Mitigating the Cost of Organizational Behavioral Risk
Author:Donna Scimia
Source:Employee Relations Law Journal Vol. 36, No. 2, Autumn 2010 page48-58
Summary:
Risk management professionals are comfortable analyzing the product, and the operational, tangible components of organizational risk related to the organization’s business functions. However, in today’s economic climate, if the goal of risk management is to identify, assess, and resolve financial risks before they become threats to a particular project or the organization as a whole, the identification and impact of costly behavioral risk cannot be ignored. The author advises risk managers and human resources professionals, who often operate as completely independent entities, to combine forces, knowledge, and strategies to view behavioral risks in terms of such risk management concepts as cost, control, and risk avoidance.
從人資角度來談組織行為風險的管理
The concept of behavioral risk is a challenge because it is not always logical, concrete or rationale. It is hard to ascribe a mathematical analysis to behavioral risk. It does not fall into a neat equation. In this turbulent economic climate, behavioral risk, for example, can be related to relentless organizational change. While change can be positive on some level for most organizations, it can also be riddled with conflict and uncertainty for employees and can therefore create certain risks. Since human resources professionals play a key role in organizational change management, they would benefit from learning and applying the principles of risk management to the changes occurring in their organizations.
If part of the goal of risk management is to identify, assess, and resolve financial risks before they become threats to a particular project or the organization as a whole, the identification and impact of costly behavioral risk cannot be ignored. Risk managers and human resources professionals, who often operate as completely independent entities, should combine forces, knowledge, and strategies to view behavioral risks in terms of such risk management concepts as cost, control, and risk avoidance.
TRADITIONAL RISK MANAGEMENT
Simply defined, risk is the possibility that an event will occur and negatively impact the achievement of organizational objectives. Once organizational goals are defined, risk managers:
• Anticipate and identify risks associated with these goals (what, when, and how risks arise);
• Determine risk transfer (insurance or other fi nancial products);
• Rate risks according to the likelihood that they will occur (risk evaluation and analysis); and
• Determine risk response (risk management plan).
Each risk is prioritized. While risks with low priority may be accepted and monitored, all risks are monitored and reviewed on a regular basis. Risk can be related to external and internal factors such as:
• Economics and the financial markets;
• Regulatory climate;
• Legal liabilities;
• Competition;
• Credit risks;
• Social media;
• Accidents;
• Natural causes and disasters; and
• The organization’s infrastructure and processes.(這一塊是作者想強調的)
Risk can never be eliminated but the goal is to keep a strategic focus between the costs of managing the risk’s adverse effects and potential opportunities. The main thrust of risk management is to:
• Add value to an organization;
• Be an integral part of the organization’s processes and decisions;
• Be responsive to change; and
• Address uncertainty in a structured, systematic way.
RECENT TRENDS IN RISK MANAGEMENT: ENTERPRISE
ERM is a marriage between the technological and financial drivers in an organization and an understanding of risks related to its people. ERM gets everyone on the same page. It requires that each business function dissect the business and the industry to create a risk report card and roadmap. For example:
Are the policies and practices in sync with the organization’s goals and strategies?
How do these current policies and practices compare to best practices?
Where are the gaps in current practices?
What and where is the risk and what is a priority?
Answering these questions requires creative, proactive thinking, and a candid approach, as the strengths and weaknesses of each function need to be identified both internally and externally. When operating successfully, ERM is part of the organization’s culture and is reflected in all areas of practice.
這個部份的梗,說穿了就是風險管理的整個機制應該要fit & collaborate公司的business model.
THE ROLE OF HUMAN RESOURCES IN ERM
Many HR professionals have made great strides in this area and are more prepared to define their function in terms of cost reduction and effectiveness as it relates to organizational goals.
For those who have not, or for those who have a vague understanding about the elements of risk management but consider it the domain of the CFO and other financial functions, recent trends indicate that senior management is predominantly concerned with the risks arising from behavioral or “people” management. They expect human resources professionals to:
• Alert them to potential costly risks in this area;
• Create strategic decisions that are aligned with enterprise business
goals;
• Justify solutions in dollars and cents; and
• Add ongoing value.
傳統的人資價值觀-成本控管的思維邏輯
人資主管應該更深入思考的問題:
Garry Ritzky outlines several risk-related questions that human resources professionals should answer about the human resources function in their organization:
• Does human resources have a method of quantifying to management the dollars of exposure the organization may have from discrimination risks?
• Are human resources managers advising management how much money to reserve to pay or defend employment claims?
• Does human resources track historical employment losses to measure the success of employment practices, such as the safety function does with its incident rate and workers’ compensation experience modifier?
• If the organization decided to purchase employment practice liability coverage, could the human resources department provide a five-year loss history, including expenses, settlement payments, and investigation costs?
BEHAVIORAL RISK: THE PRIMARY DOMAIN OF HUMAN RESOURCES
這部分是作者的賣點=>用risk management的角度來保裝與提升人資的工作價值
While most human resources professionals have some type of system to prevent and manage behavioral risk, many would benefit from the ERM perspective, which is an organized, thoughtful approach. This could save time and energy in the long run. One such method for this undertaking is a human resources audit. An audit can provide the groundwork to identify essential human resources functions and determine if they are being performed at an acceptable level. For example:
• Are the human resources policies updated and consistently applied?
• Is there a defensible procedure to investigate a sexual harassment complaint?
• Are employees trained in sexual harassment prevention?
• Does the training cover all legally protected categories?
An audit also communicates to senior management and the organization at large that the human resources function is focused, well managed, and able to anticipate and meet potential challenges. If applicable, it will show insurers, stakeholders, and potential investors that the organization is upfront and diligent in its business practices.
Finally, an audit allows for risks to be prioritized. The information that is gleaned can be used to justify the allocation of resources to manage or mitigate identified or potential risks.
If a risk management function exists within the organization, this would give human resources an opportunity to consult with a risk manager to get some guidance as to risk identification strategies. If not, then human resources can utilize a few tools. First, the various functions within human resources should be identified. A few brainstorming sessions with all key human resources personnel might be a good start. A list would be created with the various human resources responsibilities within the organization:
• Recruiting/hiring;
• Orientation;
• Training;
• Benefi ts/compensation;
• Wages and hours;
• Management;
• Employee relations;
• Safety and security;
• Compliance/legal;
• Workers’ compensation;
• Training and development;
• Labor relations;
• Technology;
• Employee rights;
• Diversity;
• Communication;
• Documentation/records;
• Termination/separation, etc.
There are plenty of tools available to help with this. Some questions to ask when investigating potential risks in the hiring, employee relations, legal, and safety and security areas of human resources might include the following:
Hiring
– What is the process for selection and is it consistent throughout the organization?
– Do we keep updated on legal requirements?
– Are job descriptions available and current?
– Are all applicant references checked? Should we do background investigations?
– What is the quality of our new hire orientation program?
– Do we have a program?
Employee Relations
– Is the performance management process current and effective?
– Are workplace policies in compliance with regulations, updated and applied fairly and consistently?
– Is there a cohesive discipline process? Is documentation adequate and consistent?
– Is there a structured system to report and investigate grievances?
Are employees aware of it?
– Is the employee handbook complete, current, and available?
Legal
– Are we consistent regarding compliance issues? Is sound legal advice available?
– Are there people, places, or situations that make us vulnerable to legal action?
– Are practices and policies applied fairly and consistently?
– Are employees trained on discrimination related to Title VII?
– Are managers trained to investigate and report incidents related to discrimination? Do they understand the consequences of retaliation?
– Do we have a process to report and investigate unethical behavior?
– Are supervisors and managers trained in conflict resolution?
– Do we keep track of complaints and follow up?
– Do we maintain updated records on incidents, settlements, and court cases?
– Do we have an adequate system where confidential information is filed?
Safety and Security
– Do we have policies and procedures that cover incidents related to domestic violence and other workplace violence?
What is our crisis management plan?
– Are we a drug-free workplace? Do we drug test?
– Do we have a procedure regarding reporting and response for workplace injuries and other incidents? Do we enforce it?
– Where are we most vulnerable regarding safety and security?
– Do we have adequate lighting on building premises?
– Do we have a procedure to manage intruders?
– Is the building accessible to those who are disabled? Are we familiar with the requirements of the Americans with Disabilities Act?
以上作者蜻蜓點水的寫法真是令人失望
INSURANCE AND RISK MANAGEMENT
略
CONCLUSION
略
------------------------------------------------------------------------------------
感想與評論:
而產銷人發財等公司各功能性部門,都可以把自己的部門職能升等和定調在「企業風險管理」的戰略高度來談論;
人資來談論這個議題雖然可批判說是新瓶裝舊酒,但本來人資就是企業經營的關鍵function,也有很大的著力點,就看一些檯面上的所謂人資長的觀念與格局是否足夠了&是薪資費用視為成本亦或投資了。
人資搞風險管理其實可以比環安更有著力點,只不過就怕的人資從業人員把自己玩low了=>變成是幫老闆看守薪資成本的奴才、辦理教育訓練的公務官僚與監視員工忠誠度的地下東廠。
以下的Powerpoint page44-65裡面,2330前任的人資副總點出人資工作的價值和方向所在(個人覺得寫得比這篇有料多了,推薦給非人資領域的朋友參考)
就組織運作的企業風險管理而言,或許以下幾點是關注重點:
1. 組織文化=>說得更淺白就是士氣與對公司向心力和認同感的塑造和掌握
當公司賺錢被財經台風光歌頌的時候,自然很多想攀龍附鳳的蒼蠅蚊子會靠過來,人資可以躺著找人招募&輕鬆愉快發獎金……;而人資真正的挑戰與本事功力的展現在於當公司草創與走下坡的時候,如何留住人才不要陷入劣幣驅逐良幣的惡性循環。
2. 以BCP而言,都會很強調所謂的職務代理人,然而這些所謂職位代理人,其實更貼切的意義應該是「接班人」=>IF/萬一這些關鍵職務的高階主管掛點或判逃到敵營時,誰能來接手?這也才是切合營運持續觀點下的應變計畫與所需的準備。
3. 內部稽核與法務的積極功能
消極當然是減小公司內部的貪贓枉法的損失,積極則是可以看:有沒有商業間諜埋伏?員工是否將公司機密地給競爭對手?如何讓公司的專利構成保護牆與競爭障礙卡死對手?…如何嚇阻居心不良的內部員工與外部競爭對手?..。
4. 內部和諧的塑造
和諧不是指大陸的河蟹與一言堂,而是指如何讓公司內部各部門能夠分工合作、資訊交流傳遞讓1+1大於2 ,而非分工不合作、搶績效搞內鬥造成1+1小於1的內耗…這才是組織角度與營運風險的真實成本吧!(不過這已經超脫了人資能力範圍所及)
以上積極的手段與作為,不需冠上企業風險管理之名,早有許多相關職務的有志之士想到也在進行了,說穿了沒什麼,還是要看:
– 公司的business model有沒有這類型的風險?
– 以公司有限的資源,類似的風險是否需要投注人力關注與建置因應能耐?
– 公司目前投入的資源能否有效因應上述風險或威脅?本事能否用得出來?
而風險管理要用得出來,其先決條件往往是:一開始主事者有沒有這樣的觀念、格局與遠見…。
1 則留言:
看到一篇很棒的相關文章,雖然主題不是組織風險管理,但點出了職場實務的狀況
http://petersyt.blogspot.com/2011/06/blog-post_3460.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Petersyt+%28petersyt%29
為何保留和發展中階主管如此具有挑戰性?
張貼留言