What is HR risk assessment?

Every organization carries some degree of risk. Like Ethena’s CEO, Roxanne Petraeus, has said in the past: it’s not about preventing misconduct, it’s about anticipating and preparing for when it inevitably happens. For HR teams, this means dealing with the risks that come with the people employed by an organization – hiring, management, and general employee behavior are all risk areas that fall under the HR umbrella.

HR risk assessment, then, is about taking the unique makeup of your organization and evaluating its level of risk, often through considering potential scenarios that could occur. With these potential scenarios in mind, it involves making a proactive plan for how to mitigate and address these risks as they arise. Ideally, regular HR risk assessments prepare an organization with solutions and even prevent issues before they arise.

However, it’s not as simple as it seems on the surface, and there’s more than one way to approach the different types of risk an HR team needs to deal with in the lifetime of an organization:

4 common HR risk management strategies

Depending on the situation, an HR team may take more than one approach to address an identified HR risk. These approaches can be distinguished into four HR risk management strategies:

  1. Avoiding the risk: Once you’ve identified the risk, you can advise your organization on how to steer clear of increasing it further.
  2. Retaining, or conceding the risk: Some things may actually be more risky, or more costly, to address directly, so you may consider accepting the risk rather than planning to avoid it.
  3. Containing and preventing losses: When identifying certain risks as inevitabilities, you’ll need to prepare for them and prevent additional losses as a result.
  4. Sharing or shifting blame: When appropriate, moving the risk to a third party can be an ideal option.

We’ll dive into more detail on how to manage HR risk as it arises, but first, let’s cover the major areas of risk that an HR team needs to be aware of.

What are the main HR compliance risk areas?

When considering where compliance risk can occur in an organization, there’s a lot of areas to keep an eye on. Here are the major areas where compliance risk can occur:

1. Employee Risk

This is probably the first thing you’ll think of when you hear the phrase “HR risks.” From the hiring process to employee turnover, the entire lifecycle of your workforce contains a multitude of compliance risks to take into consideration. You’ll want to consider a handful of factors here, including, but not limited to:

2. Data and Security

An organization needs to be trusted to handle the personal information of its employees safely and securely. (Same goes for the data of its customers.) Things like data privacy policies, as well as healthy, codified processes for handling sensitive information will help you minimize risk in this area.

3. Compliance

We’re talking about compliance risk assessment for a reason! HR teams need to be aware of the various compliance laws and regulations that apply to their business in order to keep their organization compliant and operating legally. If you don’t know where to start, we got you covered with our best practices checklist for easy HR compliance.

Keep in mind that compliance laws change, so you’ll want to set aside time to keep up to date with any upcoming changes, like Chicago’s updates to sexual harassment training requirements, or the new wage transparency laws in New York.

4. Ethics

Making sure your organization is operating ethically is a major element in preventing risk (and contributing to the overall financial success of your business). For HR teams, this starts with the hiring process – how is your team ensuring you’re hiring a fair and diverse workforce, and is daily work life at your company inclusive and equitable?

But ethics also extend to every area of the workplace:

  • How safe from harassment or discrimination is every employee?
  • How should we approach career development and advancement?
  • How do we approach pay equity?
  • How do we deal with unethical behavior in the workplace?

These are a sample of the number of questions you’ll likely be asking yourself here.

A screenshot from Ethena’s Anti-Bribery & Corruption course

Addressing ethical risk may include building and training on a robust Code of Conduct, Code of Ethics, or company values and mission, or it may manifest in the way you audit your organization to meet certain ethical standards.

5. Training

Training is a major tool HR teams can utilize to take on many of these risks head-on. Training to meet the appropriate compliance standards is a great place to start, and you’ll also want to be training in most of the areas we’ve already mentioned above, like Data Protection, Hiring and Interviewing, and Diversity, Equity and Inclusion, to name a few.

6. Benefits and Compensation

Having an equitable compensation and benefits structure is not only crucial for minimizing potential risks, it’s the right thing to do. There are plenty of benefits to using pay transparency as well. HR teams, working together with organizational leadership, can build a compensation and benefits structure that brings out the best in current employees, keeps them around, and makes an attractive opportunity for future hires.

Why does an HR risk assessment matter?

Assessing HR risk and building a plan to protect your organization and employees from risk is essential in a number of ways. In a common sense way of thinking, no one wants to be put at risk for potential fiscal, legal, or personal harm. But since risk management has a naturally pessimistic point of view, here are a few positives to proactively addressing potential risks in the workplace:

How to make an HR risk assessment

So, how do you go about making an assessment of a potential HR risk? Let’s say you’ve identified a possible risk to the organization. You’ll need to ask yourself a few questions to get started, like how large of an issue could morph into? What’s the likelihood that it will happen again? And what are the outcomes that could come out of addressing the issue in various ways?

Step one: assess the “value” of the risk

Honestly, we should be calling this “step two,” since step one would be identifying the HR risk initially. But once you’ve done that, you’ll want to qualify the risk in order to prioritize it correctly. This can be simplified in a number of ways, but we’ll focus on three places to start:

  • What is the likelihood that this risk will actually happen? Is it inevitable in the long run, a slight chance, or something guaranteed to happen this quarter? Think carefully about the organization’s goals over a long period of time; it can be easy to accept a fatal risk if it feels far away enough.
  • What is the potential cost of the risk? What losses could this risk cause? How much would it cost your organization if this risk actually occurs? When weighing this against the likelihood of the risk, you’ll begin to triangulate on the true weight, or value a risk may have as you consider how to address it.
  • Prioritize the long-term: if an organization has to choose between risks that could cost them a little in the short-term over ones that could cost them a lot more over time, we suggest you plan for the long-term.

HR teams need to be comfortable with some level of risk in order to make clear-headed suggestions for the organization. If you feel your team is a bit too risk-averse, it may spell major consequences for your organization in the future.

Step two: manage the risk

Once you’ve assessed the risk, you’re ready to get started. Depending on the type of risk, this process will look different – we’re not going to recommend using the same approach to employee terminations and data security gaps. However, it’s crucial to frame these approaches in a risk-reward mindset.

Using the information you’ve gathered in step one, compile a couple (or three, or more) options for how to solve the issue. Make sure you’re framing this quantitatively as well: how much money and time does each option cost us? From there, you can present these options to leadership and make an informed recommendation and decision for how to address the issue itself.

Step three: address risk early with top-tier training

While we’re on the subject of cost-benefit mindsets, you may want to consider your compliance training as a majorly beneficial first step to addressing risk. Ethena’s training platform provides the best compliance training out there, from Harassment Prevention, to Data Protection, to even a configurable Code of Conduct course.

But don’t just take our word for it. Read from a third-party research report on what makes best-in-class compliance training. Spoiler alert: we fit the bill.

How Ethena can help with your HR compliance risk assessment

If you’re investing in preventing risk in the long-term, Ethena’s training platform automates so much of the training process that it can save your HR teams weeks of time and effort every year. With helpful integrations and a smart delivery system, Ethena assigns and delivers employee-specific training to each employee, no matter where they’re training from, including reminders when someone falls behind.

A screenshot of Ethena’s admin dashboard on the training platform

Administrators using Ethena can set the training and let Ethena manage compliance training for them, and with completion and engagement metrics available on the front page of the admin dashboard, you can keep up to date with your training program with a glance.

Plus, Ethena’s training content is vibrant, accessible, and comes in a variety of formats (when’s the last time you listened to your training like a podcast, or learned something new about identity from a graphic novel?). And since training can be delivered directly to employees through their inboxes, Slack, or Zoom Team Chat in short, digestible sessions, employees can access great training content conveniently.

Ethena’s 80,000+ learners have given Ethena a 92% positivity rating (with over 1M positive customer ratings!), so you can rest assured that the training speaks for itself.

Curious about the kind of content that makes training effective? Try a sample training session. And if you’d like to know more about how Ethena can support your compliance efforts, let’s get in touch.