Even when you proac­tive­ly antic­i­pate all the peo­ple risks that have the poten­tial to impact your work­place, it’s easy to con­vince your­self there is no risk to youthat it will nev­er hap­pen here.

You may think no one at your work­place will harass any­one, no one will sue you over an hon­est mis­take made in admin­is­ter­ing work­ers’ comp, no one will acci­den­tal­ly cause a data breach, or no one will ever bring a weapon to the office. You might think man­ag­ing peo­ple risk is extreme­ly time con­sum­ing and not worth the effort. Ratio­nal­iza­tions like this may lead you to believe you don’t need to do any­thing to pre­vent these risks.

How­ev­er, these risks are very real and can hap­pen any­where, at any time. It’s imper­a­tive you cov­er all of your bases, and it’s actu­al­ly very straight­for­ward, espe­cial­ly if you have a part­ner on your side.

Ide­al­ly, you will inte­grate peo­ple risk man­age­ment (PRM) with your busi­ness prac­tices so it’s not some­thing extra to do; it’s a way of doing things you already do. PRM can be a lens through which you look through when eval­u­at­ing your poli­cies, pro­ce­dures, and oth­er aspects of how you run your company.

Acknowledging and Preventing Risk: A Four-Step Plan

When you are antic­i­pat­ing risk, you are think­ing about what might hap­pen. Then you need to look at what you should do when some­thing actu­al­ly hap­pens and it’s time to acknowl­edge the risk.

Maybe a law pass­es or reg­u­la­tion is final­ized, you real­ize your pay poli­cies are not in com­pli­ance with the law, or an employ­ee informs you they have been pre­scribed med­ical mar­i­jua­na but you have a very strict drug use pol­i­cy. What tools to do you have to deal with that?

Once you acknowl­edge the risks inher­ent in these issues, there are four steps to putting a plan of action into place to pre­vent the risks from caus­ing dam­age to your company’s bot­tom line, its rep­u­ta­tion, or to its lev­el of employ­ee engagement:

  1. Under­stand when and how the risk will impact you. If it’s a law or reg­u­la­tion, when does it go into effect? Is it an ongo­ing issue or some­thing that can be addressed and then set aside? What are the poten­tial penal­ties or pit­falls pre­sent­ed by the risk?
  2. Deter­mine the best course of action. Does the sit­u­a­tion require sim­ple changes to oper­a­tions or a more com­pli­cat­ed approach? Where do changes need to be imple­ment­ed — in hand­book pol­i­cy updates, pro­ce­dur­al doc­u­men­ta­tion, or new train­ing programs?
  3. Craft com­mu­ni­ca­tion strate­gies around the risk. Who needs to know what, and how much infor­ma­tion should be giv­en to peo­ple at each lev­el? What infor­ma­tion should be held back to pre­serve con­fi­den­tial­i­ty? What infor­ma­tion is only rel­e­vant to a hand­ful of peo­ple (such as when an OSHA report is due) and what infor­ma­tion is rel­e­vant to every­one (such as who needs sex­u­al harass­ment train­ing in your state)?
  4. Decide what change man­age­ment activ­i­ties are required to get buy-in. It’s one thing to decide to do some­thing but get­ting peo­ple ready to embrace the change is anoth­er thing. If change man­age­ment is good, then the changes will take hold, the imple­men­ta­tion will be smooth, and the risks will be lower.



by Lar­ry Duni­van, CEO of ThinkHR
Orig­i­nal­ly post­ed on ThinkHR.com