The Assessment Task is due on the date specified by your assessor. Any variations to this arrangement must be approved in writing by your assessor. Submit this document with any required evidence attached. See specifications below for details.
For this task you are required to determine the risk context associated with establishing a new business outlet, within the existing business structure. They will be required to review internal and external environment factors and liaise with all stakeholders to generate a list of risks.
For the case study provided with this Assessment Task, you are required to review risk management processes and determine scope and objectives, taking into account stakeholder input and both internal and external environmental factors affecting the organisation. With the information gathered, you are to identify risks and present this to relevant parties for feedback.
For the provided case study, you will assume the role of the risk manager/assessor.
1. Review the provided MacVille Risk Management Policy and Risk Management Strategy and complete a written report for your manager (your assessor) that addresses the following steps. a. Scope – Identify the scope of risk management required in your identified role. b. Goals – Identify and describe the critical success factors, goals or objectives for areas included in scope. c. Stakeholders – Identify internal and external stakeholders, their role in the process, and any issues or concerns they have. Present this using the table format provided. d. Analysis – Complete a PEST analysis and a SWOT analysis for risks associated with the scenario. Include reference to relevant legislation. e. Research – Review and summarise the research information provided in the case study, as well as any literature available that is relevant to this scenario. f. Describe – Complete the analysis of risk for the scenario by summarising the scenario and associated risks, accompanied by checklists, diagrams or flowcharts that support the summary.
2. After you have completed the above steps, you need to meet with your manager and discuss the draft report you have developed, especially your understanding of the critical success factors and goals (you should check that your manager agrees with your findings).
3. As part of your discussions you also need to discuss and identify how you can communicate with stakeholders about the risk management processes in this scenario and invite them to participate in discussions to further identify risks associated with the scenario. a. Summarise: In dot-point form, summarise the discussions with your manager. i. This should include any recommendations they made to you. b. Develop: a draft of the communication your manager suggested you use for consultation with a stakeholder or particular group of stakeholders. i. For example, if stakeholders desire a phone call, you should include a draft script of information that you need to share with stakeholders. ii. Whatever the form of communication, it must clearly ask stakeholders for input, and invite them to assist in the identification of risk for this scenario. When submitting the report and accompanying documents, you need to ensure that:
your report is titled ‘Risk review’
your report is in order, with attachments on the back of your report as follows it includes notes from meeting with your manager
it includes draft communication
your report is submitted as required by your organisation (your training provider).
You must provide:
a completed report as outlined above in steps 1–6, using the headings provided for each step summary notes from your meeting with your manager
summarise in dot-point form the discussions with your manager and include any recommendations they made to you a draft communication to be used with stakeholders
develop a draft of the communication your manager suggested you use for consultation with stakeholders i.e. if they suggested a phone call, you should include a draft script of information that you need to share with stakeholders whatever the form of communication, it must clearly ask stakeholders for input, and invite them to assist in the identification of risk for this scenario.
Your assessor will be looking for:
evidence that you analysed and identified the needs of the case study and have clearly reflected these in the risk report. Adjustment for distance-based learners
Complete assessment as per instructions, the only difference being that the meeting with your manager (the assessor) will be via phone or Skype or other live telephone or video medium.
Case Study: Business plan (excerpt)
Case Study: Scenario
As part of their overall strategy in the Australian beverage market, MacVille Pty Ltd have developed a chain of cafes in the Central Business District (CBD) of Brisbane, Queensland and the CBD of Sydney, NSW. The board of directors have made the decision to expand their operations in Queensland with the purchase and re-branding of the existing Hurley’s cafe in Toowoomba, 130km west of Brisbane. You are currently the assistant manager of their flagship store in Queen Street, Brisbane, and have been given the opportunity to manage the new store in Toowoomba. The CEO for MacVille’s cafes in Queensland is Paula Kinski. You are a member of the Finance, Audit and Risk Management (FARM) Committee described in the MacVille Risk Management Policy. Paula has assigned you the task of managing the risks involved with the operational aspects of this take-over. A copy of her email is attached.
Email from CEO – Paula Kinski
From: CEO – P.Kinski
To: Assistant Manager – Queen Street
Re: New Toowoomba store
Congratulations on your new appointment. Prior to taking up your position as manager of our Toowoomba store located in Ruthven Street, the board has asked that the risks in this project be appropriately managed. I want you to undertake this task as it will give you significant insight into the store’s operations, it will ensure a smooth transition to the MacVille systems and will encourage you to give ongoing support for our risk management initiatives. I would like you to approach this task in three stages and meet with me at the end of each phase to review your work and discuss your plans for the subsequent phases. The three stages in this risk management task will include:
2. Analyse and plan.
Your primary risk management focus is directed to the ongoing operations of the Toowoomba cafe. The strategic and investment risks of this project are being managed by the board. To this end, you are to consider any risks that could impact on human resources management, financial operations, WHS, our supply chain and the local governance and overall compliance issues. By way of background, MacVille has agreed to employ all existing staff on three months probation. The current supervisor James Mansfield, has been offered the position of 2nd in charge and he has accepted. While settlement on the purchase of the business is not for another few weeks, the seller has agreed to grant us full access to the store’s operational processes and store information. You should liaise weekly with the Finance, Audit and Risk Management (FARM) Committee here at head office concerning the marketing, finance and store management functions that you are investigating.
I will set up a regular meeting for you. Head office has a report on a similar expansion conducted by the NSW team that may help you in your research. You may need to review other statistical information and engage specialists to help you with your investigation. The legal firm Goldsmith Partners are advising MacVille on the Hurley cafe acquisition and would be available to help you with legal or any compliance issues. The landlord of the shop in Toowoomba, Ron Langford, is also a local councillor and has offered his assistance in getting established in Toowoomba. He has offered his email address for correspondence ([email protected]). Once I have received and discussed your risk review report, we can move onto the next stage of the risk management process.
CEO MacVille Cafes (Qld)
Site visit – Toowoomba
You received permission from Paula to travel to the Toowoomba store to start your research. Paula had cleared it with James Mansfield the current senior supervisor who will spent most of the day with you helping answer your queries. You arrived at the cafe and noted the two hours of drive time that it took to get to the cafe from the CBD of Brisbane. You met with James who took you through a complete overview of the store and the surrounding area. He was OK with the idea that you needed to take notes in preparation for a report. Paula had also arranged for you to meet with Ron Langford in his office later that afternoon.
After lunch, you went over your notes to revise and edit key concerns and significant events that you had written down earlier. The location of the store on the corner of the two main streets of the city makes easy access for local customers and highly visible for tourists. The long drive from Toowoomba to Brisbane would make attending the weekly managers meeting difficult considering many meetings did not finish until into the evening after refreshments. There is also manager training sessions that need to complete over the next 6 months in conjunction with a few other assistant managers. Navigating the steep narrow climb up the range with trucks blocking the way is quite difficult even in daylight hours. Being a competent driver you feel that it would be unlikely that you would be involved in an accident, but it still concerns you considerably. The two hour delivery would make fresh pastry deliveries from the company’s central bakery plant impractical.
The pastries would arrive after the morning rush. These are a key part of the MacVille assortment. There is also a concern about getting the company branded supplies through as quickly as a CBD Brisbane store could. Hurley’s cafe was a family run store and some family members were employed on the staff. James was engaged by the family to supervise the operations of the store and Mr. Hurley as manager would authorise wages but anyone can authorise deliveries. When asked about written policy and procedures manual, James said that Mr. Hurley set the policy and procedures verbally and on the few days each week he was in the store he would show the staff how to do things the way he wanted them done. Water use – Running the dishwasher when only half full. Washing fruit and vegetables under a fast running tap. Toilets all used the single flush system. Dual flush would cost about $7,500 to upgrade. The dishwasher was always set to full wash and had a Water Efficiency Labelling and Standards Scheme (WELS) rating of 3. The more water efficient 5-6 star dishwashers cost about $6,000 and above. James explained that Mr Hurley instructed the staff to keep the non-native flowering plants in the courtyard fully watered.
The store currently uses 41,500lt a week. James spoke about the cafe attracting a large % of retirees because of the easy access to busses and the stores central location. The same staff member that completed the cash register balancing also completed the bank deposit form and did the banking as well. The banking was not done every day and often $4,000 was kept on the premises overnight in the cash register. There was no safe. There is a bank two shops away but the Hurley family bank is a couple of blocks away and there was not always time to do the banking. James replied to you question about the possibility of break-ins saying that there was a 50% chance of it happening and the risk was moderate. Not all takings from the cash register by family staff members were recorded. The fit-out in parts looked old and unattractive, with some chairs unstable and broken and some parts of the worn carpet was simply taped over with gaffer tape. One of the staff was a qualified chef who had developed an innovative and popular range of rice wraps that were tasty, gourmet and healthy. None of the other cafes in the area offered these. No established process for dealing with injuries that happened at work.
James gave a brochure about an innovative frozen par-bake cooking system that was under the limit set by council for an exhaust system yet it cooked fresh bakery items in 30 minutes from frozen par-baked pastries. The computer with all the stores employee details, and financial records was not password protected and anyone could access the information. James’s response to your question about the lack of sales promotion techniques was that he could not get the staff interested in the activity so he stopped trying to make it happen. The employee detail form requested information about the employee’s entire past health issues. The wage and superannuation records seemed to be incomplete with many calculations being worked out by the number of hours worked multiplied by a set ‘in the hand’ amount. James also provided a brochure about a company that could come and set up WIFI in the cafe so that customers could use their computer notebooks and connect to the internet while they were dining in the cafe.
Meeting with Ron Langford
In the afternoon you met with Ron Langford in his office to discuss the cafe, council by-laws and aspects concerning the surrounding district. You took notes that included the following significant information. Ron explained that there were opportunities for opening more cafes in the surrounding shopping centres like Wilsonton, Clifford Gardens and K-Mart Plaza. Ron handed you an extract from a government report ‘Economic Brief.’ Ron explained that the Federal Government was now introducing legislation that backs up the local by-law concerning efficient water usage, particularly by industries. The current by-law has fines of up to $50,000 for excessive water breaches. Ron did explain that the council was giving some time to ‘make good’ under certain circumstances on a case by case basis. Ron also agreed with the idea of installing a water tank in the court yard for the cafe to use and would help get it built. Ron explained that Toowoomba was obviously a place for retirees and the population was growing. Ron spoke about the Federal Government’s National Broadband Network being rolled out in Toowoomba that would allow efficient and effective video streaming and teleconferencing.
Ron spoke about the current by-law that was due for implementation on the 1st of next month allowing cafes to expand their footpath dinning and so put more tables and chairs outside their premises. Ron also spoke of the fact that representatives of a large international chain of coffee shops had been making enquiries around town about opening a store in the Toowoomba CBD. Senior Management Team and Finance, Audit and Risk Management (FARM) Committee meetings Soon after you got back from your research trip to the Toowoomba store, you attended two teleconferences.
First, you met with the senior management team. At this teleconference, you discussed issues raised by James Mansfield and Ron Langford and the report on previous NSW expansion, which head office had given you: Report into the acquisition and re-branding of the NSW expansion store. Paula said that there may be some things to learn from the NSW experience.
Key problems identified in the report were as follows:
1. Lack of internal controls, particularly over cash handling, monitoring and recording. 2. Failure to meet compliance standards in WHS, Privacy and industrial relations law. 3. Lack of written policy and procedures to guide staff in carrying out their duties. 4. Lack of a professional business culture in the family run business. 5. Failure of the business to monitor the external environment and find opportunities and threats to the business. The team agreed that similar issues would pose a risk to the Toowoomba expansion. You then held a teleconference with the FARM Committee. At the teleconference, you relayed the concerns of the senior management team. The FARM committee decided to allow you time to complete your review and then would include discussion of your review in the monthly board meeting.
Case Study: Table of stakeholders (format)
Role in process
Stake in process
Case Study: Risk management policy
MacVille recognises that risk management is an essential component of good management practice and is committed to ensuring the implementation of risk management processes that focus on the proactive management of risks across the organisation. This risk management policy forms part of MacVille’s internal controls and corporate governance arrangements. The risk management
policy is designed to: identify, evaluate, control and manage risks
ensure potential threats and opportunities are identified and managed inform directors, senior management and staff members about their roles, responsibilities and reporting procedures with regards to risk management ensure risk management is an integral part of planning at all levels of the organisation.Policy MacVille is committed to achieving its vision, business objectives and quality objectives by the proactive management of risk at all levels of the organisation. MacVille will identify, evaluate, control and manage risk throughout the organisation in accordance with the ‘MacVille Risk Management Framework’. See risk management strategy for framework details. Responsibility and Authority
Directors, management and employees of MacVille have responsibility fro implementing aspects of this policy.
Role of the Directors
The directors have a governance responsibility in the management of risk. This includes: determining what types of risk are acceptable and which are not setting the standards and expectations of staff with respect to conduct approving major decisions affecting MacVille’s risk profile or exposure monitoring the management of significant risks to reduce the likelihood of potential organisational risks and threats or failure being satisfied that risks are being actively managed, with the appropriate controls in place and working effectively annual review of MacVille’s approach to risk management and approval of changes or improvements to key elements of its processes and procedures.
Role of the Senior Management Team and Store Managers
Key roles of the senior management team are to:
implement policies on risk management and internal control where this is deemed appropriate identify and evaluate areas of significant risks potentially faced by MacVille for consideration by the directors identify areas where risk management is not adequately addressed and advise the directors accordingly review and update the Risk Management Strategy
undertake an annual review of the effectiveness of systems of internal control and provide an annual report to the directors, including a summary
review and respective recommendations.
Role of Cafe Employees
Key roles of the employees are to:
familiarise themselves with the content of the risk management policy and clarify any aspects necessary with a senior team member consider any risks they feel could impact on them meeting their objectives and either manage the risk if it is in their control to do so, or inform a management team member of their concerns advise senior management, in the first instance, or the Board, if concerned about any fraud or unethical behaviour.
MacVille Risk Management Framework
This framework encompasses a number of elements that together facilitate an effective and efficient operation, enabling MacVille to respond to a variety of operational, financial, commercial and strategic risks. These elements include: Policies and procedures – A series of policies underpin the internal control process. These policies are endorsed by the directors and are implemented and communicated by the senior management team to all staff. These policies include: Human Resources Policies
Staff Travel Policy
Return to Work Policy
Work/Life Balance Policy
Parental Leave Policy
Organisational Culture Policy
Bad Debt Policy
Cash Reserving Policy
Revenue/Expenditure Recognition Policy
Finance, Audit and Risk Management (FARM) Committee Terms of Reference including delegations Corporate Governance Policies
Sitting Fees Policy
Directors Remuneration Policy
Monthly reporting – Decisions to rectify problems are made at regular meetings of the senior management team. Comprehensive reporting at board and sub-committee meetings is designed to monitor key risks and their controls. Business planning and budgeting – The business planning and budgeting process is used to set objectives, agree on action plans, and allocate resources. Progress towards meeting business plan objectives is monitored regularly by the senior management team and by directors at board meetings. Risk Management review – The Finance, Audit and Risk Management (FARM) Committee are required to report at board meetings on internal controls. The Finance and Audit Committee pay particular attention to risk management.
It is the CEO’s responsibility to brief the directors periodically and as appropriate on the development of policies and procedures to ensure effective and efficient operations, risk management strategies and implementation. In addition, the FARM committee oversees internal audit, external audit and management as required in its review of internal controls. The committee is therefore well placed to provide advice to the board on the effectiveness of the internal control system, including MacVille’s strategy for the management of risk. External audit – The final audit of financial statements is controlled by an external chartered accountant who provides feedback to the Board through the Finance and Audit Committee.
Procedure: Development of a Risk Management Profile
The following outlines the process for developing a risk management profile.
1. Establish the context
Define and identify the environment, characteristics and stakeholders, their goals and objectives, and the scope of the specific risk management process. Develop criteria against which risks are evaluated and identify the structure for risk management.
2. Identify and describe risks
Risks are best identified through a collaborative approach involving a cross section of stakeholders. All conceivable risks must be considered. Ensure any certainties are identified as problems and addressed in the risk management profile.
3. Conduct current risk analysis
An analysis of the risks is conducted to determine their causes, and estimate their probability and consequences. This analysis provides the basis for working on the ‘right’ risks.
4. Conduct risk evaluation
Risks are considered and prioritised according to their potential impact, and each risk is assessed to determine its level of acceptability.
5. Develop and implement proposed risk treatments
Risk treatments are developed to cost-effectively reduce, contain and control risk. Formal risk management reporting mechanisms are defined and documented. Categorise the risk likelihood.
6. Monitor, report, update and manage risks
As risks change constantly, the risk profile is continuously monitored, reviewed and updated by management. New risks may be identified as more information becomes available and existing risks may be eliminated through the effectiveness of the risk treatments/actions. Record risks identified through regular audit on the risk audit log. Record risk management activities on the risk management register.
MacVille’s Risk Areas
The following are four broad areas where potential for risk to MacVille has been identified. Under each area, examples of possible risks are detailed. Operational/Organisational
Legal and regulatory compliance
Resources: human, physical
Infrastructure, plant and equipment
Fraud or theft
Loss of income, funding/finance
Conduct of board
Conflict of interest
Procedures and tools for project management
Stakeholders – strength of relationships/conflict of interest Human resources
Case study: Risk management strategy
MacVille recognises that risk management is an essential component of good management practice and is committed to the proactive management of risks across the organisation. The strategy is designed to: identify, evaluate, control and manage risks
ensure potential threats and opportunities are identified and managed inform directors, senior management and staff members about their roles, responsibilities and reporting procedures with regards to risk management ensure risk management is an integral part of planning at all levels of the organisation.
MacVille is committed to achieving its vision, business objectives and quality objectives by the proactive management of risk at all levels of the organisation, acknowledging that embracing innovative ideas and practices carries with it risks, but that these are identifiable and measurable and therefore capable of being subject to realistic risk mitigation processes.
Responsibility and Authority
The directors have responsibility for ensuring that risk management is in place. The Finance, Audit and Risk Management (FARM) Committee has the responsibility of reviewing the Risk Action Plan on a six-monthly basis. The CEO and the senior management team have responsibility for managing risk and advising the Board on appropriate controls. The CEO and the senior management team support and implement policies approved by the directors. Key risk indicators will be identified, closely monitored and action taken where necessary, by the staff and directors. MacVille Risk Management Framework
This framework encompasses a number of elements that together facilitate an effective and efficient operation, enabling MacVille to respond to a variety of operational, financial, commercial and strategic risks. These elements include: Policies and procedures: A series of policies underpin the internal control process. Reporting: Decisions to rectify problems are made at regular meetings of the senior management team. Business planning and budgeting: The business planning and budgeting process is used to set objectives, agree on action plans and allocate resources. Progress towards meeting business plan objectives is monitored regularly by the senior management team and by directors at board meetings.
Contingency planning is undertaken as required. Risk Management review: The Finance, Audit and Risk Management (FARM) committee is required to report at Board meetings on internal controls. CEO: The CEO has responsibility to brief the Directors periodically and as appropriate on the development of policies and procedures to ensure effective and efficient operations, risk management strategies and implementation. External audit: The final audit of financial statements is controlled by an external chartered accountant who provides feedback to the Board through the FARM Committee.
Risks are identified on a scale of likelihood of occurring in the next 12 months and assigning an impact or consequence to the risk as high, medium or low. High includes either a significant shortfall of around 40% in achieving budget or a significant reduction in ability to function. Medium includes either a shortfall of budget of between 10% and 20% or some reduction in function. Low indicates minor reductions in achieving budget or minimal reduction in performance.