MITIGATING HUMAN CAPITAL RISKS

The Human Capital (HC) function faces many risks that can impact the organization's reputation and operations. These risks range from data leakage and compliance issues to health hazards. In the absence of an effective risk management strategy in place, organisations are exposed to potential disruptions. A proper risk assessment and mitigation strategy can safeguard the HC function against these threats. It will protect its employees and assets, as well as enhance the overall resilience of the function. Therefore, there is a critical need to devise a comprehensive risk management strategy tailored to address the specific challenges the HC function faces.

Evaluating Risks and Proposed Mitigation Strategies

Data Leakage Risk

Priority: High

Applicability: All sub-BUs of HC

Risk:? Data leakage at Sony Pictures and Equifax Data Breach, 2017 are a few examples where sensitive employee or client data were leaked, leading to loss of millions of dollars and lawsuits. Data leakage risk can arise due to internal and external factors. It could lead to the leakage of employee and client information and unauthorized access to the company's HC strategy. Data leakage risk results from poor cyber security and employee training and can disrupt the business.

Mitigation Strategy:????

·???? Implementation of data protection measures and cyber hardening.

·???? Two-way encryption, data classification, access controls, and a virtual barrier to prevent information access.

·???? Regular monitoring and audits, including surprise audits to identify loopholes.

·???? Sensitize employees through training on data handling protocols and enforce strict non-disclosure agreements.

·???? Effective use of online platforms like KnowBe4 for training and awareness.

·???? Comply with the DPDP Act 2023(on formulation), the GDPR Act and the ISO/IEC 27001 standards.

·???? On breach, an incident response plan to manage damage control must commence.

Assessment Framework: Frequency and severity of data breaches indicating compliance with data protection measures, its effectiveness, and the results of data security audits.

?Regulatory Compliance Risk

?Priority: High

Applicability: All sub-BUs of HC

?Risk:? It would involve non-adherence to labour laws like the Industrial Dispute Act of 1947, employment regulations, industry standards like the Sexual Harassment of Women at Workplace Act of 2013 and non-compliance with regulatory requirements like the DPDP Act of 2023 or contractual obligations, which can expose organizations to legal penalties, tarnish reputations and erode trust among stakeholders.

?Mitigation Strategy:

·???? Formulate a strategy team that stays updated on relevant laws, regulations, and industry best practices.

·???? Establish a compliance framework based on the ISO 37301:2021 compliance management system guidelines.

·???? Conduct compliance assessments and audits.

·???? Nominate a Compliance Officer responsible for monitoring and enforcing compliance measures.

?Assessment Framework: The efficacy of compliance training programs, abiding by compliance policies, and execution on points received as feedback from regulatory bodies can be gauged by examining compliance audit findings, the number of compliance violations, and adherence to regulatory deadlines.

?Reputational Damage

?Priority: High

Applicability: Talent Acquisition and Core Human Capital Function

?Risk:? For HC function, it would manifest as negative publicity due to irresponsible behaviour, negative employer branding, social media backlash or public relations crisis. It can also stem from partner dissatisfaction or third-party dissatisfaction engaged in services for HC.

?Mitigation Strategy:

·???? A positive work culture, encouraging employee feedback, maintaining transparency and responding to concerns.

·???? Tactfully handling and prioritizing third-party concerns by the HC team to avoid backlash.

·???? A crisis communication plan must be implemented to address reputation-related issues promptly.

·???? A PR team is to be created to manage public image and reputation.?

?Assessment Framework: Based on the number of negative media findings, social media sentiment analysis and stakeholder satisfaction scores. It would indicate the implementation of employee engagement survey results, frequency and effectiveness of internal communications addressing reputation-related concerns and feedback from partners and third-party stakeholders.

?Health and Safety Hazard

?Priority: High

Applicability: All sub-BUs of HC

?Risk:? DGFASLI, India, reported 8936 fatal and non-fatal occupational accidents in 2019-20. Similarly, Eu-OSHA estimates work-related accidents and illness costs at ￡476 billion annually. Workplace accidents, mental health post COVID, common injuries and health concerns can precipitate employee absenteeism, decreased productivity and heightened healthcare expenditures.

?Mitigation Strategy:????

·???? Enforce comprehensive health and safety protocols as per ISO 45001 management system,

·???? Undertake regular safety training and hazard assessments.

·???? Undertake periodic safety audits.

·???? Cultivate a safety-conscious culture among employees.

·???? Institute protocols for promptly reporting and addressing safety issues.

?Assessment Framework: The assessment should evaluate data such as frequency of workplace accidents, injury, illness and absenteeism rates. These matrices would indicate the efficacy of safety training programs, results of safety inspections and audits and employee feedback on safety culture.

?Talent Attrition and Management Risk

?Priority: Medium

Applicability: Talent Acquisition and Core Human Capital Function

?Risk:? According to the Society for Human Resource Management study, the cost of replacing an employee ranges from 90% to 200% of annual salary. A good talent management plan performs better than competitors. Elevated turnover rates, particularly of crucial personnel, can result in losing valuable expertise and knowledge and escalate recruitment expenses. Similarly, poor talent acquisition would create similar challenges and decrease productivity. On the other had companies with good talent practices outperform their competitors.

?Mitigation Strategy:

·???? Develop effective recruitment strategies.

·???? Formulate an onboarding plan with a buddy system.

·???? Employ retention tactics like competitive compensation, career progression and a conducive work environment.

·???? Conduct exit interviews to identify causes of attrition and address underlying concerns.

·???? Establish a succession plan to groom internal talent for pivotal roles.

·???? Use employee engagement surveys to gauge employee satisfaction and identify areas for improvement.

?Assessment Framework: The assessment should consider employee turnover cost, satisfaction and engagement scores. These matrices would indicate the efficacy of succession planning, results of exit interview feedback and employee feedback on career development opportunities.

?Employee Burnout and Stress

?Priority: Medium????????

Applicability: All sub-BUs of HC

?Risk:? Excessive workloads, stringent deadlines, and inadequate work-life balance can contribute to employee burnout, stress-related ailments and diminished job satisfaction.

?Mitigation:????

·???? Monitoring workloads and ensuring realistic goal settings.

·???? Incorporate flexible work arrangements, wellness programs, transparent communication channels, supportive leadership, and recognition and rewards.

·???? Offer employee assistance programs (EAP) with confidential support for work and personal related issues.

?Assessment Framework: It should be based on utilization of EAP and absenteeism due to stress related issues. These matrices would indicate the efficacy of workload distribution metrics, the effectiveness of wellness programs and the implementation of employee feedback on work-life balance initiatives.

?Knowledge Management and Succession Planning

?Priority: Medium

Applicability: CHC

?Risk:? The inability of HC to capture and transfer critical knowledge and expertise from departing employees may result in loss of institutional knowledge and disrupt continuity.

?Mitigation Strategy:????

·???? Implement knowledge management platforms to document and disseminate valuable knowledge across HC.

·???? Succession planning mechanisms to identify high-potential employees and provide them with opportunities.

·???? A well-formulated knowledge management and succession planning would ensure HC has the right talent to respond to changing market dynamics and business needs.

?Assessment Framework: The assessment must include knowledge retention rates, the effectiveness of the knowledge transfer process and succession planning success rates. These matrices would indicate the utilization of knowledge management platforms, completion of succession planning activities and implementation of employee feedback on training and development opportunities.

?Change Management Risk

?Priority: Low

Applicability: All sub-BUs of HC

?Risk:? Change management is crucial for the HC function. Poorly managed function changes, restructuring, mergers, and acquisitions may lead to decreased productivity, talent attrition and loss of morale.

?Mitigation Strategies:?

·???? Develop a change management framework.

·???? Framework should include effective communication, training, engagement and growth opportunity for employees.

·???? It should be followed up with a monitoring mechanism.

·???? Employing tools like Prosci and ChangeScout to manage and track change initiatives.

?Assessment Framework: It should be based on employee morale and engagement during periods of change, productivity levels during and after changes and turnover rate during change initiatives. It would indicate the effective completion of change management training, communication effectiveness during change initiatives and implementation of employee feedback on change readiness and support.

?Additional Risks

?In addition to the above, there are a few more risks the HC function may face, like operational risk due to external factors, employee relation and ethical risks, technology disruptions, market dynamics, workforce diversity and inclusion. However, these can be mitigated by proactive measures and adherence to policies and regulations laid down by the organisation.

?Implementation Plan

?A proposed implementation plan includes steps involved, responsible parties and challenges:

?Steps

?Step 1: Define the objective of the risk mitigation strategy and set goals for each strategy to measure its success.

Step 2: Assign specific individual/ team with clear goals and objectives to oversee implementation.

Step 3: Define a clear deadline.

Step 4: Allocate required financial, technological and human resources.

Step 5: ?Implement data protection measures as proposed and undertake audits to identify and address potential threats.

Step 6: Formulate a compliance framework under ISO 37301:2021 guidelines. Regular monitoring and compliance audits

will be undertaken as discussed.

Step 7: Foster a positive work culture and encourage feedback. Address reputational damage by developing and ???

implementing a crisis management plan.

Step 8: Manage talent attrition by developing an effective recruitment and retention strategy. Regularly conduct exit

interviews and address underlying problems.

Step 9: Implement health and safety guidelines following ISO 45001 and national policies.

Step10: Continuously monitor the effectiveness of mitigation strategies. Also, continuous reviews must be undertaken to meet new challenges over time.

?Responsible Teams

?Risk Management Team: At the sub-board level, with a board member as Chairman. Nominating a Risk Officer and representative members from all BUs for coordination. The team will meet periodically to discuss and coordinate issues.

Data Protection: IT team

Compliance Audits: HC Compliance Team

Addressing Reputational Damage: PR Team

Managing Talent Attrition and Knowledge Centre: Talent Acquisition and Core Human Capital Team

Health and Safety: Health and Safety Team

?Overcoming Implementation Challenges

?An attempt has been made to undertake comprehensive coverage of the risk likely to be faced by the HC; however, implementing all mitigation strategies is resource-intensive and time-consuming. The mitigation strategies are tailored to meet individual risks, but the multitude of risks and corresponding mitigation strategies may introduce complexity. Risks like legal compliance are ever evolving and need continuous reviews to stay effective. The study has highlighted the importance of positive work culture, transparency and organizational culture, which are core to all organisations and will facilitate negating these challenges.

?Risks Communication and Change Management

?Comprehensive communication and effective change management are unavoidable when implementing risk mitigation strategies. Below is the framework for the same.

?Stakeholder Identification: First, stakeholders from among employees, management, and partners must be identified.

?Communication Strategy: Next is preparing a strategy to communicate risks to stakeholders. In this, using available channels like emails, newsletters, intranet portals and meetings be considered to ensure that stakeholders are kept informed.

?Risk Awareness Training: Periodic risk awareness training must be enforced using platforms like KnowBe4 or internal processes. HC must also carry out regular updates and campaigns to keep risk awareness high among employees.

?Change Management Framework: This would require developing a change management framework to manage changes. The framework should include steps for accessing changes, communicating changes to all and systematically implementing changes.

?Engagement and Feedback: Encourage open communication and feedback from all stakeholders and take necessary steps to address the concerns.

?Crisis Communication Plan: As brought out earlier, develop a crisis communication plan. It must include protocols and strategies for interacting with media and managing public relations.

?Monitoring and Evaluation: Continuously monitor the communication and change management strategies. Also, the stakeholders' engagement feedback should be evaluated to identify areas for improvement.

Conclusion

?A detailed review of all possible risks and their prioritization and mitigation strategies has been discussed. Sub-BUs of HC must develop their monitoring system as per the recommendation. A quarterly training session should be planned to keep the employees informed and engaged about possible risks. The HC must also communicate with stakeholders about the measures taken to mitigate the risks. Digital collaboration tools like Microsoft Teams, Slack and Zoom can be used to enable employees to adapt to new technologies and work processes. As the study recommends, a feedback mechanism must also be implemented for real-time employee insights. Developing a Crisis Plan is required to address any reputational damage. The HC must also periodically review and update the assessed risks and address new and emerging risks.

?

[1] https://timesofindia.indiatimes.com/gadgets-news/sony-confirms-data-breach-heres-how-hackers-got-into-companys-system/articleshow/104210527.cms

[2]https://en.wikipedia.org/wiki/2017_Equifax_data_breach#:~:text=Information%20accessed%20in%20the%20breach,British%20residents%20was%20also%20compromised.

[3] https://www.knowbe4.com

[4] https://www.iso.org/standard/27001

[5] https://www.iso.org/standard/75080.html

[6] https://www.dgfasli.gov.in/public/Admin/Cms/NewsLetter//65dc3491438c64.98454440.pdf

[7] https://osha.europa.eu/en/publications/international-comparison-cost-work-related-accidents-and-illnesses

[8] https://www.iso.org/standard/63787.html

[9] https://www.shrm.org/in/topics-tools/news/talent-acquisition/real-costs-recruitment

[10] https://www.workplacestrategiesformentalhealth.com/resources/what-is-an-employee-assistance-program

[11] https://www.prosci.com/change-management

[12] https://www2.deloitte.com/us/en/pages/human-capital/solutions/changescout.html?id=us:2el:3dp:chscout:awa:cons:093116:scout