BSBOPS504_Student_Assessment_Task.docx

Assessment Cover Sheet Please complete cover sheet clearly and accurately for assessment tasks and other types of evidence you submit for your course. All student assessment tasks submissions including any associated checklists where applicable, are to be attached to this cover sheet. Student Use Student ID No Student Name Sujith Reddy Unit Code BSBOPS504 Unit Title Manage business risk Assessment No. 1 Assessment Method Written Assessment  Initial Submission  Re-Submission Student Declaration I declare that:  These tasks are my own work.  None of this work has been completed by any other person  These tasks are not plagiarised or colluded with any other student/s.  I have correctly referenced all resources and reference texts throughout these assessment tasks.  I have read and understood NTCA’s policy on Plagiarism, cheating and collusion and understand that if I am found to be in breach of this policy, disciplinary action may be taken against me by NTCA.  I have a copy of my assessment work with me, which I can produce if the original is lost. Student Signature: Submission Date: Assessor Use Only Outcome Satisfactory / Not Satisfactory Assessor Feedback: Assessor Name: Signature: Date: Student Submission Receipt: Your submission has been received. Please keep a copy of this record. Student ID & Name : ……………………………….…………………….….. Submission Date: …………………..……………………………. Unit Code : ………………………………..……………… Assessment No & Method: ……………………………………..….……..………….  Initial Submission  Re-Submission Received By (Name): …………………………………….…. Signature: …………………..……….. Date: …………………..……………….. The results will be updated within twenty-one (21) days from your final submission . Please check your student portal regularly to make sure that your results are updated. If there are any discrepancies, please discuss with the Trainer/Student Support Officer. Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 3 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Outline the steps that are generally followed to carry out these processes. i. Identify the risks – The initial step in the risk management process is to identify the risks that the business is exposed to in its operating environment. ii. Analyse the risk: Once a risk has been identified it needs to be analysed. The scope of the risk must be determined. It is also important to understand the link between the risk and different factors within the organization. iii. Evaluate the risks: Risks need to be ranked and prioritized. Most risk management solutions have different categories of risks, depending on the severity of the risk. A risk that may cause some inconvenience is rated lowly, risks that can result in catastrophic loss are rated the highest. iv. Treat risk: Every risk needs to be eliminated or contained as much as possible. This is done by connecting with the experts of the field to which the risk belongs. v. Monitor and review risks: A monitoring and control mechanism is used to monitor the risk strategies implemented. Workers must follow safety instructions and procedures, and they will do this more effectively if they are involved in the development of these procedures, understand the reasons for them and how they work B. Document Storage Requirements a. It requires any record, paper or electronic, to be kept securely, but in a place where it can be accessed promptly when needed. A record should then be kept for an “appropriate” period of time, after which it should be securely destroyed b. The data stored should be properly named along with versions and is to be accessible by authorized personal. Steps should be taken to protect privacy and security of the personal and confidential data. Question 3 Define the following types of business risks. Types of Business Risk Definition a. Economic Risk Economic risk refers to the possibility that changes in macroeconomic conditions will negatively impact a company or investment. For instance, exchange rate fluctuations can impact losses or gains. b. Compliance Risk Compliance risk is the threat posed to an organization's financial, organizational, or reputational standing resulting from violations of laws, regulations, codes of conduct, or organizational standards of practice. Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 6 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Outline at least two principles that this standard outlines. ii. Risk management is an integral part of all organizational processes IEC 31010:2019: RISK MANAGEMENT: RISK ASSESSMENT TECHNIQUES PURPOSE Identify what this standard aims to do, i.e. the scope of the standard. IEC 31010, which complements ISO 31000, Risk management, describes the process to be followed when assessing risk, from defining the scope to delivering a report. It introduces a range of techniques to identify and understand risk in a business or technical context. ELEMENTS Outline the purpose of at least two components of risk assessment as outlined in this standard. Use bullet points. i. Hazard analysis and critical control points (HACCP) ii. Preliminary hazard analysis (PHA) Question 6 Explain how the following tools and techniques are used to identify risks for scoping risk management processes: 1. Tools a. SWOT Analysis b. PESTLE Analysis 2. Techniques a. Documentation review b. Brainstorming TOOLS SWOT Analysis SWOT analysis is a strategic planning technique used to help a person or organization identify strengths, weaknesses, opportunities, and threats related to business competition or project planning. PESTLE Analysis A PESTLE analysis is a framework to analyse the key factors (Political, Economic, Sociological, Technological, Legal and Environmental) influencing an organization from the outside. It offers people professional’s insight into the external factors impacting their organization. TECHNIQUES Documentation review A documentation review is intended to determine the flow of information across the business process, and map how the data from the raw data sources is transformed into the ultimate information product. Brainstorming Brainstorming is a method design teams use to generate ideas to solve Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 9 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Assessment Task 2 - Project Task instructions  This is the second (2) assessment task you have to successfully complete to be deemed competent in this unit of competency.  This assessment task requires you to complete a project.  You will receive your feedback within two weeks - you will be notified by your trainer/assessor when results are available.  You must attempt all activities of the project for your trainer/assessor to assess your competency in this assessment task Practical Assessment Workplace Project Assessment Project Overview This workplace project assessment requires you to lead at least one risk management process for an organisation or work area. This assessment is divided into five tasks:  Task 1: Establish the Risk Context and Research Risks  Task 2: Consult with Stakeholders to Identify Risks That Apply to Scope  Task 3: Analyse Risks and Develop Risk Treatment Schedule and Plan  Task 4: Consult with Stakeholders to Confirm Risk Analysis and Treatment Plan  Task 5: Implement and Monitor Risk Treatment Forms and Templates Generic forms and templates are provided in the project tasks, unless otherwise specified. These can be accessed from the following link: B SBOPS504 Forms and Templates If you are currently in a workplace, use similar workplace templates and forms used by your organisation to complete each assessment task. Discuss with your supervisor and your assessor first to ensure that the forms/templates you will use cover all criteria required by each assessment task. Review these forms and templates with your assessor before starting the task Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 12 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Risk Management Report Learner Name Sujith Reddy Organisational Processes, Procedures, and Requirements These details must relate to the risk management process followed by the organisation. Business risk area Identify any one area.  Customer engagement  Escalations  Privacy  Security  Work health and safety (WHS) Processes Identify at least two processes. These details must relate to identified business risk area. 1. Identifying the risk 2. Analyzing the risk Procedures Identify at least two procedures. These details must relate to the identified business risk area. 1. Initiate risk assessment 2. Identify the scope of the risk Requirements Identify at least two requirements. These details must relate to the identified business risk area. 1. Implement a Risk Management Framework based on the Risk Policy 2. Establish the Context Evaluation of Processes, Procedures, and Requirements These details must relate to the processes, procedures, requirements, and business risk area identified above. Processes Explain how each process relates to the business risk area. This will be used to define the scope of risk management activities while establishing the context. 1. Identify existing and potential risks as well as existing controls. The potential risks can be categorized as services performed, contract risk, acceptance or continuance risk and performance risk 2. Analyse and evaluate the risks on a continuing basis. This involves a comparison of exposure levels against a predetermined tolerance level, the degree of control, potential or actual losses and benefits and opportunities presented by the risk. Procedures Explain how each procedure relates to the business risk area. This will be used to define the scope of risk management activities while establishing the context. 1. Each procedure relates to the business risk areas because the risk identified in this situation is information technology security. The procedure is to start a risk assessment. Every workplace environment has computers and. information technology hazards that could cause irreversible damage. But risk assessments can drastically reduce the likelihood of work- related events. They raise awareness about hazards and the risks they pose and help employers identify ways to minimize Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 15 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Evaluation Explain how strengths outweigh the weaknesses or vice versa It is found that there is a need for training and development programs and continuous risk analysis. Existing Arrangement 2 Stakeholder consultation meeting Strengths Identify at least two strengths. Strengths are aspects of the risk management process which meet the objectives of the process. 1. Help to collect information from the stakeholders 2. Gather stakeholder support to deal with the potential risks. Weaknesses Identify at least two weaknesses. Weaknesses are aspects of the risk management process which do not meet the objectives of the process. 1. May be time consuming due involvement of groups which have low power to influence 2. Can lead to conflict of interest among the stakeholders. Explanation Explain how strengths outweigh the weaknesses or vice versa Stakeholder consultation helps with improving collaboration between the management and the stakeholders. Critical Success Factors, Goals, and Objectives These details must relate to the business risk area included in the scope of the risk management process. Critical Success Factors Identify at least two critical success factors. A critical success factor is the factor that is essential to achieve the goals and objectives of following the risk management process. 1. . Effective participation of all stakeholders 2. Regular training processes Goals Identify at least two goals. A goal is the outcome that is to be achieved by following the risk management process. 1. To make employees able to handle any risk without panicking 2. To prevent as much risk as possible Objectives Identify at least two objectives. An objective is the deliverable that is required to achieve the identified goals. 1. Early identification risks 2. Mitigation of identified risks Business Risks Identify at least three business risks that may apply to the scope of the risk management process. Business Risk 1 Chance of data breach where the management unintentionally release the security information. Update after stakeholder consultation and negotiation Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 18 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

OBSERVATION FORM During the presentation, learner: YES/NO Assessor’s comments 1. Describes the purpose of the presentation. The purpose is to consult and confirm the risk management process and identify at least three business risks.  YES  NO 2. Discusses the expected outcome of the presentation. The expected outcome is to reach consensus on at least three business risks that apply to the scope of the risk management process.  YES  NO 3. Explains the risk management process. This must be the risk management process followed by the learner’s organisation in the business risk area identified by the learner in Workplace Project Task 1 . Discussion must correspond to the information outlined in the risk management report and its annexures from Workplace Project Task 1 . The learner must explain at least each of the following steps in their own words:  YES  NO a. Details for the organisation in relation to risk management  YES  NO i. At least two processes  YES  NO ii. At least two procedures  YES  NO iii. At least two requirements  YES  NO b. The scope of the risk management process  YES  NO c. Establishing the context The context of the risk management process should be established from the understanding of the external and internal environment in which the organisation operates and should reflect the specific environment of the activity to which the risk management process is to be applied.  YES  NO i. Political context  YES  NO ii. Economic context  YES  NO iii. Social context  YES  NO iv. Legal context  YES  NO v. Technological context  YES  NO vi. Policy context  YES  NO d. At least two relevant stakeholders of the risk management process  YES  NO e. Risk assessment This must include the following processes:  YES  NO i. Risk identification Risk identification is about finding, recognising and describing risks that might help or prevent an organisation achieving its objectives.  YES  NO ii. Risk analysis  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 21 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Risk analysis is about comprehending the nature of risk and its characteristics including, where appropriate, the level of risk. Risk analysis involves a detailed consideration of uncertainties, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness. iii. Risk evaluation Risk evaluation is about supporting decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required.  YES  NO f. Risk treatment Risk treatment is about selecting and implementing options for addressing risk.  YES  NO g. Monitoring and review Monitoring and reviewing is about assuring and improving the quality and effectiveness of process design, implementation and outcomes. Ongoing monitoring and periodic review of the risk management process and its outcomes should be a planned part of the risk management process, with responsibilities clearly defined.  YES  NO h. At least two existing arrangements that follow the risk management process  YES  NO i. At least two strengths and two weaknesses of each existing arrangement  YES  NO j. For the area included in the scope:  YES  NO i. At least two critical success factors  YES  NO ii. At least two goals  YES  NO iii. At least two objectives  YES  NO 4. Presents the three business risks that they identified in Workplace Project Task 1. During the presentation, learner must:  YES  NO a. Describe each risk Risk description must briefly describe the event that is likely to lead to the risk occurring, for example:  Unexpected surge in number of users of a system  Inventory stockout  Breach of personal data  YES  NO b. Explain how each risk applies to the scope of the risk management process. The learner must draw a clear linkage between the risk and the scope of the risk management process. For example, losing business records (the risk) is relevant to business record keeping (part of the scope).  YES  NO 5. Consults and negotiates with the stakeholders. Learner must:  YES  NO a. Discuss at least two risk management processes These must correspond with the risk context and scope identified in Workplace Project Task 1.  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 22 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

b. Discuss at least two risk management objectives Objectives are expected outcomes. These must correspond with the objectives of the risk management process identified in Workplace Project Task 1.  YES  NO c. Discuss at least three business risks that apply to scope. These must be in conformity with the risks presented to the stakeholders earlier in this task.  YES  NO d. Ask the stakeholders for their views on the business risks presented.  YES  NO e. Negotiate with the stakeholders to include the items in the risk management process. This applies to items where there is a difference of opinion. The learner must:  YES  NO i. Present their opinion  YES  NO ii. Acknowledge the stakeholders’ opinion  YES  NO iii. Arrive at a compromise between the stakeholders’ opinion and their own opinion  YES  NO f. Reach consensus on at least three business risks that apply to scope. Learner must reach agreement with the stakeholders.  YES  NO 6. Uses conventions and protocols appropriate to the audience. During the presentation, learner:  YES  NO  Speaks in a polite and professional manner  YES  NO  Explains concepts or jargon that are unclear to audience  YES  NO  Speaks clearly and in an appropriate volume  YES  NO  Uses correct pauses in between discussion points  YES  NO  Demonstrates appropriate nonverbal language such as:  YES  NO  Establishes and maintains eye contact  Using hand or arm gestures to emphasise points in the discussion  Using posture to show interest  Establishes and maintains distance  YES  NO 7. Uses active listening skills to elicit views of others regarding the topic discussed. During the presentation, learner:  YES  NO  Refrains from interrupting the person speaking  Focuses on the words spoken by the other person  Uses appropriate facial expressions such as nodding or smiling to show that they are listening  Summarises discussion point or questions from speaker to confirm understanding  Provides relevant responses to the person’s questions  Suspends judgment when the person answers a question or provides their opinion on the topic  YES  NO 8. Uses questioning skills to clarify or confirm understanding of others regarding the topic discussed. During the presentation, learner:  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 23 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

 Encourages audience to ask questions  Uses open ended questions to quickly review the topic discussed  Asks challenging questions relevant to the topic to stimulate thinking  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 24 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Task 3: Analyse Risks and Develop Risk Treatment Schedule and Plan ASSESSMENT INSTRUCTIONS This task will require you to analyse the risks you identified in Workplace Project Task 2 and develop a risk treatment plan for at least two risks. Use your workplace/organisation’s template to complete this task, or use the Risk Register and Risk Treatment Schedule and Plan templates provided at the Bounce Fitness site. To complete this task, you must:  List at least three risks you identified in Workplace Project Task 2 in the Risk Register . For each identified risk: o Provide a risk description This must conform with the risk description in the updated Risk Management Report from Workplace Project Task 2. o Assess the likelihood of the risk occurring o Assess the impact or consequence if the risk occurs o Assign an initial risk rating to the risk o Assign a priority level for each risk based on its risk rating. o Identify at least two possible control measure for treating the risk. o Identify the current treatment to manage the risk  Access and review organisational documents or sources that contains information on the current treatment implemented for each risk identified.  Partially complete the Risk Treatment Schedule and Plan with: o The identified risks Write the risks in order of the priority ratings identified in the Risk Register. o Risk treatment option Identify whether to avoid, reduce, transfer, or accept the risk . o Risk treatment actions o Personnel responsible for implementation of treatment activity o Target date for implementation o At least one expected outcome of implementation Each outcome must be SMART (Specific, Measurable, Achievable, Relevant, Timebound) Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 25 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

o You must leave the following sections blank:  Risk Monitoring  Evaluation of Implementation  Areas of Improvement o You must submit, as supplementary evidence, copies of the sources of information on current treatment to manage the risks you identified. use the Risk Register and Risk Treatment Schedule and Plan templates provided at the Bounce Fitness site. Submit the following to your assessor:  Completed Risk Register  Partially-completed Risk Treatment Schedule and Plan templates Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 26 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

RISK REGISTER Learner Name Sujith Reddy RISK REGISTER Risk Description Risk Assessment Control Measure Current Treatment to Manage Risk Likelihood (L) Impact (I) Risk Rating (R) Priority Level 1. Cyber security risk Likely Major High High Requires immediate corrective action. 1. Staffs should be trained to handle basic IT equipment 2. Increase the layer of cyber security 2. Premises is inaccessible due to flood or fire Possible Major Moderate Moderate May require corrective action through the planning and budgeting process 1. Train staffs on health and safety procedure 2. Identify an alternative site for business to continue 3. Not complying with industrial standards Unlikely Insignificant Low Low May require consideration in any future changes to the work area or processes, or can be fixed immediately. 1. Implement formal compliance monitor 2. Keep up to date with changing compliances Risk Rating Matrix Likelihood (L) Impact (I) Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 27 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Insignificant 1 Minor 2 Moderate 3 Major 4 Severe 5 Rating (R) A. Almost certain Low (L) Moderate (Mo) High (H) Critical (C) Critical (C) B. Likely Low (L) Moderate (Mo) High (H) High (H) Critical (C) C. Possible Low (L) Moderate (Mo) Moderate (Mo) High (H) High (H) D. Unlikely Low (L) Low (L) Moderate (Mo) Moderate (Mo) High (H) E. Rare Low (L) Low (L) Low (L) Moderate (Mo) Moderate (Mo) Likelihood and Impact Definition Likelihood (L) Impact (I) A. Almost certain The event is expected to occur in most circumstances; constant exposure to risk; high probability of damage; clear history of occurrence 1. Insignificant Minimal or no injury; or very low financial loss A. Likely The event will probably occur in most circumstances; frequent exposure to risk; substantial probability of damage; some history of occurrence 2. Minor First aid treatment; minor medical treatment but no lost time; or minor financial loss B. Possible The event should occur at some time; regular or occasional exposure to risk; moderate probability of damage 3. Moderate Medical treatment required; lost time injury; less than four weeks off work C. Unlikely The event could occur at some time; infrequent exposure to risk; low probability of damage; little or no history at this site 4. Major Extensive or multiple injuries; major back, neck, arm, leg, face or internal injury; extended absence of one or more employees; external investigation by WST; lost time over one month Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 28 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

D. Rare The event may occur only in exceptional circumstances; rare exposure to risk; very low probability of damage 5. Severe Death, fatal diseases or fatal injury Rating Definition Critical (C) Dangerous level of risk which is unacceptable and required to be controlled immediately. Access and exposure to the hazard are to be restricted until the risk can be lowered to an acceptable level. A hazardous task must not be undertaken if rated as extreme until review and approval by the manager. High (H) Unacceptable level of risk which must be controlled immediately. Control measures would involve eliminating, substituting, isolating or engineering out the source of the risk from the activity or equipment. The time frame for the completion of at least one control to reduce the risk to low or negligible is within 24 hours. Hazardous tasks or activities rated as high require review and approval by manager before being undertaken. Moderate (Mo) Unacceptable level of risk. The time frame for the completion of risk controls to lower the risk to a low or negligible level is within 14 days. Low (L) These risks are considered acceptable. Accordingly, no further action is necessary. However, if there are controls which can be initiated that are easy and inexpensive, they can still be administered. The time frame for the completion of controls associated with this level of risk is within 28 days. Risk Priority Scale Risk Rating Risk Priority Description 1 – 3 L Low : May require consideration in any future changes to the work area or processes, or can be fixed immediately. 4 – 6 M Moderate : May require corrective action through planning and budgeting process. 8 – 12 H High : Requires immediate corrective action. 15 – 25 E Extreme : Requires immediate prohibition of the work process and immediate corrective action. RISK TREATMENT SCHEDULE AND PLAN Learner Name Sujith Reddy Workplace/Organisation Bounce fitness State/Territory NSW Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 29 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

RISK TREATMENT PLAN Risk The risk in priority order from the risk register. Risk Treatment Option Avoid/ Reduce/ Transfer/ Accept Risk Treatment Action Personnel Responsible Target Date for Implementation Expected Outcomes Actual Date of Implementation 1. Cyber security risks Reduce Isolate the devices effected. Turnoff unaffected devices. Inform the cyber response team ASAP IT Department Head 25/09/2022 Stop the spread of malware Prevent data loss 25/09/2022 2. Premises is inaccessible due to flood or fire Reduce Follow the emergency procedure of the organization Evacuate the building General manager 30/09/2022 Prevent the loss of human life 30/09/2022 3. Not complying with industrial standards Avoid Identification of compliance requirement General manager 30/09/2022 Non-compliance issues in the future 30/09/2022 Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 30 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

RISK MONITORING Risk Treatment Action Refer to the risk treatment actions identified in the plan above. Monitoring 1 Monitoring 2 Date of Monitoring Actual Outcomes Date of Monitoring Actual Outcomes 1. 25/09/2022 Not satisfactory 20/09/2022 to 25/09/2022 Not satisfactory 2. 30/09/2022 Satisfactory 20/09/2022 to 30/09/2022 Satisfactory 3. 30/09/2022 Satisfactory 10/09/2022 to 30/09/2022 Satisfactory Evaluation of Implementation Favourable Outcomes Identify at least one actual outcome that was better than expected Unfavourable Outcomes Identify at least one actual outcome that was worse than its expected outcome Outcome Reason for Variance Outcome Reason for Variance System and equipment were handled well Good maintenance Staffs unable to respond to the situation So many staffs didn’t attend training sessions Areas of Improvement Identify areas of improvement in the risk management process based on the actual outcomes of the implementation. Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 31 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Area of Improvement Reason for Selecting this Area 1. Staffs need to take these trainings seriously Less number of staff attending the training 2. Management should implement rules strictly Management not taking training sessions seriously Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 32 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Task 4: Consult with Stakeholders to Confirm Risk Analysis and Treatment Plan ASSESSMENT INSTRUCTIONS This task will require you to:  Conduct a meeting with at least two stakeholders to consult and confirm your risk analysis and treatment schedule and plan you completed in Workplace Project Task 3 .  Communicate the updated Risk Management Report to at least two relevant parties. A. Conduct a meeting with at least two stakeholders Your assessor will observe you as you consult and communicate with the stakeholders. You will be assessed on your practical skills to:  Explain the risk management process. This must be the same risk management process you identified in Workplace Project Task 1.  Present your risk analysis and treatment schedule and plan you completed in Workplace Project Task 3. You must explain the following: o Completed Risk Register. o Partially-completed Risk Treatment Schedule and Plan.  Consult and negotiate with the stakeholders to assess each risk identified in both templates from Workplace Project Task 3. You must ask the stakeholders for their views on the risk assessment, risk treatment schedule and plan you have presented, and the risks you have selected for treatment. Where there is a difference of opinion, you must negotiate with the stakeholders to reach agreement.  Reach consensus on the risk assessment and treatment schedule and plan you have presented.  Select appropriate conventions and protocols when communicating with the stakeholders. Appropriate communication techniques must be observed throughout the meeting. Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 33 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

B. Communicate the updated Risk Management Report to at least two relevant parties After the meeting, you must:  Update the Risk Management Report you previously updated in Workplace Project Task 2 to include the Risk Register and Risk Treatment Schedule and Plan as annexures.  Communicate the updated Risk Management Report (including Risk Register and Risk Treatment Schedule and Plan as annexures) to at least two relevant parties. Relevant parties refer to individuals or groups such as accreditation bodies, auditors, risk managers. Review the following before starting this task:  Workplace Project Task 4 – Assessor’s Checklist  Workplace Project Task 4 – Observation Form These forms outline the following:  Resources you are required to access to complete the task.  All criteria your submission must address to satisfactorily complete this task.  All practical skills you need to demonstrate to satisfactorily complete the observation task. Your assessor will discuss these resources with you, and the criteria outlined in these forms prior to this assessment. Submit the updated Risk Management Report (including Risk Register and Risk Treatment Schedule and Plan as annexures) to your assessor. You must also submit evidence of communication of the updated Risk Management Report to at least two relevant parties. Evidence must be at least one of the following:  Email correspondence Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 34 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Simulated Email Template  Send From: Sujith Reddy To: Suppliers and employees Cc: Subject: Communicating the updated risk register Message Dear stakeholders, Greetings of the day. This mail is to communicate you the updated risk register, in the updated risk register the key risks are identified and their impact on the organization is analysed. Based on the risks identified, a detailed risk management strategy is developed. The updated risk register is attached below. Thanks and regards, Sujith Reddy Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 35 of 44 BSBOPS504-Student Assessment Task.doc Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

OBSERVATION FORM During the presentation, learner: YES/NO Assessor’s comments 9. Describes the purpose of the presentation. The purpose is to consult and confirm the risk analysis and treatment schedule and plan completed in Workplace Project Task 3 .  YES  NO 10. Discusses the expected outcome of the presentation. The expected outcome is to reach consensus on the risk assessment and treatment schedule and plan.  YES  NO 11. Explains the risk management process. This must be the same risk management process the learner identified in the updated Risk Management Report from Workplace Project task 2 . This must correspond to the information in the supplementary evidence submitted for that task. The learner must explain at least each of the following steps in their own words:  YES  NO a. Establishing the context The context of the risk management process should be established from the understanding of the external and internal environment in which the organisation operates and should reflect the specific environment of the activity to which the risk management process is to be applied.  YES  NO b. Risk assessment This must include the following processes:  YES  NO i. Risk identification Risk identification is about finding, recognising and describing risks that might help or prevent an organisation achieving its objectives.  YES  NO ii. Risk analysis Risk analysis is about comprehending the nature of risk and its characteristics including, where appropriate, the level of risk. Risk analysis involves a detailed consideration of uncertainties, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness.  YES  NO iii. Risk evaluation Risk evaluation is about  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 36 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

supporting decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. c. Risk treatment Risk treatment is about selecting and implementing options for addressing risk.  YES  NO d. Monitoring and review Monitoring and reviewing is about assuring and improving the quality and effectiveness of process design, implementation and outcomes. Ongoing monitoring and periodic review of the risk management process and its outcomes should be a planned part of the risk management process, with responsibilities clearly defined.  YES  NO i. Learner must identify the schedule for monitoring that they will follow after implementing the risk treatment plan. For example, learner will monitor the plan monthly from the date of implementation.  YES  NO 12. Presents the risk analysis. For each identified risk: This must be in conformity with the Risk Register the learner completed in Workplace Project Task 3 .  YES  NO a. Includes a risk description Risk description must briefly describe the event that constitutes the risk, for example:  Unexpected surge in number of users of a system  Inventory stockout  Breach of personal data  YES  NO b. Assesses the likelihood of the risk occurring Learner must identify the possibility of each risk occurring.  YES  NO c. Assesses the impact or consequence if the risk occurs Impact refers to how severe the effect of the risk is to the overall success and completion of the project. Learner must identify the impact for each risk listed.  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 37 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

d. Assigns an initial risk rating to the risk Learner must identify the risk rating for each risk using the responses for each risk’s likelihood and impact.  YES  NO e. Risk priority Priority level of risks refers to how thorough and how prompt the corrective action to be implemented for each risk must be and identifies the sequence of addressing risks, when more than one occurs at the same time. Learner must identify the priority level of each risk based on the risk rating assigned to each risk.  YES  NO f. Identifies at least two possible control measure for treating the risk These may be any of:  Avoid  Reduce  Transfer, or  Accept the risk.  YES  NO g. Identifies the current treatment to manage the risk  YES  NO 13. Presents the risk treatment schedule and plan . These must correspond with the information in the Risk Treatment Schedule and Plan the learner partially-completed in Workplace Project Task 3 .  YES  NO a. At least three risks. For each risk in the risk treatment schedule and plan, the learner identifies:  YES  NO i. A risk treatment option.  YES  NO ii. Risk treatment actions.  YES  NO iii. Personnel responsible for implementation of treatment activity  YES  NO iv. A target date for implementation  YES  NO v. At least one expected outcome of implementation  YES  NO 14. Consults and negotiates with the stakeholders to assess the risks identified in the risk register completed in Workplace Project Task 3. Learner must:  YES  NO a. For the three identified risks:  YES  NO i. Discuss the likelihood of the risk  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 38 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

occurring ii. Discuss the impact or consequence if the risk occurs  YES  NO iii. Discuss the initial risk rating  YES  NO iv. Discuss the priority level for each risk based on its risk rating  YES  NO v. Discuss at least two possible control measures for treating the risk  YES  NO b. For each risk to be treated:  YES  NO i. Discuss the risk treatment option  YES  NO ii. Discuss the risk treatment actions  YES  NO iii. Discuss the personnel responsible for implementation of treatment activity  YES  NO iv. Discuss the target date for implementation  YES  NO v. Discuss at least one expected outcome of implementation  YES  NO c. Ask the stakeholders for their views on:  YES  NO i. The risks to be treated  YES  NO ii. The risk assessment  YES  NO iii. The risk treatment schedule and plan presented  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 39 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

d. Negotiate with the stakeholders to reach agreement. This applies to items where there is a difference of opinion. The learner must:  YES  NO i. Present their opinion  YES  NO ii. Acknowledge the stakeholders’ opinion  YES  NO iii. Arrive at a compromise between the stakeholders opinion and their own opinion  YES  NO 15. Reaches consensus on the risk assessment, evaluation, treatment, and monitoring schedule presented Learner must reach agreement with the stakeholders.  YES  NO 16. Uses conventions and protocols appropriate to the audience. During the presentation, learner:  YES  NO  Speaks in a polite and professional manner  YES  NO  Explains concepts or jargons that are unclear to audience  YES  NO  Speaks clearly and in an appropriate volume  YES  NO  Uses correct pauses in between discussion points  YES  NO  Demonstrates appropriate nonverbal language such as:  YES  NO  Establishes and maintains eye contact  Using hand or arm gestures to emphasise points in the discussion  Using posture to show interest  Establishes and maintains distance  YES  NO 17. Uses active listening skills to elicit views of others regarding the topic discussed. During the presentation, learner:  YES  NO  Refrains from interrupting the person speaking  Focuses on the words spoken by the other person  Uses appropriate facial expressions such as nodding or smiling to show that they are listening  Summarises discussion point or questions  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 40 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

from speaker to confirm understanding  Provides relevant responses to the person’s questions  Suspends judgment when the person answers a question or provides their opinion on the topic 18. Uses questioning skills to clarify or confirm understanding of others regarding the topic discussed. During the presentation, learner:  YES  NO  Encourages audience to ask questions  Uses open ended questions to quickly review the topic discussed  Asks challenging questions relevant to the topic to stimulate thinking  YES  NO Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 41 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Task 5: Implement and Monitor Risk Treatment Plan ASSESSMENT INSTRUCTIONS This task will require you to:  Implement risk treatment for at least two risks in your workplace, based on the Risk Treatment Schedule and Plan you agreed with relevant stakeholders in Workplace Project Task 4 .  Monitor and evaluate the risk management process to identify areas of improvement. Use your workplace/organisation’s template to complete this task or use the Risk Treatment Schedule and Plan template provided at the Bounce Fitness site. PART A: Implement Risk Treatment Plan To complete this task, you must:  Access and identify the following details for your organisation: o At least two policies for risk treatment implementation o At least two procedures for risk treatment implementation  For each risk: o Implement the risk treatment actions identified in the Risk Treatment Schedule and Plan, according to the organisational policies and procedures you have identified. o Update the Risk Treatment Plan section of the Risk Treatment Schedule and Plan with the Actual Date of Implementation. Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 42 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

PART B: Monitor Risk Treatment Plan To complete this task, you must:  Monitor the implemented risk treatment actions on at least two occasions.  For each monitoring occasion, update the Risk Monitoring section of the Risk Treatment Schedule and Plan with the following: o Risk Treatment Action o Date of Monitoring o Actual Outcomes  After the second monitoring occasion: o Evaluate the implementation of the Risk Treatment Plan section of the Risk Treatment Schedule and Plan by comparing the actual outcomes against the expected outcomes.  Identify at least one favourable outcome A favourable outcome is where the actual outcome was better than expected  Identify the reason for the favourable variance  Identify at least one unfavourable outcome An unfavourable outcome is where the actual outcome was worse than expected  Identify the reason for the unfavourable variance o Identify at least two areas of improvement in the risk management process based on the actual outcomes of the implementation. o Provide a reason for selecting each area of improvement Review the template you will use to complete this task. If you are using a template from your workplace/organisation, discuss with your assessor to ensure that the template covers all requirements that apply to this task. Otherwise, use the Risk Treatment Schedule and Plan template provided at the Bounce Fitness site. Submit the updated Risk Treatment Schedule and Plan to your assessor. You must also submit evidence of implementation of risk treatment. This can include:  Evidence of communication/consultation to key personnel and/or stakeholders  Evidence of workplace training conducted  Copies of instructions provided to relevant stakeholders on how to implement the specific action item (e.g. instructions for proper handling of equipment) You must also submit, as supplementary evidence, copies of the organisational policies and procedures for risk treatment implementation. Simulated Email Template  From: Sujith Reddy To: Suppliers and employees Cc: Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 43 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C

Send Subject: Communication about risk treatment plan Message Dear stakeholders, Greetings of the day. We are glad to communicate the recently developed risk treatment plan. The key areas of risk treatment strategy include training and development programs and update the risk management policies. The below is the risk treatment analysis; RISK TREATMENT PLAN Thanks and regards Sujith Reddy Record of Assessment Assessment Activity Satisfactory Needs more evidence Workplace Project Assessment Task 1: Establish the Risk Context and Research Risks   Task 2: Consult with Stakeholders to Identify Risks That Apply to Scope   Task 3: Analyse Risks and Develop Risk Treatment Schedule and Plan   Task 4: Consult With Stakeholders to Confirm Risk Analysis and Treatment Plan   Task 5: Implement and Monitor Risk Treatment   Document: BSBOPS504-Student Assessment Task | Version: 1.1 | Page 44 of 44 Level 11, 190 Queen St, Melbourne, 3000 Tel: 03 9606 0032 | Web: www.ntca.edu.au RTO#6527 | CRICOS#03399C