You are on page 1of 29


Q:-1 Risk management plan:Ans:-Risk:-Emissions from leaks in or the

failure of storage vassels
2) damage by intruders.
3) the transfer of extinguishing agents from
a leakink storage vassel
Assess risk:-likelihood - chance of the risk
impact - the amount of loss or damage if the
risk happened
likelihood X impact = level of risk (risk
Controls:-1)Installing native plants to cut
down water use.
2)Install a teleconferencing system.
3)Install dual flush toilets.
Monitoring:- 1)develop and carry out
monitoring process.
2) keep necessary records.

3) review risk plan and AML/CTF program .

4) do internal audit or assessment.
Timelines:-1) Pre-settlement:-date of legal
transfer of the business.
2) Opening week:-first week of company
3) Within 3 months:-after the opening week.
4) Within 6 months:-after the opening week.
Responsible:-1) Financial,insurance and
banking issues-financial controller.
2) Legal issues-Goldsmith partners.
3) Expenditure>$5,000-Macville board.
4) New policy-CEO with Macville board.
5) On-site management,training-store
6) Changes to Macville cafe queensland
7) External audits-CEO with Macville board.

Q:- What are three ways that
Ans:-Some project managers think they are
done once they have created a list with
risks. However this is only a starting point.
The next step is to make clear who is
responsible for what risk! Someone has to
feel the heat if a risk is not taken care of
properly. The trick is simple: assign a risk
owner for each risk that you have found.
The risk owner is the person in your team
that has the responsibility to optimise this
risk for the project. The effects are really
positive. At first people usually feel
uncomfortable that they are actually
responsible for certain risks, but as time
passes they will act and carry out tasks to
decrease threats and enhance opportunities.
Ownership also exists on another level. If a
project threat occurs, someone has to pay
the bill. This sounds logical, but it is an issue
you have to address before a risk occurs.

Especially if different business units,

departments and suppliers are involved in
your project, it becomes important who
bears the consequences and has to empty
his wallet. An important side effect of
clarifying the ownership of risk effects,
is that line managers start to pay attention
to a project, especially when a lot of money
is at stake. The ownership issue is equally
important with project opportunities. Fights
over (unexpected) revenues can become a
long-term pastime of management.
Q:- Fisbone checklists and
Ans:- The fishbone is often a tool used with
brainstorming.Team members decide on the
category and continue to ask what sub
factors within the category caused the event
to occur.when the team feels enough detail
has been reached there is a shift in focus
towards solutions.
As a brainstorming technique this tool
is less likely to depend on evidence to

support hypotheses and more likely to let

hearsay or assumptions fly as fact.
Q:- What are the five stages............?
Ans:- Stage1:- Identify the hazards
Stage2:- Decide who might be harmed and
Stage3:- Evaluate the risks and decide on
Stage4:- Record your findings and
implement them
Stage5:- Review your assessment and
update if necessary
Identify the hazards:- First you need to
work out how people could be harmed.
When you work in a place every day it is
easy to overlook some hazards, so here are
some tips to help you identify the ones that
Walk around your workplace and look at
what could reasonably be expected to cause

Ask your employees or their

representatives what they think. They may
have noticed things that are not
immediately obvious to you.
Visit the HSE website
( HSE publishes practical
guidance on where hazards occur and how
to control them. There is much information
here on the hazards that might affect your
If you are a member of trade association,
contact them. Many produce very helpful
Check manufacturers instructions or
data sheets for chemicals and equipment as
they can be very helpful in spelling out the
hazards and putting them in their true
Have a look back at your accident and illhealth records these often help to
identify the less obvious hazards.
Remember to think about long-term
hazards to health (eg high levels of noise

or exposure to harmful substances) as well

as safety hazards.
Q:List and give an example
Ans:- Risk estimation can be quantitative,
semiquantitative or qualitative in terms of
probability of occurrence and the possible
For example, consequences both in terms
of threats (downside risks) and
opportunities (upside risks) may be high,
medium or low. Probability
may be high, medium or low but requires
different definitions in respect of threats and
There are levels of consequence for
risk:High :-Financial impact on the organisation
is likely to exceed x
Significant impact on the organisations
strategy or operational activities
Significant stakeholder concern

Medium :-Financial impact on the

organisation likely to be between x and y
Moderate impact on the organisations
strategy or operational activities
Moderate stakeholder concern
Low :-Financial impact on the organisation
likely to be less that y
Low impact on the organisations strategy or
operational activities
Low stakeholder concern
Estimation :--High(Probable)
Description:- Favourable outcome is
likely to be achieved in one year or better
75% chance of occurrence.
Clear opportunity which can be relied
on with reasonable certainty, to be
achieved in the short term based on
current management processes.
Description:- Reasonable prospects of
favourable results in one
year of 25% to 75% chance
of occurrence.
Indicators:- Opportunities which may be
achievable but which require careful

Opportunities which may arise over and

above the plan.
Description:-Some chance of favourable
outcome in the medium
term or less than 25%
chance of occurrence.
Indicators:-Possible opportunity which has
yet to be fully investigated by management.
Opportunity for which the likelihood of
success is low on the basis of management
resources currently being applied.
Q:- What needs should be
Ans:- Once risks have been identified and
assessed, all techniques to manage the risk
fall into one or more of these four major
categorie[sAvoidance (eliminate, withdraw from or not
become involved)
Reduction (optimize - mitigate)
Sharing (transfer - outsource or insure)
Retention (accept and budget.
Risk avoidance:-This includes not
performing an activity that could carry risk.
An example would be not buying a property
or business in order to not take on the legal
liability that comes with it. Another would be
not flying in order not to take the risk that

the airplane were to be hijacked. Avoidance

may seem the answer to all risks, but
avoiding risks also means losing out on the
potential gain that accepting (retaining) the
risk may have allowed. Not entering a
business to avoid the risk of loss also avoids
the possibility of earning profits.
Risk reduction:-Risk reduction or
"optimization" involves reducing the severity
of the loss or the likelihood of the loss from
occurring. For example, sprinklers are
designed to put out a fire to reduce the risk
of loss by fire. This method may cause a
greater loss by water damage and therefore
may not be suitable. Halon fire suppression
systems may mitigate that risk, but the cost
may be prohibitive as a strategy.
Risk sharing:-Briefly defined as "sharing
with another party the burden of loss or the
benefit of gain, from a risk, and the
measures to reduce a risk."The term of 'risk
transfer' is often used in place of risk
sharing in the mistaken belief that you can
transfer a risk to a third party through
insurance or outsourcing. In practice if the
insurance company or contractor go
bankrupt or end up in court, the original risk
is likely to still revert to the first party. As
such in the terminology of practitioners and

scholars alike, the purchase of an insurance

contract is often described as a "transfer of
risk." However, technically speaking, the
buyer of the contract generally retains legal
responsibility for the losses "transferred",
meaning that insurance may be described
more accurately as a post-event
compensatory mechanism.
Risk retention:-Involves accepting the
loss, or benefit of gain, from a risk when it
occurs. True self insurance falls in this
category. Risk retention is a viable strategy
for small risks where the cost of insuring
against the risk would be greater over time
than the total losses sustained.
Q:- How does the AS/NZS 4360:2004
Provide guidance for managing risk?
Ans:- This is based on the Joint
Australian/New Zealand Standard, AS/NZS
4360:2004, Risk management (the
Each Section contains an extract from the
Standard, followed by practical advice and
relevant examples.
This basic guide provides a generic
framework for managing risk. It may be
applied in a very wide range of
organizations including:

public sector entities at national, regional

and local levels;
commercial enterprises, including
companies, joint ventures,
firms and franchises;
partnerships and sole practices;
non-government organizations; and
voluntary organizations such as charities,
social groupings
and sporting clubs.
It provides a reference for directors, elected
officials, chief
executive officers, senior executives, line
managers and staff
when developing processes, systems and
techniques for
managing risk that are appropriate to the
context of their
organization or their roles.
The contents are intended to provide only a
broad overview of
risk management. Organizations are
expected to interpret this
guide in the context of their own
environments and to develop
their own specific risk management
approaches. Ultimately it is
up to the risk makers and the risk takers to
develop and manage

their own risk management programmes.

Q:-Name and give an example........?
Ans:- If a person with a disability is the best
person for the job then the employer must
make workplace changes or 'workplace
adjustments' if that person needs them to
perform the essential activities of the job. In
most cases the person with a disability will
be able to tell the employer what is needed.
If necessary, employers should also seek
advice from government agencies or
organisations which represent or provide
services to people with a disability.
employers may need to make include:
changing recruitment and selection
procedures; for example, providing a
sign language interpreter for a deaf
person, or ensuring the medical assessor
is familiar with a person's particular
disability and how it relates to the job
modifying work premises; for example,
making ramps, modifying toilets,

providing flashing lights to alert people

with a hearing loss
changes to job design, work schedules or
other work practices; for example,
swapping some duties among staff,
regular meal breaks for a person with
modifying equipment; for example,
lowering a workbench or providing an
enlarged computer screen.
Q:-List two types of insurance an.....?
Ans:- Any risk that can be quantified can
potentially be insured. Specific kinds of risk
that may give rise to claims are known as
perils. An insurance policy will set out in
detail which perils are covered by the policy
and which are not. Below are nonexhaustive lists of the many different types
of insurance that exist. A single policy may
cover risks in one or more of the categories
set out below. For example, vehicle
insurance would typically cover both the
property risk (theft or damage to the
vehicle) and the liability risk (legal claims
arising from an accident). A home insurance

policy in the U.S. typically includes coverage

for damage to the home and the owner's
belongings, certain legal claims against the
owner, and even a small amount of
coverage for medical expenses of guests
who are injured on the owner's property.
Business insurance can take a number of
different forms, such as the various kinds of
professional liability insurance, also called
professional indemnity (PI), which are
discussed below under that name; and the
business owner's policy (BOP), which
packages into one policy many of the kinds
of coverage that a business owner needs, in
a way analogous to how homeowners'
insurance packages the coverages that a
homeowner needs
Auto Insurance:Auto insurance protects the policyholder
against financial loss in the event of an
incident involving a vehicle they own, such
as in a traffic collision.
Coverage typically includes:

Property coverage, for damage to or
theft of the car;
Liability coverage, for the legal
responsibility to others for bodily injury
or property damage;
Medical coverage, for the cost of
treating injuries, rehabilitation and
sometimes lost wages and funeral
Most countries, such as the United Kingdom,
require drivers to buy some, but not all, of
these coverages. When a car is used as
collateral for a loan the lender usually
requires specific coverage.

Home insurance
Home insurance provides coverage for
damage or destruction of the policyholder's
home. In some geographical areas, the
policy may exclude certain types of risks,
such as flood or earthquake, that require
additional coverage. Maintenance-related
issues are typically the homeowner's
responsibility. The policy may include
inventory, or this can be bought as a
separate policy, especially for people who
rent housing. In some countries, insurers
offer a package which may include liability
and legal responsibility for injuries and
property damage caused by members of the
household, including pets.

Risk Consultants
Q:-Many consultants can work
Ans:- Globalisation and connectivity have
ensured that risk is no longer confined to
one company, country or continent. The
sub-prime mortgage crisis is just one
instance of how risk can spread. The
regulatory burden is also growing as new
laws are introduced and older lawslike the
Foreign Corrupt Practices Actare more
rigorously enforced throughout the world.
But some of the risk management systems
that have been put in place have actually
made companies more vulnerable; they
have been designed to address what went
wrong yesterday, not what might go wrong
tomorrow. Many companies have also
adopted a piecemeal approach to risk
We approach every assignment holistically.
We listen to your specific concerns and
advise you on how best to address these
concerns, given your risk appetite. We can
help you:

Define the kinds of risk and amount of

risk you're willing to tolerate;
Link your risk appetite to your business
strategy and operations, so that you can
choose the risks which offer the greatest
commercial potential without adversely
affecting the level of compliance you
have set for your organisation;
Make the changes required to ensure
that every business unit and function in
your organisation consistently makes
decisions about risk that conform to your
risk appetite; and
Improve the consistency and efficiency
of your systems and processes for
controlling risk
Q:- Review the scenario in appendix
3 under...?
Ans:-Identified issue:Objective based risk
Scenario based risk

Taxonomy based risk

2)Risk Type:-Systematic/Unsystematic risk
Credit/default risk
Country risk
Electronic risk management
Q:- Find the electric tool or
Ans:- C/S Solutions, Inc. (C/SSI) C/SSI
produces integrated analytical tools for cost,
schedule, and Risk Management. Their tools
are specifically designed to engage
Integrated Product Development (IPD) team
members and/or Cost Account Managers
(CAMs) in proactive cost, schedule and Risk
Management of complex programs.
Defense Acquisition Deskbook - Risk
Management Software Tools This portion
of the Defense Acquisition Deskbook
Catalog provides descriptions of software
tools that assist Program Managers in
Risk Management activities.

Galorath Inc. (also known as GA

SEER Technologies) provides a
comprehensive set of decision-support
and production optimization tools.
Consulting and support services are
available for these tools. The tools help
manage product design and
manufacturing operations, driving out
costs and building in quality. The tools
derive cost, schedule, labor and
materials estimates by assessing the
interaction and impact of product,
organizational and even operational
Type of Organisation: 1) C/S Solutions, Inc. (C/SSI) C/SSI
produces integrated analytical tools for
cost, schedule, and Risk Management.
Their tools are specifically designed to
engage Integrated Product Development
(IPD) team members and/or Cost
Account Managers (CAMs) in proactive
cost, schedule and Risk Management of
complex programs.
2)GRafP Technologies Inc. GRafP
develops software packages which can
be used to identify threats, and to

analyze and manage the risks to which

an entity (i.e. organization, project,
individual, etc.) is exposed. Two such
products are X:PRIMER and S:PRIMER.
Services offered as part of that mission
include risk ratings and assessments,
process assessments, remedial action
planning, and training.
Risk Process Scope
Q:- Review the scenario in
Ans:- The introductory two chapters lay the
groundwork for people that are new to
project or risk management. He starts with
the definition of risk as the "loss multiplied
by the likelihood" and expands from there.
He explains that this relates to uncertainty
in estimates for duration and cost. He
identifies the benefits as:

Lowering cost and confusion

Prioritization and stakeholder support

Input for portfolio management


Setting expectations and establishing

Communication and control

Project Risk Planning:He continues the introduction by justifying

project planning and the challenges one
might encounter in an
organization that feels a
project planning
methodology is not
needed. He describes ways one can address
the need to set up a planning process and
that the implementation should be scaled to
the size of the projects being performed.
The PERIL database is described and
qualified while some of the biases in it are
enumerated. Within the three primary
constraints on a project, the database shows
the risk elements in the order of frequency
of occurrence as 1) schedule, 2) scope and
3) resource. Implicitly the reader can
determine the database classifies each risk
with a description, Project type (IT, Product
development, etc.), schedule impact, cost

impact, class (scope, resource, schedule)

and subcategory.
Scope Risk:Using the PERIL database
Kendrick cites that even
though the number of
risks classified as scope
related are one-third of
the entries, they account
for approximately half of
the cumulative schedule delay. He
enumerates the ranked sources as:

Scope creep


Hardware defect


Software defect


Scope gap (ill defined scope)

Dependency change (unexpected
legal, regulatory, etc.)
Integration defect (change due to
unexpected behavior.
Schedule risk:-

Schedule is the second

level of risks effecting
project duration in the
PERIL database. The top
five (the book lists ten)
categories are:

Project Dependencies


Parts Delays


Estimation errors


Decision Delay


Hardware Delay.

Stakeholder:- A person, group, or

organization that has direct or indirect stake
in an organization because it can affect or
be affected by the organization's actions,
objectives, and policies. Key stakeholders in
a business organization include creditors,
customers, directors, employees,
government (and its agencies), owners
(shareholders), suppliers, unions, and the
community from which the business draws
its resources.

Internal/External:- A stakeholder is any

person or organization that is actively
involved in a project, or whose interests may
be affected positively or negatively by
execution of a project. Stakeholders can be
internal to the organization or external. In
many projects the public at large will
become a stakeholder to be considered
during the project. The challenge for the
project manager when the public is a
stakeholder will be to act while considering
public needs. Often there is no direct
representative of the public to be consulted
during project planning and execution.
Type of input:The Identify Stakeholders process has
the following Inputs:
Project Charter High-level document
that authorizes the project and
assigns/authorizes the project manager
Procurement Documents Identifies
procurement contract stakeholders
Enterprise Environmental Factors
Consideration factors such as culture,
systems, procedures, industry standards
Organizational Process Assets
Consideration factors such as templates,

lessons learned, stakeholder registers from

former projects.
Stakeholders in the risk process
Three Stakeholders, Role and Risk
concerns:RISK:-Risk can be defined as the
combination ofthe probability of an event
and itsconsequences (ISO/IEC Guide 73).In
all types of undertaking, there is the
potential for events and consequences that
constitute opportunities for benefit (upside)
or threats to success (downside).
Risk Management is increasingly recognised
as being concerned with both positive and
negative aspects of risk.Therefore this
standard considers risk from both
In the safety field, it is generally recognised
that consequences are only negative and
therefore the management of safety risk is
focused on prevention and mitigation of
Risk Management :-Risk management is a
central part of any
organisations strategic management. It is
the process whereby organisations
methodically address the risks attaching to

their activities with the goal of achieving

sustained benefit within each activity and
across the portfolio of all activities.
The focus of good risk management is the
identification and treatment of these risks.
Its objective is to add maximum
sustainable value to all the activities of the
organisation. It marshals the
understanding of the potential upside and
downside of all those factors which can
affect the organisation. It increases the
probability of success, and reduces both
the probabilityof failure and the
uncertainty of achieving the organisations
overall objectives.
Risk management should be a continuous
and developing process which runs
throughout the organisations strategy and
the implementation of that strategy. It
should address methodically all the risks
surrounding the organisations activities
present and in particular, future.
It must be integrated into the culture of
the organisation with an effective policy
and a programme led by the most senior
management. It must translate the
strategy into tactical and operational
objectives, assigning responsibility

throughout the organisation with each

manager and employee responsible for the
management of risk as part of their job
description. It supports accountability,
performance measurement and reward,
thus promoting operational efficiency at
all levels
Risk Assessment:- Risk Assessment is
defined by the ISO/
IEC Guide 73 as the overall process of risk
analysis and risk evaluation..