By: Tania Fiero, VP of Human Resources
Published By: HR Daily Advisor
You know that funny feeling you get in your gut when you leave the house thinking you forgot something? That exact feeling hit me earlier in my career when our company launched a division in a completely unfamiliar industry.
At the beginning, things looked fine. We had insurance. Marketing and sales started selling. Business was good. The division quickly grew to become a significant portion of our revenue.
Then, certain issues started trickling in, and the funny feeling grew in my gut. These issues were small at first, but I knew something worse was lurking. I was right.
I decided to do some research, which turned out to be a Pandora’s box. We had moved into a space with a ton of regulation. Unthinkingly, we’d jumped in headfirst without properly assessing the risks we were taking. We’d been lucky up to that point, but we were inviting a catastrophe.
Although I didn’t know it then, my team and I needed enterprise risk management (ERM). To borrow a phrase from Thomas Stanton’s TEDx Talk, when there’s a lack of ERM, it’s like there’s “a layer of cork that stops the information from moving from the bottom to the top.” Companies with great ERM communicate proactively so risk can’t fester in dark corners, where it can grow into a company-crushing monster.
HR’s ERM Playbook
HR has a key role to play in ERM. Worker classification and employment law compliance, HR’s strong suits, pose some of the greatest risks every company will face. HR leaders, take these steps to a solid ERM process:
Gather Stakeholders for an ERM Education Session
ERM is about managing risk across your entire business, so you need everyone on board. Round up your executive team, managers, and other stakeholders to talk about the importance of clearing cork.
One of the best ways to learn is to teach. Don’t be afraid to tackle the role of ERM educator, even if you’re not an expert. There are plenty of resources out there for you: classes on Coursera and Udemy, the Risk Management Society, the Committee of Sponsoring Organizations, and Protiviti.
Once you’re confident, present ERM in a way that’s relevant to your business. In my case, I prepared a booklet with objectives, key terminology, myths about risk management, and implementation steps. Just remember that making any change in company culture takes a long time, so be patient.
Identify Areas of Risk and Potential Risk Events
Prepare a list of all the potential areas of risk for your company. Operational, project, and strategic risk were three areas that our company identified, but obviously, every company’s risks and risk tolerance differ.
Once you’ve identified those areas, brainstorm some disasters. It can be scary to think about worst-case scenarios, but you’ll be glad you did in the event of a catastrophe. If you’ve determined operational risk is something your company should be concerned about, you might consider events that could cut into your earnings, service, and brand. If you’re focusing on project risk, think about what hurdles could increase your time and money spent. If there are compliance risks, you should speak up about the consequences of failing to comply with the Occupational Safety and Health Administration or the many components of the Fair Labor Standards Act.
Develop Assessment Criteria
Once you’ve got your risk areas on the table, it’s time to determine how to measure them. In conjunction with stakeholders, develop your assessment criteria. The heat map is one of the best ways to visualize risk assessment, but the values on the axes will need to be defined because impact and likelihood will vary greatly between companies.
Big companies will sneeze at a $500,000 loss, for example, but for a small business, that figure could spell company closure. Similarly, risk probability varies depending on the business. A company with thousands of representatives is more likely, by sheer scale, to wind up with customer complaints or lawsuits.
Tomorrow we’ll hear more from Fiero on the topic of risk management. Specifically, we’ll look into what’s known as risk appetite, performing a risk assessment, and prioritizing risks.
Check out this published article on HR Daily Advisor