Mortgage Broking Assignment: Identification & Management Of Risk At Workplace
Task: The mortgage broking assignment requires you to briefly answer the questions below in the spaces provided.
1. Explain what is meant by risk management
The concept of risk management explored within this mortgage broking assignment is the procedure by which risk or potential threats to the business and its performance are identified, assessed and controlled (Samimi, 2020). There are mainly five steps under risk management. The first step is identifying the potential threats or risks of the organisation. The second step includes analyzing the likelihood of that potential risk or threat occurring and the impact of these risks. The third step includes prioritizing those risks according to the organisation's objectives and the impact which each of these risks is likely to have on the organisation. The fourth step includes having a mitigation plan for controlling all significant risks of the business. The fifth step includes monitoring of these risks or threats and making changes in the mitigation plans according to the weakness identified in the existing plan.
2. Risks can be identified in many different contexts depending on the work situation, local industry and regions. List three (3) contexts where risks may need to be managed in the workplace:
The three contexts in which risk may be needed to manage in the workplace will be listed below.
- Safety risk management – The first context in which the risk needs to be managed in the workplace is if there are any significant chances of the employees or workers being physically harmed due to certain areas or activities of the business (Kaassis and Badri, 2018).
- Fraud Risk management – The second context in which the risk is needed to be managed in the workplace is if the employees are handling a large sum of money daily as this increases the chances of fraud in the business. Therefore, the fraud risk is needed to be managed (Alazzabi et al., 2020).
- Human Error Risk management – The third context in which the risk is needed to be managed is if the workers are doing such significant work in which error in their work can significantly impact the performance of the business. Therefore, steps needed to be taken to minimize those human errors.
3. Complete the following sentence.
Your risk management treatments will need to be analysed
4. Give three (3) risk identification tools:
The three-risk identification tool are given below.
- SWOT Analysis – The SWOT analysis helps to identify the strengths, threats, weaknesses and opportunities of the business (Vlados, 2019).
- Documentation reviews – Documentation reviews means identifying the risk of the business by reviewing all relevant documents of the organisation.
- Assumption analysis – Assumption analysis include analyzing all assumptions which has been made related to the project or business and assessing those assumptions validity (Rowe et al., 2020).
5. Explain the difference between an internal risk and an external risk:
There is a significant difference between internal risk and external risk, which will be discussed here. The first difference is that internal risk occurs from within the organisation during its daily operation, whereas external risk arises due to external factors which are out of the control of the management of the company. The second difference is that internal risk is predictable, whereas external risk is highly unpredictable.
6. Give two (2) risks that Gail could potentially plan for:
The two risks for which Gail can potentially plan are liquidity and operational risks. Gail can potentially plan for liquidity risk by forecasting the business's cash flow and identifying the cash deficit in the business in the future period, and planning for it (Galletta and Mazzù, 2019). The second risk is the operational risk, which includes losses incurred by the business due to errors or fraud of the employees (Araz et al., 2020). Therefore, Gail could make a potential plan for operational risk by making strong internal control measures that will ensure that these errors or frauds are minimized.
7. Identified risks do not have to be documented, just noticing them is enough.
8. Explain the definition of a stakeholder, and who that may include.
The stakeholders include all different groups or parties in the business environment who are have an interest in the business (Jones et al., 2018). The stakeholders include both parties who directly participate within the organisation and those who do not participate with the organisation but are significantly impacted by the business and its action. The parties who are directly participating are called the internal stakeholder. The parties who are not directly participating within the organisation but has an interest is called external stakeholders.
9. Explain how you would consult relevant stakeholders.
The internal stakeholder can be consulted through conducting meeting with them directly and taking their feedback directly from these meeting whereas external stakeholders can be consulted by conducting survey or taking personal interview with some of them (Kujala et al., 2022).
10. List five (5) relevant stakeholders who may need to be consulted when analyzing and documenting risks:
The five relevant stakeholders who may be needed to be consulted when analyzing and documenting the risk are listed below.
11. Once risks have been identified they need to be categorized to determine their level of risk. List the five (5) levels that you can rate the likelihood of a risk eventuating:
The five (5) levels that can rate the likelihood of a risk eventuating is given below.
- Very Likely
- Very Unlikely
12. Explain why it is important to prioritize and determine the level of risk.
It is highly important to prioritise and determine the level of risk, and the reason for which it is important will be stated here. It is important to prioritise the risk and determine the risk level so that the limited resources of the organisation is adequately allocated to mitigate those risks which according to the threats level which they are creating for achievement of the goals or objectives and likelihood of that risk arising in the business (Majumdar et al., 2021). Also, sometime mitigation of one risk may be clash with the mitigation of another risk, then business can identify the risk which they need to mitigate among the two.
13. True or false. Circle the correct answer.
An overall risk rating is determined by multiplying impact by likelihood.
14. Give five (5) main treatment strategies in how to approach and handle risks.
The five main treatment strategies in how to approach and handle risks is given below.
- Avoidance – Avoidance as treatment strategy include avoiding those activities that can lead to those risks.
- Retention – Retention include accepting the inevitability of that risk happening but make plan to reduce the impact of that risk or cost arising from it.
- Sharing – Sharing include making such plan by which the risk of the business can be shared with another so that the cost of that risk reduces.
- Transferring- Transferring include making such plan in which the cost of the risk can be transferred to another party.
- Loss reduction – Loss reduction include taking steps so that the loss which will arising from that risk can be reduced.
15. Complete the following sentence.
Controls are the procedures, tools and techniques used to treat, or manage, risks.
16. List some of the strengths and weaknesses of choosing your control measure types.
Each of the control measure types have their own strengths and weaknesses and these strengths and weaknesses will be discussed here. The strength of the use of avoidance control measure is that chances of risk occurring is low and cost of using it is also low. The weakness of this measure is that it is not always possible to avoid activities which is creating risk. The strength of using sharing control measure is that it helps to limit the loss arising from the risk to certain level. The weakness is that cost from sharing control measure is never zero unlike avoidance. The strength of using loss reduction is that this control measures can also be used after the risk has arise. The weakness of this loss reduction measure is that it is reactive measure rather than pre-emptive which lower this measure efficiency.
17. Explain the risk audit method when monitoring risks.
There are some risk audit methods which can be used to monitor the risks which include different method or ways to evaluate whether the mitigation plan which has been set in place for the risk has been able to adequately mitigated or not. These risk audit methods will be discussed here. The first risk audit method when monitoring is observation in which it can be can be identified whether the mitigation plan for mitigating the risk is effective or not. The second risk audit method is verification or checking in which it is checked whether risk is in control or not. The third method include enquiry include enquiry with different related parties will be done to assess whether the risk is in control or not.
18. Multiple choice; Circle the correct answer.
Explain what you would do if you identify a risk that could have an impact beyond your own work responsibilities and area of operation
a) Continue working as you normally would
b) Call the emergency service
c) Refer the risks to others as per policies and procedures
d) Try to reduce the risk yourself
19. Explain how you would ensure that you are detecting as many risks as possible.
There are some steps which can be used to detect as many risks as possible and these steps will be discussed here. The first step which is needed to be implemented stakeholders meeting and interviews in which representatives of different stakeholders groups will be asked about the risks which they have identified in the business. The second step is brainstorming in which brainstorming will be done to identify different threats which can arise in the business. The third step include reviewing checklist of some general risks which can be identified in the organisation and assess whether any of these general risk identified in the business or not. The fourth step include using different risk detection tools to assess what types of risk is identified in the business. The last step include conducting the risk rating to assess which risks are more significant for the business.
20. Give three (3) examples of the smaller organisation golden rules.
The three examples of the smaller organization golden rules are given below.
- Bring more money or cash than what is spent under different activities of the business.
- Know the limitations of the resources which is available to the business
- Try to solve the issue or fulfill the customers’ needs through its products rather than marketing it.
21. True or false? Circle the correct answer.
You mustn’t ensure all relevant areas of your organisation or business are aware of the risks that may impact them.
22. Complete the following sentence.
A risk treatment Plan is a document defining how risk identified and Strategies are to be implemented to treat particular risks or risk events.
23. Multiple choice; Circle the correct answer.
At the completion of your pro¬ject or business activity you will want to see all of your risks closed in the risk register. Each risk must meet one of the following criteria to be closed:
a) The risk was successfully prevented from occurring
b) The risk did not occur
c) The risk occurred and was treated
d) All of the above
24. Explain why it is important to monitor and review your risk treatments for the lifecycle of the project, and once they are complete.
It is equally important to monitor and review risk treatment for the lifecycle of the project and also once they are complete for certain reasons which will be discussed here. The reason for which it is important to monitor and review risk treatment for the lifecycle of the project is so that whether the risk treatment is still effective or not can be identified on time and prompt action can be taken if it is found that certain risk treatment is not effective to mitigate risk. The reason for which it is important to monitor and review risk treatment even when the project is completed so that the overall effectiveness of those risk treatment can be evaluated and it can be used as reference for the future project about whether those risk treatments should be used or not and if it is used, then whether any changes is needed to be done in it. 25. Explain a simple yet effective way of how you would review risk treatments. The simple and effective way to review risk treatment is regularly monitor risks for which the risk treatment has been implemented and identify and document any action or event which can change the status of the risk and its impact on the business. Also, assess whether these impacts of those events or action is within the permissible level which has been kept for that risk under risk treatment plan. If not, then it can be concluded that risk treatment plan has become ineffective for that particular risk.
26. True or false? Circle the correct answer.
The person given responsibility for the risk treatment is also usually responsible for the treatment monitoring and review. This person should not be responsible for communicating the results of the review to the concerned stakeholders and other areas that could benefit from this knowledge.
True or False
27. Explain two (2) steps to provide assistance to auditing risks in your own area of operation, and explain how you would achieve this.
The two steps which can help to provide assistance to auditing risk in the learner own area of operation is by identifying the risk and its likely impact on the business and keeping proper documents of any significant change related risks identified. The identification of risk and likely impact can be done by analyzing past records related to risk in the area of operation. Also, documenting any event or change happening related to the identified risk.
28. Give three (3) primary purposes of monitoring and review.
The three-primary purpose of monitoring and review of risk and its treatment is given below.
- Control existing risk - The first primary purpose is to control the existing risks of the business or project.
- Identification of the new potential risks – The second primary purpose is to identify new potential risks of the business or project.
- Assessing whether the mitigation plan effectiveness – The third primary purpose is to assess the effectiveness of the mitigation plans used to mitigate different risks of the project or business.
29. Give five (5) questions you could ask yourself to complete the risk management review
The five (5) questions that have to be asked to complete the risk management review is given below.
- Has the risk mitigation plans have given expected results or not?
- Whether any unexpected risk arise in the business excluding those which has been identified?
- What has been impact of the unexpected risk on the business?
- Whether the risk rating which has been done of different risk of the business or project was accurate or not?
- What are significant issues indentified in the risk management of the business or project?
30. Describe how you would comprehend documents and texts of varying complexity to extract and analyse relevant information.
The documents of varying complexity can be comprehended to extract and analyse relevant information by using some ways. First of all, the documents which are highly complex can be analysed using different experts help. The second step which can be taken to comprehend documents of varying complexity is by becoming familiar with the terminologies which are frequently uses in those documents or the area in which the document is related to. The third step will be highlighting main points of those document so that the extracts do not missed all that vital information.
31. Explain how you would use specific, industry related terminology and logical organisational structure in the workplace documents that identify and analyse risk and report management process outcomes.
The specific industry related terminology and logical organisation structure in the workplace documents will be used significantly to identify and analyse the risk and report management process outcomes in some specific ways. First of all, specific industry related terminology will be used wherever adequate to make the documents of the business of higher quality. Second of all, organisation structure in the workplace documents can be used to summaries the findings for which the documents or reports have been made more effectively.
32. How would you participate effectively in interactions with stakeholders by using questioning and listening to elicit opinions and clarify understanding The learner would effectively participate in interaction with the stakeholders by using questioning and listening to elicit opinion and clarifying understanding using some following steps. The first step will be creating comfortable for stakeholders to interact with the learner. The second step will be asking open ended question to the stakeholders to get their additional feedback excluding which has been asked from them. The third step include encourage them to ask question to the learner so that more smooth interaction happen between them.
33. Explain how you would use numerical tools to assess risk and use numerical data to review plans
The numerical tool will be used to assess risk by using those tools to quantify the expected impact of those risk on the businesses. Also, those numerical tools can be used to identify the probability of that risk occurring in the business. This can help the business identify the risk rating of each risks and prioritize each risk according to its risk rating. Also, numerical data can be used to review mitigation plans of business by quantifying the expected result from the risk mitigation plan and actual results from the plans using variance analysis to assess whether the plan has achieved its minimum requirements or not. Also, numerical data can be used to review plans by putting a quantified limit of the negative impact which is permissible to occur from a certain risk after mitigation and assessing whether the actual impact is higher or within that permissible limit or not.
a) Why is it necessary to comply with organisational and legislative requirements?
It is necessary to comply with the organisational and legislative requirements for some significant reason. The first and foremost reason is that if legislative requirements are not complied by the business, then it can create different legal issues for the business as the company will fail to meet the standards set by different authorities. This can lead to high legal cost incurred by the business. Also, when the organisational and legislative requirements are not, then standards which the business set for itself and authorities set for it will not be meet and this create bad impact on the reputation on the business.
b) Describe how would you take responsibility for identification and management of risk within your own work context and refer matters to others as required?
The responsibility for identification and management of the risk within the learner own work will be taken by identifying the risk which are significant in the work of the learner and also making mitigation plans for it . Then those plans will be approved by the appropriate authorities. Also, the outcome which the management can expect from those plans will also be communicated. Then approval of those mitigation plans will be taken and then in the end of the period for which the mitigation plan is made, report will be submitted about which mitigation plan has been effective or which has not been not and overall risk management by learner in its work. These is how learn plans to take responsibility for identification and management of the risk within its work. Also, if any risk identified which are outside the scope of work and responsibility of the learner, then that risk will be communicated to adequate authorities and measures which will be undertaken by those authorities for those risks will be followed by learner also.
35. How would you select appropriate communication protocols and conventions when conferring with others to establish risk management requirements?
The appropriate communication protocols and conventions when conferring with others to establish risk management requirements will be identified by ensuring that following criteria are fulfilled through those protocol and conventions and these criteria are discussed below.
- Those communication protocols and conventions should be effective enough to mitigate the risks for which it has been kept in place
- Also, those communication protocols and convention should be simple enough for everyone to understand and follow it.
- They should also create any negative impact on the business operation
- These communication protocols and convention should be feasible to implemented in the business operation.
Alazzabi, W.Y.E., Mustafa, H. and Karage, A.I., 2020. Risk management, top management support, internal audit activities and fraud mitigation. Journal of Financial Crime.
Araz, O.M., Choi, T.M., Olson, D.L. and Salman, F.S., 2020. Data Analytics for Operational Risk Management. Decis. Sci., 51(6), pp.1316-1319.
Galletta, S. and Mazzù, S., 2019. Liquidity risk drivers and bank business models. Risks, 7(3), p.89. Jones, T.M., Harrison, J.S. and Felps, W., 2018. How applying instrumental stakeholder theory can provide sustainable competitive advantage. Academy of Management Review, 43(3), pp.371-391.
Kaassis, B. and Badri, A., 2018. Development of a preliminary model for evaluating occupational health and safety risk management maturity in small and medium-sized enterprises. Safety, 4(1), p.5.
Kujala, J., Sachs, S., Leinonen, H., Heikkinen, A. and Laude, D., 2022. Stakeholder Engagement: Past, Present, and Future. Mortgage broking assignment & Society, p.00076503211066595.
Majumdar, A., Sinha, S.K. and Govindan, K., 2021. Prioritising risk mitigation strategies for environmentally sustainable clothing supply chains: Insights from selected organisational theories. Sustainable production and consumption, 28, pp.543-555.
Rowe, P.D., Guttman, J.D. and Ramsdell, J.D., 2020. Assumption-based analysis of distance-bounding protocols with cpsa. In Logic, language, and security (pp. 146-166). Springer, Cham. Samimi, A., 2020. Risk Management in Information Technology. Progress in Chemical and Biochemical Research, 3(2), pp.130-134. Vlados, C., 2019. On a correlative and evolutionary SWOT analysis. Journal of Strategy and Management.
Direct Observation Instructions
Unique Student Identifier (USI): Unit: BSBRSK401 - Identify risk and apply risk management processes
Date of assessment:
The Student is to demonstrate in the following role play at least one example of evidence of the ability to:
• identify risks
• consult with relevant stakeholders to analyse and evaluate risks
• identify and evaluate control measures
• develop and implement treatment plans for own area or responsibility
• refer risks that are beyond own area of responsibility to others
• maintain risk management documentation.
You are to assume the role of an experienced customer service manager who controls a dynamic team of 18 staff in a profitable corporation. It is your role to support and manage the team to carry out eminent service.
The team reports back to you immediately with any negative consumer criticism. It is obvious there is an enormous growth in mistakes. A number of clients have complained about receiving their deliveries much later than advised and items missing from their orders.
The Head of the corporation is fearful that it may impact ongoing sales. You know you have to take measures to ameliorate their service to ensure the client is at ease.
You are to conduct one role play to exhibit that you can identity and evaluate risks. The role play is to be a meeting with stakeholders to rectify the cause of the issues and come up with a solution to prevent ongoing risks. A colleague or class mate can play the role of this person and must be briefed on the situation so he/she can act the role appropriately.
You will be required to check your progress with the trainer/ assessor at the completion of each part of the assessment before commencing the next.
The trainer/ assessor will inform you of any significant errors or misjudgements throughout the procedure and give valuable feedback to you for the rectification of the problem.
If the result of the assessment is that you are Not Yet Satisfactory, you may be required to retake the assessment.