My favourite presentation at last week's conference was given by Shaunagh Harvey Kelly and Mike Morley Fletcher from E&Y (the slide comes from a different presentation).
I think risk tends to get forgotten by HR functions (perhaps not within those covered by SOX). But the risk management approach outlined by the E&Y consultants fits perfectly with the requirements for HCM reporting within the UK's business review and similar reports elsewhere.
And it's really important!
As Taleo reported last year, according to Best practice in risk management: A function comes of age, a report from the Economist Intelligence Unit sponsored by ACE, IBM, and KPMG, human capital risks are the most significant threat to a company’s global business operations:
"Human capital risk, in particular, stands out as an area that respondents find particularly challenging. This risk, which is related to loss of key personnel, skills shortages and succession issues, has consistently been rated as among the most threatening risks that companies face in the two years that this series has been running. As this survey demonstrates, it is also among the most difficult to manage, and few respondents claim that they are effective at dealing with it. These findings point to the need for closer integration between the risk function and the human resources function, as well as a clearer understanding of the risks that companies face with their location and human capital strategies."
So I understand Mike Morley Fletcher's disappointment that "typically HR is not there when big risk assessments are done".
EY presented their risk assessment cycle, including the following four steps:
1. Validate objective
2. Identify risks to achievement
3. Evaluate risks (likelihood vs impact)
4. Assess risk gap
5. Identify further actions and monitoring mechanisms
... which can then be reported in the Business Review.
ie, it's not about avoiding risks ("in business, it takes risks to get a return"), but identifying the potential 'risk universe', understanding them (and their upside as well as downside) and putting in place appropriate actions to assess, measure, monitor and mitigate them.
And HR needs to be there when big risk assessments are done, and proactive in pointing out these most threatening of risks to business colleagues who are unlikely to fully understand them.