Commonly people think about risk based on financial risk and internal controls. Admirable, of course, however I proffer that the biggest risk, above all, is your human resource (HR) risk.
When we look, for example, at crises in sectors such as banking, insurance, healthcare, football, charity, etc., at the core of each of these breaches or scandals are people. People control, manage and handle risk, from the board table cascading down into organisations.
Risks are inevitable and organisations have a moral and legal obligation to attend to the safety and well-being of those they serve, those who work for them and other stakeholders who come into contact with their operations. This is known as their duty of care. However, organisations also need to peruse all the risks throughout their entire operation (not just financial and legal) and incorporate risk management strategies throughout their planning and decision-making processes.
So I believe for a business to run in a transparent, ethical and credible manner it must address its most important asset – its people and how they run the business.
To address these matters organisations could consider the following 4 HR risk and compliance tips are:
- Diarising on the board agenda the regular re-assessment of the organisation’s vision, mission, values and culture. This will help reaffirm who they are, their unique proposition and strategy, risks, particularly in an ever-changing economic climate.
- Ongoing assessment of the CEO’s performance to monitor and motivate best strategic performance, and where applicable the board’s effectiveness needs to appraised to drive strategic growth.
- Regular monitoring and development of their succession planning model, particularly identifying future gaps and managing the knowledge transfer of key leadership and technical talent.
- Regular monitoring of continuous professional development (CPD), as well as compliance to regulatory standards and requirements’ obligations, to ensure fit for growth and retention purposes for both employees and the organisation.
So, risk assessment should be an ongoing working document of the board. I believe a basic risk assessment will identify, assess, analyse and evaluate each risk in question specifically for their organisation. This will help decide and document the treatment of that risk, i.e., whether to tolerate, terminate, treat or transfer it.
We believe to adequately assess the sources and handling of risk, organisations must risk assess their aggregate internal capability, i.e., their resources, systems, structure and culture. All of these risk areas require people. People are a source of risk. People handle risk.
With the right people, in the right place, doing the right transparent, ethical and credible things, organisations can identify aggregate risks, areas for improvement, leading to increased productivity and ultimately the big P – Profit!
© CA Compliance Limited 2019