BSBOPS504 - Manage business risk

Learn to
•identify risks
•apply established risk management processes to a defined
area of operations that are within the responsibilities and
obligations of the role.
Topic 1 - Establish the risk context

Topic 2 - Identify risks

• 2A Invite stakeholders to assist in identifying
risks
• 2B Research the risks
• 2C Document the risks

Topic 3 - Analyse risks

Topic 4 - Select and implement treatments
Identifying risks
• What do you need to be able to do to identify risks?

• Who is responsible for identifying risks?

Identify parties for consultation
Who should you consult about:
• finance
• sales and marketing
• security
• equipment
• safety
• personal
• legal
• politics?
To assist in the identification of risk,

other people or parties are involved

We need to invite relevant parties

to assist in the identification of risks

Parties for consultation Finance
Sales and marketing
Security
Equipment
Safety
Personnel
Legal
Political
Risks / Internal Staff

Many organisations choose to conduct their they use existing staff to assist
risk identifications as an in-house process. in the identification of risks.

This will ensure risks

-are identified effectively,
-different areas of expertise are brought together and
-different views are appropriately considered in identifying risks.
Different techniques to effectively solicit input from stakeholder
groups about the risks that they have identified.

-
-
-
-
-
-
-
-
• surveys/feedbacks
• focus groups
• meetings (face to face, virtual meetings)
• previous experience
• audit (internal/external)
What are strategies for consultation ??

• Contacting participants by formal letter, mail or telephone.

• Explaining the scope of the risk management.
• Describing the expertise they can offer.
• Arranging a forum for their contribution such -one to one meetings
- interview discussion,
-a
focus group or
- a public consultation meeting.
• Asking participants to bring along or send you relevant documents that justify
their points of view.
Risks / External Experts
consultants, auditors and
trainers

Advantages of
The organisation might use external experts using external
to advise on risk. experts
• A consultant provides knowledge or skills that the
organisation does not have in-house

• The consultant works provides a neutral perspective

that can be used to manage discussion and debate
without any bias or favour
Using External Experts
to identify risks >>>>>>> BENEFITS and COSTS for the organisation

Ensure:
>they will obtain a good return on their investment in using a risk consultant

Researching risks involves identifying what could happen and how and why it
could happen. At this stage it is necessary to examine all possible sources of
risk.
https://www.youtube.com/watch?v=vpJ2XKHm8vU&t=117s
Sources of Risk

• legal,
Most businesses use generic risk categories • financial or
• natural events.

A generic list of the sources of risk might include:

• Commercial and legal relationships

• Economic circumstances
• Human behaviour
• Natural events
• Political
• Technology and technical issues
• Management activities and controls
• Individual activities
Research of
risks
Research methods include:
• using and analysing statistics
• consulting other business areas
• analysing previous activities and experience / Lessons learned
• conducting market research
• consulting the public
• conducting a literature review.
Now that we have identified and chosen the parties
assisting us in risk identification, and risks themselves

prepare a draft list of the risks that stakeholders and your

research have identified that apply to your scope.
Tools and Techniques to Generate a List of Risks

 consult with Relevant Parties

 Techniques that can be used to identify risks include:

• Checklist
• Judgements based on experience and records
• Flowcharts
• Brainstorming
• System analysis
• Scenario analysis
• System engineering techniques
Research:

1. What are the four negative risk strategies?

2. What are the four positive risk strategies?

3. What is the difference between a risk and an issue?

4. What is another word for a positive risk?

5. In 2-3 sentences, explain why it pays to identify triggers.

1. What are the four negative risk strategies? (Mitigate, Avoid,
Transfer, and Accept)
2. What are the four positive risk strategies? (Enhance, Exploit,
Share, and Accept)
3. What is the difference between a risk and an issue? (Issues
have already occured. Risks have not yet occurred.)
4. What are the 4 process phases that follow Initiating?
(Planning, Executing, Control & Monitoring, and Closing)
5. In 2-3 sentences, explain why it pays to identify triggers.
(Identifying triggers allows the project team to spot the
early indicators that the risk event is starting to occur and
take further risk reduction actions, such as early
implementation of a Plan B.)
 In the enhance risk response strategy, you try to increase the chance of a risk happening so you can realize
the risk. In this case, you try to realize the opportunity. The enhance risk response strategy is the opposite
of the mitigate strategy.
Enhance For example, let’s say you will complete your project in three months and the government is about to float
a similar project in two months. You can bid for a new project if you complete your project in two months

In the exploit risk response strategy, you ensure that the opportunity is realized. Here, you do not try to
realize the opportunity, you ensure you realize it.
Exploit For example, let us consider that your project will be completed in three months. You learn that the
government is about to float a similar project in two months and you can bid for it if you can complete your
project before two months

You use the share risk response strategy when you cannot realize the opportunity on your own. So, you team
Share up with another company and work together to realize it.
For example, suppose that because of a lack of technical capabilities, you cannot bid for a project but your
company wants the project. Therefore, you team up with another company capable of doing this task and
jointly bid for the project

In the accept risk response strategy, you take no action to realize the opportunity. You leave the
opportunity as is, and if it happens on its own, you will benefit from it.
Accept You use this strategy when the cost of the response is high and there is a low chance of it occurring, or the
benefit does not outweigh the effort involved.
For example, suppose you may get skilled workers from another project at a lower rate if you convince
them to join you. However, you do not pursue this matter and instead, let them decide whether or not they
are interested in your project.
Documenting the risks

• Brain storming • take note of all responses from

• Suggestion box participants
• Project meetings • filter the results to eliminate
• Customer feedback forms duplicates
• One-to-one discussions / interviews • refine each suggestion further for
• Fishbone diagram clarity
• Use flow charts
• Use scenario analysis
1. Prepare the basic framework of the fishbone diagram on a whiteboard or a large
piece of paper.

2. Define the category that needs to be addressed and write it in clear and simple
terms in the fish’s spine; for example, ‘Personnel’.

3. Identify and define the risks associated with personnel on the major ‘bones’ and
write these at the tips. These headings could be developed through a brainstorming
session focusing on the category in the fish’s spine.

4. Tease out the causes or contributing factors (risks) by further brainstorming and by
adding these ideas and suggestions to the smaller bones on the diagram.

5. Interpret the fishbone diagram once it’s finished to develop a checklist of risks.
Using flow charts

 allows to progress ideas through logical steps

 not so much a development tool as a process-streaming tool
 can produce/release ideas by analysing each step of a project or
process for potential risks
 by looking at each step and documenting it on the flow chart, you
may be able to identify the risks inherent in each step
Using a scenario analysis
 lets stakeholders review each stage of the process
 lets identifying all possible outcomes from each course of action in the
scenario
 a prioritised list can be developed to help managers with future contingency
planning
1. Prepare the basic scenario on a whiteboard or a large piece of paper; for example,
releasing a new product onto the market.

2. From the basic storyline, identify participants and plot a course of action.

3. Identify and define the major actions and a ‘safe’ route, where no risks are
encountered. For example, releasing a new product onto the market may include
actions such as a product launch, advertising blitz, free sample promotions, and so
on.

4. Tease out the potential deviations from the planned ‘safe’ route (unforeseen
incidents or contingencies) by further brainstorming, and add these ideas and
suggestions along the pathway.

5. Interpret the scenario once it has finished to develop a checklist.

The Classic & Reverse Fishbone Diagram | A Whiteboard Training Video
https://www.youtube.com/watch?v=XinW5dwuKsI
Summary

•
When identifying the risks to your organisation, it is wise to engage with
stakeholder specialists – both internal and external – in the areas or fields of your
scope. They provide you with the greatest opportunity to capture all relevant
risks.
•
Once you have identified your risks, research them thoroughly using a range of
sources such as existing data and statistics, market research, literature reviews,
lessons from experience and public consultation.
•
Use a variety of appropriate tools and techniques to further identify risks and
ensure you have covered each area thoroughly. These may include brainstorming,
fishbone diagrams, checklists, flow charts and scenario analyses.
Examination of existing risk management arrangements in a company:

 what key areas of the organisation should be assessed for their

strengths and weaknesses?

• Organisational culture
• Structure
• Capabilities >personnel,
>systems and
>resources

• Strategic directions
• Goals
• Objectives
Why should we document >critical success factors,
>goals and
>objectives for areas included in the scope?

to • evaluate whether they meet the organisation’s goals

• ascertain critical success factors, goals and objectives are clear
• explain how these measures will be collected
• evidence of key stakeholders support of the critical success factors
• document using SMART objectives to enable review/modification if
the risk environment changes