Building a Good Risk Management Policy

Organizations need to provide a safe working place to their employees. Taking care of the wellbeing of their employees is a legally enforceable duty. Risks are inherent in many activities of any organization. A company requires a sound risk management process to de-risk itself.

A good risk management policy begins with the identification of risks. Once the risks are understood a proper plan to address them can be devised.

Some of the examples of HR activities and the risk associated with them are:  in the area of compensation and benefits, the risk is financial abuse. Whether employees are getting wages as stipulated by law. Whether benefits like maternity leave and disability pay are being given to the employees. The risk of hiring practices is discriminatory hiring.  If candidates are turned down simply on the basis of age, gender and religion, it is a potential risk for the company.  Any promises made at the time of hiring that were not fulfilled afterwards also leads to potential risk. Occupational health and safety is another area of risk. Risks associated with this area are personal injury, occupational diseases and death of employees.  Sexual, physical and emotional abuse are emerging as the most potent risks that need to be tackled in workplaces.

Once the risks are identified, the next step would be to gauge the likelihood of occurrence of these risks and the evaluation of how serious the result would be. The process of managing the risks can be started after that.

The risk management strategies basically are risk avoidance, risk acceptance, risk modification and risk transfer. A good risk management plan would make use of any or all of these depending upon their suitability. Risk avoidance is avoiding all such activities that are risky. This may not be possible always. Risk acceptance is complementary to avoidance. An organization may not be inclined to avoid risky activities because they are the core of the organization. It, therefore, accepts the risk and its fallout. At times it is possible to modify some of the risky activities and so the risk is minimized by such modification. Risk transfer is a device by which organizations transfer the risk to another entity, for example, by appropriate insurance such as employer liability cover.

The plan would also have a strategy to deal with complaints redressal.

Once the most appropriate and cost-effective strategies are chosen, the stepwise plan would take shape. Each step’s responsibility will be taken by designated persons. It is necessary that the plan is communicated to all stakeholders by conducting training or workshops.

Proper monitoring of the plan is equally important to ascertain whether the plan is working well and also whether there are any changes in the risks.

Lastly, risk management is a very serious undertaking. It is imperative that the board of an organization shows commitment to it and assigns the requisite financial and manpower resources to make it workable and successful.

Comments are closed.