Focusing on managing risk

This is the fourth in a series of blogs looking at the concept of business management in the people function and this week we’ll be looking at managing risk.  We will look at managing risks within the function, not the wider people risks. If you missed the first couple of blogs we talked about the overall principle, including a look at finance. We’ve also focused on strategy and planning as well as project delivery.

So, what do we mean by managing risk?

The actual process can vary by organisation but there are generally four steps for effectively managing risk:

  1. Identify – which is every employees responsibility!
  2. Assess – this doesn’t require technical expertise but does require the organisation to have an agreed framework.
  3. Control – mitigating the risk through applying appropriate controls.
  4. Review – ensuring a regular review of all risks and the controls to ensure that they are still relevant and appropriate.
Risk Framework

Two additional areas that you should focus on:

  • Communicate – using something like a simple risk matrix helps as they are visual and easy to understand.
  • Training – helping your team identify risks, create good controls and monitor, all require an investment in training time.

Understanding people function risks

We won’t be looking at wider people risks such as employee turnover, well-being, talent attraction etc. These should be determined and largely managed by the business, after all they are managing the people. However, the people function may provide solutions and sometimes the controls (i.e. policies) to mitigate these risks.

The people function is often accountable for managing significant financial spend i.e. payroll, pensions, benefits etc. Sometimes these are delivered in-house or via 3rd party supplier. No matter how these services are delivered the people function has to be aware of, and manage the risks appropriately. Rather than focusing on specific risks we shall talk about how you create an effective risk environment within the function. However, its worth sharing a few examples based on our previous experience, these might be areas you want to check within your team:

  • An outsourced payroll provider with no effective business recovery plan – this led to payroll disruption following an incident near their office.
  • No active management of a supplier contract – this lead to increased business costs as an automatic price increase was not visible or managed.
  • Limited controls on employment visa expiry – this meant the organisation was in breach of their sponsor licence.
  • Employee information sent to an external email account without password protection.
  • Employment policies not aligned to process, therefore impacting end users.

So, how best to manage risk?

Depending on the size of your organisation there are a number of options. For large organisations consider appointing a Business Manager or People COO, making risk management part of their accountability. Within smaller organisations, giving the accountability to someone in the people team can provide focus. This could be rotated as part of objective setting to build capability across the team. So, what are the practical steps you need to take?

  • Identify who will lead managing risk in the function, don’t forget accountability will always sit with the department head.
  • Define a risk management plan, which needs to include:
    • agreeing the risk approach to be taken. This should mirror the organisational approach;
    • briefing the people leadership team on managing risk. Making it clear that their role is to lead by example;
    • training the wider people team to understand that risk is not a bad thing and helping them understand what’s required of them, so:
      • what their role is in managing risk;
      • how to identify risks and what they can do to mitigate them;
      • who to report risk too and how;
      • review any existing controls when making changes;
      • be brave and highlight any concerns.
    • creating a regular risk review process with key people and teams, using a risk matrix;
    • testing the key controls to make sure they are working;
    • ensuring that key people suppliers are managing their risks;
    • using risks to support the people planning process.

Risk is part of doing business, understanding your functional risks means you can mitigate their impact. This protects the organisation in terms of reputation and loss. Having good risk management in place is fundamental for any people team and done well can help your planning and engagement.

Further insight into Business Management

Over the next couple of weeks we will look at the remaining elements of business management, so:

  • Supplier management
  • People & functional analytics.

If you’d like to find out how InFocus HR can help you with your business management approach then click here for more information.

HR Chief Operating Officer, fancy role title or critical need?

Having been in two HR Chief Operating Officer (HR COO) roles in the past, it was interesting to read a recent Gartner research article on the ‘5 Imperatives of the HR Model of the Future’.  Whilst the core elements of the Ulrich model are still required i.e. Shared Services / Centres of Excellence and a revised BP role (which moves into a Strategic Talent Partner) the key call out was the need for an HR COO role.