How to Align Risk Management and Human Capability
Dave Ulrich
Speaker, Author, Professor, Thought Partner on Human Capability (talent, leadership, organization, HR)
Risk management shapes our daily lives, from predicting weather to shaping investment portfolios to making social commitments to determining healthy living choices.
Managing risk helps leaders anticipate threats and build control systems to minimize harm. Generally housed in the finance department, enterprise risk managers identify, assess, and prioritize risks. They then develop strategies and processes to reduce the impact of prioritized risks.
While the risk management industry has many models and frameworks for mitigating risks, one of the most widely used is about 40 years old and derived from the Committee of Sponsoring Organizations of the Treadway Commission. The most recent iteration of the COSO framework highlights the importance of embedding business or enterprise risk management (ERM) throughout an organization. It defines four categories of business objectives, eight components of business risk, and four levels of application (figure 1).
The COSO risk framework helps manage overall risk management focusing on sources of risk. A number of reports on sources of risk can be identified and assessed (see figure 2).? An ERM team will likely do an annual report to the board or executive committee to identity current risks and then propose control mechanisms to mitigate prioritized risks. As noted in figure 1, the risk management process can be applied at multiple levels throughout the organization.
HR and its contribution to risk management has often been considered a source of risk that affects a company’s ability to meet its strategic and financial obligations. A study by the Economist Intelligence Unit highlighted risks associated with human resource management as a significant threat to global business operation. Another study by the Conference Board classified people and organization risk as the fourth biggest impact on business performance, but the study placed it tenth in terms of how effectively it is measured and managed within the business.
Given the evolution of HR to deliver stakeholder value through human capability, let me suggest some emerging ways HR contributes to both the content (what are the risks) and the process (how are the risks managed) of ERM.
Content of Human Capability Risk
In our work, we have classified human capability into four domains of HR contribution (talent, leadership, organization, and HR function) (figure 3).
领英推荐
Investments in these four domains deliver not only business financial results but also stakeholder value. In today’s uncertain business context, talent (employee), leadership, organization, and HR function agendas often become a primary predictor of stakeholder value, so their risks (and opportunities) should be assessed. Figure 4 lays out possible risks (and opportunities) in each human capability domain that an ERM team might consider.
These human capability risk considerations in figure 4 could be applied to a specific risk priority in figure 2 (e.g., How do we manage operational, strategic, or compliance risk?), or they could be added as another source of risk for the overall organization (another row in figure 2).
Managing Risk Process
A risk assessment identifies the prioritized threats, or risks, then builds control systems to mitigate the risks. HR professionals have unique expertise in closing the know-do gap to turn what should be done (building a control system) into what is done (implementing the control system). In our work, we have developed a change-enablement tool with seven disciplines for change that can apply to any risk priority (figure 5).
Conclusion
In an increasingly uncertain work world where variance helps ensure a differentiated future, risk management encourages predictability once risks are prioritized. Human capability (talent, leadership, organization, and HR function) risks can be identified, assessed, prioritized, and managed to help deliver stakeholder value.
What is your experience at how human capability helps manage risk?
..………
Dave Ulrich?was the Rensis Likert Professor at the Ross School of Business, University of Michigan, and a partner at The RBL Group, a consulting firm focused on helping organizations and leaders deliver value.
OK Bo?tjan Dolin?ek
Plant HR Head - Human Resource at Hexagon Nutrition Limited
1 天前Very informative
Host, How HR Leaders Change the World | Founder, From Babies with Love | Trustee, Duchenne UK | Trustee, Gaia Foundation
1 天前A fascinating and timely perspective on risk management! People are at the heart of every organisation’s ability to navigate uncertainty, so it’s vital that human capability is recognised as a key component of enterprise risk management. Embedding HR within risk processes doesn’t just mitigate threats - it creates opportunities for resilience, innovation, and long-term stakeholder value. Looking forward to seeing how organisations continue to evolve their approach to risk through the lens of people and purpose.
This is such a powerful insight! ?? Risk management through the lens of human capability is often overlooked—but it’s where real value creation happens. Aligning talent, leadership, and organizational strength with ERM isn’t just about minimizing threats—it’s about building a system where adaptability and resilience become competitive advantages. When businesses treat human capability as a core component of risk strategy, they’re not just protecting value—they’re creating it. ?? Curious—what’s one human capital risk you’ve faced that fundamentally shifted how your business operates Dave Ulrich?
Chief Human Resources Officer who has a proven, successful track record of attracting, retaining, and motivating employees to perform at their best.
1 天前I love this! Something HR execs who are successful live a breathe in staying focused on many ways to minimize enterprise risk through leadership and employee development, talent life management, and HR functionality! Charge on!!