The HR and Risk Management Nexus
Business leaders, CFOs, risk managers and HR professionals should continually review how the organization approaches people-related risk management issues. Today, as part of their critical strategic business processes, successful organizations are constantly looking for ways to better understand the nexus between HR — the human resources of an organization — and effective risk management. Here is a quick review of the key things to consider.
Develop a cross function partnership.
An effective enterprise risk management program invariably focuses at some point on the big chunk of an organization’s financial resources associated with the pension, insurance, savings and other benefits plans that the HR function usually manages and administers. As a result, a partnership is developed in many organizations between HR, the finance organization and the risk management function to make sure that the risks associated with these HR plans and programs are well understood and properly addressed.
Continually rethink HR-related risks.
This cross function partnership makes sure that advancements in technology and computing power are used to identify, analyze, model and ameliorate not only the HR-related financial risks in the organization but also those that emerge from the behavior of people. This continual rethinking of the HR and risk management nexus often leads to increased understanding of the events and actions that can impact, or be done by, the people in an organization. From planning for pandemics to identifying and protecting against physical and information security vulnerabilities, forward-thinking organizations make sure there is a coordinated HR and risk management review process overseen by senior management.
Understand the insider threat.
Well-run organizations that have been rethinking the HR and risk management nexus understand that the actions of its human resources, whether malicious or inadvertent, can represent one of the greatest potential risks to the bottom line. They understand and guard against the “insider threat,” the employee who may, for example, introduce a virus into an organization’s information system through an infected thumb drive. They know that even if unwittingly done, this sort of action by an employee can bring an enterprise’s operation to its knees.
Look for hidden HR-related risk issues.
Thoughtful organizations know that despite the progress they have made in rethinking the HR/risk management nexus, there are always seemingly people-related processes that in actuality are really about organization risk. For example, many organizations think of succession planning and leadership development as solely an HR-related process. However, progressive organizations that have been rethinking the HR and risk management nexus believe succession planning should be viewed as a process designed to prevent the risks associated with not being able to fill vacancies in critical positions with the right people. They seek out other so-called HR processes that may really deal with risk.
The continual review of the HR and risk management nexus is well underway in top-notch organizations. More organizations should follow suit.