You are a risk manager working for a firm of risk management consultants. Choose one of the
following businesses for this assignment. Do not choose the same organisation or a closely related
organisation to the one you investigated in the Research Assignment.
Insulation installation in residential buildings
Or Gourmet cake producers
Or Registered real estate valuers
Or Editorial services for academic authors
Or Children?s dance classes
Specify your choice on the title page of your assignment and the name of the business.
After choosing your new client business, you are briefed as follows:
1. The client requires you to perform a Preliminary Risk Assessment of the typical risks a
business of its type (industry, size, location, and so on) would be exposed to, and to explain
your interim findings to management when you visit the client?s workplace next month.
You will perform a thorough workplace-specific assessment when you visit, but at this
preliminary stage you will independently research a range of risks that are typical of this
business so that you can ?hit the ground running? when you arrive.
2. The only information you can obtain about the client is that its size, structure and operating
methods are considered average for its type of business. In addition the business does not yet
have any risk management system in place, and is not taking any conscious action to manage
Management and staff do not know how to help you, and cannot provide you with any
information about what should be done. Therefore, you will not consult with the client until
after you meet to explain the process and present your interim findings next month.
3.Every member of the client organisation recognises a need for a safe and sound workplace,
and has pledged to be supportive of change, but they are very reliant on you for guidance.
Your employer insists that:
? Your work is carried out in accordance with AS/NZS 5050:2010 Business Continuity ?
Managing disruption-related risk, AS/NZS ISO 31000:2009 Risk Management ? Principles
and guidelines, and HB 436:2004 Risk Management Guidelines. Therefore, you are to ensure
that all parts of this Risk Assessment are consistent with the content and spirit of these
You approach your work by considering risks generic to all workplaces (eg: Work Health and
Safety (was OH&S until recently)), and risks generally associated with the industry you are
entering, with a particular emphasis on operational risks.
Given the limited client information available, you must justify every assumption.
YOUR REPORT WILL CONSIST OF TWO PARTS, PREPARED SIMULTANEOUSLY:
Part 1, an Analytical Report, is effectively a professional journal, wherein you record your
progress for each of the nine steps listed. The Report/Journal must be professionally presented.
The steps in Part 1 below guide you through the process of compiling your Part 2 risk
management documentation. The two parts of this assignment are interrelated and should not be
prepared in isolation.
Your actual risk data, and all the supporting measurement/prevention/response/etc. information
and references, should be added to the Part 2 documents as you proceed through the steps in Part 1.
The following table sets out the structure to be followed, and provides a guide to help you
complete your assignment.
Part 1 ? Analytical Report
(Use standard Harvard in-text referencing.)
1) Consider the core activities your client would
undertake to meet its operational objectives.
Use this information to guide your search of
publicly accessible information about your
(imaginary) client and its industry to identify
as many relevant risk categories as possible.
In your report, explain how you go about
identifying and gathering the category and
risk information you present in the Register.
2) Sometimes information which is both relevant
and reliable is not available for both the
timing/likelihood of a particular risk event, and
its potential impact. Explain any
measurement difficulties you perceive for
your 10 operational risks, if/how such
difficulties affect the measurements you have
determined, and how you suggest these
difficulties could be overcome.
3) Adopt/adapt/compile a risk matrix, and
explain how the chosen risk matrix is useful
for prioritising. Provide an illustrative
example in the context of your business.
If you have quantified any measures, identify
a loss tolerance system (appropriate to your
client?s business type and probable size), and
explain how it is useful for prioritising.
4) From the work you have completed so far, list
in your report the two (2) highest priority risks
you have identified. You will probably have to
make choices between similar risk ratings, so
justify your priority decisions.
5) Review publicly accessible information to
establish how your client could treat
(avoiding, accepting or different ways of
mitigating, etc) each of these two risks.
Consider residual risk.
6) You may be able to identify several
alternatives applicable to an individual risk.
In these instances, discuss the alternatives,
and justify your accept/reject choices.
7) Make recommendations about how to
manage the two highest priority risks and
justify your recommendations with reference
to existing regulatory, quantitative and
qualitative information relevant to those risks,
and consider the costs and benefits
associated with your choices.
Consider practicalities: How will your client
implement your recommendations?
8) Recommend means of monitoring and
evaluating the success of your client?s risk
management system over the next one year
period. That is, how can your client know
whether each of the two top priority risks is
being managed well?
9) Identify means for your employer to monitor
and evaluate whether you are a good risk
manager. ie: How can (s)he know whether
you are effectively helping the client?
Part 2 ? Risk Documentation
(Use footnotes that are structured in a Harvard
style. Examples are provided on p. 5 of this
?- Set up a Risk Register for your client,
following indicative examples 10.1 and 10.2
in HB 436.
– List all the relevant risk categories as section
headings in your Register. (Operational risk
must be included.)
– Under each risk category heading, list one
specific risk as an example.
– Expand the Operational risk category by
identifying a total of ten (10) specific
operational risks relevant to your business.
Provide a mix of generic and industry-specific
-Review publicly accessible information to
identify initial measures of probability and
consequence(s) of the 10 potential
operational risk exposures.
-If you can quantify any measures (very
valuable information), insert additional
columns in your table so that both
quantitative and qualitative measures are
Use the matrix to arrive at total initial risk
level for each of the ten potential risk
– If you have quantified only one measure for
any particular risk, use the loss tolerance
system to convert it to qualitative form.
– If you have quantified both measures of a
risk, calculate a total risk value, and then use
the tolerance system to rate that total value in
– Refine the information gathered so far in Part
1 and in your Risk Register, to prepare a
Risk Treatment Schedule following the
indicative example 10.3 in HB 436.
– Transfer information about the two highest
priority risks only to the Treatment Schedule.
– Transfer task 5 and 6 information about the
two highest priority risks to the Treatment
Prepare and submit your work refer to the
Capstone marking scheme found on page 6 of this document for information on how your work
will be assessed.
The title page must identify the industry and the name of the organization you have chosen.
Use numbered headings for each of the Part 1 steps to maximize opportunities to earn marks.
Organize Part 2 information in tables, using landscape format. Give each table a title.
It is necessary to locate procedure and substance information from the Standard, Guidelines,
regulations, and other sources, but you must ensure that you properly reference all third party
information. Further, direct quotations must constitute less than 10% of your assignment, because marks are awarded for your work, and the synthesis of existing information, rather than for the
output of others.
It is appropriate to adapt example tables, etc., given in the Standards because each situation is
likely to require a degree of customisation.
You must fully reference all the individual parts of your professional journal and assessments for
three important unit-specific reasons (in addition to the University?s requirements):
1. Risk managers need to find and check information sources when revising risks in future
(relevance and reliability);
2. Employers will evaluate the strength of recommendations and cost/benefit of spending
money on risk reduction measures (convincingness); and
3. High quality source data provide evidence of best practice/due diligence if the company is
? Part 2 consists entirely of tables and reference lists. The tables will be included in your word
? Part 2 is attached for submission convenience, but it is not considered an Appendix. It will be
? You must use numbered footnotes for referencing information presented in table format, but the footnotes themselves should be in Harvard in-text referencing format. For example:
Example risk 7 Low1 $345,0002
1. Coleman (2008)
2. Walker & Jones P/L (2009)
? The Part 1 and Part 2 references should be presented in separate Harvard system reference
lists because (hypothetically), the parts will be used for different purposes and might become
? If you use English as a second language you are strongly encouraged to gain feedback on your
language from a native English speaker before submission to maximise your marks (unless
you are aware that your written English is at a native speaker standard).