To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
Identify and manage risk:
Content guide
Contents
Identify and manage risk: Content guide
Overview
1
2
Key terms
2
Introduction
4
Tools used to identify risk
4
Examples of risk in context
Different tools for different industry types
General risk identification tools
Selected examples of the tools
Specific risk areas
Commercial and legal relationships
Economic circumstances and scenarios
Financial risk
Human behaviour
Natural events
Political circumstances
Technology and technological issues
Record and report risks
Documenting risks to meet legislation requirements
Sample answers to ‘My workplace’ questions
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
4
5
6
7
11
11
12
13
13
14
14
14
15
15
19
Page 1 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
Overview
In this content guide you will find out about:

the tools used to identify risk

specific risk areas

ways to record and report risks.
As part of this discussion you will also investigate the nature of risk and
approaches to its management.
Key terms
Brainstorming
This process can take various forms, from meetings of staff in an
environment where there is freedom to experiment with ideas, and where
there is freedom to express opinions. It is usually a process of energetic
interaction with a goal of forming and discussing ideas and concepts in a
round table or group dynamic.
Current assets
Are those items of value or economic benefit, such as cash or other assets,
that would be consumed or converted into cash within a 12 month period.
Current liabilities
Refer to those debts to be paid by the business within a short period, usually
within a 12-month period. Examples include accounts payable, creditors,
bank overdrafts, short term loans.
Current ratio
This shows the organisation’s current assets which are available to cover the
liabilities or debts of the organisation, at the time of the balance sheet.
Fishbone diagram
A diagram where each line or 'fishbone' represents an area that may have
caused a problem. The areas could be listed under headings eg, human
factors, procedures, hardware, management, environment.
Liquidity ratio
This ratio looks at the immediate liquidity of the organisation. In other
words, it measures an organisation’s ability to pay off short-term debt as it
becomes due. It is arrived at by dividing the current assets less stock (known
as inventory) by the current liabilities less overdraft.
Operating expense ratio
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 2 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
This is the ratio of total operating expenses to effective gross income. It is
obtained by dividing operating expenses by gross income and is expressed
as a percentage.
Organisational context
The type of organisation, the way it is managed, including its management
structure, the way it organises what it does and what it produces.
Profit and loss statement
The purpose of a profit and loss statement is to measure the profit or loss for
the period. It does this by summarising the revenues for the period, and
subtracting the expenses from the revenues to arrive at the profit or loss.
Scenario analysis
This is a process of examining options and competing scenarios based on an
assessment of future events. The focus is on the future and may take into
account past and present events as elements of the examination.
Strategic context
The organisation’s current and future planning, its goals, and objectives.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 3 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
Introduction
As a manager dealing with risk, there are three important things for you to
remember:

Risk refers to a future event.

Risk normally arises from an organisation’s market, the economy that
influences it, and its environmental context (culture, politics and place).
Risk assessment involves the identification, and then the assessment, of
that risk.

The risk assessment process should be conducted in the context of the risk
and of the organisation, market, economy or country which is subject to the
risk.
Once you have identified the risk, it is important to then identify the
strategic, organisational and risk management context in which the
assessment and treatment will occur.
The term ‘strategic context’ means the organisation’s current and future
planning, its goals, and objectives. ‘Organisational’ context means the type
of organisation, the way it is managed, including its management structure,
the way it organises what it does and what it produces.
Risk must also be assessed against the relevant criteria or particular
standards in relation to that risk.
Tools used to identify risk
Organisations and the markets they operate in are all different—so are the
risks they face. Each organisation has its own systems and methodology and
even organisations operating in the same market usually have distinctive
approaches to the same systems. A market, whether it is the steel market,
women’s shoes, or the tourist market, comprises a number of competing
factors.
Examples of risk in context
The following are examples of risk in context and the criteria against which
to assess the risk.
Example 1
Where the risk is an injury risk arising from the operation of a machine, the
criteria are the relevant Occupational Health and Safety provisions of the
legislation related to the industry. It may also include the safe operation
procedures of the manufacturer or the organisation that owns the machine.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 4 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
If the risk is one from a particular disease arising from exposure to a
substance, the context of the risk and its assessment is the area in which the
substance is found. This includes the people who are ordinarily exposed to
the substance. The criteria in assessing this risk is the nature of the disease
viewed in conjunction with the people who are to be exposed.
Example 2
Another example of a risk to an organisation might be a decision by
management to adopt a particular marketing strategy. Here the context is the
market in which the risk is being taken, and the background to the decision
to expose the organisation to risk. The criterion for assessing this risk is the
financial capacity of the organisation to survive the risk. For example, a
business is experiencing falling profits. In an effort to raise those profits it
adopts an aggressive marketing strategy. The risk of adopting or not
adopting this strategy is assessed against financial criteria.
This process of examination of the context and criteria for assessing the risk
forms the basis of the subsequent assessment and treatment of the risk. It
allows similar risks to be categorised for the purpose of subsequent
treatment.
By looking at the context and the criteria for assessing risk, you are then
able to select the appropriate tools to treat the risk.
Different tools for different industry types
It’s important to remember that the type of tools used to identify risk will
depend largely on the type of organisation you work in. The tools you use
will depend on what your organisation and your section does, and how you
do it.
The tools used for identifying risk in production-based industries differ from
those in service-based industries.
Risk focus in production-based industries
Production-based industries usually emphasise procedural and systematic
risk assessment. The focus is on the systems and procedures set up within
the organisation. When you are assessing actual or potential risk, it is
important to understand that each component of each procedure and each
step in each system is capable of examination as a risk assessment.
Risk focus in service-based industries
Service-based industries look more to culture and performance as areas of
potential risk that need to be managed. An organisation’s culture includes
the values and attitudes it promotes internally and externally. This culture
can be what identifies the organisation within its market. It is a perception
that is shared by a number of members of the organisation, customers, and
often if the organisation is well known, members of the general public.
Examples of some organisational cultures include:
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 5 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice

a culture of fun and achievement – some discount airlines and radio
stations with a youth focus

a culture of adventure or danger – some recreational sports, such as
skydiving or bungee jumping

a culture that is conservative and secure – most banks and insurance
companies.
So, the organisation’s culture is about how it is perceived and this may be an
individual or group perception.
Performance in service companies refers to personal performance. Service
companies do not produce actual objects which can be put onto shelves and
sold at a future time. They produce services which must be used or
experienced as they are being given, for example a hairdressing salon
provides the service of cutting hair. The experience for the client is
immediate, and that service can only be performed by that person.
As we work in the areas of risk, its identification and management you will
see that the identification of the type of organisation will impact on the
selection process.
General risk identification tools
There are, however, some general tools that can be used to identify risk.
These can be incorporated within established risk management processes in
any organisation and include:

Inspections: walking through and conducting inspections of each task,
location, team, group or process within an organisation. This can be done
by individual managers or team leaders and supervisors. It can also be
done by senior or executive management.

Consultation: a process that allows evidence on unreported incidents to be
gathered, for example, injuries, machine breakdown. Again these meetings
can be held on a local or team or group or senior management level. The
results of a number of these meetings can then be incorporated in further
meetings with managers at different levels.

Safety or management audits: these can be conducted by individual
managers or team leaders and focus on their own or associated areas, or
can be conducted by members of the organisation who specialise in this
area.

Testing: of plant and equipment in an operational context, or of staff in a
service area. This also can be accomplished as part of the local group or
team approach or can be part of a wider organisation-wide approach.

Scientific or technical evaluation or expert instruction in up-to-date
methods (service industry): these are usually provided by third parties or
consultants and often form part of the training process of the organisation.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 6 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice

Collection and evaluation of material: from suppliers, manufacturers,
designers, and from safety organisations, unions, interest groups and
employer organisations.

Expert advice: engaging professional consultants and advisors, lawyers,
engineers, safety experts, process experts.

Seeking government or regulatory information and help: from
government departments, investigatory and regulatory bodies, royal
commissions, commissions of inquiry, coronial inquests, industrial
commission hearings, statistical bodies and ‘think tanks’.

Networking: with other members of the market, or users of similar
machines or processes.

Benchmarking: a process of seeking out and identifying the best practices
of the organisation’s competitors, where those best practices represent a
higher quality level or performance. The process means that the
organisation, having identified the best practice in the industry then uses
that ‘benchmark’ as the quality standard to be obtained within its industry.
As mentioned above, the selection of individual tools and methods to
identify risk is largely dependent on the type of organisation, process and
market. The type of tools you use should also be chosen by taking into
consideration the nature of the workforce or membership of the
organisation.
So take care to ensure that the tool or method selected is appropriate to the
people using and reviewing the methods.
Selected examples of the tools
Brainstorming
The brainstorming process can take various forms, but one of the most
effective is in meetings of staff in an environment where there is freedom to
experiment with ideas and to express opinions. Brainstorming is usually a
process of energetic interaction with the goal of forming and discussing
ideas and concepts in a round-table or group dynamic. It allows examination
of existing and emerging risk by using the ideas and experience of fellow
workers, managers, experts, other stakeholders and the users of the process
or service.
Brainstorming is a vibrant tool which is designed to open up the creative
imaginations of the participants and to encourage open debate concerning a
wide variety of possible alternatives to the existing or proposed systems and
procedures and services.
Record and document analysis
Any organisation that is effectively managed has systems and procedures to
record day-to-day operations and provide assessments of performance for its
employees.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 7 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
So the creation and retention of records becomes part of the risk
identification process. For example, production records exist in most
manufacturing organisations, and variances and changes in performance
levels often identify a risk. Similarly most companies have a sign-in book at
reception, and examination of that register can be part of a risk assessment
relating to lengths of appointments by staff, speed of processing customers
in a reception room, absence of visits by regular customers.
Many reports and records are more complicated, and contain records that
are important for a number of areas of risk assessment and management.
Examples include:

Financial reports

Regulatory based reports, eg accident reports

Production reports

Sick leave reports

Attendance and time records

Quality production figure reports

Complaint level reports

Sales figures

Warranty claim records

Check and procedure lists.
Records such as these can assist you in monitoring the consistency of
operations and production processes, or if you are working in a servicebased industry, in presentation and effective communication.
There are also other records that can help you in assessing risk, such as
operation manuals, quality procedure sheets, policy and operational
instructions, mission statements, and basic instruction sheets.
One method to identify risk is to take an instruction sheet and determine
what happens if you remove a step or process.
Audits and physical inspections
Regulatory based risk management procedures often include regular audits
and inspections, for example Occcupational Health and Safety, activities of
brokers and traders on the Australian Stock Exchange register and the
regulation of Registered Training Organisations.
Many organisations have their own internal audit and inspection processes,
including:

direct observation of activities by appropriate personnel

judgments based on experience – personal, local, or international

surveys, questionnaires, interviews

system modeling and analysis
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 8 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice

process charting.
The fishbone diagram shown in figure 1 provides a good example of a
process chart, sometimes called a cause and effect diagram. Each line or
‘fishbone’ represents an area that may have caused a problem. In this
example they are ‘organisational practices’, ‘equipment’, ‘systems’ and
‘environment’. Other examples might include human factors, procedures,
hardware or management.
Fishbone diagram
Scenario analysis
This is a process of examining options and competing scenarios based on an
assessment of future events. The focus is on the future and may take into
account past and present events as elements of the examination.
One topical example is the planning of security responses to possible
terrorist threats.
Benchmarking similar organisations and activities
Benchmarking is as you have seen above, a process of identifying the
industry best practice, and setting that as the standard for the particular
organisation.
The process involves significant industry knowledge and an ability to
examine competitors’ processes in order to identify why that market is
dominant or produces the leading product or service.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 9 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
Sample Risk Data Collection Record
Below is a sample Risk Data Collection Record for a fictional
manufacturing business identifying how the shift work environment affects
the health and safety of employees. The sample includes a full list of the
kinds of data that may be collected, however because of the nature of this
fictional business and the issue it is investigating, only some of these
methods have been used.
Figure 2: Sample risk data collection record
Data Collection Method
Identified Risks
Stakeholder consultation,
N/A
Possible Risk
Consequences
eg staff, customers,
suppliers
Organisational records, eg
attendance, accidents &
incidents
Increased absenteeism and
accidents at beginning of
shift rotation
Labour shortage
Increased labour costs
Increased insurance costs
Human suffering
Expert input, eg
professionals
Studies show increased
anxiety and personal
problems at end of night
shift rotation
Scenario analysis, eg
asking ‘what if?’ questions
N/A
Brainstorming
N/A
Flow chart analysis
N/A
System testing
N/A
Surveys
Indicated tendency to take
‘long weekends’ during
shift rotations that clashed
with family commitments
Fishbone diagrams
N/A
SWOT analysis
N/A
Observation
Took staff a couple of days
at beginning of rotation to
realign to new roster
Long-term consequences, eg
depression, family stress
Labour shortages
Increased labour costs
Production delays
Long term health costs
Increase in absenteeism and
accidents (see above)
Increased lateness and
reports of minor illness, eg
headaches
Audit
N/A
Other
N/A
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 10 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
My workplace
1. What procedures can you identify in your workplace that are used solely as risk
identification tools, or can serve as tools for the identification of risk in addition to
their usual operation?
Answer:
Specific risk areas
By now, it should be safe to assume that the tools you need for the
identification of risk are in place and operating as part of the general
business system of the organisation. We’ll now look at some specific risk
areas.
Commercial and legal relationships
The identification of risks arising from legal relationships are usually dealt
with and communicated through the organisation by those involved in legal
issues within the organisation, for example, by the company secretary.
Legal risk might also include, for example adverse comments made by a
staff member that could result in defamation proceedings being taken
against the organisation.
A commercial relationship is an agreement between organisations where
exchange of money, financial credit or debit, or exchange of something of
value occurs to support the agreement. One or more of the parties to the
agreement should be commercial entities or organisations. Commercial
relationships may be informal or formal. There is risk associated with either
form.
Informal relationships are those which are not supported by any form of
written agreement between the parties. They are often agreements reached
by mutual acceptance that a particular situation exists
A formal agreement is reached by negotiation, the result of which is a
formal contract or exchange of letters. Such agreements in a commercial
sense are often reached using standard form documents, eg leases,
agreements regarding payment, etc.
Risk arises where:

part or parts of the agreement are subject to competing forces

there is error
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 11 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice

there is misunderstanding or no understanding

performance issues of the contract itself are subject to variance or scrutiny.
Performance issues include, for example, the requirement to perform
elements of a contract in particular ways, for example:

having employees’ security cleared by a supplier before entering the
premises

having certain quarantine and health issues completed by the
organisation’s employees prior to contact with a suppler or customer.
Clear risk arises where an organisation commits to a contract and then finds
itself in difficulty in the performance of some or all of its terms and
conditions, thus risking financial or reputation damage.
Risk in commercial and legal relationships exists where employees commit
the organisation to an agreement by error or without knowing that their
discussions with a supplier or customer, oral or written, actually constitute a
valid agreement or contract.
The creation of a commercial relationship is often evidenced by a contract
or by the exchange of documents. If there is no consultation with the
organisation’s legal representatives, then a risk has been created.
Economic circumstances and scenarios
When changes directly impact on an organisation, sound financial
management and financial and economic awareness are needed. A good
example is the regular review of interest rates by the Reserve Bank—
organisations sensitive to the effects of changes in interest rates need to
monitor trends and possible changes very closely.
If your organisation is affected by changes in interest rates, then you need to
be able to address and anticipate possible risks by methods such as ‘scenario
planning’ which involves estimating and predicting the effect of variations
in interest rates on your operations.
Similarly organisations with high staff turnover and high staff numbers need
to be constantly aware of the unemployment figures that are published
regularly by the government. For instance, many organisations that employ
travellers in part-time positions are aware of the annual trends of the inflow
of travellers and students.
Organisations thinking of opening new plants or branch offices need to be
aware of the employment or unemployment characteristics of the
geographic and socio-economic area they are intending opening in.
Economic upturns or downturns can directly affect some industries more
than others. It is believed that one of the first industries to be adversely
affected by a downturn in economic activity is the taxi and hire car industry.
A person who owns either a single or multiple taxis should be aware of the
risk issues affecting his or her business arising from an economic downturn.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 12 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
The home building industry is another industry that is immediately affected
by either downturns or upturns in economic activity in Australia, and
companies in this industry must be aware of the risks associated with
changes in activity.
Financial risk
A ratio analysis is a good risk assessment and management tool used in
financial operations.
Ratios (which express the relationship between two quantities) are used
throughout the financial operations of large companies and companies open
to constant scrutiny, for example companies listed on the stock exchange.
They are also used in organisations of all sizes to monitor profit levels
against variables. For example, you can use the operating expense ratio to
monitor the expenses of running an organisation. It is easy for small to
medium sized organisations to focus on expenses associated with the
purchase and production of stock, but you should not ignore the expenses
associated with actually running or administering the company.
Organisations that find themselves expanding often fail to notice that the
cost of the administration is growing at a greater rate than the revenue; this
in turn depletes the organisation’s resources.
The operating expense ratio divides the operating expenses, ie rent, office
expenses, vehicle costs, by the sales total and is viewed as a percentage
figure. So if the result is 34%, it means that 34% of the sales revenue needs
to be allocated to operating expenses, which are separate from those related
to the buying and making of stock for sale.
The profit and loss statement of a company can be interpreted by the use
of ratios such as the current ratio, which relate to the liquidity of the
organisation. The current ratio looks to the short-term ability of the business
to pay its debts, eg 2:1. The formula for the current ratio is current assets
divided by current liabilities.
The liquidity ratio looks at the immediate liquidity of the organisation. It is
arrived at by dividing the current assets less stock (known as inventory) by
the current liabilities less overdraft.
Many of these ratios can be further interpreted by looking at the industry
benchmark, or by comparison of previous quarters’ or years’ results.
Human behaviour
Human behaviour is a risk in any organisation, but increases in service
organisations where the performance of individual employees and
stakeholders directly impacts on the organisation’s success.
In addition, the results of decisions taken on changes to cultural,
organisational or procedural processes are often seen in changes in
behaviour.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 13 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
These changes may be directly observable—such as strikes, delays,
meetings of employees obviously demonstrating a negative reaction to the
change or proposed change. As a manager or team leader, you must report
negative reactions or negative views on issues where the organisation is
changing or not changing.
There is also risk of indirect reaction to the change, for example increased
stress, increased sick leave taken, or workers compensation claims made. If
we take this into the human resource context, labour turnover and
absenteeism are indicators of covert conflict which impact on productivity.
Risk also arises from the profile of the labour force and the HR strategy
related to remuneration and performance management.
Natural events
Natural events caused by weather and geography can constitute risks. They
may be dramatic such as earthquake, erosion, landslide or water
encroachment, or they may be more common such as rain, hail and snow
storms. They are often predicted by third parties, for example
meteorological organisations.
The risk can be addressed through such things as maintenance of buildings,
structural elements of buildings, safety clothing, instructions on what to do
in the event of fire or earthquake, provision of facilities in the event or rain
and snow and avoidance procedures.
Political circumstances
Changes in political environments at local, state and federal level constitute
potential risk issues. It is important that organisations whose operations
either depend on government support or regulation, monitor changes and
developments at the crucial political level. For example, building companies
need to monitor changes in local government regulation and independent
council decision making processes.
Similarly, if your organisation has government bodies as clients, suppliers
or stakeholders then you need to monitor areas with potential impact on
your operations.
If your organisation habitually seeks or is provided with government
funding, then you need to constantly assess the risks associated with
changes to the funding packages, including their applicability and base
makeup. Changes can occur not just with a change of government but a
change of policy. Such changes are published in specialist government
publications which are often not known to the organisations that benefit
from the funding.
Technology and technological issues
The introduction of new technology often directly affects the competitive
position of both users and non users of that technology. Often governments
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 14 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
or semi-government bodies insist on changes based on new technology—
this often means that further technological advances are needed to ensure
compliance with the new standards.
You need to assess the risk involved in any new technology against your
scenario impact statements. Testing your product against future scenarios
and predicting changing results is a significant area of risk identification.
Where the risk arises from the use of substances, statements of risk by
suppliers or manufacturers should be recorded and suppliers/manufactures
should provide demonstrations or information on the potential risks in the
storage, use or application of their product, plus how to properly perform
these functions to avoid risk.
My workplace
2. What are the greatest risks to your section, team, division or organisation? This
may be a continuous risk, or possible individual risks. What steps are taken to
identify those risks?
Answer:
Record and report risks
In order to promote risk assessment procedures it is important that risks are
recorded and reported as they arise, occur or are recognised as potential.
There are a number of statutory forms that organisations must use to record
identification of risks, eg the accident report forms required in workers
compensation legislation usually contain areas dealing with the
identification of risk associated with the accident which is the subject of the
form.
As a manager or team leader, you can create forms that simply list the
activity or task and have an associated notation dealing with the risk to the
organisation.
Documenting risks to meet legislation
requirements
Much of the legislation that controls and regulates commercial and other
activity also contains specific information dealing with the requirements for
the recording of identified risks. The OHS regulations of each state and
territory are an example of such specific information.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 15 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
OHS defines risk management as a systematic analysis of any ‘activity,
location or operational system to identify risks, understand the likelihood
and potential consequences of the risks and to review the possible
approaches to controlling the risks’ (CCH (2000) Planning occupational
safety and health 5th Edition, CCH Australia, North Ryde.)
The Australian and New Zealand Standard AS/NZS 4360:1999 was
developed to provide both private and public sector enterprises with a
practical framework to facilitate the implementation of a systematic risk
management process.
WorkCover, the statutory authority in relation to workers compensation in
NSW states that employers must undertake risk management ‘for all
foreseeable hazards in their workplace that may arise from work activities
and that have the potential to harm employees and any other person at that
workplace’
They identify hazards as arising in the following situations:

work premises

work practices, systems and shift working arrangements (including
hazardous processes, psychological and fatigue related hazards)

plant (including the transport, installation, erection, commissioning, use,
repair, maintenance, dismantling, storage or disposal of plant)

hazardous substances (including the production, handling, use, storage,
transport or disposal of hazardous substances)

presence of asbestos

manual handling (including potential for occupational overuse injuries)

layout and condition of the workplace (eg lighting and workstation design)

physical working environment (including the potential for any one or more
of: electrocution; drowning; fire or explosion; people slipping, tripping or
falling; contact with moving objects; exposure to noise, heat, cold,
vibration, radiation, static electricity or a contaminated atmosphere)

potential for workplace violence

biological hazards.
The legislation also states that an employer is under an obligation to consult
with employees about any OHS matter that affects them—this includes the
risk management process. (See chapters 2 and 3 of the OHS Regulations,
2001 available at http://www.workcover.nsw.gov.au.)
Documentary support
The legislation sets out the documentary support that must be set up by
organisations to deal with these issues. They include reporting systems
designed to apply to any variety of organisations and sections and divisions
within organisations.
The legislation also sets out prescribed forms which must be completed and
also designates those people (by reference to their position within the
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 16 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
organisation), whose responsibility it is to oversee and implement the
documentation process.
A further example of a statutory based risk system is that found in the
Australian Stock Exchange (ASX) regulations concerning stockbrokers and
other traders on the futures exchanges.
The state and federal governments also regulate risk in areas such as
construction, education and transport, including air land and sea transport.
These regulations cover both government managed and private transport
companies.
There are a number of examples of risk registers, and many statutory
authorities that require strict reporting from organisations in relation to risk
provide pro forma examples.
The following is a non statutory pro forma of a risk register.
Figure 3: Sample risk register
Unique ID
This may be simply a title, but some kind of alphanumeric coding is
likely to be useful when you are dealing with a large number of
risks.
Presented in a structured format:
Description

Condition − 'There is a risk that'

Cause − 'Caused by'

Consequence − 'Resulting in'
Probability
What is the likelihood of the risk occurring? It would be helpful to
record the justification behind this analysis.
Impact
What will the impact be if the risk occurs? It would be helpful to
record the justification behind this analysis.
Timescale
What is the 'risk window' when this risk may occur and when do
you start to lose options as to how you respond?
Cost
What will the risk cost if it does occur? Note: you can't assess this
unless you know what your response action will be.
Owner
There should be a person nominated to 'own' the risk which means
monitoring the situation and ensuring that necessary management
actions are carried out. In a project situation this should be
somebody within the project team and in all cases it should be
somebody who will be impacted by the risk and who has a vested
interest in addressing it.
What are the agreed response actions? These may be broken into:
Management

preventative actions to mitigate the risk and
approach

the response action if the risk actually occurs. This is
sometimes known as an 'impact plan'.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 17 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
Residual risk
This is the expected level of risk once all the mitigating actions are
complete.
Early warning
signs
What 'trigger' might alert you to the fact that the risk is about to
occur? In some cases you may only choose to spend money on a
response action once the trigger occurs.
My workplace
3. What documents are required by your organisation to be completed as part of
its risk identification and management process? What documents which are
currently required to be completed but which relate to general processes could be
used to form part of a risk identification and management process?
Answer:
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 18 of 19
To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice
Sample answers to ‘My workplace’
questions
1
In your response you may examine the supervisory procedures and reports
that your organisation or division or section uses and assess whether they fit
the description of the tools. The risk data collection form in this section may
help you to identify some of these.
2
Your responses will differ according to the characteristics of your industry
and workplace. However, don’t forget to look at risks that arise as a result of
the actual work performed, the environment in which it is performed, the
nature of those performing it, etc.
3
Your responses will differ according to your particular industry and
workplace. However the sample risk register may provide a starting point
against which to review existing documentation and identify any gaps.
Up Front! Toolbox: Identify and manage risk—Content guide
© Commonwealth of Australia 2005
Page 19 of 19