Practical Assessment

Practical Assessment Workplace Project Assessment Task 1: Establish the Risk Context and Research Risks Organisational Processes, Procedures, and Requirements Business risk area Identify any one area. Customer engagement Escalations Privacy Security Work health and safety (WHS) At least two processes 1. Recognising the risk 2. Investigating the risk At least two procedures 1. Initiate risk assessment 2. Classify the risk scope At least two requirements 1. Implement a Risk Management Framework based on the Risk Policy. 2. Establish the Context Evaluation of Processes, Procedures, and Requirements Process, Procedure and requirement relates to the business risk area - Identify existing and potential risks as well as existing controls and Analyse and evaluate the risks on a continuing basis. - The procedure is to start a risk assessment. But it can drastically reduce the likelihood of work-related events. - It is important to implement a risk management framework based on the risk policies. Establishing the Context Scope Included area IT Excluded area Building Security Context of the risk management process, in terms of: Political context Factor Privacy act

Economic context Factor Interest rates Social context Factor Reputation Legal context Factor Litigation Technological context Factor Server crash Policy context Factor Breach of organizational policy Stakeholders Two relevant stakeholders - Customers - Employees Existing Arrangements Existing Arrangement 1 Strengths - Clear and easy to understand - Easily accessible for everyone Weaknesses - Not well structured - Many process are not taken seriously Existing Arrangement 2 Strengths - Risk are mentioned in details - Current approach are mentioned in details Weaknesses - Implementation action are not clear - Risk register is difficult to understand Critical Success Factors, Goals, and Objectives Critical Success Factors - Effective participation of all stakeholders - Regular training processes Goals - To prevent as much risk as possible - To make employees able to handle any risk without panicking Objectives - Early identification risks - Mitigation of identified risks Business Risks Three Business Risks 1. Increased competition 2. Loss of customer due to cyber security breach 3. Change in government policy Source Risk identification http://tap.pdc.org/TAPResources/RiskIdentification.pdf Risk management https://www.ijstr.org/final-print/nov2018/The- Importance-Of-Risk-Management-In-An- Organizations.pdf Types of risk https://www.americanexpress.com/en- us/business/trends-and-insights/articles/7-business- risks-every-business-should-plan-for/

Appropriate conventions and protocols Email, Face to Face meeting Task 3: Analyse Risks and Develop Risk Treatment Schedule and Plan Risk Register Risk Register Risk Description Risk Assessment Control Measure Current Treatment Likelihoo d Impact Risk Rating Priority Level Failure to involve employees in the change process. This is perhaps the most common barrier to change management . Unlikely 3 L Low Get worker involved Listen to their view Your efforts to introduce change can only succeed when you get employees involved in the change process as much as possible. Poor communication : Some organizations have no effective communication strategy. Unlikely 2 L Low Communicat e the change Communicat e how it will affect them. CEOs should stop making statement and introduce strategies. Resistance to organisational culture shift. Due to the complex nature and/or a Unlikely 2 L Low Focus on individual transitions Successful change managemen t depends on individual transitions as well as the

history of failed changes, the culture of an organization may foster resistance to change and change management. Focus on the environment environment that the change is done in. Risk Treatment Schedule and Plan Risk Treatment Risk (Priority order) Risk Treatment options Risk Treatment Action Personnel Responsibl e Target Date Expected Outcomes Actual Date Risk monitoring Risk monitoring Risk monitoring Monitoring 1 Monitoring 2 Monitoring Date Actual Outcomes Monitoring Date Actual Outcomes Evaluation of Implementation Evaluation of Implementation Favourable Outcomes Unfavourable Outcomes Outcome Reason for Outcome Reason for

understood. Company should engage those who are opposed to a change. By doing this, they can actively see what their concerns are and possibly alleviate the problem in a timely manner. Appropriate conventions and protocols Email, Face to Face meeting II. Communicate the updated Risk Management Report to at least two relevant parties Updated Risk Management Report Copy table here Task 5: Implement and Monitor Risk Treatment Risk monitoring Risk monitoring Risk monitoring Monitoring 1 Monitoring 2 Monitoring Date Actual Outcomes Monitoring Date Actual Outcomes Evaluation of Implementation Evaluation of Implementation Favourable Outcomes Unfavourable Outcomes Outcome Reason for Variance Outcome Reason for Variance Areas of Improvement

Areas of Improvement Areas Reasons