How much of an impact does human resources have on the risk management strategy in your organization?
Risk management, in regards to human resources, doesn’t stop once background checks, references and education confirmation is completed. The human resource department and the risk management department must continue to collaborate together to ensure employee related risks are continuously identified and strategies established for mitigation of identified risks.
Employee or human factors are some of the most critical sources of risk and extremely difficult to plan and prepare for. The human factors in regards to risk are very different from the risk introduced by machines or automated processes, as the human factors are highly dynamic and difficult to regulate in relationship to controls for machines and automated processes. After all the reason you are employing an individual is to allow her to work in an environment, which allows her to feel free to perform at her best, with a strong support and trust of management. Technology is different, for example, once a machine or automated process is established, engineers, operators, and quality control specialist can evaluate the machine or process’s performance statistically, with similar results each time. Once a defect or flaw in the process is noticed, it is generally an issue where there is a clear resolution.
From and information security perspective, it goes without saying that humans perform differently than machines, ergo; humans do not have the same consistency as machines, but we have the ability to think independently and adapt to a given situation (no need to argue about artificial intelligence and learning machines, as we are talking about everyday systems and computers). An employee’s ability to think for himself introduces risks that are dynamic, unpredictable and in some cases quite damaging. Every organization requires a harmonious connection between these vital company assets, in order to produce the desired results at the highest efficiency rate possible. With these factors considered, it is vital for the risk management team and the human resources department to work in sync embedding a culture of awareness and cooperation that mitigates said risks effectively.
Here we list a few examples of human resource activities and the potential risks associated.
Hiring
Compensation and benefits
Employee conduct
Employee supervision
Risk management and human resource policies during employment should aim to establish the responsibilities and liabilities of employees. Further, management must ensure employees are supported identifying potential opportunities and when enforcing the organizational security policy and procedures in order to reduce the risk of human error.
This is made possible through a sufficient level of awareness, through training in security policy and procedures to minimize human factors risks. It is vital that these sessions are tailored to the responsibilities of employees and attention is drawn to the known threats to that employees responsibilities. Successful training and follow up will embed a culture of risk management into an organization and ensure employees are consciously considering the risk of their actions to the organization.
An additional process that should be implemented in a corresponding manner between risk managers and the human resource department is a disciplinary process. A disciplinary process for breaches in an organization’s security policy is necessary to establish the importance of security to the organization. The objective of the disciplinary process is to bring attention to and have consequence for security breaches.
Conclusion
Once an employee is hired, you introduce new risk to your organization. These risks are unpredictable and based on factors that are difficult to control. By establishing synergy between your risk management team and human resources team these risks can be reduced. This is accomplished by educating your employees in security policies and procedures, accompanied by a clear and concise disciplinary policy.