To save this Content guide to your computer – pull down the File menu and choose Save As … and give it a file name of your choice

Identify and manage risk:Content guide

Contents

Identify and manage risk: Content guide

Overview

Key terms

Introduction

Tools used to identify risk

Examples of risk in context

Different tools for different industry types

General risk identification tools

Selected examples of the tools

Specific risk areas

Commercial and legal relationships

Economic circumstances and scenarios

Financial risk

Human behaviour

Natural events

Political circumstances

Technology and technological issues

Record and report risks

Documenting risks to meet legislation requirements

Sample answers to ‘My workplace’ questions

Overview

In this content guide you will find out about:

  • the tools used to identify risk
  • specific risk areas
  • ways to record and report risks.

As part of this discussion you will also investigate the nature of risk and approaches to its management.

Key terms

Brainstorming

This process can take various forms, from meetings of staff in an environment where there is freedom to experiment with ideas, and where there is freedom to express opinions. It is usually a process of energetic interaction with a goal of forming and discussing ideas and concepts in a round table or group dynamic.

Current assets

Are those items of value or economic benefit, such as cash or other assets, that would be consumed or converted into cash within a 12 month period.

Current liabilities

Refer to those debts to be paid by the business within a short period, usually within a 12-month period. Examples include accounts payable, creditors, bank overdrafts, short term loans.

Current ratio

This shows the organisation’s current assets which are available to cover the liabilities or debts of the organisation, at the time of the balance sheet.

Fishbone diagram

A diagram where each line or 'fishbone' represents an area that may have caused a problem. The areas could be listed under headings eg, human factors, procedures, hardware, management, environment.

Liquidity ratio

This ratio looks at the immediate liquidity of the organisation. In other words, it measures an organisation’s ability to pay off short-term debt as it becomes due. It is arrived at by dividing the current assets less stock (known as inventory) by the current liabilities less overdraft.

Operating expense ratio

This is the ratio of total operating expenses to effective gross income. It is obtained by dividing operating expenses by gross income and is expressed as a percentage.

Organisational context

The type of organisation, the way it is managed, including its management structure, the way it organises what it does and what it produces.

Profit and loss statement

The purpose of a profit and loss statement is to measure the profit or loss for the period. It does this by summarising the revenues for the period, and subtracting the expenses from the revenues to arrive at the profit or loss.

Scenario analysis

This is a process of examining options and competing scenarios based on an assessment of future events. The focus is on the future and may take into account past and present events as elements of the examination.

Strategic context

The organisation’s current and future planning, its goals, and objectives.

Introduction

As a manager dealing with risk, there are three important things for you to remember:

  • Risk refers to a future event.
  • Risk normally arises from an organisation’s market, the economy that influences it, and its environmental context (culture, politics and place). Risk assessment involves the identification, and then the assessment, of that risk.
  • The risk assessment process should be conducted in the context of the risk and of the organisation, market, economy or country which is subject to the risk.

Once you have identified the risk, it is important to then identify the strategic, organisational and risk management context in which the assessment and treatment will occur.

The term ‘strategic context’ means the organisation’s current and future planning, its goals, and objectives. ‘Organisational’ context means the type of organisation, the way it is managed, including its management structure, the way it organises what it does and what it produces.

Risk must also be assessed against the relevant criteria or particular standards in relation to that risk.

Tools used to identify risk

Organisations and the markets they operate in are all different—so are the risks they face. Each organisation has its own systems and methodology and even organisations operating in the same market usually have distinctive approaches to the same systems. A market, whether it is the steel market, women’s shoes, or the tourist market, comprises a number of competing factors.

Examples of risk in context

The following are examples of risk in context and the criteria against which to assess the risk.

Example 1

Where the risk is an injury risk arising from the operation of a machine, the criteria are the relevant Occupational Health and Safety provisions of the legislation related to the industry. It may also include the safe operation procedures of the manufacturer or the organisation that owns the machine.

If the risk is one from a particular disease arising from exposure to a substance, the context of the risk and its assessment is the area in which the substance is found. This includes the people who are ordinarily exposed to the substance. The criteria in assessing this risk is the nature of the disease viewed in conjunction with the people who are to be exposed.

Example 2

Another example of a risk to an organisation might be a decision by management to adopt a particular marketing strategy. Here the context is the market in which the risk is being taken, and the background to the decision to expose the organisation to risk. The criterion for assessing this risk is the financial capacity of the organisation to survive the risk. For example, a business is experiencing falling profits. In an effort to raise those profits it adopts an aggressive marketing strategy. The risk of adopting or not adopting this strategy is assessed against financial criteria.

This process of examination of the context and criteria for assessing the risk forms the basis of the subsequent assessment and treatment of the risk. It allows similar risks to be categorised for the purpose of subsequent treatment.

By looking at the context and the criteria for assessing risk, you are then able to select the appropriate tools to treat the risk.

Different tools for different industry types

It’s important to remember that the type of tools used to identify risk will depend largely on the type of organisation you work in. The tools you use will depend on what your organisation and your section does, and how you do it.

The tools used for identifying risk in production-based industries differ from those in service-based industries.

Risk focus in production-based industries

Production-based industries usually emphasise procedural and systematic risk assessment. The focus is on the systems and procedures set up within the organisation. When you are assessing actual or potential risk, it is important to understand that each component of each procedure and each step in each system is capable of examination as a risk assessment.

Risk focus in service-based industries

Service-based industries look more to culture and performance as areas of potential risk that need to be managed. An organisation’s culture includes the values and attitudes it promotes internally and externally. This culture can be what identifies the organisation within its market. It is a perception that is shared by a number of members of the organisation, customers, and often if the organisation is well known, members of the general public.

Examples of some organisational cultures include:

  • a culture of fun and achievement – some discount airlines and radio stations with a youth focus
  • a culture of adventure or danger – some recreational sports, such as skydiving or bungee jumping
  • a culture that is conservative and secure – most banks and insurance companies.

So, the organisation’s culture is about how it is perceived and this may be an individual or group perception.

Performance in service companies refers to personal performance. Service companies do not produce actual objects which can be put onto shelves and sold at a future time. They produce services which must be used or experienced as they are being given, for example a hairdressing salon provides the service of cutting hair. The experience for the client is immediate, and that service can only be performed by that person.

As we work in the areas of risk, its identification and management you will see that the identification of the type of organisation will impact on the selection process.

General risk identification tools

There are, however, some general tools that can be used to identify risk. These can be incorporated within established risk management processes in any organisation and include:

  • Inspections: walking through and conducting inspections of each task, location, team, group or process within an organisation. This can be done by individual managers or team leaders and supervisors. It can also be done by senior or executive management.
  • Consultation: a process that allows evidence on unreported incidents to be gathered, for example, injuries, machine breakdown. Again these meetings can be held on a local or team or group or senior management level. The results of a number of these meetings can then be incorporated in further meetings with managers at different levels.
  • Safety or management audits: these can be conducted by individual managers or team leaders and focus on their own or associated areas, or can be conducted by members of the organisation who specialise in this area.
  • Testing: of plant and equipment in an operational context, or of staff in a service area. This also can be accomplished as part of the local group or team approach or can be part of a wider organisation-wide approach.
  • Scientific or technical evaluation or expert instruction in up-to-date methods (service industry): these are usually provided by third parties or consultants and often form part of the training process of the organisation.
  • Collection and evaluation of material: from suppliers, manufacturers, designers, and from safety organisations, unions, interest groups and employer organisations.
  • Expert advice: engaging professional consultants and advisors, lawyers, engineers, safety experts, process experts.
  • Seeking government or regulatory information and help: from government departments, investigatory and regulatory bodies, royal commissions, commissions of inquiry, coronial inquests, industrial commission hearings, statistical bodies and ‘think tanks’.
  • Networking: with other members of the market, or users of similar machines or processes.
  • Benchmarking: a process of seeking out and identifying the best practices of the organisation’s competitors, where those best practices represent a higher quality level or performance. The process means that the organisation, having identified the best practice in the industry then uses that ‘benchmark’ as the quality standard to be obtained within its industry.

As mentioned above, the selection of individual tools and methods to identify risk is largely dependent on the type of organisation, process and market. The type of tools you use should also be chosen by taking into consideration the nature of the workforce or membership of the organisation.

So take care to ensure that the tool or method selected is appropriate to the people using and reviewing the methods.

Selected examples of the tools

Brainstorming

The brainstorming process can take various forms, but one of the most effective is in meetings of staff in an environment where there is freedom to experiment with ideas and to express opinions. Brainstorming is usually a process of energetic interaction with the goal of forming and discussing ideas and concepts in a round-table or group dynamic. It allows examination of existing and emerging risk by using the ideas and experience of fellow workers, managers, experts, other stakeholders and the users of the process or service.

Brainstorming is a vibrant tool which is designed to open up the creative imaginations of the participants and to encourage open debate concerning a wide variety of possible alternatives to the existing or proposed systems and procedures and services.

Record and document analysis

Any organisation that is effectively managed has systems and procedures to record day-to-day operations and provide assessments of performance for its employees.

So the creation and retention of records becomes part of the risk identification process. For example, production records exist in most manufacturing organisations, and variances and changes in performance levels often identify a risk. Similarly most companies have a sign-in book at reception, and examination of that register can be part of a risk assessment relating to lengths of appointments by staff, speed of processing customers in a reception room, absence of visits by regular customers.

Many reports and records are more complicated, and contain records that are important for a number of areas of risk assessment and management. Examples include:

  • Financial reports
  • Regulatory based reports, eg accident reports
  • Production reports
  • Sick leave reports
  • Attendance and time records
  • Quality production figure reports
  • Complaint level reports
  • Sales figures
  • Warranty claim records
  • Check and procedure lists.

Records such as these can assist you in monitoring the consistency of operations and production processes, or if you are working in a service-based industry, in presentation and effective communication.

There are also other records that can help you in assessing risk, such as operation manuals, quality procedure sheets, policy and operational instructions, mission statements, and basic instruction sheets.

One method to identify risk is to take an instruction sheet and determine what happens if you remove a step or process.

Audits and physical inspections

Regulatory based risk management procedures often include regular audits and inspections, for example Occcupational Health and Safety, activities of brokers and traders on the Australian Stock Exchange register and the regulation of Registered Training Organisations.

Many organisations have their own internal audit and inspection processes, including:

  • direct observation of activities by appropriate personnel
  • judgments based on experience – personal, local, or international
  • surveys, questionnaires, interviews
  • system modeling and analysis
  • process charting.

The fishbone diagram shown in figure 1 provides a good example of a process chart, sometimes called a cause and effect diagram. Each line or ‘fishbone’ represents an area that may have caused a problem. In this example they are ‘organisational practices’, ‘equipment’, ‘systems’ and ‘environment’. Other examples might include human factors, procedures, hardware or management.

Fishbone diagram

Scenario analysis

This is a process of examining options and competing scenarios based on an assessment of future events. The focus is on the future and may take into account past and present events as elements of the examination.

One topical example is the planning of security responses to possible terrorist threats.

Benchmarking similar organisations and activities

Benchmarking is as you have seen above, a process of identifying the industry best practice, and setting that as the standard for the particular organisation.

The process involves significant industry knowledge and an ability to examine competitors’ processes in order to identify why that market is dominant or produces the leading product or service.

Sample Risk Data Collection Record

Below is a sample Risk Data Collection Record for a fictional manufacturing business identifying how the shift work environment affects the health and safety of employees. The sample includes a full list of the kinds of data that may be collected, however because of the nature of this fictional business and the issue it is investigating, only some of these methods have been used.

Figure 2: Sample risk data collection record

Data Collection Method / Identified Risks / Possible Risk Consequences
Stakeholder consultation,
eg staff, customers, suppliers / N/A
Organisational records, eg attendance, accidents & incidents / Increased absenteeism and accidents at beginning of shift rotation / Labour shortage
Increased labour costs
Increased insurance costs
Human suffering
Expert input, eg professionals / Studies show increased anxiety and personal problems at end of night shift rotation / Long-term consequences, eg depression, family stress
Scenario analysis, eg asking ‘what if?’ questions / N/A
Brainstorming / N/A
Flow chart analysis / N/A
System testing / N/A
Surveys / Indicated tendency to take ‘long weekends’ during shift rotations that clashed with family commitments / Labour shortages
Increased labour costs
Production delays
Fishbone diagrams / N/A
SWOT analysis / N/A
Observation / Took staff a couple of days at beginning of rotation to realign to new roster
Increased lateness and reports of minor illness, eg headaches / Long term health costs
Increase in absenteeism and accidents (see above)
Audit / N/A
Other / N/A

My workplace

1. What procedures can you identify in your workplace that are used solely as risk identification tools, or can serve as tools for the identification of risk in addition to their usual operation?

Answer:

Specific risk areas

By now, it should be safe to assume that the tools you need for the identification of risk are in place and operating as part of the general business system of the organisation. We’ll now look at some specific risk areas.

Commercial and legal relationships

The identification of risks arising from legal relationships are usually dealt with and communicated through the organisation by those involved in legal issues within the organisation, for example, by the company secretary.

Legal risk might also include, for example adverse comments made by a staff member that could result in defamation proceedings being taken against the organisation.

A commercial relationship is an agreement between organisations where exchange of money, financial credit or debit, or exchange of something of value occurs to support the agreement. One or more of the parties to the agreement should be commercial entities or organisations. Commercial relationships may be informal or formal. There is risk associated with either form.