Unit of competency details

PSPMNGT704A - Undertake enterprise risk management (Release 3)


Usage recommendation:
Is superseded by and equivalent to PSPMGT014 - Undertake enterprise risk managementUnit code updated. Content and formatting updated to comply with the new standards. All PC transitioned from passive to active voice. Assessment Requirements created drawing upon specified assessment information from superseded unit. 06/Mar/2016

ReleaseRelease date
3 (this release) 01/Nov/2012
(View details for release 2) 07/Mar/2012
(View details for release 1) 05/May/2009


SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 080301 Business Management  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 080301 Business Management  24/May/2005 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Modification History


TP Version 




Unit descriptor edited.



Layout adjusted. No changes to content.



Primary release.

Unit Descriptor

This unit covers development of a risk management culture in the organisation (embedding risk management within organisational culture) to maximise the strategic outcomes for the organisation from enterprise risk management - a whole of organisation approach to risk management. It includes influencing organisational culture and providing strategic direction in risk management.

In practice, undertaking enterprise risk management may occur in the context of other generalist or specialist public sector work activities such as providing strategic direction, leading change, providing leadership in human resources management, etc.

The unit is one of 4 in the Working in Government and Management Competency fields dealing with risk. Related units of competency are:

  • PSPGOV417A Identify and treat risks
  • PSPGOV517A Coordinate risk management
  • PSPMNGT608B Manage risk

No licensing, legislative, regulatory or certification requirements apply to this unit at the time of publication

Application of the Unit

Not applicable.

Licensing/Regulatory Information

Not applicable.


Not applicable.

Employability Skills Information

This unit contains employability skills.

Elements and Performance Criteria Pre-Content

Elements are the essential outcomes of the unit of competency.

Together, performance criteria specify the requirements for competent performance. Text in bold italics  is explained in the Range Statement following.

Elements and Performance Criteria



1 . Influence organisational culture 

1.1 The strategic advantages  of embedding risk management  within organisational culture are promoted and reflected through the leadership position adopted on all matters related to the management of enterprise risk.

1.2 Risk management requirements and performance indicators are embedded in senior position profiles, organisational strategies, policies and plans to mainstream risk management as part of normal business operations rather than an added requirement.

1.3 Strategies are developed and implemented to promote knowledge sharing on risk and risk control across organisational functions.

1.4 Initiatives to embed risk management within organisational culture are supported and resourced in accordance with the legislation, policy, procedures  and the overall enterprise risk management strategy.

1.5 Risk management training and awareness programs are resourced and embedded in induction and professional development opportunities provided to staff to support the development of a risk management culture.

1.6 Organisational culture, business outcomes and stakeholder  feedback are monitored, and positive achievements related to risk management initiatives are identified and celebrated in accordance with organisational policy.

2 . Provide strategic direction in risk management 

2.1 Future trends and issues that may impact on the organisation's risk management strategies are identified, analysed and communicated to senior management, business unit and line managers.

2.2 The impact of current and changing needs of the organisation is identified, and the development of strategies is initiated to address risk management at the enterprise level in accordance with organisational policy and procedures.

2.3 Strategic priorities for risk management in the organisation are developed to support overall government policies on risk management and to encourage staff to share information and think laterally in their approach to identifying and managing risks.

2.4 Strategic priorities are communicated to key stakeholders using a variety of strategies  tailored to their needs and purposes and in such a way as to attract their support.

2.5 Key risk management stakeholders are kept informed, in a manner suited to their needs, of what constitutes best practice in the area of risk management and its potential impact on the organisation.

Required Skills and Knowledge

This section describes the essential skills and knowledge and their level, required for this unit.

Skill requirements 

Look for evidence that confirms skills in:

  • applying legislation, regulations and policies relating to risk management in the public sector
  • articulating models of cultural change and influencing key stakeholders to participate
  • influencing and consulting with others in the implementation of enterprise risk management
  • explaining complex concepts and gaining support for implementation
  • responding to diversity, including gender and disability
  • applying procedures relating to occupational health and safety and environment and sustainability in the context of risk management

Knowledge requirements 

Look for evidence that confirms knowledge and understanding of:

  • legislation, regulations, policies, procedures and guidelines relating to risk management
  • strategic approaches to risk management
  • the principles of enterprise risk management
  • models of cultural change
  • equal employment opportunity, equity and diversity principles
  • public sector legislation such as occupational health and safety and environmental requirements in the context of enterprise risk management

Evidence Guide

The Evidence Guide specifies the evidence required to demonstrate achievement in the unit of competency as a whole. It must be read in conjunction with the Unit descriptor, Performance Criteria, the Range Statement and the Assessment Guidelines for the Public Sector Training Package.

Units to be assessed together 

  • Pre-requisite units that must be achieved prior to this unit:Nil
  • Co-requisite units that must be assessed with this unit:Nil
  • Co-assessed units that may be assessed with this unit to increase the efficiency and realism of the assessment process include, but are not limited to:
  • PSPETHC701A Lead and influence ethical practice in the public sector
  • PSPHR703A Provide leadership in strategic human resource management
  • PSPMNGT701B Provide strategic direction
  • PSPMNGT702A Influence and shape diversity management
  • PSPMNGT703A Lead and influence change

Overview of evidence requirements 

In addition to integrated demonstration of the elements and their related performance criteria, look for evidence that confirms:

  • the knowledge requirements of this unit
  • the skill requirements of this unit
  • application of the Employability Skills as they relate to this unit (see Employability Summaries in Qualifications Framework)
  • enterprise risk management in a range of (2 or more) contexts (or occasions, over time)

Resources required to carry out assessment 

These resources include:

  • legislation, policy, procedures and protocols relating to risk management
  • principles and practices of enterprise risk management
  • case studies and workplace scenarios to capture the range of situations likely to be encountered when undertaking enterprise risk management

Where and how to assess evidence 

Valid assessment of this unit requires:

  • a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when undertaking enterprise risk management, including coping with difficulties, irregularities and breakdowns in routine
  • enterprise risk management undertaken in a range of (3 or more) contexts (or occasions, over time)

Assessment methods should reflect workplace demands, such as literacy, and the needs of particular groups, such as:

  • people with disabilities
  • people from culturally and linguistically diverse backgrounds
  • Aboriginal and Torres Strait Islander people
  • women
  • young people
  • older people
  • people in rural and remote locations

Assessment methods suitable for valid and reliable assessment of this competency may include, but are not limited to, a combination of 2 or more of:

  • case studies
  • demonstration
  • observation
  • portfolios
  • projects
  • questioning
  • scenarios
  • simulation or role plays
  • authenticated evidence from the workplace and/or training courses

For consistency of assessment 

Evidence must be gathered over time in a range of contexts to ensure the person can achieve the unit outcome and apply the competency in different situations or environments

Range Statement

The Range Statement provides information about the context in which the unit of competency is carried out. The variables cater for differences between States and Territories and the Commonwealth, and between organisations and workplaces. They allow for different work requirements, work practices and knowledge. The Range Statement also provides a focus for assessment. It relates to the unit as a whole. Text in bold italics  in the Performance Criteria is explained here.

Strategic advantages of a risk management culture  may include:

  • increased ability to deal with continually evolving risks and opportunities
  • aggregated risk information for decision making, as opposed to reporting by function or business unit
  • alignment of strategy, people, technology and knowledge on an enterprise-wide basis
  • economic benefit
  • improved business performance
  • improved client service
  • innovative, creative staff who are not risk averse
  • greater capacity for flexibility and managed responsiveness to change
  • risk optimisation rather than risk minimisation
  • politically acceptable decision making
  • reduced resource wastage
  • improved sustainability

Risk management : 

  • is a logical and systematic process of identifying, analysing, evaluating, treating, and monitoring risks related to any strategy plan, process, program or procedure that will enable the organisation to minimise losses and maximise opportunities
  • may be considered in relation to an organisation's:
  • people
  • assets and physical environment
  • reputation and image
  • legal issues
  • business continuity
  • finances
  • decision making approaches
  • processes/procedures
  • is being recognised as inseparable from strategy development, capital allocation and other core management processes
  • needs to be integrated into the management actions of staff at all levels of the organisation
  • at strategic or enterprise level overcomes a fragmented approach, such as managing risk by silos, and provides an integrated, aligned, holistic, synergistic and inclusive process

Legislation, policy and procedures  may include:

  • Commonwealth and State/Territory legislation relating to risk management
  • national and international codes of practice and standards, such as SIRCA 8001: 2003
  • the organisation's risk management policies and practices
  • codes of conduct/codes of ethics
  • Australian and New Zealand standards - Risk management AS/NZS 4360:1999 or as revised
  • Guidelines for managing risk in the Australian and New Zealand public sector - HB 143:1999 or as revised
  • professional standards for risk management, for example CPRM - certified practising risk manager
  • jurisdictional policies, guidelines and web sites, for example www .riskmanagement .qld.gov.au

Stakeholders  may include:

  • all those individuals and groups both inside and outside the organisation that have some direct interest in the organisation's behaviour, actions, products and services, including:
  • boards of management
  • clients
  • community organisations
  • contractors
  • employees at all levels of the organisation
  • government
  • Ministers
  • other public sector organisations
  • self-insurers
  • service providers
  • suppliers
  • the public
  • union and association representatives
  • volunteers

Strategies to communicate with stakeholders  may include:

  • oral advice and guidance
  • one-on-one meetings
  • small group meetings
  • telephone contact and/or electronic mail
  • information presentations
  • written documentation
  • policy and procedure statements
  • guides
  • information brochures and pamphlets

Unit Sector(s)

Not applicable.

Competency field