activities. Trainers/ assessors should give guidance in this regard.

This will enable learners to build and improve their skills.


Develop objectives

Understanding risk and uncertainty is not enough. Risk management means taking action developing objectives and implementing strategies that will achieve those objectives. Objectives refer to the intended outcomes of the risk management process. Make objectives clear, simple and measurable – in terms of actions, responsibility and time frames. Be prepared to deliver tangible results to critical stakeholders.


  1. What processes and controls currently exist to manage the risks?
  2. What processes and controls are needed to manage the risks?
  3. What performance indicators are currently used to assess the effectiveness of controls?
  4. What performance indicators are needed to assess the success of controls?
  5. Who are the responsible personnel for implementing risk management procedures?
  6. Who are the responsible personnel for monitoring and evaluating risk management procedures?
  7. What resources? (human, technical, financial) are needed?

Operations objectives relate to an organisation’s main goals and the activities – input/output and transformation processes – which directly support them. They should include objectives concerning the design, efficiency and effectiveness of processes and or work. They also need to take into consideration the environment in which the organisation operates, including competitive and quality considerations, and technological implications. These types of objectives play a key role in resource allocation and use.

Financial reporting objectives relate to the support of the issuance of external financial statements and information. They include ensuring the reliability of financial statements and the fair presentation of financial information.

Compliance objectives communicate an organisation’s intention to adhere to the laws and regulations to which it is subject. Some regulations, such as employment regulations, objectives will depend on your industry sector and industry activities.

Following is another example of a risk action plan. Your organisation will develop plans around a format that suits their needs.

Risk Action Plan

  1. For the risk identified and prioritised in Activity 5, develop a method of controlling the risk. If controls for this risk are already in place, assess the efficiency of the current controls and consider improvements to the controls. Explain how you developed the controls and what information sources you accessed in order to design and develop the controls, or their improvement.

Dependent on organisational processes and procedures and on assessment of risk controls already in place.

  1. Draw up an action plan, similar to the one previously, for implementing the risk controls. You might wish to consult with other personnel and managers to gather relevant information. (Your plan should follow the form of an action plan that would be developed by your organisation.)

Action plan determined by participant.

  1. What are the cost associated with controlling the risk?

Answer is dependent on the results of the previous activity and on organisational practice.

  1. What are the projected costs of not managing the risk?

Answer is dependent on the results of the previous activity and on organisational practice.


Risk management options are usually cited as risk handling options – how to best handle the risk – and are integral to the notion of duty of care. Control processes can be subdivided into avoidance, control, assumption, risk transfer, and knowledge and research.


Use an alternate approach that does not carry the risk. This mode is not always an option, and does not act upon the risk itself. However, it is an effective risk management technique if it can be applied, but care must be taken to ensure that the risk is not simply transferred to another section/division or entity.


Control involves developing risk reduction plan, taking action to control, or at the least, minimise, the risk, then tracking the implementation of the plan and adjusting it where necessary. The key aspects control is planning by experienced person or experts in the field.


Accepting the risk and proceeding in spite of it. This can be an option in the situation where the risk poses no immediate threat, in which the impact analysis shows minimal disruption, or where the benefits of the risk outweigh the costs. Constant monitoring is, however, necessary to ensure that changed conditions do not have detrimental effects.

In some circumstances there is an apparent tendency within organisations to gradually let the assumptions of a risk take on the aura of a controlled risk. This is the kind of wrongly conditioned thinking that led, for instance, to the Challenger failure. It does not address problems or provide solutions.

Risk transfer

An attempt to pass the risk to another element of the supply chain, program element or to other stakeholders. For instance, an organisation might attempt to pass risk and responsibility to a contractor, in the attempt to avoid responsibility and/or culpability. Transferring risk is also not truly a control as it does not necessarily solve the problem; it merely moves it further away.

Knowledge and research

This approach to risk management involves intensive study associated with specialised testing to determine causality and impacts. Whilst it does mean that the organisation accepts intellectual ownership of the problem/s in all of their aspects, theoretical, empirical and practical, it is not true risk handling unless the research and knowledge are incorporated into active risk control programs.

Risk control programs can be further developed under the following headings.


  • The hazard is removed from the environment
  • Design processes factor in control and specifications to eliminate hazards
  • The task or process is eliminated to prevent occurrence of the risk


In some cases it might be expedient to replace materials or processes associated with the risk with something less hazardous (eg the replacement of a toxic – use of an organic process rather than a chemical application).


Equipment, work processes, tasks, machinery, plant can be re-designed to reduce or eliminate either work risk or environment risk (safety, waste etc).


Administration processes can be used to redesign and adjust jobs around risk considerations. The administrative function in the organisation is also responsible for the co-ordination, for all employees, of training in risk monitoring and management techniques.

The objectives of a risk management program is to make work, workplaces and work effects safe and to eliminate hazards or at the very least to minimise them to the extent that the risk is acceptable.

To successfully manage risk you need to be aware of several things:

Management must know its job, be credible and provide effective leadership

Risks are often endangered by organisations attempting ventures with elements that push the envelopes of their experience and capabilities.

Ownership of risks is a central issue in risk management

The traditional steps in risk management are actually useful (identification, analysis, planning management and tracking)

The system engineering effort (organisational system) is a key ingredient for a successful risk management program

Controls – performance standards, directions and measures should be clear and communicated to everyone in the organisation

Apathy and evasion will result in litigation, fines and negative publicity

Implementing risk controls

When implementing risk controls:

  • Compare the identified risks with both legal and industry acceptable criteria
  • Prioritise and document intended actions and controls
  • Design and implement risk controls

Prior to planning and implementation of risk controls do the following.

Conduct best practices and benchmark research to determine the methods used by others and those perceived as being the best available. Adapt them, where possible, to your organisation and area of responsibility.

Assess the potential effectiveness and interrelated consequences. It is possible that a new control might actually exacerbate the risk, introduce new hazards to the situation or create hazards in interconnected activities or functions.

Design a monitoring and evaluation function into each control.

Consult with employees for ideas and improvement suggestions.

Communicate proposed controls to affected employees – this communication might take the form of specific training, staff notices or the revision and promulgation of revised standard operating procedures.

Following is an example of a schedule that might be drawn up to document the intended risk treatment. Again, your organisation will use formats that suit its needs.

Risk Treatment Schedule and Plan


Organisations must consider their obligations with regard to the wider range of stakeholders. These stakeholders, as well as we have already seen, include competitors, suppliers, the public, the financial sector, consumer/political lobby groups, trade unions, local state and federal governments, statutory watchdogs and the world in which we all must live. While this means, obviously, adherence to EEO, OHS, anti-discrimination and anti – harassment requirements etc, it also applies to consideration of risk and of social and environmental impact issues.

Both the organisation’s vision and mission statement are an espousal of core values. As such they must be communicated to all employees and the organisation’s actions should directly reflect those core values – ie actions should match the words.

High performance organisations have a clear and communicated picture of what they are trying to create (achieve) and a strong focus on risk management. Risks taken by the organisation must support the vision and mission. Management of potentially destructive risks must also be in line with espoused values.

Effective communication of the vision encourages participation, which in turn, create alignment, so that the organisation’s members help to shape, and therefore commonly own, the shared vision.

The frontline manager’s role includes responsibility for clarifying values, mission and vision, inducting, training, coaching and informing employees of risk situations and risk controls that do, or are likely to, affect their areas of work. They are also responsible for ensuring that the goals and objectives of the organisation and of their team/section/division are neither prevented nor restricted by unexpected problems – hazards.

Shareholders and stakeholders

Public awareness of risk and of environmental considerations has increased owing to media attention and to the immediacy of information access via technological applications (ie the internet, telephone and video conferencing facilities and other instantaneous communication technology.) It is now necessary for organisations to manage a public which has become progressively sceptical about official and company statements regarding financial, environmental and personal safety risk issues. Individuals and groups in society have become more assertive about challenging failures in duty of care and the ethical and environmental interactions of corporations. They are willing to withdraw financial support, in terms of stockholding, purchasing and word of mouth promotion. For all organisations, whether they are industrial, commercial, private or public sector, stakeholder, and in particular, customer needs and expectations, are of paramount importance. Competition for market share means that public and customer approval reflects gently on the organisation’s ability to maintain current business activities and to generate future business opportunities. There are naturally high degrees of risk involved in attempting to look ahead into the future and determine the strategies that will best enable an organisation to sustain its business, yet the inherent risk in business operations must be managed so that both employees and the public can see the match between vision and risk.

An organisation’s attitude toward risk will be evident in its bottom line; not only in terms of direct costs, but in indirect costs also. An organisation that, for instance, takes unsupported risks with shareholder money, has a reputation for unsafe work practices, is perceived as unethical or shows disregard for environmental or resource risks, runs the risk of losing public, supplier and employee support.

Suppliers/supply chain

Your organisation is part of a supply chain – a world-wide network of business entities – suppliers, factories, warehouses, distribution centres, and retailers – through which raw materials are acquired, transformed, and delivered to customers along the chain, until they reach the consumer or end-user. The resources that flow between these various entities, each of which strives for profit maximisation, are materials and information. Supply chains exist in both services and manufacturing organisations, although the complexity of the chain will vary significantly and industry to industry and between organisations.

While the traditional perspective of supply chain management views customers-supplier relationships in terms in both parties competing for profit margins, it is reasonable to consider that suppliers and customers can work in partnerships. Both supplier and customer (in this instance the customer is your organisation) have a vested interest in making the most gain from what they are doing. They also both have a vested interest in continuance and in quality.

You will choose supplies and suppliers on the basis of cost and quality. However, you can also choose to deal with suppliers whose ethical and environmental policies and practices meet those of your organisation. The supplier can be brought into the quality – monitoring loop and this, combined with mutual consideration of risk management, can assure an on-going relationship. Further, it supports your own organisation’s image and adds credibility to your own business practice. Consider the organisation that espouses high environmental values and professes to assist disadvantage people, yet purchases products made in sweatshops where people are exploited and badly treated. How credible is that organisation? What are the risks involved in such an interaction?


The frontline manager, and indeed management at all levels of the organisation, have a responsibility to know, understand and monitor the organisation’s position in the world of business and to effectively communicate this to personnel. They have a responsibility to know and communicate legislative requirements and compliance needs which affect operations and employees. They should also communicate potential risk situations, risk management strategies and contingency plans, applicable within the frontline manager’s work responsibilities and area of operation, so that employees are aware of risk and of the organisation’s needs, should unexpected emergency situations arise.

This includes, among other things:

  • Application of OHS – laws, reporting procedures and safe practice requirements 0 for workers, and as regards interactions with the public
  • Application of equity, fairness and anti-discrimination/harassment legislation, policies and actions
  • Compliance with financial and audit requirements
  • Monitoring of products/services to ensure compliance with (Australian) safety standards
  • Conducting marketing, promotion and sales activities that fall within Fair Trading practice
  • Conducting cost effective marketing, promotion and sales effective campaigns
  • Collecting, recording and utilising information in compliance with the Privacy Act
  • Compliance with any legislation that sets compliance standards with regard to environmental health, monitoring and protection
  • Demonstrating fair treatment of and respect for all the organisation’s employees (this includes fair treatment and fair remuneration)
  • Leading by example to up-hold ethical values which should match the organisation’s vision and mission, and which are acceptable to society at large
  • Ensuring that the organisation’s espouse values match its actions
  • Monitoring and adapting the organisation’s ethical values – and the resultant policies and procedures – to meet the needs of both internal and external environmental sustainability requirements
  • Monitoring resource use so that waste, mistakes and rework are minimised, quality is maintained and product/process risk is minimised

The role of management (including frontline management) involves:

  • Monitoring policies, procedures and practice to ensure that both employees, themselves and the organisation maintain the standards that will up-hold their position in the world of business and ensure risk control.
  • Realising and utilising the links between sustainability, productivity and profitability
  • Making certain that all employees working in or with the organisation understand and comply with their responsibilities in these areas

They key to effective risk management is communication. Communicate, clearly and concisely, the requirements applicable to risk management and contingency plans in specific sections/divisions and with regard, where relevant, to the organisation as a whole. Involve employees in the early identification of hazards and the planning and implementation of risk management strategies.

Effective communication and open, honest exchange of information in a threat free environment, where active contribution is encourage and rewarded will clearly contribute to productivity and to the organisation’s bottom line. It will also motive employees to honestly appraise risk and co-operatively work toward risk minimisation.

Ensure that employees know what the organisation’s goals are and the policies and procedures that support those goals. Ensure that employees understand the organisation’s risk intentions and standards. Goals cannot be achieved, or standards reached, if the people who do the work in the organisation do not know where they are.

Ensure that all employees know any relevant legislation that they are given the training, tools and resources that will allow them to comply with legislative and regulatory requirements as regards risk management.

Explain to employees what is required, how it can be achieved and why it is required. People who understand the reason for doing things have sufficient information to support their actions find it much easier to work toward goals and to achieve objectives.

Provide employees with the necessary information for them to make judgements about the financial activity vitality of their actions and the way in which they use and monitor resources and waste.

Remember that meeting customer expectations, legislation compliance, training for employees, developing and maintaining effective information systems and making certain that polices and work practice are socially

and environmentally acceptable are not costs – they are investments in your future – in the future of your job, your organisation and your world.

Acknowledge and reward employee performance and use performance assessment and counselling as improvement initiatives.

Make employees responsible for their own work and give credence to their ideas and improvement suggestions. Be prepared to consider employee innovations, whilst discussing and evaluating, with the employees, the risks involved:

Methods of conveying information to employees include:

  • Induction
  • Training
  • Coaching
  • Mentoring
  • Providing clear access to policy and procedure documents
  • Special presentations
  • Stop work meetings (in the case of emergency, accident or special circumstance)
  • Team meetings/toolbox meetings
  • Presentations from stakeholders
  • Lobby group information
  • Video presentations – including news bulletins and current affairs programs
  • State of the nation addresses or similar
  • Networking
  • Memos, faxes, emails
  • Newsletters
  • Supplier/manufacturer brochures and reports
  • Annual reports
  • Budgets – budget meetings
  • Formal and informal conversations
  • Formal performance assessments
  • Performance counselling
  • Posters and displays of statistical analysis (performance, OHS ad environmental monitoring)
  • Providing copies of government and legislative documents

Remember also that in order to achieve, risks must be taken

Mistakes and experimentation are necessary.

Mistakes, but not repeat mistakes can be used as learning opportunities.

By what means are employees in your organisation made aware of:

  1. The organisation’s risk management polices and procedures?

Dependent on organisational procedures.

  1. Australian and international standards for risk management?

Dependent on organisational procedures.

  1. Legislative and regulatory requirements regarding environmental interation?

Dependent on organisational procedures.

  1. Legislative and regulatory requirements regarding risk management?

Dependent on organisational procedures.

  1. Occupational Health and Safety needs and their potential impact on both internal and external environments?

Dependent on organisational procedures.

  1. Waste and waste management procedures in the organisation, and their match with legislation and cost factors?

Dependent on organisational procedures.

  1. Do you believe that you and the people you manage or supervise have sufficient information about the risks associated with your area of operations, and that the communication procedures employed to disseminate this information are effective? Explain

Dependent on organisational procedures and participant perceptions.

  1. How can you test your knowledge and that of the organisation’s employees, regarding risks and risk management applicable to their area of responsibility, to determine whether it is sufficient?
  • Observation of work practice
  • Performance evaluations
  • Surveys
  • Questionnaires
  • Peer and supervisor reports
  • Test-written/verbal, formal or informal
  1. What can be done to improve the communication and information dissemination process?

Dependent on organisational procedures and participant perceptions.


Regardless of industry sector, operations function and product/service, the process of planning to manage risk is the same as for that of planning any organisational activity:

  • Identify what you want to achieve – goals
  • Decide how you will achieve your goals – vision, mission, policies, procedures, legislation
  • Gain agreement
  • Break down foals into sub-goals and develop action plans
  • Communicate goal, targets and objectives
  • Design processes, operations and controls
  • Commit to action
  • Monitor, evaluate and assess success

Planning mechanisms related to risk control include:

  • Budgets and forecasts
  • Capacity planning
  • Manufacturing design and operations planning
  • Control processes