Risk Intelligence whitepaper series: Issue 18
Description
The people side of risk intelligence: Aligning talent and risk management.
Informations
| Publié par | deloitte |
| Nombre de lectures | 381 |
| Langue | English |
| Poids de l'ouvrage | 1 Mo |
Extrait
Risk Intelligence SeriesIssue No. 18
The people side of Risk IntelligenceAligning talent and risk management
Preface
This publication is the 18th whitepaper in Deloitte’s series on Risk Intelligence. The conceptsand viewpoints it presents build upon those in the first whitepaper in the series,The RiskIntelligent Enterprise™: ERM Done Right, as well as subsequent titles. The series includespublications that focus on roles (The Risk Intelligent CIO, The Risk Intelligent Board, etc.);industries (The Risk Intelligent Technology Company, The Risk Intelligent Energy Company,etc.); and issues (The Risk Intelligent Approach to Corporate Responsibility, Risk Intelligencein a Downturn, etc.). You may access all the whitepapers in the series free of charge atwww.deloitte.com/RiskIntelligence.Unfettered communication is a key characteristic of the Risk Intelligent Enterprise. Weencourage you to share this whitepaper with colleagues — executives, board members,and key managers at your company. We believe the issues outlined herein should serve as astarting point for the crucial dialogue on raising your company’s Risk Intelligence.
Contents
1 Part one: The people side of Risk Intelligence2......The intersection of talent and risk3......Two sides of the same coin7 Part two: Managing the risks of talent management8......Succession planning and critical talent needs9 ......Rewards, compensation, and incentives10 ......Ethics13 Part three: Managing talent to better manage risk14......Compliance15......Health and safety16......Business and talent continuity17......A Risk Intelligent culture18 Epilogue: Integrating talent and risk19 Appendix: Talent and risk — a checklist for boards and executives20 Nine fundamental principles of a Risk Intelligence program21 U.S. contacts
As used in this document, “Deloitte” means Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Tax LLP and Deloitte Financial Advisory Services LLP,which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLPand its subsidiaries.
Part one: The people side of Risk Intelligence
The intersection of talent and risk
Are these and similar concerns talent management issues,or are they risk management issues? Clearly, they’re both — and leaders need to treat them that way.Key characteristics of an organization that is truly RiskIntelligent will include a multifaceted consideration oftalent built into its overall enterprise risk managementprogram, a healthy appreciation of risk incorporated intoits total talent management efforts, and an understandingthat many significant enterprise risks have their roots inareas that have traditionally been considered talent’sexclusive domain. Led by the board and senior executives,such a Risk Intelligent Enterprise is one where boards,executives, and staff:Risk. Talent. In today’s volatile, fast-paced, skills-strapped• Understand the many complex ways in which talent andeconomy, each of these issues has earned a permanent risk interact — and the impact on the organization’sslot on board and executive agendas. What’s less often ability to pursue and achieve its strategic goalsrecognized is that talent and risk, in many ways, are not• Appreciate and address the risks that arise from anseparate issues at all, but intimately connected in ways that organization’s talent — and deploy the appropriatecan profoundly influence an organization’s ability to create talent needed to effectively manage riskand protect enterprise value. Imagine what would happen if• Expect the talent and risk management groups to workyour business had to face the following situations: with each other and with stakeholders throughout theenterprise to effectively manage issues related to talent• You’ve finally found the perfect new CEO: experienced,and riskdynamic, and committed to the business for the longterm. Then, suddenly, they unexpectedly die. How can In a world where both risk and talent play such a large partyou find a suitable replacement at a moment’s notice, in creating enterprise value, no Risk Intelligence programand under very public circumstances? is complete until leaders understand and appropriately• Your business urgently needs to shore up its financials,address the challenges and opportunities at the intersectionand quickly. What can you do to motivate your of these two domains.executives and managers to go all out without drivingthem to misreport results in a desperate bid to maketheir targets?• The long-feared flu pandemic has struck. How do youcontrol its spread among your employees, and how willyou run your business and serve your customers, if needbe, with a fraction of your normal labor force?
2
Two sides of the same coin
Almost all companies today maintain a dedicated team of It’s up to boards and the senior management team toprofessionals to manage talent. Many also employ at least help the organization bring both the risk and the talentsome full-time professionals to manage risk. But we knowperspectives together into a cohesive whole. One way tovery few companies that systematically encourage their begin would be to establish an ongoing dialogue betweentalent managers and their risk managers to work with each your talent and risk people. Sit them down with each otherother in collaborative pursuit of the organi ti ’ broader to discuss the ways in which talent and risk affect eachza on sgoals. And that’s a problem, because an inclusive view of other. Have them identify potential concerns that warrantthe connections between talent and risk can yield insights a closer look. Ask them what should be done about each.that can drive competitive advantage in both areas. And connect them with other groups in the organization— functional and business-unit stakeholders — that mustConsider talent management professionals’ typical view contribute to any solution.of their job. Their stated responsibility is to find, keep,and motivate the talent the company needs to run the Risk touches virtually every aspect of talent management,business — not, on the face of it, to manage risk. Yet and talent touches virtually every aspect of riskthat’s just what they must do if they are to manage management. The typical enterprise often misses thetalent effectively. In a sense, talent management’s entire connection between the two. A Risk Intelligent Enterprisecore mission is to reduce the risk ofnot having the right integrates both perspectives to manage their combinedtalent to as near zero as possible. In addition, there’s the impact in a way that effectively drives enterprise value.perennial need to address the spectrum of risks inherent inany employer-employee relationship: poor performance,fraud, and employee health and safety, just to name a few.Aligning talent throughout the Risk IntelligentAll of these issues need to be considered to manage talentEnterpriseeffectively, and not even the most conscientious talentWe believe that the concept of the Risk Intelligentmanagers can do it alone.Enterprise™ has much to offer leaders as they striveRisk mana e r theirto appropriately integrate their organizations’ talentgrsf,f efropart, come at their job from a and risk management efforts. According to the Riskchoelmpletely dienots uarnegs lew. Their stated responsibility is to Intelligent Enterprise framework (Figure 1), effectiveon pt haeli fganc rei sokf eitx, pto managite ht aolregnat.n iYzeatt itohna ts’tsr jautsetg yw h—a t not, risk management depends on three key components:they need to do if they are to manage risk effectively. For• Riskgovernance, including strategic decisionone thing, certain risk management responsibilities needmaking and risk oversight, led by the board ofhighly skilled, specialized professionals to carry them outdirectors— professionals who seem to be getting harder to find and• Riskinfrastructure and management, includingto keep. Furthermore, a great deal of organization risk hasdesigning, implementing, and maintainingits roots in factors related to people: how they think, whatan effective risk program, led by executivethey do, the principles they hold, the norms they follow.managementAll of these issues need to be considered to manage risk• Riskownership, including identifying, measuring,effectively, and not even the most capable risk managersmonitoring, and reporting on specific risks, led bycan do it alone.the business units and functions
The people side of Risk IntelligenceAligning talent and risk management 3
Figure 1. The Risk Intelligent Enterprise framework
Risk Ownership
4
Risk GovernanceOversightTone at the top
Common RiskInfrastructurePeople Process Technology
Executive Management
Risk ProcessDesign, Monitor,Identi Assess & Integrate Respond Implement & Assure &RisksfyEvRailsukasteRiskstoRisksTestControlsEscalateRisk ClassesStrategy Operations/Governance & Planning Infrastructure Compliance Reporting
The board of directors, at the risk governance level,drives the integration of talent and risk managementdown through the infrastructure/management andownership layers across the entire organization. Asthose responsible for oversight and strategic guidance,the board sets the stage for how an organization treatstalent and risk in its entire sphere of activity:
• The board chooses the organization’s top executives,determines how to pay them, and specifies what theyneed to accomplish to meet shareholders’ expectations all decisions that have profound consequences for—risk.• The board is the ultimate wellspring of an enterprise’scultural and ethical climate. It approves thecompany’s formal code of conduct. It also holdsexecutives to certain standards and expects them topush out those standards to the entire organization.• By their own character and actions, board membersset the example that, for good or for ill, the rest ofthe enterprise usually follows.A Risk Intelligent board maintains diligent oversight ofthe enterprise’s treatment of talent and risk, both asdistinct entities and in relation to each other. It maydesignate a particular senior executive, perhaps theChief Risk Officer or Chief Talent Officer, as its liaisonwith the C-Suite on talent and risk issues; it may holdperiodic “deep dives” with key senior executives onthe subject. The board should also review people andtalent issues as part of the strategic planning process,expecting management to address talent factors in theirbusiness and risk plans as thoroughly as they addressissues around any other critical resource.Executive management, at the risk infrastructure level, isresponsible for creating and maintaining the operational“machinery” through which the organization managesboth risk and talent. Executives direct the creation and
oversee the deployment of risk and talent managementprocesses. They deploy effective technology to supportall of the organization’s risk and talent managementactivities. And they put the right talent in place to runthe technology and carry out the processes, helping theorganization choose appropriately skilled people andtraining them to effectively fulfill their roles.
Finally, the risk ownership level includes everyone in theorganization, across all functions and business units.Many organizations believe risk management is handledby specific functions, such as compliance and internalaudit. But risk ownership doesn’t end — or even start— with them. Virtually everyone, from the CEO downto the newest temporary employee, is likely to havesome kind of risk ownership responsibility, whetherit’s carrying out an internal control, documentinginformation needed for risk management, or simplylocking the office door at night.Effective risk ownership depends on everyoneunderstanding what their risk-related responsibilitiesare, knowing how to carry them out, and havingrecourse to appropriate guidance if and when the“standard” risk management processes break down. Thechallenge of educating employees about their individualresponsibilities, in a way that is focused and relevant toeach person’s specific role, can be enormous — but it’sone that an enterprise must overcome to behave as atruly Risk Intelligent Enterprise, day after day, and underthe near-infinite range of possibilities that may arise intoday’s environment.It is incumbent on boards and executives to understandtheir roles in driving a Risk Intelligent approach to talentthroughout the enterprise and to bring a broad strategicperspective to addressing the risk and talent issues thatcan affect the pursuit of value.
The people side of Risk IntelligenceAligning talent and risk management 5
Effective risk ownershipdepends on everyoneunderstanding what their risk-related responsibilities are, knowing how to carrythem out, and havingrecourse to appropriateguidance if and when the“standard” risk management processes break down.
Part two: Managing the risks of talent management
Succession planning and criticaltalent needs
Who’s minding the store?Having enough of the right people to operate effectivelyis a fundamental business need that no organization canafford to ignore. The size, scope, and intricacy of thischallenge, especially in recent years, have transformed thefield of talent management from a little-known adjunct ofhuman resources (HR) to a sophisticated discipline in itsown right.We think that viewing the issue through the lens of RiskIntelligence can offer valuable additional insights on thisall-important matter. Risk Intelligent leaders take the timeto think through what talent risks could arise at all levels ofthe enterprise, from the board to executive managementto risk owners throughout the organization.Among boards, one of the unfortunate lapses we see isthe lack of contingency plans for the sudden loss of theCEO or another key executive. The usual assumption of agradual, orderly transition doe ’t always hold in real life; asnRisk Intelligent board will always have a Plan B (and possiblyPlans C, D, or more) in case something goes wrong.Executives, for their part, are responsible for musteringthe right talent to run the business on an enterprise-wide scale. A focus on the future as well as the presentis essential, as is a healthy appreciation of the ways thatplanned and unplanned changes in the business andin the environment can affect the organization’s talentrequirements. We encourage executives to take advantageof the sophisticated workforce planning and optimizationtechniques available today to align the workforcewith current and projected business needs. The use ofworkforce analytics (see sidebar at right, “Analyze this”)can bring data-driven rigor and insights to what mightotherwise seem to be a speculative exercise.At the level of the individual employee, managers inall roles need to think carefully about the risks involvedin hiring and supervising people. Keep in mind that anemployee brings more than their knowledge, skills, andabilities to an organization; they also represent a uniquecombination of personality, character, and motivationaltraits that should be considered on an equal basis whenmaking a hiring decision (see sidebar, “The complete talentequation,” page 11).8
We encourage leaders to consider building talent into theorganization’s enterprise risk management program as akey risk area. Compared with leaders who see talent strictlyas an HR department issue, boards and executives whoexplicitly embed talent into their risk management processestend, in our experience, to make more thoughtful, moreproactive, and hence more effective investments in talent.Why? Because they understand that achieving the desiredresults hinges as much on an organization’s talent as onanything else — and they know that getting the right talentisn’t a simple, mechanical exercise that just “happens.”Analyze thisA growing number of companies are embracingworkforce analytics as a powerful talent managementtool. Workforce analytics applies advanced statisticaltechniques to workforce and demographic data to helpuncover and alert leaders to possible talent challenges(such as a high likelihood of voluntary turnover) withrespect to both key individuals and the workforce ingeneral. As such, this technique can be an invaluable aidto both workforce planning and talent management.Beyond its role in talent management, however,workforce analytics can offer insights into employee-related risk inany area, provided that risk correlatesat least somewhat with employees’ demographic,personal, and workplace information. The samestatistical tools that can tell leaders that employeeswith longer commutes are the most likely to leave thecompany, for example, can also reveal which employeepopulations tend to be more susceptible to risk eventssuch as absenteeism, accidents, or fraud. Leaders canthen use this information to focus their resources onprograms and workforce populations where their effortscan have the greatest impact on these events; in fact,the emerging subdiscipline of safety analytics concernsitself specifically with applying workforce analytics toemployee health and safety issues.We have seen few companies that have even begun totap the potential of using workforce analytics to identifyleading indicators of employee-related risk. Until thepractice becomes widespread, using workforce analyticscan be one of an organization’s most distinctive sourcesof competitive advantage.
Rewards, compensation, andincentives
Risk Intelligent rewardsRisk Intelligence should play into the design of non-Incentive plans are intended to shape employee behavior monetary rewards as well. Take something as seeminglyand can be extremely powerful motivators. That’s why it’s far afield from risk as advancement and career paths, forwise to think very carefully about exactly what it is you’re example. It’s well known that the prospect of advancementreally paying your people to do. powerfully motivates many people. What will thosepeople do if your organization doesn’t offer them enoughYou may think you’re paying your salespeople to boost legitimate ways to rise? Will they seek illegitimate waysmarket share. Actually, you may be encouraging them to to rise instead — ways that may involve anything fromoffer new clients deep discounts, which can eat into profitssniping and backstabbing to outright legal misconduct? Oreven though they increase volume. will they simply walk out the door, perhaps to offer theirtalents, not to mention your investment in their trainingYou may think you’re paying your division heads to and development, to a competitor?improve operating efficiency by controlling costs andincreasing margins. Instead, you may be motivating them What distinguishes the Risk Intelligent Enterprise is thatto cut R&D and other investments for the future to achieve leaders recognize that risk needs to inform rewards forshort-term results at the expense of long-term growth. everyone — from the senior levels of executive managementto the call center and the shop floor. Every employee plays aYou may think you’re paying your top executives to drive part in managing risk. So should every employee’s rewards.global expansion. In reality, you may be rewarding them formaking dilutive acquisitions, investing in unstable politicalregimes, or taking other actions that put the organizationat unacceptable risk.Unintended consequences like these can often seem obviousin hindsight. To be effective in using rewards to support RiskIntelligence, however, leaders need to identify the potentialfor such issuesahead of time and design compensation,incentive, and engagement programs that keep the risk ofundesirable outcomes to a manageable level.Of course, you can’t expect, or even try, to eliminate all riskcreated by incentive plans — otherwise, your incentives willprobably fail to spur the behavior needed to help achieveyour corporate goals. But you d be remiss if you didn’t at’least consider what risks may arise and what the possibleconsequences might be. Once you have a firm grasp of therisks, you can make an informed decision whether or notthey’re worth the potential payoff and, if they are, developproper countermeasures to control them.1
1 On December 16, 2009, the U.S. Securities and Exchange Commission finalized amended proxy rules that require all public companies to disclosethe extent to which compensation policies are likely to create risk that is material to the company.The people side of Risk IntelligenceAligning talent and risk management 9
© 2010-2024 YouScribe