Unit of competency details

Release 

TP Version 

Comments 

3

PSP12V1

Unit descriptor edited.

2

PSP04V4.2

Layout adjusted. No changes to content.

1

PSP04V4.1

Primary release.

Elements are the essential outcomes of the unit of competency.

Together, performance criteria specify the requirements for competent performance. Text in bold italics  is explained in the Range Statement following.

ELEMENT 

PERFORMANCE CRITERIA 

1 . Establish the risk context 

1.1 The nature and extent of the work activity are established within the broader organisational context .

1.2 The outcomes to be achieved are identified and documented as required.

1.3 The relationship between the activity and its environment is analysed and critical factors  in the environment that may impact on the achievement of outcomes are identified.

1.4 Stakeholders  are identified and consulted to identify their opinions, concerns and needs related to the activity and the management of risks related to it.

1.5 Risk evaluation criteria  are determined for the activity in accordance with legislation, policy and procedures  related to risk management  in the organisation.

2 . Identify risks 

2.1 Method/s for identifying risks  are selected in accordance with risk management policy and procedures, budgetary and time constraints relative to the type of activity to be undertaken.

2.2 Sources of risk  are identified and documented as required.

2.3 Risk events  related to each source of risk are identified and recorded in accordance with risk management policy and procedures.

2.4 Consultation and communication is undertaken to ensure all possible risks are identified.

3 . Analyse risks 

3.1 The probability of identified risks  occurring is analysed and rated in accordance with risk management policy and procedures.

3.2 The consequences of identified risks  occurring are analysed and rated according to organisational procedures.

3.3 Current control measures  for any of the identified risks are considered in the risk analysis, and residual risks are analysed and included if necessary.

3.4 Levels of risk  are determined in accordance with risk matrix used by the organisation.

3.5 Consultation/communication is undertaken as required to confirm risk levels, and analysis is documented  in accordance with organisational risk management procedures.

4 . Evaluate risks 

4.1 Risks are evaluated by comparing the level of risk with risk evaluation criteria established at the beginning of the risk management process.

4.2 The importance of the activity, its outcomes and the degree of control over the risks are considered.

4.3 Potential and actual losses which may arise from the risk are considered.

4.4 Benefits and opportunities presented by the risk are taken into account.

4.5 Risks are identified as acceptable  or unacceptable  in accordance with risk evaluation criteria, and confirmation/approval is obtained in accordance with risk management policy and procedures.

4.6 Unacceptable risks are prioritised and the reason/s for acceptance of risks is documented.

5 . Treat risks 

5.1 Options for treating risks  are determined in accordance with risk management policy and procedures.

5.2 The best treatment option is selected and a cost-benefit analysis is undertaken to compare the cost of implementing the treatment with the benefits.

5.3 A risk treatment plan  is prepared, approved and communicated to those who will be involved in implementation.

5.4 Changes required to operational structure, procedures or staffing in order to implement risk treatments are negotiated in accordance with organisational policy and procedures.

5.5 Resources  are arranged and risk treatment plan is implemented in accordance with risk management policy and procedures.

6 . Monitor and review risk treatment plan 

6.1 Changes  in the organisational environment and factors impacting on the organisation are monitored for their impact on risks and existing risk treatments.

6.2 Risk treatments for unacceptable risks are monitored and adjusted as required to ensure they remain effective.

6.3 Acceptable risks are monitored to ensure these risk levels do not increase over time.

6.4 Consultations are conducted and data relating to risks and risk treatments are collected, analysed and used to improve risk management in own area of operation.

6.5 Risk treatment plan is reviewed in accordance with timetable for review of plan and updated as required.

6.6 Input is provided into formal reviews/audits of risk in the organisation to improve risk management outcomes.

This section describes the essential skills and knowledge and their level, required for this unit.

Skill requirements 

Look for evidence that confirms skills in:

• applying legislation, regulations and policies relating to risk management
• researching and analysing the wider context affecting the organisation
• assessing and evaluating risks
• monitoring and reviewing risks and risk treatments
• communicating and consulting with a diverse range of stakeholders
• estimating and arranging resources needed for implementation of risk treatments
• responding to diversity, including gender and disability
• applying procedures relating to occupational health and safety and environment in the context of risk management

Knowledge requirements 

Look for evidence that confirms knowledge and understanding of:

• legislation, regulations, policies, procedures and guidelines relating to risk management
• AS/NZS ISO31000:2009 Risk management - Principles and Guidelines
• HB 436:2004 (Guidelines to AS/NZS 4360:2004) Risk Management Guidelines Companion to AS/NZS 4360:2004
• the organisation's risk management framework
• the relationship of risk to context - how the context may define the risks
• the importance of consultation and communication at every stage of the risk management cycle
• risk management as a core activity of everyday work in the public sector
• the diversity of risks in the public sector
• equal employment opportunity, equity and diversity principles
• public sector legislation such as occupational health and safety and environment in the context of risk management

The Evidence Guide specifies the evidence required to demonstrate achievement in the unit of competency as a whole. It must be read in conjunction with the Unit descriptor, Performance Criteria, the Range Statement and the Assessment Guidelines for the Public Sector Training Package.

Units to be assessed together 

• Pre-requisite units that must  be achieved prior  to this unit:Nil
• Co-requisite units that must  be assessed with  this unit:Nil
• Co-assessed units that may  be assessed with this unit to increase the efficiency and realism of the assessment process include, but are not limited to:

• PSPETHC401A Uphold and support the values and principles of public service
• PSPFIN401A Use public sector financial processes
• PSPGOV402B Deliver and monitor service to clients
• PSPGOV405B Provide input to change processes
• PSPGOV406B Gather and analyse information
• PSPGOV409A Provide support to Parliament
• PSPGOV422A Apply government processes
• PSPGOV419A Work with interpreters
• PSPLAND402A Undertake native title assessments
• PSPPM405A Administer simple projects
• PSPPROC410A Administer contracts
• PSPREG406C Make arrests
• PSPSEC405A Handle security classified information

Overview of evidence requirements 

In addition to integrated demonstration of the elements and their related performance criteria, look for evidence that confirms:

• the knowledge requirements of this unit
• the skill requirements of this unit
• application of Employability Skills as they relate to this unit
• identification and treatment of risks in a range of (3 or more) contexts (or occasions, over time)

Resources required to carry out assessment 

These resources include:

• legislation, policy, procedures and protocols relating to risk management
• AS/NZS ISO 31000:2009 Risk management - Principles and Guidelines
• HB 436:2004 (Guidelines to AS/NZS 4360:2004) Risk Management Guidelines Companion to AS/NZS 4360:2004
• other national and international risk management standards
• case studies and workplace scenarios to capture the range of risk management situations likely to be encountered

Where and how to assess evidence 

Valid assessment of this unit requires:

• a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when identifying and treating risks, including coping with difficulties, irregularities and breakdowns in routine
• identification and treatment of risks in a range of (3 or more) contexts (or occasions, over time).

Assessment methods should reflect workplace demands, such as literacy, and the needs of particular groups, such as:

• people with disabilities
• people from culturally and linguistically diverse backgrounds
• Aboriginal and Torres Strait Islander people
• women
• young people
• older people
• people in rural and remote locations.

Assessment methods suitable for valid and reliable assessment of this competency may include, but are not limited to, a combination of 2 or more of:

• case studies
• portfolios
• projects
• questioning
• scenarios
• authenticated evidence from the workplace and/or training courses

For consistency of assessment 

Evidence must be gathered over time in a range of contexts to ensure the person can achieve the unit outcome and apply the competency in different situations or environments

The Range Statement provides information about the context in which the unit of competency is carried out. The variables cater for differences between States and Territories and the Commonwealth, and between organisations and workplaces. They allow for different work requirements, work practices and knowledge. The Range Statement also provides a focus for assessment. It relates to the unit as a whole. Text in bold italics  in the Performance Criteria is explained here.

Organisational context  may include:

• the organisation, how it is organised, and its capabilities
• the organisation's functions:

• political
• operational
• financial
• social
• legal
• commercial

• the various stakeholders and clients
• any official resources, including physical areas and assets, that are vital to the operation of the organisation
• key operational elements and services of the organisation
• any major projects
• the relationship between the organisation and the environment in which it operates

Environmental factors  may be:

• social
• economic
• legal
• technological
• environmental

Stakeholders  may include:

• employees
• managers
• volunteers
• unions
• financial managers
• self-insurers
• clients
• suppliers
• contractors
• service providers
• community organisations
• the public

Risk evaluation criteria  are:

• used to rank risks and decide whether they are acceptable or not
• affected by:

• legal requirements
• perceptions of internal/external stakeholders
• cost-benefit analysis, for example, cost of risk management being less than financial cost if the risk occurred

Legislation , policy and procedures  may include:

• Commonwealth and State/Territory legislation relating to risk management
• national and international codes of practice and standards, such as SIRCA 8001:2003
• the organisation's risk management policies and practices
• codes of conduct/codes of ethics
• AS/NZS ISO 31000:2009 Risk management - Principles and Guidelines
• HB 436:2004 (Guidelines to AS/NZS 4360:2004) Risk Management Guidelines Companion to AS/NZS 4360:2004
• ISO Guide 73:2009 Risk Management, Vocabulary
• professional standards for risk management, for example certified practising risk manager (CPRM)
• jurisdictional policies, guidelines and web sites, for example www.riskmanagement.qld.gov.au

Risk management: 

• is a logical and systematic process of identifying, analysing, evaluating, treating and monitoring risks related to any strategy, plan, process, program or procedure that will enable the organisation to minimise losses and maximise opportunities.
• may be considered in relation to an organisation's:

• people
• assets and physical environment
• reputation and image
• legal issues
• business continuity
• finances

• may include written procedures to ensure staff know:

• what
• how
• when, and
• by whom, action is to be taken to treat risks in the organisation

Methods for identifying risks  may include:

• analysis of past records
• personal, local or overseas experience
• interviews/discussions with stakeholders
• surveys/questionnaires
• audits and physical inspections
• observation of activity
• analysis of scenarios
• research of external sources
• using industry experts/consultants

Risks  may include:

• physical injury or death
• failure of machinery or equipment
• breaches of security
• fraud
• litigation
• client dissatisfaction
• unfavourable publicity

Risks  may be:

• internal
• external
• random
• real
• perceived

Sources of risk  may include:

• human behaviour
• technology/technical issues
• occupational health and safety
• legal
• political
• property/equipment
• environmental
• financial/market
• natural events

Risk events  are:

• what can happen, as opposed to the source (how a risk may arise) and the impact (what is the implication if it happens)

Probability of identified risk  may be:

• almost certain
• likely
• possible
• unlikely
• rare

Consequences of identified risk  may be:

• insignificant
• minor
• moderate
• major
• catastrophic

Control measures  may:

• reduce the probability of the risk occurring, the consequences of the risk, or both
• include:

• training
• supervision
• minimising/restricting exposure
• physical barriers

• relocation

Level of risk  may be:

• low - treated with routine procedures
• moderate - with specific responsibility allocated for the risk, and monitoring and response procedures implemented
• high - requiring action, as it has potential to be damaging to the organisation
• extreme - requiring immediate action, as the potential could be devastating to the organisation

Documentation of analysis  may include:

• table showing all risks, any existing controls, probability of occurring, consequences and subsequent level of risk

Acceptable risks  are:

• those which an organisation has determined have the least potential for harm
• not necessarily insignificant

Risks may be acceptable  because:

• the risk level is so low that it does not warrant spending time and money to treat it
• the risk is low and the benefits outweigh the cost of treating it
• the opportunities presented are much greater than the threat

Unacceptable risks  are:

• those which an organisation has determined have the most potential for harm

Options for treating risks  may include:

• avoiding the risk, for example, by terminating the activity or conducting it in another way (these actions may have different risks attached)
• controlling the risk, by reducing the probability of the risk occurring, the consequences of the risk, or both
• transferring the risk, for example, by arranging insurance, contracting some or all of the activity to another organisation or person, etc
• retaining the risk, and making contingency plans/funds allocation for covering any loss or other negative effect from the risk

Risk treatment plan  may include:

• sources of risk and risk events
• analysis of risks - probability, consequences and risk levels
• prioritised list of unacceptable risks
• treatment options selected
• person/s responsible for implementing treatment options
• resources required
• performance measures
• timeframe for implementation
• timetable for review of plan

Resources  may include:

• physical - equipment, motor vehicles, furniture
• human - management, employees, volunteers
• financial - funding, budget allocation, sponsorship
• resources that are part of the risk treatment, not just implementation of the treatment plan
• training and briefing sessions
• changes to the organisation's operating structure

Changes  may mean that:

• new risks are created
• existing risks are increased or decreased
• risks no longer exist
• the priority order of risks changes
• risk treatment strategies are no longer effective