Risk management means identifying, assessing  and controlling threats to an organization by  distinguishing the hazards that others miss and taking action to reduce the risk. Risks are unexpected, harmful events that cost an organization money, events such as accidents, cyber-attacks, data-related risks, financial uncertainty, IT security threats, legal liabilities, natural disasters, and strategic management errors. Crisis management must be deliberately controlled, especially during this time of the digital revolution. A way to manage risk is by designing and implementing a risk management plan.

We recommend all employers/businesses have a risk management plan outlining the procedure to identify, avoid, and control potential threats in order to minimize their impact, while reducing extra costs later. A quality risk management plan supports the organization’s goals by generating a secure work environment, lessening unnecessary insurance premium costs, protecting your most valuable assets (employees) and company assets from damage, reducing legal liability, strengthening stability of operations, and tapering issues that impact “human capital risks,” such as employee success.

An effective HR partner, risk management team, and executive leaders work together to manage risks by managing culture. They locate potential risk in three areas: hiring and retention, employee turnover, and professional fraud. Who you hire can be a source of risk with possible negative consequences. Some tips to include in your hiring/onboarding process:

• Conducting reference and background checks as part of the hiring process is important and can help an employer identify a risk before hiring an employee.  
• Once hired, provide all employees with an employee handbook outlining clear expectations, company policies and procedures. 
• Employee turnover can result in loss in time and money, approximately ⅓ of the employee’s annual salary.   It’s important to hire slowly to ensure you have the right fit for the team and the organization.  
• It’s important to manage conflicts and maintain company culture to increase retention. The timing of when an employee leaves your organization could tell you where improvement is needed. If employees leave within 10 days of employment, assess your interviewing and onboarding processes. If employees are leaving after a month, reevaluate new hire training. Leaving after a couple months may mean you should examine the employee’s manager. 
• Compensation and benefits may be the reason you are losing employees after a year. 
• Understanding the “Fraud Triangle” to head-off occupational fraud. The Fraud Triangle is a model commonly used in auditing that aims to explain why an employee decides to commit fraud in the workplace.  For example, when an employee has a personal financial problem, privately solves it by breaking company rules and violating financial trust, and then justifies their violations. An organization decreases professional fraud by establishing company compliance culture by implementing an anonymous reporting system without fear of retaliation, enacting random automated audit systems, and instituting clear policies with firm consequences. 

In order to determine an organization’s risks, HR audits should be conducted. “Risk assessment is at the core of every audit.” To build a quality audit, take client’s risks into consideration prior to conducting audits. Don’t just “go through the motions” of an audit. Link procedures to a risk assessment to reduce over-auditing and increase efficiency of the audit. Modify standardized, third-party procedures to address your client’s specific risks. Keep in mind as you develop your audits that significant risk is not limited to fraud. Lastly, tailor audits to each client’s needs. Following these steps will help you create a strong audit and reduce risk in your organization.