A Strategic View of Risk Management
by Diana Sadighi
Historically, Human Resource’s role in risk management has been legal and regulatory compliance, with a focus on threats to the organization and its employees. In this environment, HR assesses the risks of various employment practices (such as hiring decisions, safety, and substance abuse) and designs prevention programs and crisis-management plans.
Risk management focuses on minimizing, monitoring, and controlling the probability and impact of adverse events. Without diminishing the importance of these activities, don’t allow this perspective to dominate the way you approach risk management in your human-resource strategy. While compliance is important, will performing HR compliance better than your industry counterparts result in a major competitive advantage for your organization?
Business leaders recognize that risk can lead to significant value creation. Look at many of today’s successful businesses, and you’ll find leaders who seized opportunity where others only saw threats: Amazon, Apple, and Facebook. The business world is also replete with examples of opportunities missed by the risk-averse. When a young engineer invented the first digital camera in 1975, his employer, the Eastman Kodak Company, rejected the idea out of fear that it might erode sales of existing products. The term, “Kodak Moment” is now synonymous with a business that fails to foresee changes within its industry and drops from a market-dominant position to being a minor player or declaring bankruptcy.
The International Organization for Standardization (ISO) is an independent, non-governmental, international organization that publishes standards covering almost all aspects of technology and manufacturing. ISO defines risk-management using an integrated and balanced approach—one of seeing the potential for loss and gain in each business decision. The purpose of their standard ISO 31000:2009 is to integrate risk-management into the organization’s overall governance, strategy, management, and culture. It deliberately states that risk includes opportunities as well as threats.
The Society for Human Resource Management (SHRM) recognizes the benefits of developing an integrated and balanced approach to risk, and recommends assessing the potential for loss and gain in every business decision. They link the functional area of risk management to the HR competencies of critical evaluation and business acumen. In addition to proficiency with investigations, crisis management, contingency planning, and compliance, SHRM aligns risk management with strategic planning and management.
I’m not advocating throwing caution to the wind. Organizations rely on us to advise and protect the viability of the business, and like other leaders, we are strategic business partners. We should flex our business acumen and critical evaluation skills to make the best decisions and recommendations.
Let’s review an example of risk management: Employers who hire incompetent or unqualified employees face potential administrative costs, embarrassment, and legal liability. You can minimize these risks by conducting pre-employment screening. This follows our common understanding of risk management, which focuses on the probability and impact of adverse events and the application of resources to minimize, monitor, and control.
But what about the employer that sees an opportunity in hiring those deemed unqualified or unsuitable because of criminal conviction? With unemployment hovering around 3 percent in Colorado, hiring ex-offenders may be less about providing a second chance and more about filling customer orders on time, as one local greeting card manufacturer has found. Hiring ex-offenders provided a competitive advantage in a tight labor market.
Another example is a potential merger or acquisition. A tactical approach involves reviewing legal compliance to identify potential liabilities. But considering cultural fit and the commitment level of key executives is more strategic, while identifying new skills or resources that can be turned into a new line of business is transformational. DuPont leveraged its expertise in process safety into a consulting business, DuPont Sustainable Solutions.
The first stage of risk management is establishing the context in your organization. Is it viewed as threat or opportunity? Avoided or optimized? Ignored or accepted? Other context includes your mission, vision, values, and strategic plan. Pursuing opportunities at the more strategic end of the HR risk-management spectrum can lead to major competitive advantage and significant value creation. Don’t limit yourself; while compliance is important, I encourage you to become anti-fragile.