PSPGOV417A
Identify and treat risks

This unit covers the identification and treatment of risk using the organisation's risk management procedures and treatments. It applies to the risks inherent in all aspects of everyday work in the public sector as well as to specific functional activities and projects related to the particular mandate of the organisation. The unit covers establishment of the risk context, identification, analysis and evaluation of risks, risks treatment, and monitoring and review of risk treatment plan.In practice, identifying and treating risk occurs in the context of other generalist or specialist public sector work activities such as acting ethically, complying with legislation, applying government processes, handling classified information, using resources, administering projects, providing parliamentary support, making arrests, using financial processes, undertaking scientific research, awarding contracts, undertaking native title assessments, assessing compensation claims, road transport compliance, etc. This is one of 4 units of competency in the Working in Government and Management Competency Fields that deal with risk. Related units are:PSPGOV517A Coordinate risk managementPSPMNGT608B Manage risk PSPMNGT704A Undertake enterprise risk managementThis is a new unit of competency, added to the Working in Government Competency Field of the Training Package in 2004

Application

Not applicable.


Prerequisites

Not applicable.


Elements and Performance Criteria

ELEMENT

PERFORMANCE CRITERIA

1. Establish the risk context

1.1 The nature and extent of the work activity are established within the broader organisational context

1.2 The outcomes to be achieved are identified and documented as required

1.3 The relationship between the activity and its environment is analysed and critical factors in the environment that may impact on the achievement of outcomes are identified

1.4 Stakeholders are identified and consulted to identify their opinions, concerns and needs related to the activity and the management of risks related to it

1.5 Risk evaluation criteria are determined for the activity in accordance with legislation, policy and procedures related to risk management in the organisation

2. Identify risks

2.1 Method/sfor identifyingrisks are selected in accordance with risk management policy and procedures, budgetary and time constraints relative to the type of activity to be undertaken

2.2 Sources of risk are identified and documented as required

2.3 Risk events related to each source of risk are identified and recorded in accordance with risk management policy and procedures

2.4 Consultation and communication is undertaken to ensure all possible risks are identified

3. Analyse risks

3.1 The probability of identified risks occurring is analysed and rated in accordance with risk management policy and procedures

3.2 The consequences of identified risks occurring are analysed and rated according to organisational procedures

3.3 Current control measures for any of the identified risks are considered in the risk analysis, and residual risks are analysed and included if necessary

3.4 Levels of risk are determined in accordance with risk matrix used by the organisation

3.5 Consultation/communication is undertaken as required to confirm risk levels, and analysis is documented in accordance with organisational risk management procedures

4. Evaluate risks

4.1 Risks are evaluated by comparing the level of risk with risk evaluation criteria established at the beginning of the risk management process

4.2 The importance of the activity, its outcomes and the degree of control over the risks are considered

4.3 Potential and actual losses which may arise from the risk are considered

4.4 Benefits and opportunities presented by the risk are taken into account

4.5 Risks are identified as acceptable or unacceptable in accordance with risk evaluation criteria, and confirmation/approval is obtained in accordance with risk management policy and procedures

4.6 Unacceptable risks are prioritised and the reason/s for acceptance of risks is documented

5. Treat risks

5.1 Options for treating risks are determined in accordance with risk management policy and procedures

5.2 The best treatment option is selected and a cost-benefit analysis is undertaken to compare the cost of implementing the treatment with the benefits

5.3 A risk treatment plan is prepared, approved and communicated to those who will be involved in implementation

5.4 Changes required to operational structure, procedures or staffing in order to implement risk treatments are negotiated in accordance with organisational policy and procedures

5.5 Resources are arranged and risk treatment plan is implemented in accordance with risk management policy and procedures

6. Monitor and review risk treatment plan

6.1 Changes in the organisational environment and factors impacting on the organisation are monitored for their impact on risks and existing risk treatments

6.2 Risk treatments for unacceptable risks are monitored and adjusted as required to ensure they remain effective

6.3 Acceptable risks are monitored to ensure these risk levels do not increase over time

6.4 Consultations are conducted and data relating to risks and risk treatments are collected, analysed and used to improve risk management in own area of operation

6.5 Risk treatment plan is reviewed in accordance with timetable for review of plan and updated as required

6.6 Input is provided into formal reviews/audits of risk in the organisation to improve risk management outcomes

Required Skills

This section describes the essential skills and knowledge and their level, required for this unit.

Skill requirements

Look for evidence that confirms skills in:

applying legislation, regulations and policies relating to risk management

researching and analysing the wider context affecting the organisation

assessing and evaluating risks

monitoring and reviewing risks and risk treatments

communicating and consulting with a diverse range of stakeholders

estimating and arranging resources needed for implementation of risk treatments

responding to diversity, including gender and disability

applying procedures relating to occupational health and safety and environment in the context of risk management

Knowledge requirements

Look for evidence that confirms knowledge and understanding of:

legislation, regulations, policies, procedures and guidelines relating to risk management

Australian and New Zealand standards - Risk management, AS/NZS 4360:1999 or as revised

Guidelines for managing risk in the Australian and New Zealand public sector - HB 143:1999

the organisation's risk management framework

the relationship of risk to context - how the context may define the risks

the importance of consultation and communication at every stage of the risk management cycle

risk management as a core activity of everyday work in the public sector

the diversity of risks in the public sector

equal employment opportunity, equity and diversity principles

public sector legislation such as occupational health and safety and environment in the context of risk management

Evidence Required

The Evidence Guide specifies the evidence required to demonstrate achievement in the unit of competency as a whole. It must be read in conjunction with the Unit descriptor, Performance Criteria, the Range Statement and the Assessment Guidelines for the Public Sector Training Package.

Units to be assessed together

Pre-requisite unitsthat must be achieved prior to this unit:Nil

Co-requisite unitsthat must be assessed with this unit:Nil

Co-assessed units that may be assessed with this unit to increase the efficiency and realism of the assessment process include, but are not limited to:

PSPETHC401A Uphold and support the values and principles of public service

PSPFIN401A Use public sector financial processes

PSPGOV402B Deliver and monitor service to clients

PSPGOV405B Provide input to change processes

PSPGOV406B Gather and analyse information

PSPGOV409A Provide support to Parliament

PSPGOV422A Apply government processes

PSPGOV419A Work with interpreters

PSPLAND402A Undertake native title assessments

PSPPM405A Administer simple projects

PSPPROC410A Administer contracts

PSPREG406C Make arrests

PSPSEC405A Handle security classified information

Overview of evidence requirements

In addition to integrated demonstration of the elements and their related performance criteria, look for evidence that confirms:

the knowledge requirements of this unit

the skill requirements of this unit

application of Employability Skills as they relate to this unit

identification and treatment of risks in a range of (3 or more) contexts (or occasions, over time)

Resources required to carry out assessment

These resources include:

legislation, policy, procedures and protocols relating to risk management

Australian and New Zealand standards - Risk management, AS/NZS 4360:1999 or as revised

Guidelines for managing risk in the Australian and New Zealand public sector - HB 143:1999

other national and international standards relating to risk management, such as SIRCA 8001:2003

case studies and workplace scenarios to capture the range of risk management situations likely to be encountered

Where and how to assess evidence

Valid assessment of this unit requires:

a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when identifying and treating risks, including coping with difficulties, irregularities and breakdowns in routine

identification and treatment of risks in a range of (3 or more) contexts (or occasions, over time).

Assessment methods should reflect workplace demands, such as literacy, and the needs of particular groups, such as:

people with disabilities

people from culturally and linguistically diverse backgrounds

Aboriginal and Torres Strait Islander people

women

young people

older people

people in rural and remote locations.

Assessment methods suitable for valid and reliable assessment of this competency may include, but are not limited to, a combination of 2 or more of:

case studies

portfolios

projects

questioning

scenarios

authenticated evidence from the workplace and/or training courses

For consistency of assessment

Evidence must be gathered over time in a range of contexts to ensure the person can achieve the unit outcome and apply the competency in different situations or environments


Range Statement

The Range Statement provides information about the context in which the unit of competency is carried out. The variables cater for differences between States and Territories and the Commonwealth, and between organisations and workplaces. They allow for different work requirements, work practices and knowledge. The Range Statement also provides a focus for assessment. It relates to the unit as a whole. Text in italics in the Performance Criteria is explained here.

Organisational context may include

the organisation, how it is organised, and its capabilities

the organisation's functions:

political

operational

financial

social

legal

commercial.

the various stakeholders and clients

any official resources, including physical areas and assets, that are vital to the operation of the organisation

key operational elements and services of the organisation

any major projects

the relationship between the organisation and the environment in which it operates

Environmental factors may be

social

economic

legal

technological

environmental

Stakeholders may include

employees

managers

volunteers

unions

financial managers

self-insurers

clients

suppliers

contractors

service providers

community organisations

the public

Risk evaluation criteria are

used to rank risks and decide whether they are acceptable or not

affected by:

legal requirements

perceptions of internal/external stakeholders

cost-benefit analysis, for example, cost of risk management being less than financial cost if the risk occurred

Legislation, policy and procedures may include

Commonwealth and State/Territory legislation relating to risk management

national and international codes of practice and standards, such as SIRCA 8001:2003

the organisation's risk management policies and practices

codes of conduct/codes of ethics

Australian and New Zealand standards - Risk management, AS/NZS 4360:1999 or as reviewed

Guidelines for managing risk in the Australian and New Zealand public sector - HB 143:1999

international guidelines such as ISO/IEC Guide 73:2002, Risk management - vocabulary, guidelines for use in standards

professional standards for risk management, for example certified practising risk manager (CPRM)

jurisdictional policies, guidelines and web sites, for example www.riskmanagement.qld.gov.au

Risk management

is a logical and systematic process of identifying, analysing, evaluating, treating and monitoring risks related to any strategy, plan, process, program or procedure that will enable the organisation to minimise losses and maximise opportunities.

may be considered in relation to an organisation's:

people

assets and physical environment

reputation and image

legal issues

business continuity

finances.

may include written procedures to ensure staff know:

what

how

when, and

by whom, action is to be taken to treat risks in the organisation

Methods of identifying risks may include

analysis of past records

personal, local or overseas experience

interviews/discussions with stakeholders

surveys/questionnaires

audits and physical inspections

observation of activity

analysis of scenarios

research of external sources

using industry experts/consultants

Risks may include

physical injury or death

failure of machinery or equipment

breaches of security

fraud

litigation

client dissatisfaction

unfavourable publicity

Risks may be

internal

external

random

real

perceived

Sources of risk may include

human behaviour

technology/technical issues

occupational health and safety

legal

political

property/equipment

environmental

financial/market

natural events

Risk events are

what can happen, as opposed to the source (how a risk may arise) and the impact (what is the implication if it happens)

Probability of risk may be

almost certain

likely

possible

unlikely

rare

Consequences of risk may be

insignificant

minor

moderate

major

catastrophic

Control measures may

reduce the probability of the risk occurring, the consequences of the risk, or both

include:

training

supervision

minimising/restricting exposure

physical barriers.

relocation

Level of risk may be

low - treated with routine procedures

moderate - with specific responsibility allocated for the risk, and monitoring and response procedures implemented

high - requiring action, as it has potential to be damaging to the organisation

extreme - requiring immediate action, as the potential could be devastating to the organisation

Documentation of analysis may include

table showing all risks, any existing controls, probability of occurring, consequences and subsequent level of risk

Acceptable risks are

those which an organisation has determined have the least potential for harm

not necessarily insignificant

Risks may be acceptable because

the risk level is so low that it does not warrant spending time and money to treat it

the risk is low and the benefits outweigh the cost of treating it

the opportunities presented are much greater than the threat

Unacceptable risks are

those which an organisation has determined have the most potential for harm

Options for treating risks may include

avoiding the risk, for example, by terminating the activity or conducting it in another way (these actions may have different risks attached)

controlling the risk, by reducing the probability of the risk occurring, the consequences of the risk, or both

transferring the risk, for example, by arranging insurance, contracting some or all of the activity to another organisation or person, etc

retaining the risk, and making contingency plans/funds allocation for covering any loss or other negative effect from the risk

Risk treatment plan may include

sources of risk and risk events

analysis of risks - probability, consequences and risk levels

prioritised list of unacceptable risks

treatment options selected

person/s responsible for implementing treatment options

resources required

performance measures

timeframe for implementation

timetable for review of plan

Resources may include

physical - equipment, motor vehicles, furniture

human - management, employees, volunteers

financial - funding, budget allocation, sponsorship

resources that are part of the risk treatment, not just implementation of the treatment plan

training and briefing sessions

changes to the organisation's operating structure

Changes may mean that

new risks are created

existing risks are increased or decreased

risks no longer exist

the priority order of risks changes

risk treatment strategies are no longer effective


Sectors

Not applicable.


Competency Field

Working in Government


Employability Skills

This unit contains employability skills.


Licensing Information

Not applicable.