HR and risk management - an ideal match

by Contributor10 Aug 2017
It is an organisation’s people and corporate culture that drive its risk management and strategy. Easy goals, as Jay Chander, Partner with Barker Henley discusses

All organisations operate in an environment of economic uncertainty. Subject to a wide range of internal and external influences, they are exposed to varying degrees of uncertainty and risk and this can directly affect their ability to achieve objectives.

Risk comes in many shapes and sizes, and can come from many directions, both internally and externally. The internationally recognised benchmark, ISO 31000:2009, Risk management – Principles and guidelines defines risk as “the effect of uncertainty on objectives”. Much time and energy is spent managing risk presented by economic and commercial forces to ensure sustainable profitability and growth, but we shouldn’t forget the significant risks that relate to maintaining the internal capabilities of an organisation - its people or human resources (HR).    

All activities in an organisation involve varying degrees of people interaction and risk. In fact, every activity an organisation engages in, every decision it makes or fails to make, involves people and carries an element of risk, as well as some opportunity. This does not mean that we shirk away from risk - risk is a normal and unavoidable element in any business. The very nature of business is about taking risk by investing resources for reward.

And while risk is inevitable, there is a critical need for organisations to identify, understand, prioritise and manage key risks with a pragmatic, integrated and coordinated approach. The long-term and sustained success of an organisation relies on two key factors, both closely aligned with strategic objectives:
  • an effective Enterprise-wide Risk Management (ERM) framework, and 
  • HR management. 
It is the recruitment, training, development, motivation, behaviour, intentions and retention of employees with sufficient skills that help accomplish organisational goals.

ERM has traditionally not focussed sufficiently on the human element. Strategy, culture, morale, productivity and governance all have a significant human component and can all adversely affect an organisation’s performance and future. In fact, the HR component is critical to risk management because:
  • People are the biggest sources of risk and most risk exposures include a human element – it is the people, their behaviour and actions that cause risk 
  • People are also critical in managing risk - it’s the people and their actions that mitigate risk. 
Therefore, it is essential that an organisation’s risk management plan includes a comprehensive analysis of its people risks. There is no doubt that a positive HR environment reduces risk and increases an organisation’s ability to manage risks. And these can be better managed by planning and empowering the human component of the corporate capability and leadership. 

The HR function has a critical role to play in risk management. HR needs to identify and manage its people risks effectively if it is to contribute to an organisation’s success. There are many people-related risk exposures that can have a significant impact on an organisation’s objectives and reputation, including:
  • Organisational structure, processes and systems
Lack of clear roles, reporting lines and accountabilities, corporate governance, strategy-setting, policies and management systems.
  • Critical skills and talent management
Not having the right people with the required knowledge, skills and tools and inadequate recruitment and retention practices.
  • Succession planning
Inadequate succession planning and back-up arrangements for key roles and people.
  • Values, ethics and leadership
Failure to establish a robust leadership, with a positive culture and values framework that sets the tone at the very top.  
  • Compliance and regulation
Non-compliance with industry and other regulations and laws.

•    People and corporate culture 

Lack of proper people management and staff engagement, failure to recognise teamwork and collaboration.
  • Training and development
Inadequate development of people, training in specific skills, particularly in leadership, coaching and mentoring, communication, motivation and change management.
  • Performance measurement 
Lack of or poor performance management practices not aligned to achieving organisational goals, continual feedback and measurement of employee performance and engagement.
  • Remuneration and recognition
Remuneration, reward and recognition must be based on performance and contribution to the organisation’s overall goals.
  • WH&S
Failure to maintain a safe work environment, work-life balance, positive workplace culture and emotional wellness, resulting in higher worker compensation costs, absenteeism, staff turnover, poor performance and reputational damage. 
  • Business interruption, continuity and recovery
A major incident can cause significant disruption to an organisation. Management needs to have a clear understanding of their responsibilities, supported by appropriate policies and processes to ensure proactive and pragmatic response in any crisis event.

So, what can we do to align HR with ERM?
  • Ensure that your organisation’s HR activities include HR risk management 
  • Align HR plans with the overall business strategy and risk framework
  • Implement a common risk management framework supported by appropriate standards throughout the organisation 
  • Clearly define key roles, responsibilities and reporting relating to risk management throughout the organisation
  • Implement robust HR risk mitigating controls and treatment plans to respond appropriately to HR risks 
  • Ensure that HR is part of the Executive management who is charged with designing, implementing and maintaining an effective risk management infrastructure
  • Obtain independent and objective assurance on the effectiveness of HR risk program. 
Sounds straightforward? Perhaps. But look around and see the number of otherwise responsible organisations who have sound and robust risk management processes, and yet they fail to recognise the gaps present in current HR practices.  We can no longer afford to take our eyes of the HR ball – we’re missing too many goals.

About the author
Jay Chander is a Sydney-based Partner with Barker Henley. He is a commercially focused Chartered Accountant, business consultant, advisor, executive trainer and author with extensive executive-level experience, and leads an experienced team in risk advisory, internal audit and business consultancy. 
 

COMMENTS

  • by AG 11/08/2017 3:11:20 PM

    It's about time this was recognised more widely. However, do you think a risk manager can get a job in HR though.....nup!

Most Read