Risk climber hr blogSIZED

The HR blind spot - People Risk is increasingly important; but is HR owning it?

People risks are risks to the organisation and its performance that can be attributed to the workforce. They include behavioural actions, deliberative (human fraud) and non-deliberative (human error), organisation structure, capabilities, deployment, mobility, attraction, retention, talent and succession management and issues pertaining to employee relations.

Typically, People Risk is recognised as part of operational risk within traditional risk frameworks. The financial sector summarises operational risk as:

"The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."[1]

Within this guidance, operational risk includes internal and external fraud, employment practices and workplace safety, clients, products, & business practice, systems failures and execution, delivery, & process management.

While traditional risk management approaches have focused on policies, rule books and processes this may be part of the problem - the bigger the rule book the more possibilities there are to “game” the rules. Often changing the culture, improving the capabilities and behaviours of the organisation, is more effective than creating new rules.

It is increasingly recognised that effective risk management requires individuals and teams to have the right skills, attributes and experiences to recognise, assess and avoid risks. This includes applying individual judgement to the work they do and acting and behaving in a way that is aligned to good risk management, not just simply following the rules. This isn’t just about operational risk but about how an individual undertakes their role on a day to day basis. The relevance of individual behaviour, skills and competence is applicable to many sectors. Cases of individual and team failures of judgement – whether deliberate, uninformed judgement or lack of skills – has had significant adverse impact on several organisations in recent years. Consider the ongoing LIBOR investigations in banks, recent cases of failure and abuse in care homes and hospitals, the BBC's much reported cases of historical abuse, the News International phone-hacking scandal, and energy companies’ customer care treatment, to name but a few. Furthermore, deficiencies in workforce attributes – the number of staff, their skills and capabilities – coupled with deficiencies in people related activities – employee relations, reward, and performance management - can present risks to successful execution of business strategy.

Much of the thinking in this area is being led by risk and audit functions as they update their enterprise risk management approaches, while HR watches from the sidelines. But when so much of the information and activities that concerns people risk is in the hands of HR functions –recruitment, talent management, sucession planning, and performance management,– we would question why this is the case. While the most pertinent people risks will differ by organisation, HR always has an opportunity to help identify, define and measure people risks and incentivise and develop the desired behaviour through, performance management and reward approaches.

While certain people related measures are familiar to many HR teams – retention, vacancy rates, learning days,- these are not always framed in terms of risk. Starting with the question: “what are the biggest people related risks to the organisation?” can help frame and prioritise typical HR measures in a context the business will understand.

This can provide a starting point for HR to engage the organisation about people risk. For example, determining the extent of organisational tolerance to policy breaches may be a new and different conversation around risk for HR. And with the increased capability of analytics in the hands of HR functions, the opportunity to create ’what-if’ scenario’s and predictive models begins to present itself; what value might it be to an organisation to have early warnings of potential people-related risk?

Once engaged, the opportunity to make changes to HR practice and policy to manage and mitigate risk becomes apparent, whether this means ensuring line management has the skills to effectively manage people, rewarding appropriate employee behaviour to mitigate or lessen risks or recruiting individuals with the right fit to the organisation values.


Bob Hughes HR BLOG SIZEDBob Hughes
Bob is a part of the HR Advisory leadership team in our Financial Services practice and has held several HR roles in different industries. He has been responsible for managing and mitigating risk for global HR functions in financial services working closely with colleagues in risk, compliance and audit functions


[1] Principles for the Sound Management of Operational Risk, June 2011 – Basel Committee on Banking Supervision



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment