The human element of corporate risk
The human element of corporate risk
Companies are all about people and a company’s success will depend on its people. Yet they are also a company’s biggest risk. Getting a measure of people and their potential shortcomings presents one of the biggest challenges to companies. Ironically, though, a company needs intelligent, experienced and ethical people to manage every other type of corporate risk.
Research done talent measurement company SHL, one in eight managers (mostly middle managers) and professionals is a high risk to his or her company mainly through poor decision-making and communications.
People risk defies precise quantification but it would seem that individual behaviour is inextricably linked to a company’s culture. Managing people (the HR component) and leading people (the CEO/board of directors) are very real risks and not the soft issues – as once thought. Efforts to mitigate HR risk, therefore, should not be ignored.
The following examples prove just how people can affect an organisation negatively, some with grave consequences while others have unnecessary consequences.
A compliance department undertook a special review of one of the daily regulatory reports to check whether the company was complying with all the relevant regulatory requirements. The review revealed definite areas of concern and there were other breaches of the regulatory requirements. The department drafted a document of the findings, which turned out to be the easy part. The difficult part was deciding what to do with this report.
Prior to this incident, there were other instances where compliance concerns regarding other issues related to the same specific director were taken to their boss. Meetings were promised with the department director but never materialised. The reports themselves were eventually ‘forgotten’ and the director in question was regarded as ‘untouchable’.
This time, however, the compliance officers considered these breaches urgent and serious. They decided to escalate the findings to the boss as usual but also to copy in other senior internal people as well as the firm’s directors. An urgent board meeting was held. Nobody supported the compliance officers or their report. A stressful and conflicting time followed but a lucky break occurred. A whistle-blower used the hotline to report other concerns regarding the particular director and her department. Retribution was not sweet, however, as the director resigned before the end of the disciplinary hearing, so escaping both public censure and any kind of real punishment. The director was free to move on to any other company after resigning, rendering potential employers vulnerable to an undesirable employee profile!
The questions one ponders over in this example are associated with people risk rather than the regulatory risks identified:
- Why did no one express concern about the findings in the report?
- Why was it not acknowledged that the compliance function was doing its job?
- Why were the board of directors and the department director concerned allowed to get away with such behaviour towards the compliance department?
- Why did no-one in senior management question why the department director’s reactions were so extreme?
- Why, with the numerous different charges, did senior management not question the morals and principles of the director and ensure that some punishment or action was meted out to the director?
- What does this say about the moral compass of the other directors and bode for the company and future employers?
Risk management initiatives must include people risk
Consider the following example:
- A very trusted driver – who had been working for the company for some fifteen years – was well respected until one weekend, he unintentionally pressed the car-tracking alarm button on the key ring of the company car.
- The tracking company phoned the chief operating officer and it was revealed that the car was in another province over the weekend, obviously taken without permission. The driver had been using the company car for private use.
- An inspection of the delivery book indicated many long trips to clients and regulators that were never commissioned over a few years.
- To add insult to injury, it was later found out that the speedometer was not working in any event. But whose fault was it?
- The delivery book and the driver were not supervised or monitored. It could be argued that, had the proper risk-control measures been put in place, the driver might still have his job, financial loss would have been avoided, time would not have been lost through investigations and interrogations, disciplinary hearings and all the bureaucracy that involves would also have been avoided.
Sometimes, too, management just does not really want to deal with the human element of risk.
One strange but true example is of an employee who fell pregnant with her second child within two months after the birth of her first child:
- It was not planned and she was devastated, thinking she would lose her job.
- Of course, the policy on maternity leave was available on the intranet but not read.
- She successfully explained to colleagues and her management that her expanding stomach was a medical problem and not a baby – despite the disbelief.
- Even more strangely, neither management – nor the staff member – ever consulted the policy or HR in this regard to seek guidance or assurance. The HR manager avoided the issue.
Risk management initiatives are about managing risk holistically – referred to as enterprise-wide risk management. Risk falls heavily within the HR space and includes understanding and assessing the interactions and interdependencies between various departments and stakeholders.
|Dawn Pretorius has, for some 12 years, run her own agency focusing on consulting, business strategy, training and development. A specific area of expertise for her includes risk management, compliance and corporate governance consulting. Dawn is a professional member of the Compliance Institute of South Africa, and her practice is accredited with the Financial Services Board. She has just published Beyond play: a down-to-earth approach to governance, risk and compliance.
Among many other qualifications, Dawn has a M.Com, B.Tech Banking, FIB(SA), MAP (Wits Business School). Her career has concentrated on many facets in the banking industry, such as financial and estate planning; private and offshore banking; company structures; credit, risk, compliance and corporate governance; marketing and communication and management training; and development in both technical and soft skills.