Because people touch all aspects of an organization, a focus on human capital risk is a very important part of an effective risk management and corporate compliance program. Yet it is also because of this “human factor” – the complex involvement of people in all aspects of the business – that ownership of human capital risk management can end up ill defined. In fact, many organizations today face major challenges in this area due to a lack of clarity around roles and responsibilities assigned to human capital risk management.
Whether the risk and compliance challenges are those directly related to running an HR organization (e.g., legal requirements of ERISA, FLSA and ADEA regulations) or some of the more strategic risk and compliance issues that have human capital at their core (e.g., designing talent strategies, aligning rewards, promoting fraud prevention and ethical behavior), sorting out who specifically is responsible for identifying, assessing, prioritizing, managing and monitoring all of those risks is no easy task.
Some argue that HR leaders, who have specialized personnel-related knowledge and capabilities, should assume ownership of people-related risk management. Others, perhaps including many readers, maintain that, due to their strong regulatory expertise and capabilities, risk and compliance professionals should play the dominant role in human capital risk management. While still others believe that the strategic-level risks are the responsibility of the organization’s business leaders.
In reality, all parties are correct. Effective human capital risk management is the shared responsibility of HR, risk and compliance functions, and senior business leaders, a cooperative effort combining deep expertise in human capital, risk management and compliance, and business strategy and operations.
By working together, HR, risk and compliance, and business leaders can bring their cumulative knowledge and strengths to efficiently create, manage and monitor a risk management plan, thereby minimizing people-related failures and maximizing people-related strategic opportunities. Ultimately, effective management of human capital risk – whether the upside risks associated with a growth and global expansion strategy or the downside risks driven by reckless decision making, fraud, or talent lost to poorly designed rewards programs – comes down to intelligent collaboration and cooperation across the organization.
HR professionals are equipped with an understanding of people issues, the HR regulatory environment, personnel data, future trends and competitive demands related to recruiting, retaining, managing, developing, compensating and rewarding employees. Risk, compliance, and legal professionals bring the skills and expertise necessary to help design a strong HR compliance and risk management program. Additionally, the role of the risk and compliance teams across the broader enterprise helps ensure that the HR risk management program aligns with company strategy and integrates well with organizational structure and all other risk monitoring functions. Risk and compliance professionals also bring a built-in familiarity with the latest risk assessment, monitoring, and mitigation tools and techniques.
The following are six specific ways compliance and HR functions can work together to elevate people-related risks to the top of the corporate agenda:
Risk and compliance professionals have long realized that risk management is not limited to the formal monitoring functions of the organization, and increasingly, HR professionals are coming to the same conclusion. Company stability and effectiveness necessitate risk awareness and controls throughout all key areas of the organization—including, if not starting with, people-related activities.
One has to look no further than business news headlines to understand that managing people risk is about supporting an organization’s strategic intent and day-to-day assurance of specific compliance initiatives and regulations. Either, or both, type of risk management can help build or diminish an organization. Risk managers and HR executives can find that working as partners with a common goal is an effective way to address the challenges of the human factor in a dynamic workplace.
About the Author
Mike Fuchs is a principal for Deloitte Consulting LLP, focusing on helping clients find solutions to cultural and institutional challenges related to complex governance, risk and compliance requirements.
This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this document.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
Deloitte Consulting LLP (Deloitte Consulting) Principal Mike Fuchs has focused on helping clients find solutions to cultural and institutional challenges related to complex governance, risk and compliance (GRC) requirements.
As a principal for the Human Capital and GRC practice, Mike assists clients with Sarbanes-Oxley Section 404 readiness, focusing on human resources (HR) risk mitigation and entity level control assessments. Mike’s experience traverses the HR landscape and includes shared services design, business case development, enterprise transition and change management.
With more than 18 years of HR consulting experience, Mike has served companies in the life sciences, health care, manufacturing and technology sectors.
Regarding his career at Deloitte, Mike Fuchs said, “My proudest career moment is being able to look back at the 14 years of my career and see the positive impact I have had on my clients, Deloitte, and, most significantly, the people of Deloitte. I have not only had the opportunity to have an impact from a business standpoint, but the personal connections I have made leave a more lasting impression.”
Other articles written by Mike Fuchs include:
Less Risk, Greater Rewards
Mike co-authored this report, which provides insights into risk intelligence and employee reward risks, as well as how to develop an effective risk management program.
Mike contributed to this article in Deloitte Consulting’s Straight Talk Book No.8, which discusses nine steps to cultivate a rich action plan and achieve integrated GRC, including sample e-mails and other suggestions that will ultimately help your clients “grow confidence” and improve performance.
Mike Fuchs can be contacted via email at firstname.lastname@example.org.