Application
This unit describes the skills and knowledge required to assess the exposure to identified risks in the organisation by evaluating the likelihood of risks occurring and their consequences.
It applies to individuals who use specialised knowledge to develop systematic approaches to problem solve and make recommendations within the organisation.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
1. Identify risks and develop risk evaluation criteria | 1.1 Identify risks in organisational processes and procedures following standards for risk management as indicated by regulators 1.2 Identify implications of risk factors to organisation and create evaluation criteria |
2. Assess current risk exposure | 2.1 Apply applicable risk assessment tools, establish probability and assess potential consequence of risk in an organisation 2.2 Conduct spot checks and determine quality of data 2.3 Identify mitigating effect of existing controls and use evaluation criteria to assess exposure to risk 2.4 Compare risk exposure levels against risk appetites of organisation, and identify and report unacceptable residual risks 2.5 Review and critically analyse risk appetite monitoring process and document findings |
3. Prepare probability assessment | 3.1 Analyse issues related to risk using measurement criteria 3.2 Identify issues arising from measurement assessment and determine the risk probability 3.3 Rank and summarise threats and risk issues as a risk map 3.4 Provide risk map to appropriate stakeholders |
4. Review and report breached issues and incidents | 4.1 Report issues and incidents on risk profile to business according to organisational policies and procedures 4.2 Determine reporting requirements of issues and incidents to regulators |
Evidence of Performance
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
conduct a risk assessment of at least two risks for an organisation.
In the course of the above the candidate must communicate and consult with appropriate external and internal stakeholders.
Evidence of Knowledge
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
key features and purpose of standards for risk management as indicated by regulators
systematic issues, trends and emerging risks
risk management principles, practices and terminology
organisational policy, procedures and operational guidelines relating to risk assessment
key features of evaluation criteria including risk exposure and tolerance levels
methods for developing measurement criteria
residual risk levels for the industry
risk appetite levels for the industry
incident assessment and analysis including:
root cause analysis
remediation plans
methods for prioritising risks, including preparing risk maps and conducting risk analysis
risk consequences for the organisation
methods for mapping threat summaries and ranking risk issues
roles of internal and external stakeholders in risk management.
Assessment Conditions
Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.
This includes access to:
office equipment, technology, software and consumables
legislation, regulations and codes of practice required to produce the performance evidence
standards for risk management as indicated by regulators.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.
Foundation Skills
Numeracy | Performs mathematical calculations to analyse data and statistics, and to interpret trends |
Oral communication | Participates in verbal exchanges using active listening and questioning techniques to convey information and elicit the views and opinions of internal and external personnel Clearly explains detailed information using concepts, language, tone and pace specific to the audience |
Reading | Critically analyses complex documentation from a variety of sources and consolidates information relating to specific criteria to determine requirements |
Writing | Uses a range of formats and structures to report and present information logically Develops material for a specific audience using clear and detailed language to convey information and recommendations |
Teamwork | Implements strategies for a diverse range of colleagues and clients to build rapport and foster strong relationships |
Initiative and enterprise | Applies systematic and analytical decision-making processes for complex and non-routine situations Investigates new and innovative ideas as a means to continuously improve work practices, identify issues and generate possible solutions through consultation, and analytical thinking Prepares for and facilitates discussion and information to ensure productive and diligent risk awareness |
Planning and organising | Accepts responsibility for planning and sequencing complex tasks and workload, negotiating key aspects with others |
Self-management | Identifies and resolves key business issues, processes and practices that may have legal or organisational implications Modifies and develops organisational policy and procedures to comply with legislative requirements and organisational goals |
Technology | Uses digital systems and technologies to enter, store or access information Adopts new and emerging technologies to complete work tasks |
Sectors
Risk management