· Features

Top eight HR risks, and how to handle them

The firefighting of the past few years has proved HR's capabilities in tackling risk - but despite what some people think, even HR doesn't have eyes in the back of its head. Here are some of of the biggest risks that can face HR:

1. Ethics and behaviour

What’s the risk?

It seems hardly a day goes by without another company hitting the headlines for all the wrong reasons.

And many of the scandals we’re seeing come down to unethical behaviour. According to Harvey Francis at Skanska: “For us, the number one risk is an ethical breach. Experience shows that ethical breaches are the most difficult to recover from, in terms of brand damage.”

Why should HR care?

If HR is an organisation’s guardian of values, it needs to build a culture where ethical behaviour is encouraged. “It’s about doing the right thing,” says Harvey Francis, EVP HR at construction company Skanska. Any reputational damage could also negatively impact on recruitment, retention and engagement.

What to do now:

Write a code of conduct and establish an ethics committee. Tim Thompson from Deloitte says HR can examine its analytics to alert them to any potential incidents. “Look at things like working patterns.”

Scandal and ethics:

P&O's PR disaster exposes HR's critical role in risk management

Former Brewdog employees claim staff aren’t treated like human beings

Ethics and HR 

2. Critical skills shortage

What’s the risk?

Not having the right people in place with the skills you need to compete, innovate or grow can seriously hamper an organisation’s future.

“Look at how many companies want to grow in emerging markets,” says Conference Board’s Mary Young. “Their biggest concern is not finding the right people.”

Industries with an ageing workforce – such as oil and gas where it is predicted that 50% of the workforce will be retiring by 2015 – have even more to worry about.

Why should HR care?

As Young says: “These are things HR does all day. It’s your bread and butter.” HR probably already looks at workforce planning in terms of risk management, but now you need to translate that to the rest of the organisation.

What to do now:

Collect data and analysis that builds a compelling case for adding this to the enterprise risk map. Concentrate on getting it on the business’s agenda if it’s not there already.

Critical skills:

Identifying critical skills biggest concern for HR

Employers re-skill for cloud rather than lose staff

The UK's apprenticeship system must serve our diverse labour market

3. Succession planning

What’s the risk?

Only 32% of companies actually have a full CEO succession plan in place (according to SHL). With 43% of UK companies admitting to having experienced an unexpected change in leadership in the last 12 months, that’s a pretty big risk. Not having a future leadership plan in place can cause share prices to plummet and even leave organisations at risk of hostile takeover if a CEO leaves unexpectedly.

Why should HR care?

HR plays a critical role in leadership development and should be investing time and money in the leadership pipeline of the future. Getting involved with CEO and senior-role succession planning can also mitigate the occasional ‘old boys club’ mentality of the C-suite.

What to do now:

“When it comes to succession planning, use internal audits and get it discussed on the risk committee,” advises KPMG’s head of people Tim Payne. “That suddenly gets everyone on the board’s attention.”


Further reading on succession planning and executive search:

HR's role in strategic succession planning

What does succession management look like at Deloitte?

Making the leadership leap

4. Data and Insurance

What’s the risk?

According to recent research from health and protection advisers Punter Southall Health and Protection Consulting (PSHPC), employers with more than 500 workers in the UK are estimated to be carrying approximately £9.36 million of uninsured liability. It claims 15.6% of employers are unknowingly uninsured, putting them at risk of having to make huge pay-outs when insurance claims are rejected.

Why should HR care?

“HR is often responsible for organising employee benefits and making sure insurance benefits are correctly in place,” says John Dean, PSHPC sales and marketing director.

“If data is wrong (employees missed off or salaries incorrectly disclosed, for example) then the liability will be sitting with the employer.” In other words, the blame for any mishaps could fall squarely at the feet of HR.

What to do now:

“Don’t make promises you might not be able to keep,” warns Dean. Always check the small print before promising someone something (as a part of a job offer, for example). Insurers only demand data once a year, so keep it up to date more regularly in case anything changes.

Further reading on data and insurance:

Employees don't trust organisations enough to share personal data

Is an employer liable for deliberate data breaches by a disgruntled employee?

Risky business: now is the time to make risk management part of company culture

5. Intellectual property loss or violation

What’s the risk?

If your organisation deals with customer data, then losing it or having it defrauded by staff is something to be avoided at all costs. But according to KPMG’s 2012 Data Loss Barometer, data loss incidents have increased by 40% since 2011. “Customer data is hugely sensitive and irreplaceable,” says Anne Best, SVP HR, Iron Mountain. “If it gets out, it can damage brands and lead to huge fines.”

Why should HR care?

If staff have a responsibility for sensitive data, HR needs to make sure employees are fully engaged in this, through induction and training. It is also incumbent on HR to try to ensure no potential fraudsters are hired.

What to do now:

Reassess the hiring vetting processes, and consider re-vetting employees after set periods of time. Best advises training line managers to look after information securely, giving them checklists to follow. She also advises “building a culture of security. Our screensavers in the office have information about phishing and passwords. It’s basic but gets people thinking about security.”

Further reading on data security:

HRD's pocket guide to... intellectual property

Making clean data a priority

Storytelling with your data


6. M&A risk

What’s the risk?

As The Wharton School’s Peter Cappelli says: “Mergers and acquisitions come with all sorts of trouble in terms of people, especially in businesses like professional-services firms where human capital is everything. There’s a saying: ‘You are lucky if you only have to buy the firm twice.’”

Alongside M&A proceedings come a host of people-related risks, from TUPE to redundancy payouts to disengagement.

Why should HR care?

Many of the risks associated with M&A can ultimately come back to HR in the long-term. Obviously, anything to do with due diligence, employment law and TUPE proceedings will fall at the feet of HR, but issues like making sure new staff feel cared for and engaged, sorting out training and induction programmes and dealing with any mediation needs must also be taken into consideration.

Integration challenges must be tackled head on, or, as Cappelli warns, risk paying for the firm twice in redundancy payouts, recruitment drives or even, in extreme cases, employment tribunals.

What to do now:

As HR magazine has reported before, HR departments can often find themselves locked out of the M&A process. So, if there are negotiations going on, build a case for why HR needs to be involved with prospective financial changes. Focus on the people strategy for integration. Plan ahead by considering any potential road blocks. Consult with line managers ?about any changes and try to keep communication open if possible.

Further reading on M&As:

Hot seat: the HR role in securing M&A success

Preparing for the impact of acquisition

HRD's pocket guide to hostile takeovers

7. Compliance and regulation

What’s the risk?

Take the Bribery Act. Coming into force in 2011, research in 2013 by Ernst & Young found that only 56% of organisations were even aware of it. And as with breaking any regulation, non-compliance with the Act could cost your business: in fact the crime of a commercial organisation failing to prevent bribery is punishable by an unlimited fine.

Why should HR care?

It comes back to policies and processes. HR has a responsibility to work with compliance teams to make sure employees are aware of the potential risks. At Skanska, Francis has introduced thorough training for any employees at risk of a potential breach of the Bribery Act.

What to do now:

Make sure your training programmes have adequate information on compliance issues. Olivier Vairon, senior manager at Good Corporation, advises making sure you are aware of any potential conflicts of interest, perhaps including a question in the annual performance appraisal. Get legal advice as needed.

Catch up on the latest in regulations:

Employment law changes in April: everything you need to know

Or click here for a full list of employment law articles.

8. Supply chain risk

What’s the risk?

One word: horsemeat. A powerful reminder of what can happen when a supply chain simply gets too big to manage safely. Or remember Apple quickly changed manufacturers last year when it was revealed some of its products were being built by employees working in slave-labour conditions?

Why should HR care?

As Skanska’s Francis says: “No longer can companies get away with what they could – everything happens in real-time on Twitter now.” So any scandal can translate into major reputational damage, which could impact on engagement, retention and attraction of talent. Plus, any issues involving outsourcing of labour will come back to HR.

What to do now:

The Staff Wanted Initiative, a project led by the Institute for Human Rights and Business and Anti-Slavery International, advises using the SEE formula. SEE stands for scrutinise, engage, ensure. Scrutinise and monitor relationships with staff, recruitment and employment agencies; engage with the workforce to uncover any potential issues; ensure you provide a fit and proper workplace, whatever the location.

Further reading on HR and supply chains:

Knowing your supply chain post IR35 reform

Supply chains are the missing link in D&I