Appendix 5A: Identifying Risks and Implementing Controls
5A.3. Human Resources Risk and Controls
The Human Resources (HR) process is a comprehensive set of activities focused on managing an organization’s most valuable asset: its people. This process is critical for attracting, developing, and retaining a skilled and engaged workforce. The primary activities in the HR process include:
- Workforce Planning and Job Analysis: This initial phase involves identifying the organization’s current and future staffing needs based on strategic objectives and operational plans. HR conducts job analyses to determine the responsibilities, skills, and qualifications needed for each role, which informs job descriptions and specifications.
- Recruitment and Selection: Based on workforce planning, HR undertakes recruitment activities to attract qualified candidates. This includes posting job ads, sourcing candidates, and managing applications. The selection process involves screening applicants, conducting interviews, and selecting the most suitable candidates through assessments and background checks.
- Onboarding and Orientation: Once candidates are hired, the onboarding process ensures they are effectively integrated into the organization. This includes orientation programs to familiarize new employees with company policies, culture, and specific job duties to accelerate their productivity and engagement.
- Training and Development: HR is responsible for identifying training needs and developing programs that enhance employees’ skills and knowledge. This can include on-the-job training, professional development courses, and leadership programs for career advancement and succession planning.
- Performance Management: HR manages a performance appraisal system that regularly assesses employee performance against established objectives. This process includes setting performance standards, providing feedback, and conducting performance reviews, which are used for career development and determining promotions, compensations, and terminations.
- Compensation and Benefits Management: HR designs and administers compensation structures and benefits programs to attract and retain talent. This includes salary structures, bonuses, health insurance, retirement plans, and other employee benefits, ensuring they are competitive and aligned with organizational policies and budget constraints.
- Employee Relations: HR addresses employee concerns, manages conflict resolution processes, and ensures a positive work environment. This involves maintaining open lines of communication, implementing employee engagement initiatives, and ensuring compliance with labour laws and regulations.
- Compliance and Risk Management: HR ensures that the organization complies with all relevant employment laws and regulations to mitigate legal risks. This includes managing employee records, ensuring fair labour practices, and staying updated on labour law changes.
- HR Information Systems Management: Many HR activities are supported by specialized software systems that streamline recruitment, payroll processing, and performance management. HR is responsible for selecting, implementing, and maintaining these systems to meet the organization’s needs.
Let’s review the top three human resources management risks and their impact on the organization. We will also take an inventory of the top preventive, detective, corrective, and accounting controls related to each risk.
Employee Turnover
Risk Impact
Disruption in operations, loss of productivity, and increased recruitment costs. High turnover rates can lead to instability and impact organizational performance.
Preventive Controls
- Talent Management Programs: Implementing employee engagement, career development, and retention initiatives to reduce turnover.
- Competitive Compensation: Offering competitive salaries and benefits to attract and retain top talent.
- Succession Planning: Identifying and developing internal talent to fill critical roles and minimize the impact of turnover.
Detective Controls
- Exit Interviews: Conduct exit interviews with departing employees to identify reasons for leaving and potential areas for improvement.
- Turnover Analysis: Analyzing turnover metrics and trends to identify patterns and factors contributing to turnover.
- Employee Surveys: Administering surveys to gather feedback on job satisfaction, organizational culture, and factors influencing turnover.
Corrective Controls
- Employee Retention Strategies: Implementing retention programs and initiatives tailored to address specific reasons for turnover identified through analysis.
- Training and Development: Providing training and development opportunities to enhance employee skills and job satisfaction.
- Performance Management: Identifying and addressing performance issues that may contribute to turnover and dissatisfaction.
Accounting Controls
- Turnover Cost Analysis: Calculating the financial impact of turnover, including recruitment, training, and productivity costs.
- Budget Allocations for Retention Initiatives: Allocating resources for retention programs and initiatives based on turnover analysis and cost-benefit considerations.
- Reporting Turnover Metrics: Reporting turnover metrics and trends to management to track progress and inform decision-making.
Non-compliance with Labour Laws
Risk Impact
Legal and financial penalties, reputational damage, and loss of employee trust. Non-compliance with labour laws can result in lawsuits, fines, and damage to the organization’s reputation.
Preventive Controls
- Employment Law Training: HR staff and managers are trained on relevant labour laws and regulations to ensure compliance.
- Policy Documentation: Documenting HR policies and procedures to ensure alignment with labour laws and regulations.
- Regular Audits: Conducting audits of HR practices and procedures to identify and address compliance gaps.
Detective Controls
- Employee Complaint Channels: Establishing channels for employees to report concerns or violations of labour laws and regulations.
- Legal Compliance Reviews: Conducting reviews of HR practices and policies to ensure compliance with labour laws and regulations.
- Whistleblower Hotline: Implementing a confidential hotline for employees to report suspected violations of labour laws.
Corrective Controls
- Legal Consultation: Seeking legal advice and guidance to address compliance issues and mitigate legal risks.
- Corrective Action Plans: Developing and implementing action plans to address compliance gaps and prevent future violations.
- Disciplinary Measures: Taking disciplinary action against individuals responsible for non-compliance with labour laws and regulations.
Accounting Controls
- Compliance Reporting: Reporting compliance metrics and findings to senior management and relevant stakeholders to demonstrate adherence to labour laws and regulations.
- Document Retention Practices: Maintaining accurate and up-to-date records of HR practices, policies, and compliance efforts.
Failure to Promote Diversity and Inclusion
Risk Impact
Decreased employee morale, lack of innovation, and damage to organizational culture. Failure to promote diversity and inclusion can lead to discrimination, bias, and exclusionary practices.
Preventive Controls
- Diversity Training: Providing training and education on diversity and inclusion topics to raise awareness and foster a culture of inclusivity.
- Diverse Hiring Practices: Implementing practices to attract and hire candidates from diverse backgrounds and underrepresented groups.
- Inclusive Policies: Developing and promoting policies that support diversity and inclusion in recruitment, promotion, and organizational culture.
Detective Controls
- Tracking Diversity Metrics: Tracking diversity metrics such as representation, hiring rates, and promotion rates to monitor progress and identify areas for improvement.
- Employee Feedback Surveys: Administering surveys to gather feedback on diversity and inclusion initiatives and perceptions of organizational culture.
- Focus Groups: Facilitating focus groups to discuss diversity and inclusion challenges, opportunities, and strategies for improvement.
Corrective Controls
- Diversity Task Forces: Establishing task forces or committees to develop and implement diversity and inclusion initiatives and programs.
- Bias Training: Training on unconscious bias and inclusive leadership to mitigate bias in decision-making processes.
- Employee Resource Groups: Establishing employee resource groups to support diverse populations and promote inclusion within the organization.
Accounting Controls
- Diversity Reporting: Reporting diversity metrics and progress on diversity and inclusion initiatives to senior management and the board of directors.
- Diversity Impact Assessment: Assessing the impact of diversity and inclusion initiatives on organizational culture, employee engagement, and business outcomes.
- External Benchmarking: Benchmarking diversity and inclusion practices against industry peers and best practices to identify areas for improvement and innovation
The systematic study of a job to determine its duties, responsibilities, and the qualifications required to perform it, forming the basis for job descriptions.
The continuous process of identifying, measuring, and developing employee performance in alignment with the organization's strategic goals.
The management of interactions between employers and employees to maintain positive, productive workplace relationships and address conflicts.
The process of identifying and developing internal personnel with the potential to fill key leadership positions within an organization.
The distribution of financial resources among various departments, programs, or activities within an organization based on priorities and goals.
Steps proposed by auditors and agreed upon by management to address identified issues and improve processes, controls, or compliance.
The process of documenting and submitting required information to regulatory bodies to demonstrate adherence to laws, regulations, and standards.
Practices aimed at creating a workplace where diverse perspectives are valued and all employees feel included, respected, and supported.