HUMAN CAPITAL DEVELOPMENT FORUM IN ICT 24TH- 26TH FEBRUARY 2014 CROSSROADS HOTEL LILONGWE, MALAWI 1 Planning Risk Management in Human Resources Presenter: Jonathan P. Mwakijele, BSc, MCM, MSc, Head of Training, Consultancy and Research Unit, African Advanced Level Telecommunications Institute (AFRALTI), Nairobi, Kenya. e-mail address: jmwakijele@afralti.org 2 Planning Risk Management in Human Resources Planned approach aims to identify, assess and resolve risk items before they turn threats to organisations. 3 Content PART I What is risk? Introduction to Risk Management Risk management Assessing risks - Workforce planning: Job analysis and job descriptions - Recruitment and selection - Performance appraisal Quantify the Risk 4 PART II Introduction to Risk Management in HR Applying risk management to HR The risk management process - Identify the risks - Assess the risks - Develop strategies for managing risks - Implement - Monitor Who is involved in the risk management process? 5 PART I The paper has been adopted from Bhima Rao’s paper on Devising risk management in human resources. 6 What is risk? Risk is defined as the “perceived extent of possible loss”. It may be a small or a big risk? It varies from situation to situation. Risk is a part of personal and business world. 7 Introduction to Risk Management Understanding risk is the first step in risk management. The risk assessment tool is known widely and used effectively in project management and execution, finance and accounts, manufacturing, and marketing. Risk involved in Human Resource Management function and its assessment is yet to take a firm root. Formal risk analysis and risk management in HR can help to evolve strategies to minimize the disruptions of plans, control cost and control loss. 8 HR audit is the first step to understand the risk involved in daily HR function and in long term HR plans. HR audit is not only conducting Labor compliance audit. Assessment of risk due to non-compliance of labor laws is only one part of the HR function. The need of the day is to assess the risk in the entire scope of HR function and in relation to the objectives of the organization. How to assess the risk of HR function, analyze and estimate the risk which would impact business results and managing the identified risks successfully is a new challenge to HR professionals. 9 Risk management “Risk is the threat that an event or action will adversely affect an organization's business objectives and business strategies.” Risk Management is the process of protecting an organization from financial loss and controlling risk at the lowest possible cost. The goal of Risk Management is to identify, assess and resolve risk items before they become threats to assignments or to the entire organization. 10 HR deals with the most valuable resource of the organization and it is crucial that it becomes a part of the total Risk Management. Once HR becomes the part of risk management programme, it will allow using human capital to pursue the company’s strategic goals more systematically and help HR become a strategic business partner. 11 In today’s climate, HR faces extraordinary demands to be effective, efficient and most importantly, responsive to address changing organizational and business realities. HR professionals need to become champion of high-performance which adds measurable value to both the top and bottom line of business, employee satisfaction and retention of talent. It is not easy to jump to the entire new area of assessing HR risk areas. One needs to work systematically, change the mindset from traditional HR role and embrace new ideas. 12 There are two types of roles in Risk Management: People are a source of risk. - Shortage of right kind of employees at a right time, - attrition of experienced employees, - employee leaving after completion of a oneyear training programme, 13 People are a source of risk (cont.) - employees doing sloppy work due to lack of competencies, - handling customers very badly, - an employee unwilling to take on additional responsibility or - high absentee employees. 14 People are important in handling risk. - People using their skill to solve unexpected problems, - employees going the extra mile for the organization, - an employee becoming multi-skilled, - redesigning his own job to avoid unnecessary delays in getting work done, or evolving new process to resolve the problem or an employee persuading a talented friend to apply for a position and join the organization. 15 Assessing risks Undoubtedly, HR function carries risks. Identifying threats in HR function and how it is going to impact the business results, reputation of the company and future business is essential. Are the threats looked in a routine manner or a focus is given to understand, assess, categorize the threats based on the impact, quantifying the threats affecting the organization is the most critical and difficult task. HR professionals very rarely approach this important area systematically. 16 Few of the threats facing HR function and how it impacts the business results are : 1) Workforce planning: Job analysis and job descriptions - This is the basic function of any HR department. - Neglecting or undoing in this area results in not having required manpower at the right time. - Job analysis and job descriptions are two important attempts to allocate the jobs and selecting a right person for a position. 17 Workforce planning: Job analysis and job descriptions (cont.) - They are important for conducting performance evaluation of employee. If it is not done properly it brings disorder and accountability of a person. - New Organizations does give importance for Workforce planning: Job analysis and written down job descriptions are communicated to employees and risk is avoided in the initial stage itself. 18 2) Recruitment and selection - Executing action plans to ensure the organization is not left with a shortage of qualified workers is one of the biggest challenges today. - HR is creating big risks to organization by not ensuring the right number of employees at a right time. - If the risk analysis is carried out on a regular basis, the quantum of loss or risk involved can be understood and possible corrective actions can be initiated. 19 3) Performance appraisal - It is essential to have a well designed performance appraisal system. Whether goal setting is done systematically, appraisals are done timely, documentation is done properly, reward is linked to actual performance. - Ineffective performance management system can result in a lack of good formal and informal feedback from managers to employees, minimal employee development and low employee engagement. 20 Performance appraisal (cont.) - Evolve, implement and institutionalize the performance evaluation system is the major responsibility of HR. If not implemented properly, the risks are manifold and directly impact the morale, motivation and productivity of the organization. 21 The above three areas are critical HR functions which are also major risk areas for any organization. Other areas which may fall in either major or minor risk zone depending upon the organizations and situation are: - Induction/Orientation, - HR Policy and Procedures, - Compensation and benefit, - Learning and Development, - Employee and labor relations, - Labor law compliance, - Safety and health program, - HR Service Delivery, - Retention and Management succession. 22 Quantify the Risk HR department shall run through a list of risks and to see if any threats are persisting. Thereafter, review the systems, structures and analyze risks and see whether any vulnerability persists. Take the opinion of others too, who might have different perspectives. 23 Quantify the Risk (Cont.) The next step is to work out the likelihood of the threat being realized and to assess its impact. Lastly, make the best estimate of the probability of the event occurring, and multiply this by the amount it will cost/quantify the risk to set things right if it happens. 24 Once risk is identified and understood, adopt cost effective methods to mitigate the risks and on a time bound basis. Strategies to manage the risks need to be evolved internally, through use of existing unexploited resources effectively, improving the methods and systems, change the accountability of persons by effective internal control. Lastly, bring in additional resources to overcome the risk. 25 Once risk analysis and management actions are initiated, it is essential to conduct formal reviews and analyze the results. HR has often been considered a “soft” area, and many have not understood the inherent risks involved with this function. The need has come to add total HR function to the organization's regular audit cycle which is overlooked till now by HR professionals and the top management. 26 Part II The paper has been adopted from HR Council of Canada. 27 HR Planning Introduction to Risk Management in HR Risks are inevitable and organizations have a moral and legal obligation to attend to the safety and well-being of those they serve, those who work for them and others who come into contact with their operations. This is known as "Duty of Care.” 28 Organizations need to look at all the risks throughout their entire operation and incorporate risk management into all planning and decision-making. However, the specific focus of this section is risk management as it applies to HR activities. 29 Content Applying risk management to HR The risk management process Who is involved in the risk management process? 30 Applying risk management to HR When developing a risk management plan for your HR activities, there are a number of areas to focus on. This general list will get you started but it is very important that all organizations identify and evaluate the risks unique to their own organization. 31 HR Activity Potential Risk Compensation •Financial abuse and benefits Potential considerations •Who has signing authority? •How many signatures are required? •Are there checks and balances? 32 HR Activity Potential Risk Hiring •Discriminatory practices •Hiring unsuitable or unsafe candidates •"Wrongful" hiring Potential considerations •Was a complete screening completed on potential applicants? •Were provincial human rights laws observed? •Is there a set probationary period? •Were promises made to the candidate that cannot be honored? •Did the employee sign off on the policies and contract of employment before being hired? 33 HR Activity Potential Risk Occupational Health•Environmental and Safety •Personal injury or death Potential considerations •Do we provide safe working conditions and do we conduct safety checks regularly? •Do we provide adequate training for staff? •Do we ensure the use of appropriate clothing and safety equipment? •Do we have adequate policies, procedures, and committee in place? 34 HR Activity Employee supervision Potential Risk Potential considerations •Abuse •Reputation in the community •Release of personal information •Do we provide sufficient orientation and training? •Do we provide adequate supervision (especially for activities that occur off-site or after hours)? •Do we have a performance management system in place? •Are personal information protection guidelines followed? 35 HR Activity Potential Risk Employee conduct Potential considerations •Abuse •Do we have clearly written position •Reputation in the descriptions for all positions? community •Do we follow up when the parameters of the job description are not respected? •Do we provide thorough orientation and training? •Do we provide an employee handbook? •Do we have comprehensive policies and procedures? •Do we provide ongoing training about our policies and procedures? •Do we retain written records of performance issues? •Do we ensure that organizational valuables are secure? •Do we have cash management procedures? •Do we have adequate harassment policies and procedures? 36 HR Activity Exiting employee Potential Risk •Property •Reputation in the community •Compensation Potential considerations •Do we retrieve organizational information and equipment that a dismissed employee used (especially from home)? •Do we ensure that all access codes, passwords, etc are de-activated? •Do we conduct an exit interview? •Do we record lieu time and vacation balances? There is a connection between risk management and liability. Therefore, it is very important to obtain legal advice about your risk management plan. 37 The risk management process Risk management is a cycle. That means that it is not something that gets checked off a "to do" list but it is a continuous activity. Having a risk management process means that your organization knows and understands the risks to which you are exposed. It also means that your organization has deliberately evaluated the risks and has strategies in place to remove the risk altogether, reduce the likelihood of the risk happening or minimize harm in the event that something happens. 38 The risk management process (Cont.) At a very basic level, risk management focuses you on two fundamental questions: 1) What can go wrong? 2) What will we do to prevent the harm from occurring in the first place and in response to the harm or loss if it actually happens? 39 Identify the risks The very first step is to identify the risks. Ask yourself what can go wrong. Every activity of an organization poses a risk so brainstorm and document the risks. Consider both the general risks (that could happen to any organization) and the risks specific to your organization. 40 Identify the risks (Cont.) Risks can be: - Abuse that is either one-time or ongoing (physical, emotional, psychosocial, sexual, financial) - Personal injury - Medical - Environmental - Property - Financial - Reputation/goodwill - Other 41 Involving staff, volunteers and board members in the risk identification process will give you a comprehensive picture of the risks based on different people's involvement in different areas of the organization. You may also wish to engage the services and opinions of an accountant or a lawyer. 42 Assess the risks If you have done a thorough job of identifying risks, you may end up with a long (and overwhelming) list. The next step is to assess each of the risks based on the (1) likelihood or frequency of the risk occurring and (2) the severity of the consequences. Using a risk map to plot the likelihood of occurrence and the severity of the consequences will help you prioritize your next steps. 43 Develop strategies for managing risks •Consider the most appropriate risk management strategies for each identified risk: 1) Avoidance - Stop providing the service or doing the activity because it is too risky. 2) Acceptance - Some risky activities are central to the mission of an organization and an organization will choose to accept the risks. 44 3) Modification - Change the activity to reduce the likelihood of the risk occurring or reduce the severity of the consequences. Policies and procedures are an important part of this risk management strategy because they communicate expectations and define boundaries. Learn more about writing policies and procedures. 4) Transfer or sharing - Purchase insurance or transfer the risk to another organization through signing a contractual agreement with other organizations to share the risk (for example, having a contractual agreement with a bus company to transport clients rather than staff driving clients). 45 Implement When you have decided which risk management strategies will be the most effective and affordable for your organization, practically outline the steps and who is responsible for each step in the risk management plan. Communicate the plan and ensure that there is buy-in from all who are involved in the organization (staff, volunteers, clients, other relevant stakeholders). Provide training for all organizational staff and volunteers so they understand the rationale of the risk management plan as well as the expectations, procedures, forms, etc. 46 Monitor Consider the following questions and document any changes to the plan: • Is your plan working? • Have your risks changed? • Have you expanded or reduced your programs and services? • Are changes or updates required? • Are staff and volunteers following the risk management plan? • Do they need re-training on the details? • Do we need to better communicate the plan? 47 Risk management is an evolving field. Therefore, it is a good practice to keep current and re-evaluate your organization's risk management system on an annual basis. 48 Who is involved in the risk management process? Risk management is a large and important undertaking. There must be commitment from the board to commit the financial and human resources. In larger organizations, a risk management committee, team or department may be formed to handle the risk management process. 49 Who is involved in the risk management process? (Cont.) In smaller and medium sized organization, the responsibility for developing and implementing a risk management process will likely fall on the executive director. However, paid staff, volunteers - and potentially clients and other stakeholders - will be very helpful partners in identifying risks and developing effective strategies to deal with the risks. Once the risk management process is in place, everyone in the organization has a role to play from identifying risks to following policies and procedures to completing forms and reports. 50 Resources: HR Planning - Risk Management in HR http://hrcouncil.ca/hr-toolkit/planningrisk-assessment.cfm Devising risk management in human resources http://www.deccanherald.com/content/1 65365/devising-risk-managementhuman-resources.html 51 Thank you for listening 52