Resource Centre

• Resource Centre Home
• HR Management Standards
• HR Toolkit
  • HR Toolkit Home
    • Overview
    • About the HR Toolkit
  • HR Planning
    • Overview
    • Strategic HR Planning
    • Operational HR Planning
    • Succession Planning
    • Risk Management in HR
    • The Board's Role in HR
  • HR Policies & Employment Legislation
    • Overview
    • Developing HR Policies
    • Sample Policies on Common HR Topics
    • Employment Legislation & Standards
    • Human Rights Legislation
    • Health & Safety Legislation
    • HR in a Unionized Workplace
    • Leaves of Absence
  • Getting the Right People
    • Overview
    • Laying the Groundwork
    • Job Descriptions
    • Recruitment
    • Selection & Hiring
    • Hiring an Executive Director
    • Orientation
    • Non-standard Employment
  • Keeping the Right People
    • Overview
    • Employee Engagement & Retention
    • Employee Recognition
    • Performance Management
    • Supervision
    • Discipline
    • Employment Termination
    • Exit Interviews
  • Compensation & Benefits
    • Overview
    • Compensation Systems: Design and Goals
    • Wages and Salaries
    • Salary Surveys
    • Statutory Benefits
    • Employee Benefits
  • Diversity at Work
    • Overview
    • Legislation and Policies
    • Supporting Employees With Disabilities
    • Supporting Employees From Different Cultural Backgrounds
    • Supporting Employees From the GLBTQ Community
    • Generational Differences in the Workplace
    • Gender Equity
  • Workplaces That Work
    • Overview
    • Conflict at Work
    • Effective Meetings
    • Flexible Work Arrangements
    • Interpersonal Communication
    • Productive Work Teams
    • Staff-Volunteer Relations
    • Workplace Wellness
    • Workplaces that Work -
      Case Study Series
  • Learning, Training & Development
    • Overview
    • Factors Affecting Working & Learning
    • Getting Your Organization Ready for Employee Training & Development
    • Understanding the Employee as an Adult Learner
    • Implementing an Employee Training & Development Program
  • Resources & Downloads
    • Overview
    • Resource Overview
    • Links
• ACCESS
• Shared HR Services Framework

Home » Resource Centre » HR Toolkit » HR Planning » Risk Management in HR

HR Planning

Risk Management in HR

The only sure way to avoid risk in nonprofits would be to lock the doors and put up a closed sign in the window. Risks are inevitable and organizations have a moral and legal obligation to attend to the safety and well-being of those they serve, those who work for them and others who come into contact with their operations. This is known as "Duty of Care."

Organizations need to look at all the risks throughout their entire operation and incorporate risk management into all planning and decision-making. However, the specific focus of this section is risk management as it applies to HR activities.

In this Section: Applying risk management to HR The risk management process Who is involved in the risk management process?

Applying risk management to HR

When developing a risk management plan for your HR activities, there are a number of areas to focus on. This general list will get you started but it is very important that all organizations identify and evaluate the risks unique to their own organization.

HR Activity	Potential Risk	Potential considerations
Compensation and benefits	Financial abuse	Who has signing authority? How many signatures are required? Are there checks and balances?
Hiring	Discriminatory practices Hiring unsuitable or unsafe candidates "Wrongful" hiring	Was a complete screening completed on potential applicants? Were provincial human rights laws observed? Is there a set probationary period? Were promises made to the candidate that cannot be honored? Did the employee sign off on the policies and contract of employment before being hired?
Occupational Health and Safety	Environmental Personal injury or death	Do we provide safe working conditions and do we conduct safety checks regularly? Do we provide adequate training for staff? Do we ensure the use of appropriate clothing and safety equipment? Do we have adequate policies, procedures, and committee in place?
Employee supervision	Abuse Reputation in the community Release of personal information	Do we provide sufficient orientation and training? Do we provide adequate supervision (especially for activities that occur off-site or after hours)? Do we have a performance management system in place? Are personal information protection guidelines followed?
Employee conduct	Abuse Reputation in the community	Do we have clearly written position descriptions for all positions? Do we follow up when the parameters of the job description are not respected? Do we provide thorough orientation and training? Do we provide an employee handbook? Do we have comprehensive policies and procedures? Do we provide ongoing training about our policies and procedures? Do we retain written records of performance issues? Do we ensure that organizational valuables are secure? Do we have cash management procedures? Do we have adequate harassment policies and procedures?
Exiting employee	Property Reputation in the community Compensation	Do we retrieve organizational information and equipment that a dismissed employee used (especially from home)? Do we ensure that all access codes, passwords, etc are de-activated? Do we conduct an exit interview? Do we record lieu time and vacation balances?

There is a connection between risk management and liability. Therefore, it is very important to obtain legal advice about your risk management plan.

---

The risk management process

Risk management is a cycle. That means that it is not something that gets checked off a "to do" list but it is a continuous activity. Having a risk management process means that your organization knows and understands the risks to which you are exposed. It also means that your organization has deliberately evaluated the risks and has strategies in place to remove the risk altogether, reduce the likelihood of the risk happening or minimize harm in the event that something happens.

At a very basic level, risk management focuses you on two fundamental questions:

1. What can go wrong?
2. What will we do to prevent the harm from occurring in the first place and in response to the harm or loss if it actually happens?

 

Identify the risks

• The very first step is to identify the risks. Ask yourself what can go wrong. Every activity of an organization poses a risk so brainstorm and document the risks.

• Consider both the general risks (that could happen to any organization) and the risks specific to your organization.

• Risks can be:
  • Abuse that is either one-time or ongoing (physical, emotional, psychosocial, sexual, financial)
  • Personal injury
  • Medical
  • Environmental
  • Property
  • Financial
  • Reputation/goodwill
  • Other

Involving staff, volunteers, board members in the risk identification process will give you a comprehensive picture of the risks based on different people's involvement in different areas of the organization. You may also wish to engage the services and opinions of an accountant or a lawyer.

Assess the risks

• If you have done a thorough job of identifying risks, you may end up with a long (and overwhelming) list.

• The next step is to assess each of the risks based on the (1) likelihood or frequency of the risk occurring and (2) the severity of the consequences.

• Using a risk map to plot the likelihood of occurrence and the severity of the consequences will help you prioritize your next steps.

 

Blank Risk Map (PDF 25KB) Completed Sample Risk Map (PDF 21KB)

 

Develop strategies for managing risks

• Consider the most appropriate risk management strategies for each identified risk:

  Avoidance - Stop providing the service or doing the activity because it is too risky.

  Acceptance - Some risky activities are central to the mission of an organization and an organization will choose to accept the risks.

  Modification - Change the activity to reduce the likelihood of the risk occurring or reduce the severity of the consequences. Policies and procedures are an important part of this risk management strategy because they communicate expectations and define boundaries. Learn more about writing policies and procedures.

  Transfer or sharing - Purchase insurance or transfer the risk to another organization through signing a contractual agreement. with other organizations to share the risk (for example, having a contractual agreement with a bus company to transport clients rather than staff driving clients).

 

Implement

When you have decided which risk management strategies will be the most effective and affordable for your organization, practically outline the steps and who is responsible for each step in the risk management plan.

Communicate the plan and ensure that there is buy-in from all who are involved in the organization (staff, volunteers, clients, other relevant stakeholders).

Provide training for all organizational staff and volunteers so they understand the rationale of the risk management plan as well as the expectations, procedures, forms, etc.

 

Monitor

Consider the following questions and document any changes to the plan:

• Is your plan working?

• Have your risks changed?

• Have you expanded or reduced your programs and services?

• Are changes or updates required?

• Are staff and volunteers following the risk management plan?

• Do they need re-training on the details?

• Do we need to better communicate the plan?

 

Risk management is an evolving field. Therefore, it is a good practice to keep current and re-evaluate your organization's risk management system on an annual basis.

---

Who is involved in the risk management process?

Risk management is a large and important undertaking. There must be commitment from the board to commit the financial and human resources. In larger organizations, a risk management committee, team or department may be formed to handle the risk management process. In smaller and medium sized organization, the responsibility for developing and implementing a risk management process will likely fall on the executive director. However, paid staff, volunteers - and potentially clients and other stakeholders - will be very helpful partners in identifying risks and developing effective strategies to deal with the risks. Once the risk management process is in place, e veryone in the organization has a role to play from identifying risks to following policies and procedures to completing forms and reports.

 

Big Brothers Big Sisters of Canada Risk Management Handbook Online risk management tutorial for non-profits Government of Canada fact sheet: The Application of the Personal Information Protection and Electronic Documents Act to Charitable and Non-Profit Organizations Association of Fundraising Professional's guide to PIPEDA Insurance Toolkit for the Voluntary Sector Insurance Bureau of Canada website

 

Next Section: The Board's Role in HR