NZQA registered unit standard
25778 version 2
Page 1 of 4
Title
Plan risk management in an organisation
Level
6
Purpose
Credits
10
People credited with this unit standard are able to: establish the
context to be taken into account when managing risk for an
organisation; develop a framework for managing risk in an
organisation; assess risks in an organisation; and identify options
for the treatment of risks, prepare a risk treatment plan for an
organisation, and explain how the plan will be monitored,
reviewed and updated.
This unit standard is for people who have or seek responsibility
for the management of risk at an organisational level; and for
managers who make, or contribute to making, risk management
decisions, and who are required to commission or brief
professional and technical experts in the field of risk
management and to evaluate their recommendations or findings.
Classification
Business Operations and Development > Organisational
Direction and Strategy
Available grade
Achieved
Entry information
Recommended skills
and knowledge
Unit 18509, Demonstrate knowledge of risk management
principles and guidelines in an organisation, or demonstrate
equivalent knowledge and skills.
Explanatory notes
1
Range
All activity associated with this unit standard, including assessment evidence identified
in the evidence requirements, must be explained in accordance with AS/NZS ISO
31000:2009 Risk management – Principles and guidelines, available from Standards
New Zealand at www.standards.co.nz.
2
Engagement with internal and external stakeholders, and information from ongoing risk
monitoring and review processes, is a requirement of this unit standard.
3
Individuals must be assessed against this unit standard in a real-life context using
naturally occurring evidence, or in simulated conditions that demand performance
equivalent to that required in the real-life context.
NZQA National Qualifications Services
SSB Code 130301
 New Zealand Qualifications Authority 2016
NZQA registered unit standard
25778 version 2
Page 2 of 4
4
Individuals must be able to demonstrate they have the recommended underpinning
knowledge of and skills for risk management. Competence in decision making where
technical and/or professional expertise is required outside the scope of risk
management is excluded.
5
Definitions
Organisation refers to a specific business entity which may be – in private, public, or
community and volunteer sectors; a business unit, Māori, or other special-purpose
body.
Definitions of risk and other specialist risk management terms are in AS/NZS ISO
31000:2009 Risk management – Principles and guidelines and associated companion
documents available from Standards New Zealand at www.standards.co.nz.
Risk is defined as the effect of uncertainty on objectives, where an effect is a
deviation from the expected – positive and/or negative.
Establishing the context defines the external and internal parameters to be taken into
account when managing risk and setting the scope and risk criteria for the risk
management policy, and is detailed in AS/NZS ISO 31000:2009, clause 5.3 (p15-17).
Risk criteria are defined as the terms of reference against which the significance of a
risk is evaluated, and are based on organisational objectives, and external and internal
contexts.
The risk management framework is detailed in AS/NZS ISO 31000:2009, clause 4 (p813). The design of the framework for managing risk (in the context of the organisation)
will: establish risk management policy, accountabilities, integration into organisational
processes, and resources; establish internal and external communication and reporting
mechanisms; and comply with legal and regulatory requirements.
Risk assessment is defined as the overall process of risk identification, risk analysis and
risk evaluation, as detailed in AS/NZS ISO 31000:2009, clause 5.4 (p17-18).
Risk treatment is defined as a process to modify risk, and a risk treatment plan
documents how chosen treatment options will be implemented, as detailed in AS/NZS
ISO 31000:2009, clause 5.5 (p18-20). Risk treatments that deal with negative
consequences are sometimes referred to as risk mitigation, risk elimination, risk
prevention or risk reduction.
6
Legislation and regulations
Assessment materials must reflect relevant and current legislation, standards,
regulations and acknowledged industry/business practices, policies and procedures;
AS/NZS ISO 31000:2009 Risk management – Principles and guidelines;
Hazardous Substances and New Organisms Act 1996;
Health and Safety in Employment Act 1992; and 2002 amendment;
Official Information Act 1982;
Privacy Act 1993;
Standards Act 1988;
It is important to note that there is in most cases specific legislation relevant to the
organisation, and this must be included.
7
References
AS/NZS ISO 31000:2009 Risk management – Principles and guidelines
SAA/SNZ HB 436:2004 Risk Management Guidelines: Companion to AS/NZS
4360:2004 (being revised in 2015 to better reflect the current standard);
ISO 15489-1:2001 Information and documentation - Records management – Part 1:
General;
ISO Guide 73:2009 Risk management – Vocabulary;
NZQA National Qualifications Services
SSB Code 130301
 New Zealand Qualifications Authority 2016
NZQA registered unit standard
25778 version 2
Page 3 of 4
ISO/IEC 31010:2009 Risk management - Risk assessment techniques;
HB 327: 2010 Communicating and consulting about risk;
AS/NZS 5050:2010 Business continuity - Managing disruption-related risk;
The New Zealand Society for Risk Management Inc website http://www.risksociety.org.nz/Standards_and_handbooks.
Outcomes and evidence requirements
Outcome 1
Establish the context to be taken into account when managing risk for an organisation.
Range
context – internal and external to the organisation.
Evidence requirements
1.1
Context identified is relevant to and consistent with the organisation’s mission,
core values and strategic goals, objectives, procedures, and risk management
policies.
Outcome 2
Develop a framework for managing risk in an organisation.
Evidence requirements
2.1
A risk management framework for an organisation is developed in accordance
with AS/NZS ISO 31000:2009.
2.2
The framework developed for managing risk and risk processes in an
organisation, and how it will be monitored and reviewed to provide continual
improvement of the framework, is explained.
Outcome 3
Assess risks in an organisation.
Range
risk assessment includes – identification, analysis, evaluation;
risk assessment methods are appropriate for the risks being assessed.
Evidence requirements
3.1
Risks are assessed and recorded in terms of their potential to impact on the
organisation’s objectives.
Outcome 4
Identify options for the treatment of risks, prepare a risk treatment plan for an organisation,
and explain how the plan will be monitored, reviewed and updated.
Evidence requirements
NZQA National Qualifications Services
SSB Code 130301
 New Zealand Qualifications Authority 2016
NZQA registered unit standard
4.1
Treatment options are identified and assessed in terms of effectiveness in
modifying risk.
Range
4.2
25778 version 2
Page 4 of 4
identification includes consultation with specialists and/or experts,
and decision-makers.
Risk treatment plan is prepared to describe how the chosen treatment options will
be implemented, and includes an explanation of how the plan will be monitored,
reviewed and updated until the risk modification is acceptable and effective.
Replacement information
This unit standard replaced unit standard 7445.
Planned review date
31 December 2016
Status information and last date for assessment for superseded versions
Process
Version Date
Last Date for Assessment
Registration
1
15 January 2010
Review
2
15 November 2012
31 December 2014
Consent and Moderation Requirements (CMR) reference
0113
This CMR can be accessed at http://www.nzqa.govt.nz/framework/search/index.do.
Please note
Providers must be granted consent to assess against standards (accredited) by NZQA, or
an institutional body with delegated authority for quality assurance, before they can report
credits from assessment against unit standards or deliver courses of study leading to that
assessment.
Industry Training Organisations must be granted consent to assess against standards by
NZQA before they can register credits from assessment against unit standards.
Providers and Industry Training Organisations, which have been granted consent and
which are assessing against unit standards must engage with the moderation system that
applies to those standards.
Requirements for consent to assess and an outline of the moderation system that applies
to this standard are outlined in the Consent and Moderation Requirements (CMR). The
CMR also includes useful information about special requirements for organisations wishing
to develop education and training programmes, such as minimum qualifications for tutors
and assessors, and special resource requirements.
Comments on this unit standard
Please contact NZQA National Qualifications Services nqs@nzqa.govt.nz if you wish to
suggest changes to the content of this unit standard.
NZQA National Qualifications Services
SSB Code 130301
 New Zealand Qualifications Authority 2016