It’s all too easy to feel pretty negative and uncomfortable about the big issue of risk – and the management of people risk is no exception. But businesses cannot afford to insulate themselves from risk. Indeed, as Mark Zuckerberg so aptly put it, “the biggest risk is not taking any risk…In a world that is changing really quickly, the only strategy that is guaranteed to fail is not taking risks.”
Employing staff undoubtedly involves numerous risks, but people are the creators, the opportunity-makers and increasingly the central focus for progressive businesses in this fast-moving world. If we look after them well and manage those risks effectively, there can be huge paybacks.
So what does people risk actually look like?
The UK People Risks Report by Mercer Marsh Benefits – based on responses from 2,594 HR and Risk professionals across 25 countries – identifies a great diversity of risks. Every one of these is worthy of in-depth discussion, but among the top 25 issues named we pulled out five key categories:
- Health & Safety includes risks such as pandemics and mental health
- Governance & Financial covers concerns such as the rising cost of employee benefits, pension scheme financial exposure
- Accelerated Digitisation (for instance data privacy, skills obsolescence)
- ·Talent Practices (talent attraction and retention, key person risk, the changing nature of work)
- Environmental & Social (diversity and inclusion, environmental concerns, working conditions).
However, it’s important to recognise that these people risks don’t exist in isolation from the fabric of the organisation. Take the single biggest risk identified by respondents – cybersecurity and data privacy. Is that really a people risk, rather than a business or IT problem?
In reality, it’s both: of course the security systems have to be in place and operational, but 95% of all cyber risk is a result of human error. And that in turn is so much more likely when staff are distracted by other risks – wrestling with mental health issues, say, or at loggerheads with their boss. People risk really is a complex web.
However, with the right risk framework and the right internal collaboration, the good news is that these risks can be effectively managed.
Close cooperation between HR and Risk teams is key here. As the survey reveals, there is some difference in the people risks viewed as most significant by the two functions, with HR understandably somewhat focused more on pandemic risks, the changing nature of work and benefits concerns.
But the presence in the Risk function’s top 10 of ‘HR-focused’ concerns such as the changing nature of work and pandemics, as well as mental health, talent attraction and catastrophic personal life events, shows that Risk departments view these as major risks that need to be managed.
The message is clear: it’s time to work together to drive real change.
However, that journey is unlikely to be all plain sailing. The report reveals, for example, that 43% of respondents struggle to engage leadership in the issues to be tackled around health and safety. It also identifies a worrying ‘investment lag’ between serious health and safety threats and the available budget for risk management.
Again, cooperation between HR and Risk teams is the best way forward to bring the leadership team, including the CFO, on board and get the financial backing needed for an effective framework.
Another key stumbling block for many respondents is a basic lack of data. For example, a quarter of organisations lack the analytics to monitor health and safety risks while 28% are not equipped to assess social and environmental risks, including those around diversity and inclusion.
It may be a cliché, but it’s fundamental in this context: what gets measured gets managed. If your organisation isn’t measuring its people risk data effectively, that should be a priority. What about the qualitative aspects of managing this big issue? Our consultants see at first hand the challenges facing corporate clients from a people perspective – including those they may not be so focused on.
There are a number of ‘blind spots’ thrown up by the survey that may be getting less attention than they merit. He picks out examples such as labour relations and workforce conditions: It’s 18th out of 25 people risks, yet 50% of organisations think they’re entering a more unstable period in regard to workforce stability.
Priorities inevitably change over time – pandemic risks being a very obvious example – organisations need not to overlook current less obvious concerns that could come to the fore in due course.
What can businesses do to better manage people risk? Of course, each has its own unique challenges and it’s easy to feel overwhelmed by the complexity of issues, but we offer three key pieces of advice.
Take regular ‘pulse’ surveys of staff to see what’s on their minds and where they want to go in their careers; similarly, carry out robust exit interviews to see why they’re leaving.
Look at the data and learn from it. Which benefits are being used? Are there trends in the sickness and absence statistics? Are you meeting inclusion and diversity goals?
Make people risk an integral part of the whole risk management framework. There’s a real danger of tackling risks on a piecemeal basis and then finding there are unforeseen knock-on effects. When HR starts working closely with the Risk department, that’s a powerful tool.
, Partner, Digital, Strategy & Markets Leader