Project Portfolio

BSBOPS504 Manage business risk

Section 1: Establish risk context 5
Section 2: Identify and analyse risk 8
Section 3: Implement and monitor risk treatment 10

Student name:



Business this assessment is

based on:

Risk management

Documentation reviewed as

Section 1: Establish risk context

1.1 NatureCare Products
1.2 NatureCare Products is a business about selling beauty skin care products. Our products are
eco-friendly and has natural ingredients. At the moment, the business presented three
products, and this are as follows:
 Cleansing cream which is used as make up removal.
 Multi Protection Day Moisturising Creams are used for dry skin, and it is also used as
protection through the day.
 Lastly is the Regenerating facial scrub which is used to remove dead skin cells.
1.3 ROLE:
If I will be the one who will do an investigation regarding the risk management, my role is not
only the owner but also a Financial Manager. I’ll be checking any risk of the business most
importantly the financial status of the company. By doing so, I may be able to reduce any
damages that may happen in the future. The role of Finance Manager is all about the money or
what we call financial health of the business, thus, are assigned to do the financial reports and
also other activities about the finance such as budgeting.

2.1 Risk management process:
Firstly, I will identify any threat that a business may find out later on, this will help to do the next
step which is analysing the risk so we may know how to deal with it and also will help to avoid
affecting an organisation’s goal, next is to mitigate any damages that may happen to the
business, and lastly, to monitor every single detail of the business as well as creating new
tactics in order to protect the business from any risk. All these processes are important for the
sake of having good condition in the business.
2.2 Departments:
The department that are involved are the CEO, Accounts Manager, Marketing Manager and
Assistant, Sales Manager, Financial Manager and Assistant.
2.3 Risks can’t be managed:
In my opinion, there is nothing we cannot manage if we do our best managing the business.
There are ways to prevent risks, the business should be responsible to establish some
techniques to reduce any risks and anything that may impact the objectives of the organisation.
By doing a continuous monitoring to all aspect and that the risks are being identified and well
managed, the business will continue to success.
3 Organisational requirements and standards:
3.1 The organisational policies and procedures that will apply to the risk management process are
as follows:

 Risk Management Policy and Procedures
 Internal Communication Policy and Procedure
 Procurement Policy and Procedures
 Record Keeping Policy and Procedures

3.2 All the processes are needed to follow in order to ensure that the business will not fail to
achieve their goal. As for me, Risk Management Policy and Procedure and Record Keeping
Policy and Procedure will be followed because Risk Management process is about identifying
the risk that may affect the future of the business, analysing the risk if how seriously will it affect
the business and find a solution to avoid damages which is part of Risk Mitigation, and lastly
Risk Monitoring. Record Keeping Policy and Procedure is also a good help since all the records
will be stored and will be available for any references.
3.3 Policies and procedures:
Risk Management Policy and Procedure
There are 3 sections of commitment under this policy and procedure, these are the
commitment to fulfill the risk management, commitment of training to be more skilled and be
expert of risk management, and a commitment of examining and observing all the aspects of
the business as well as the progress of risk management.
Under the commitment to fulfill risk management, the NatureCare Products will be responsible
of reducing the risks that may encounter in the business. There will be an implementation of
planning and decision making about the risk management. And the staff of the said business
will be responsible to perform according to the standard of the risk management. Next is the
commitment of training to be more skilled and have an excellent knowledge of the risk
management, the staff of the NatureCare Products are responsible to understand the principles
of risk management. Lastly, commitment to observe all the aspect and the progress of risk
management, this is about being updated of anything about the business by monitoring the
risks and to create a new technique to help the business pursue their objectives.
Internal Communication Policy and Procedure
The NatureCare Products is looking forward that their staffs will be using the channels about
communication. In business, communication is very important most importantly in the process
of creating and sharing some ideas about work to have a common understanding. The
channels are project or action plan, Executive team meetings, Team meetings, Staff bulletin,
Staff surveys, NatureCare intranet, Enterprise social networks, All staff emails, Email
distribution lists.
Procurement Policy and Procedures
This policy is about purchasing activities which applies to all the workers of the NatureCare
Products. The practices under this policy and procedures are, Health and Safety Policy must be
obtained at work, must prioritise the needs for business operation such as the use of water and
energy, greenhouse performance, more. Under the Procurement Principles, it is part of being a
worker to check the goods and services that we provide, employees must advise supplier that
the business are accepting credit card as a way of payment, and it must be done prior the
purchasing. There should be a record keeping in the company where all the documents will be
all stored, and lastly, there is a bidding process for the purchase value of the product.

4 Legal requirements:
4.1 Legislation to follow:
The legislation that needs to follow for the risk management process is the AS/NZ
ISO31000:2018 Risk Management Principles and Guidelines. It is because in order for the
business to achieve their goals or objectives, there are principles and guidelines that needs to
be comply. It is a guide for the company to be successful and be on the right track of business.
In addition, the main goal of this policy and guidance is the safety of the employees and that
the risk may reduce affecting all the members of the organisation.
4.2 Regulations:
Regulations are important in the business, it is a rule that has been made to make employees
comply. So yes, the regulations do apply.

4.3 Introducing new laws:

Yes, it is possible to introduce a new law. It is being done whenever we encounter things that
needs to be improved. That is why monitoring risk managements is very important to know
what things should be done.
4.4 Risk management standards:
Under the AS/NZ ISO31000:2018 Risk Management Principles and Guidelines, in order to
reach an effective risk management, there should be a consistent and comparable results of
any documents. Stakeholders must be aware of the things that is happening inside the
company, their views and comments must be consider. Any documents such as contracts,
invoices, and other important papers must be stored safely and must be available anytime
because there will come a time that someone will ask for the old documents for any references.
5 Plan, implement and monitor risk resources:
5.1 Yes, template documents are accessible to obtain the risk management process
5.2 Yes, risk management has a budget allocation.
5.3 These are the employees who will assist the Finance Manager:
 Manager
 Supervisor
 Employees
 Line Manager
5.4 Other resources required in risk management are Human Resource Manual or Employee
Handbook, this contains the policies of the company and also how to treat the co-workers in the
company. Risk register is also a good resource since it is used to track the risk that has been
identified, so the company can do something to solve the problem. Next is the Risk Matrix
which is the tool used to measure the level of the risk and it will be the basis of making decision
for the business which is also under the Organisational policy and procedures. All in all, these
resources will help the business fulfill its goal.

6 Objectives and Critical Success factors

6.1 These are the two objectives for risk management process:
 Secure the NatureCare Products from any losses from its operations, hence, the
people who works at the company as well as the financial status, and reputation of the
company will be save.
 Encourage the people who are responsible for making the decision to make a good
and precise decisions, discuss it precisely with the other members so the company will
not be affected by the risk that may encounter.
6.2 The three critical success factors of risk management process are as follows:
 Commitment and support
 Communication
 Training
7 Stakeholders
7.1 The Manager and staff members will help monitor the risk identification, risk analysis and risk
7.2 All the employees and people in the company will be affected by the adverse risk event
because this problem is about dropping the operating profits of the company. Thus, all the
members of the company will be affected.
7.3 Stakeholders of the company will be given a task in the process of the risk management. The
stakeholders are required to cooperate with the risk management process since they are well
informed of everything that is happening inside the company. By this, they will help to decide
what should be done to improve the business and analyse the identified risk in order to avoid
7.4 The stakeholders are responsible of participating to the process of risk management, hence,
the reporting and analysing the risks. Moreover, stakeholders are able to give some ideas on
making decisions for the future of the business because no matter what may happen they are
involved with work of the project. They have a wide understanding about what is happening in
the organisation and will contribute in creating new tactics on how to protect the company from
any harm.
7.5 There will be an impact of having a poor risk management. Failure to achieve the plan in risk
management may result of having some problems such as customer/supplier conflicts, there
may be delays on the project, and also employee turnover. Because of the project failure, the
employees will also be affected but it will be an additional issue if all the employees will
demand for financial support for their family.

8 Relevant Stakeholders
8.1 Who will you communicate to (at least two stakeholders) regarding:
8.1.1. The owner and investor are the stakeholders who will you communicate in regards with
the risk management process explanation. They have the knowledge and opinions of what
need to be done about the process of the risk management, as well as contributing some
techniques to avoid any risk in the business.
8.1.2. Managers and clients are the one you need to communicate about the invitation to assist
risk identification. They have the right to view the situation of the business and
communicate with other stakeholders regarding the decision making. Involvement is a big

help for the business, it inspire all the members of the company to continue the work and
achieve its goal.
8.2 Consultation is very effective in making decision. The process of this consultation will be able to
receive feedback. The methods of consultation to stakeholders are Public meetings and a
survey. Organising a meeting will help the group to share their ideas and will be able to show
the plans that they have. Surveys and interviews will also help to explore and gather some
ideas from the members of the company.
8.3 Risk management is all about securing the business from risk encountered, so that the
business can continue to achieve its goals or objectives. All the members of the company
should undertake into training to improve their knowledge about handling any risks that may
happen in the future. By doing so, it will be safe to manage the risks and know all the steps
such as Identifying, Analysing, Mitigating and Monitoring Risk.
The Risk Identification is a process of figuring out any risks that may experience in the
company. This a way for the company to more informed and so the members can plan and
create tactics to prevent a bad effect in business. Risk Analysis is a procedure of evaluating the
identified risk, all the members are going to discuss the effect of this risk in the company so
they can search and plan a good technique to save the company from any harm or injury. Risk
mitigation is about minimising the threats caused by the risk, it is a step to lessen adverse
effect in the company. Lastly, Risk Monitoring is about keeping an eye of the identified risk. In
this step, all the assigned members should do a regular update and review the effectiveness of
the action plans made.

8.4 To all Stakeholders,

We are asking for your presence at an upcoming meeting for the Identification of Risks in
organisation. This meeting will be facilitated and is designed to take us through identifying all
the possible risk that may encounter today or in the future. This discussion is aiming for a good
decision making for the sake of the company’s future.
I believe that through this meeting we can make a better future of our business. Managing a
business is more effective if all the members will participate and share each other’s thoughts
and plan action ideas.
The meeting will take place on 28 October 2021 at NatureCare Products Building. Looking
forward to meeting you all. If you have any queries, please don’t hesitate to contact me.
Thank you.


9 External Environment
9.1 By analysing the environment of risk management project of NatureCare Products, it is possible
to occur any changes in the legislation of the products of the said business. And by the
influences of the new politics, they can control the process of the business.
9.2 For this current economic situation, the business is still capable of producing services and
products. It is also possible to have an increase in goods value. If the business will continue the
operation and will gain a lot of improvement and profits, each members of the business will

9.3 Yes, there are social considerations such as the lifestyle factor of all the members. Because the
health is very important, thus, the employers ensures that all the workers in the business are
physically fit.
9.4 Technological advances are very useful most importantly in business where you can use
internet to communicate with other members of the company. We can now set or announce a
meeting via email. The technology really changes the way a company operate which is a good
thing. In addition, we can use the keeping records using technology where we can store all the
details and documents in it.
9.5 A competitor is a person or an organisation that competes with another organisation. They do
the marketing which helps the business sell the products they have, and they also presenting
an advertisement and promotion for their products.

10 SWOT ANALYSIS – NatureCare Products

STRENGTH: The NatureCare Products is producing an eco-friendly and has a high-quality beauty
product with natural ingredients which surely give the customers a satisfaction.
WEAKNESS: The business has a limited product range, and the products are for all women only. It
is considered as a weakness of the business since the other buyers may look for some men scents
and for teens.
OPPORTUNITIES: By making some research, this business can look for a good market
internationally where they can offer their products.
THREATS: There are surely other competitors that offers the same product that NatureCare
Products do. It is considered as a threat since the other competitor’s business is financially stable.

10.1 Yes, the policy and procedures in risk management are complete. These are the Risk
Management Policy and Procedures, Internal Communication Policy and Procedures, and the
Procurement Policy and Procedures.
10.2 The resources of the NatureCare Products are all secured, its people, finance, property and
10.3 Communication between the employees and management is very important in business, it is
use to have a good working relationship and its also a way to negotiate and share
ideas/thoughts in order to achieve the objective of the organisation.
10.4 All the staffs are very loyal. Building loyalty and trust are important in business because it gives
security to all the members that they will be more willing to work for the future of the business.
10.5 The NatureCare Products has a good size of customer data base and that around 70% are
professional women.
10.6 In order to be able to fund, the company will promote programs and a monthly fund raising.
10.7 The cashflow of the business is in good situation. Any concern and worries of the finance
administrator were taken care of, it is by discussing some treatment alternatives.
10.8 Yes, the business has a strong and reliable supplier relationship because any concerns such as
the incorrect invoicing will result in delayed transaction and the good relationship between

supplier and the business will diminish, since it was taken care of because of the treatment

Section 2: Identify and analyse risk

1 Risk Discussion
10.9 Leading and organising a group discussion for the business will be effective if the employees
and members are all participating and sharing some thoughts or ideas about the main concern.
The leader must ensure that the meeting will progress and will have a united decision for the
sake of the company. Best technique is the brainstorming, since everyone are involved, and
asking questions for any clarifications is the best way to understand each other.
10.10 All the invited stakeholders will talk about the identification of the risk, evaluating the
identified risk and the treatment for the risk.
10.11 In risk assessment, Matrix method will be using to assess the likelihood and severity of
the identified risk.
10.12 Risk matrix will help to assess which risk should be prioritised. High risk will be prioritised
because this will impact the business’ objective.
10.13 In negotiating, the stakeholders should think of their business’ objective or goals.
Everyone must learn how to creative, thus, work with the team and make a plan for the
negotiation of risk likelihood and the consequences.
10.14 The leader will organise a face-to-face meeting and will discuss what will be the plan for
the risk assessment. Clarify all the details and ensure that the company will be the priority.
10.15 In order to be united, everyone should know to stop and listen to others’ opinion, let
others finish what they want to share and make some questions for any clarifications.
Encourage each member to participate most importantly in making decisions for the sake of the
business’ success. Remember that asking questions will help the members improve their
understanding to the situation.

11 Risks Summary
11.1 Summarise at least three risks identified at the meeting that apply to the scope of your risk
management process or project. For each risk:
11.1.1. Risk of Fire, Non-compliance Risk and Financial Risk are the types of identified
11.1.2. The Management and all the staffs of the project team will be responsible for the
11.1.3. The first outcome of the risk is the loss of Financial Income of the company, and
the next will be the staff members. Thus, the loss of the company will affect all the
members and workers of the business.
11.1.4. The treatment alternatives are taking out insurance, conducting a staff training,
and will be deliberate an audit. This is about monitoring all the aspects of the business, it is
for the safety of the business.
11.1.5. By using the Risk Matrix, the risk will be prioritised according to the severity level
of the identified risk. This is to ensure that we manage to plan what to do to solve the

Conducting a meeting with all the Stakeholders will make the decision-making procedure
effective. During our meeting with the Stakeholders, we discussed all the possible risk that our
company may encounter in the future. By following the Risk Management steps, we did a good
conversation because everyone participated and share what idea they have, even the small
information that they have really helped. First, we identify all the possible risk of the business.
After that, we evaluated and analysed what damage will the company encounter because of the
risk we identified. And that’s when we think of the action plan that we will do to protect the
company or reduce the impact of the risk in our business’ objectives. Lastly, we talked about
the members who will be responsible of monitoring the risk identified and will make sure that
everything about the action plan is effective. Regular monitoring is recommended, and all the
stakeholders agreed. The risks that we identified are the Risk of Fire, Non-compliance Risk and
Financial Risk. Moreover, we also discussed the alternative treatments for all the risk that we
identified. In order to know what risk we will prioritise, we did the risk calculation, thus, we will
prioritise the high risk.

12 Risk Assessment

Risk Potential outcome Student’s Stakeholde Stakeholder Combined

role r2 3 value (e.g.
Likelihood Impact Likelihood Impact Likelihood Impact Likelihood Impact

Risk of Fire Staff members 3 3 3 3 3 3 3 3


Destroy Building 2 3 2 3 2 3 2 3
and Equipments

Non-compliance Losing Job 2 3 2 3 2 3 2 3


Poor Performance 3 3 3 3 3 3 3 3

Financial Risk Business Forfeit 3 3 3 3 3 3 3 3

Risk Potential outcome Student’s Stakeholde Stakeholder Combined
role r2 3 value (e.g.
Likelihood Impact Likelihood Impact Likelihood Impact Likelihood Impact

Having Loss and 3 3 3 3 3 3 3 3

Debt in Business

13 Research risks
- It is a risk that can kill/injure people and also can destroy the building and equipment of the
company. The alternative treatment for this is to ensure that all the materials for the fire are
available and ready to use such as the fire extinguisher. In addition, all the employees and
members of the business must conduct a training for emergency and evacuation strategies.
- Compliance risk is promised to follow the legal responsibility and will obtain a punishment
for not complying with laws and rules such as losing a job. The alternative treatment for this
is to conduct a risk assessment.
- It is a risk that will make your financial status into danger, encountering this risk may result
of losing the business and won’t be able to pay any debts. The alternative treatment for this
is to limit any high-risk clients and keep on monitoring the financial status of the company
and insurance is also a big help. Create a plan to avoid any damages for any identified risk.
- A risk that can destroy not only the building of the company but also the people of it.
Everyone should undertake a training for any emergency.
- Fail to follow the laws and rules will affect the work situation of the employees, thus,
managing the risk assessment will help to avoid this risk.
- This risk will impact the financial status of the business, thus, the employees should
prioritise the highly risk identified.
13.3 – Insurance
– Conduct a training for emergency
– Risk Assessment
13.4 In doing this research risk, I did a little internet search about the identified risk. I viewed and
read some articles/journals about the risk encountered in different companies and also the
things that they do to control and solve problems. This research is really helpful, it makes us
more aware of the things that may possibly happen in the future. It also shared some
alternative treatments to the identified risks. This is the link of the article:
14 Risk Analysis

Risk of Fire can be prevented by conducting a training for any emergency in the company, and also
ensure that the materials for the fire are all available and ready/safe to use. Members of the
company should also undertake a training for the evacuation strategies, so the people inside the
incident will avoid panic.
Non-compliance Risk can be prevented by managing the risk assessment, thus, all the members of
the company are responsible of complying rules and laws.
Financial Risk can be avoided by being careful who to trust clients, must analyse the risk before
making decision. Keep monitoring the financial status of the company and create tactics on how to
prevent encountering damages from the identified risk.

Note: Risk is calculated (likelihood)x(impact).

Section 3: Implement and monitor risk treatment

1. Action Plan

Risk: Fire Risk

Action: Undertake a Fire Training/ Fire Evacuation Strategies Training

Desired outcome: To be safe from Fire Incident

Overall person responsible: Stakeholders and all the members of the business

Step: Person Timeframe: Resources: Performance Outcome Done

measure: requirements: ?

Identify fire Owner / Daily Fire Good Accept and Yes

hazard Employer/ Hazard Follow Standards
All staff

Know which Admin Weekly Fire Good Accept and Yes

fire hazard manager/ Hazard Follow Standards
should be Owner/ Checklist
prioritised in Employer

Always Admin Daily Testing Good Accept and Yes

make time manager machine Follow Standards
to test the
fire alarm

All the Storage in Daily / Storage Good Accept and Yes

chemicals charge Weekly room Follow Standards
should be in chemical
an checking
appropriate paper

15 Action Plan Discussion

15.1 In doing the action plan, must communicate to all the staff members of the business.

15.2 Face-to-face meeting will be the most effective way of communicating to all the members of the
project. It is because everyone can give their thoughts or ideas on the same time and day of
the discussion.
In every business, communication is very important. It will help to improve the relationship with
all the staffs. Conducting a meeting is about interacting with all the members of the company,
sharing all the information and ideas we have to improve the business. In addition, it is the best
time to talk about the strategies that the company should do most importantly in identifying and
mitigating the risk.
The last meeting that we organised is all about the steps/action plan that we will follow in order
to protect the company from any harm or damages from the risk identified. The first step is to
identify the fire hazard, all the staffs and owner will be responsible for this. Next is learning
which fire hazard should prioritised, this will be done by the admin manager, hence, each one
of the members of the company should be informed about all these things as well. Checking
the fire alarms regularly by the admin manager will be a big help protecting the business. And
the last action plan that we decided to take is to ensure that all the chemicals must be in an
appropriate storage room daily, and there will be someone who will be assigned to do it.
And that’s what we talked about on our last meeting with all the staff members of the company.

16 Implementation and Documentation
16.1 An invoicing RPA system has been implemented in the department of the finance of the
NatureCare Products. As for the risk of the fire in the company, the step I will implement is to
regularly check all the fire alarm system in the building.
16.2 The HR policies should indicate the fire safety of all the members of the company, as well as in
sustainability policy.
16.3 In order to protect the business from any harm or damages, everyone should decide what
actions to take. In the situation of the NatureCare Products, we implemented the action of
checking the fire alarms regularly, ensure that all the chemicals are in an appropriate storage
room, all the staffs must identify the fire hazard and learn which hazard to prioritised.
Implementing all these actions will make us so confident that nothing bad will happen to the
company we are in.
16.4 Make sure that all the details are complete and identify all the things needed for the fire safety.
In order to follow all the steps, responsible members for each step must comply all the tasks
17 Monitoring
17.1 Data from all the incidents encountered inside the company.
17.2 No, there are no new risks emerged.
17.3 Yes, there are incidents recorded.
17.4 Yes, there are feedback provided.

18 Evaluation
18.1 No, identified risk not relevant.
18.2 Yes, the risk treatments are successful.
18.3 There are no new risks.
18.4 The stakeholders are very satisfied with the action plan for managing the identified risk.
18.5 Yes, all the treatment actions still in line with best practice.
18.6 There is no other risk treatment necessary.
18.7 This is a report regarding the outcomes of evaluating the risk process/project and its
alternative treatments.
In business, there are risk that will come and may possibly destroy or affect the status of the
company. In this project, the Nature Care Products is a business selling beauty products which
are eco-friendly and high quality using natural ingredients. In very business that we enter, expect
that the risk may come unexpectedly, all we need to do is to create a plan to avoid damages and
make the business pursue its goal or objectives.
There are 3 kinds of identified risks, these are the Risk of Fire, Non-compliance Risk and
Financial Risk. The Risk of Fire is very dangerous because it can destroy not only the building
and equipment but also people who are inside the building. The Non-compliance Risk is about
not following the rules and will obtain a punishment for not complying, worst result is to lose a
job. Financial Risk is about failing to monitor the financial status of the company, the result is

losing the business permanently and may not be able to pay the debts of the company if any.
Thus, the insurance will be a big help and also regularly checking and monitoring all the aspects
of the business most importantly the financial situation. By doing so, the members can think of
the solutions or new techniques for the identified risk to avoid negative effect and the company
can continue pursuing its objectives. It is good that at this moment every detail and important
thing in the company are being monitored by the assigned members of the business, thus, the
progress of the action plan is doing well.

