· Features

Is it time for HR to become 'Human Risk' specialists?

As HR leaders we have a responsibility to understand the drivers behind failures

Our recent history is marked by scandals. No sector, type or scale of firm is immune. From Hillsborough to the banking crisis, vehicle emissions to Jimmy Savile, the factors behind each are complex and the motivations different. But what they have in common is starting with human failings.

As HR leaders we have a responsibility to understand the drivers behind these failures. If we can apply insight from our professional disciplines we can provide our firms with the practices they need to remain agile in this increasingly risky world. Is it time to become ‘Human Risk’ specialists?

The media like to tell failure stories through the drama of ‘the bad apple’, ‘the lone wolf’ or ‘the fat cat executive’. But look at any corporate failure in depth and you will see a chain of events triggered by:

A ‘fuzzy’ culture: the rules of what it means to succeed are unclear. This lack of clarity is often driven by complexity. Sometimes too many rules, guides and processes obscure what matters. When our heads are full it’s difficult to make ‘good’ choices and notice when things are going wrong.

Leaders under pressure. Our expectations of senior leaders rise daily, against a backdrop of uncertain tenure and change. Our leaders play a critical role in championing a healthy risk appetite and cultural environment. The things they choose to encourage or sanction set the tone. Are they sufficiently equipped with the capacity and data to ask critical questions? In the face of ‘group think’ do they have the resilience and ethics to challenge?

Dark corners and broken windows. Every firm has its team or division where instances of poor performance are excused or tolerated. These ‘islands’ have their own cultural microclimate. Similarly there are understaffed project teams who cut corners or individuals who repeatedly ‘overlook’ routine processes. Boring though these routines often are, they are red flags that signal individuals acting in their own interest.

How do we monitor and mitigate these risks? Firstly, we need to determine and safeguard the frontline. Are you clear on your organisation’s boundaries and gatekeepers? Do you use background checks, have robust auditing teams who are respected internally, and have tight financial and pay controls?

Then we need to make sure we are setting simple rules where everyone can determine what is in the organisation’s best interest. Can your newest employees tell you what they need to do to succeed or fail?

Do your performance, reward and incentive systems align to this? How do you determine underperformance and what do you tolerate? Do you assess people for judgement, resilience and ethics?

Finally, consider if your leaders are equipped to curate your culture. Think about how easily the board can articulate company culture and ethics, and how this is translated into RemCo and NomCo decisions. Are key decisions made based on short-term and financial measures or values? Are leaders updated on practices related to risk appetite, cyber crime, and employee behaviour, health and engagement?

How are the broken windows, near misses and failures recorded and discussed? What happens to related actions and those who raise them?

These matters are too important to leave solely to the risk function. Today’s risks require us to look at our contribution to culture, leadership development, employee health and incentives. Asking the questions is part of our professional responsibility and should form part of our everyday contribution to the executive and board tables.

Not paying attention will mean our perspective is overlooked, and any firm without a considered ‘Human Risk’ perspective has no credible risk management practices at all.

Jacqueline Davies is former HR director of the Financial Conduct Authority and master of the Guild of HR Professionals