Assessor Resource

CPPSEC4006A
Assess risks

Assessment tool

Version 1.0
Issue Date: March 2024


This unit of competency has application in those work roles involving the assessment of risk in a security environment. Competency requires legal and operational knowledge applicable to relevant sectors of the security industry. The knowledge and skills described in this unit are to be applied within relevant legislative and organisational guidelines.

This unit of competency specifies the outcomes required to determine effective security policies and controls. It requires the ability to identify key systems and assets, and the likelihood of threat against each asset. It also requires an ability to calculate the current risk for each asset.

This unit may form part of the licensing requirements for persons engaged in risk assessment operations in those states and territories where these are regulated activities.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)

Prerequisites

Not Applicable


Employability Skills

This unit contains employability skills.




Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Critical aspects for assessment and evidence required to demonstrate competency in this unit

A person who demonstrates competency in this unit must be able to provide evidence of:

establishing terms of reference and assessment criteria, and determining a thorough action plan and structure for the assessment

accurately reviewing and preparing risk assessment findings in a format suitable for presentation

assessing threat, consequence and vulnerability of each asset against agreed terms of reference and assessment criteria, and determining risk potential through analysis of valid and relevant data

obtaining information from a range of sources and consultative processes to ensure an accurate understanding of the operating environment and core business operations of the client.

Context of and specific resources for assessment

Context of assessment includes:

a setting in the workplace or environment that simulates the conditions of performance described in the elements, performance criteria and range statement.

Resource implications for assessment include:

access to plain English version of relevant statutes and procedures

access to a registered provider of assessment services

access to a suitable venue and equipment

assessment instruments including personal planner and assessment record book

work schedules, organisational policies and duty statements.

Reasonable adjustments must be made to assessment processes where required for people with disabilities. This could include access to modified equipment and other physical resources, and the provision of appropriate assessment support.

Method of assessment

This unit of competency could be assessed using the following methods of assessment:

observation of processes and procedures

questioning of underpinning knowledge and skills.

Guidance information for assessment

Assessment processes and techniques must be culturally appropriate and suitable to the language, literacy and numeracy capacity of the candidate and the competency being assessed. In all cases where practical assessment is used, it should be combined with targeted questioning to assess the underpinning knowledge.

Oral questioning or written assessment may be used to assess underpinning knowledge. In assessment situations where the candidate is offered a choice between oral questioning and written assessment, questions are to be identical.

Supplementary evidence may be obtained from relevant authenticated correspondence from existing supervisors, team leaders or specialist training staff.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

This section describes the skills and knowledge and their level required for this unit.

Required skills

access stored information

accurately identify existing or potential risks

application of the hierarchy of controls

apply reasoning and logical analysis to make decisions and solve problems

coaching and mentoring to provide support to colleagues

communicate in a clear and concise manner

negotiation

prepare and present verbal and written reports

prioritise tasks and organise schedules

relate to persons of different social and cultural backgrounds and varying physical and mental abilities

research and analyse information

risk assessment

use information technology

use interviewing and questioning techniques to obtain information.

Required knowledge

basic concepts relating to litigation

client and organisational confidentiality policies

distinction between information and intelligence

organisational goals and objectives

principles of effective communication

principles of AS/NZS 4360: 2004 Risk management and related guidelines

relevant industry codes of practice

relevant legislation and regulations including OHS

risk assessment techniques and processes

types of potential security risks.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Legislative requirements may relate to:

apprehension and powers of arrest

Australian standards and quality assurance requirements

counter-terrorism

crowd control and control of persons under the influence of intoxicating substances

force continuum, use of force guidelines

general 'duty of care' responsibilities

inspection of people and property, and search and seizure of goods

licensing or certification requirements

privacy and confidentiality

relevant commonwealth, state and territory legislation, codes and national standards for:

anti-discrimination

cultural and ethnic diversity

environmental issues

equal employment opportunity

industrial relations

Occupational Health and Safety (OHS)

relevant industry codes of practice

trespass and the removal of persons

use of restraints and weapons:

batons

firearms

handcuffs

spray.

Organisational requirements may relate to:

access and equity policies, principles and practices

business and performance plans

client service standards

code of conduct, code of ethics

communication and reporting procedures

complaint and dispute resolution procedures

emergency and evacuation procedures

employer and employee rights and responsibilities

OHS policies, procedures and programs

own role, responsibility and authority

personal and professional development

privacy and confidentiality of information

quality assurance and continuous improvement processes and standards

resource parameters and procedures

roles, functions and responsibilities of security personnel

storage and disposal of information.

Relevant standards:

must include AS/NZS 4360: 2004 Risk management

may relate to:

AS2630-1983 Guide to the selection and application of intruder alarm systems for domestic and business premises

HB 167:2006 Security Risk Management

HB 436 Risk Management Guidelines - Companion to AS/NZS 4360

HB 231:2000 Information security risk management guidelines.

Clientsmay include:

employer or employee groups

individuals

political parties

public and private entities

trade or professional associations.

Riskrelates to:

the chance of something happening that will have an impact on objectives.

Security risks may relate to:

biological hazards

chemical spills

client contact

electrical faults

explosives

financial viability

injury to personnel

noise, light, heat, smoke

persons carrying weapons

persons causing a public nuisance

persons demonstrating suspicious behaviour

persons suffering from emotional or physical distress

persons under the influence of intoxicating substances

persons with criminal intent

persons, vehicles and equipment in unsuitable locations

property or people

security systems

suspicious packages or substances

systems or process failures

terrorism

violence or physical threats.

Informationmay include:

analysis of stakeholder concerns and objectives

contacts within and external to the organisation

documentation regarding employment, contracts

group workshops and brainstorming

historical data

key personnel

operating environment of organisation (neighbours, situational issues, financial markets, competitors, stability, size, workforce, core business activities, functions, stakeholders)

organisational structure and lines of responsibility

questionnaires

reports and relevant documentation

structured interviews

surveys.

Terms of referencemay include:

client expectations

cost

limitations and exclusions (who and what they can access and what they cannot access)

lines of authority

operational environment

roles and responsibilities

scale of the task or assessment (whether a full-scale operation, or limited to a particular section or operation of the company)

security and other clearances

timeframe.

Relevant personsmay include:

clients

manufacturers

other professional, specialist or technical staff

security consultants

security personnel

supervisors.

Sourcesof information may include:

colleagues

documentation and reports

group workshops and brainstorming

incident reporting systems (software or paper-based)

interviews

media (newspaper, radio, television, industry magazines)

questionnaires

statistical data and evaluative studies

structured interviews

surveys (organisational or industry based) and questionnaires.

Astructured plancan be constructed by using:

checklists

interview question sheets

spreadsheets, word-processing and other software

structured planning software

structured questionnaires

structured tables.

Assetsmay include:

business plans

equipment

facilities

goodwill

information, information systems and sources

intellectual property

output

people

reputation

systems

work processes and practices.

Assessment criteriamay be based on:

AS/NZS 4360:2004 Risk management (or its equivalent)

qualitative factors

quantitative factors

semi-quantitative factors.

Relevant information and datamay include:

client activities and functions

client business and operational plans

client current and proposed operating environment, assets and systems

existing client security management strategies

history of incidents

potential risks or threats experienced by similar organisations or organisations in similar situations.

Countermeasuresmay relate to:

acceptance of residual risk

addition of security measures

minimisation of harm through response mechanisms

reduction of security measures

risk avoidance through change of service and system specifications

transfer of risk to other entity (such as insurance company, outsourcing an operational activity).

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Applicable provisions of legislative and organisational requirements, and relevant standards for assessment activities are identified and complied with. 
Client operations, goals and objectives are discussed and confirmed in consultation with the client. 
Context for identifying risk is based on an understanding of the operating environment and core business operations of the client. 
Information is collected and assessed for currency, accuracy and relevance. 
Terms of reference are identified in consultation with relevant persons and other sources of information and are updated, modified and maintained. 
A structured plan for identifying and assessing risks is developed based on the terms of reference, the type and scale of the assessment task and the timeframe given for the assessment task. 
Threat, consequence and vulnerability for each asset is compared in accordance with terms of reference. 
Assessment criteria for measuring level of potential or existing risk together with an assessment of consequences are developed in accordance with terms of reference. 
Gaps in the predetermined methodology are identified and reported to relevant persons, and where appropriate, options to meet these gaps are proposed. 
Impacts of possible change in organisational business are allowed for during conduct of risk assessment. 
Relevant information and data is assessed for validity and reliability and organised in a format suitable for review. 
Risk potential is determined by assessment of valid and relevant data. 
Analysis and options to overcome identified obstacles are supported by gathered and verifiable information. 
Presented information uses clear and concise language, is free of inconsistencies and meets organisational standards of style, format and accuracy. 
Feedback is sought and all additional information and queries are responded to promptly, courteously and accurately. 
Countermeasures are broadly identified for future management decision-making purposes. 
Relevant documentation is completed and securely maintained with due regard to client confidentiality. 

Forms

Assessment Cover Sheet

CPPSEC4006A - Assess risks
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

CPPSEC4006A - Assess risks

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: