Other parts of this series:
In our first blog we discussed the re-emergence of human capital risk impacting business operations and operational resiliency, and the need for more specific inclusion and actions as a part of an organization’s overall Enterprise Risk Management (ERM) framework.1 Continuing this series, we will explore some proactive initiatives that organizations can take to put in place more effective human capital risk management solutions across an organization.
As the importance of human capital risk continues to increase, organizations should be taking proactive and holistic steps to implement the principles, strategies and risk management capabilities (i.e., governance/organization, processes, data/reporting) to mitigate potential workforce-based risks (i.e., inadequacy or gaps in human skills, knowledge and ethical conduct behavior) that can significantly impact the enterprise, including but not limited to operational risks,2 business continuity/resiliency risks,3 regulatory compliance risks, and reputational risks (e.g., employee conduct, workforce diversity). In addition, newly emerging and complex enterprise risks such as adopting new “disruptive” technologies (e.g., artificial intelligence, robotic process automation)4 should also be mitigated from the view of human capital (e.g., hire or build emerging technology expertise within the ERM organization).
Defining the appropriate governance model
Creating an effective human capital risk program that spans the organization and addresses a comprehensive set of risk factors starts with the most senior leaders. As we touched on in our last blog, the C-level and senior leadership teams should recognize and promote the imperative to put in place the mandate setting the tone from the top. The Chief Risk Officer and Chief Human Resources Officer should create a joint Human Capital Risk Management governance structure which is integrated into the ERM governance model. For example, human capital risk accountability should be clearly established across the three lines of defense operating model,5 including the identification of human capital risk owners within the first line of defense, creation of second line Human Capital Risk Controls teams, and the establishment of “top of the enterprise” board oversight through a Human Capital Risk Subcommittee.
Putting in place integrated risk management processes
As the right leadership structure and governance approach is put in place, a more integrated approach to enterprise risk assessment should be implemented in partnership with Human Resources (HR) that addresses intra-enterprise barriers to a holistic view of enterprise risk.6 This partnership facilitates integration of workforce management components (e.g., training, compensation plans, performance goals) into the existing ERM standard risks and controls taxonomy, and risks and controls self-assessment (RCSA) methodology.
In addition, an enterprise Business Process Management (BPM)7 program that includes human capital processes, risks and controls can strengthen understanding and mitigation of human capital risks at the first line of defense level where risks are owned and directly managed.
Enhancing risk and control monitoring
As human capital risks become integrated in the ERM governance model and risk management processes, existing ERM reporting of Key Performance Indicators (KPIs) and Key Risks Indicators (KRIs) can be subsequently enhanced to more effectively and holistically monitor workforce-related risks and controls.
Key existing HR reporting (e.g., workforce attrition, employee relations complaints, employee training), can be integrated into existing ERM dashboard reporting to track potential emerging risks and associated controls for targeted mitigation attention. For example, a significant decline in customer regulatory disclosures execution (KPI) within a specific sales group can be attributed to associated increases in employee attrition losses (KRI) and delays in new hire regulatory training onboarding (KRI) in the same group. As a result, mitigation efforts can target employee retention and training to reduce the spike of disclosure failures.
Creating an effective human capital risk program that spans the organization and addresses a comprehensive set of risk factors starts with the most senior leaders.
In the next blog in this series, we will discuss workforce culture, training and conduct recommendations with a specific focus on how organizations should be putting their people first with support programs addressing aspects like mental health. To find out more on the topic and how we can help you, please contact Anson Gong or Ric Garner.
- “Enterprise Risk Management Framework,” The Risk Management Association, 2019. Access at: https://www.rmahq.org/erm-framework/.
- “International Convergence of Capital Measurement and Capital Standards – A Revised Framework,” Basel Committee on Banking Supervision, June 2004. Access at: https://www.bis.org/publ/bcbs107.pdf.
- “Operational Resilience is Financial Resilience,” Accenture, June 2019. Access at: https://www.accenture.com/us-en/insights/financial-services/operational-resilience.
- “Accenture 2019 Global Risk Management Study Financial Services Report,” Accenture, December. 2019. Access at: https://www.accenture.com/us-en/insights/financial-services/global-risk-study.
- “The Three Lines of Defense in Effective Risk Management and Control,” The Institute of Internal Auditors, January 2013. Access at: https://www.theiia.org/3-lines-defense.
- “Delivering an Integrated Approach to Non-Financial Risk Assessments,” Accenture, 2017. Access at: https://www.accenture.com/_acnmedia/pdf-42/accenture-delivering-integrated-approach-non-financial-risk-assessments.pdf.
- “Business Process Management-Lifecycle,” Accenture, 2013. Access at: https://www.accenture.com/t00010101t000000__w__/gb-en/_acnmedia/accenture/conversion-assets/dotcom/documents/global/pdf/strategy_1/accenture-business-process-management-lifecycle.pdf.