• BSBRSK401A - Identify risk and apply risk management processes

Identify risk and apply risk management processes

This unit describes the performance outcomes, skills and knowledge required to identify risks and to apply established risk management processes to a subset of an organisation or project's operations that are within the person's own work responsibilities and area of operation.No licensing, legislative, regulatory or certification requirements apply to this unit at the time of endorsement.


This unit applies to individuals with a broad knowledge of risk analysis or project management who contribute well developed skills in creating solutions to unpredictable problems through analysis and evaluation of information from a variety of sources. They may have responsibility to provide guidance or to delegate aspects of these tasks to others.

In this unit, risks applicable within own work responsibilities and area of operation, may include projects being undertaken individually or by a team, or operations within a section of the organisation.

Elements and Performance Criteria



1. Identify risks

1.1. Identify the context for risk management

1.2. Identify risks using tools, ensuring all reasonable steps have been taken to identify all risks

1.3. Document identified risks in accordance with relevant policies, procedures and legislation

2. Analyse and evaluate risks

2.1. Analyse and document risks in consultation with relevant stakeholders

2.2. Undertake risk categorisation and determine level of risk

2.3. Document analysis processes and outcomes

3. Treat risks

3.1. Determine appropriate control measures for risks and assess for strengths and weaknesses

3.2. Identify control measures for all risks

3.3. Refer risks relevant to whole of organisation or having an impact beyond own work responsibilities and area of operation to others as per established policies and procedures

3.4. Choose and implement control measures for own area of operation and/or responsibilities

3.5. Prepare and implement treatment plans

4. Monitor and review effectiveness of risk treatment/s

4.1. Regularly review implemented treatment/s against measures of success

4.2. Use review results to improve the treatment of risks

4.3. Provide assistance to auditing risk in own area of operation

4.4. Monitor and review management of risk in own area of operation

Required Skills

Required skills

literacy skills sufficient to read and understand a variety of texts; and to write, edit and proofread documents to ensure clarity of meaning, accuracy and consistency of information

research and data collection skills to monitor and evaluate risks

problem-solving skills to appropriately address identified risks.

Required knowledge

Australian and international standards for risk management

key provisions of relevant legislation from all levels of government that may affect aspects of business operations, such as:

anti-discrimination legislation

ethical principles

codes of practice

privacy laws

environmental issues

occupational health and safety

organisational policies and procedures relating to risk management processes and strategies

auditing requirements relating to risk management.

Evidence Required

The Evidence Guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the following is essential:

identification, analysis and evaluation of risks

demonstrated understanding of personal role in relation to wider organisational or project context

demonstrated understanding of risk management processes and procedures.

Context of and specific resources for assessment

Assessment must ensure:

access to workplace documentation relating to risk management

access to risk management tools and frameworks.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

direct questioning combined with review of portfolios of evidence and third party workplace reports of on-the-job performance by the candidate

review of documentation outlining risk analysis processes and outcomes

analysis of responses to case studies and scenarios

oral or written questioning to assess knowledge of Australian and international standards for risk management

review of implementation of treatment plans.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, for example:

general administration units

other risk management units.

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Context may include:

any related projects or organisations

any resources, including physical assets, which are vital to operations

key operational elements and service of the organisation

organisation or project, how it is organised and its capabilities

own role and responsibilities in relation to overall project or organisation design

Risks may include:

commercial and legal relationships

economic circumstances and scenarios

human behaviour

individual activities

management activities and controls

natural events

political circumstances

positive risk

technology - technological issues

Tools may include:

documentation to assist in process of identifying risk, and assessing impact and likelihood of occurrence

standard instruments developed for the organisation and contextualised for sections of the workplace's operations, such as checklists and testing procedures

tools to prioritise risks, including where relevant, numerical scoring systems for risks

Stakeholders may include:



financial managers

insurance agents



service providers




Risk categorisation may include:

likelihood of risks:

almost certain





consequences of risks:






current control measures

Level of risk may include:

low, treated with routine procedures

moderate, with specific responsibility allocated for the risk, and monitoring and response procedures implemented

high, requiring action, as it has potential to be damaging to the organisation or project

extreme, requiring immediate action, as it has potential to be devastating to the organisation or project

Control measures may include:

hierarchy of controls:

reduction in likelihood of risks

reduction of consequences of risks

retention of risks

risk aversion

transfer of responsibility of risks

Measures of success may include:


reductions in impact

reductions in likelihood

reductions in occurrence


Unit sector

Competency Field

Regulation, Licensing and Risk - Risk Management

Employability Skills

This unit contains employability skills.

Licensing Information

Not applicable.