HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE PRESENTED AT ANNUAL CONFERENCE FOR INSTITUTE OF PEOPLE MANAGEMENT HELD AT NKOPOLA LODGE 26TH TO 28TH OCTOBER 2017

Presentation outline The presentation will cover: Overview of Human Resources Management Human Resources Management governance Human Resources Management risk management Human Resources Management compliance with its regulatory framework Conclusion

Overview of Human Resources Management This is the specialist function of management which has prime responsibility for: Formulating, proposing and gaining acceptance for personnel policies and strategies of the organization, Advising and guiding the organization’s managers on the implementation of personnel policies and strategies

Cont’d Providing personnel services for the organizations to facilitate the recruitment, motivation and development of sufficient and suitable employees at all levels, Advising the organization’s managers on the human resources consequences of change.

Major Components of Human Resources Management Human resources Planning responsible for job analysis and designing of organizational structures; formulation of HR regulatory frameworks and many more. Human resources Development responsible for analysis of knowledge and skills levels; assessing credibility of training programmes and institutions and many more, Human resources management services responsible for implementing human resources regulatory frameworks including counselling and many more.

Human Resources Governance Governance is defined by Institute of Internal Auditors as “The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives “. In summary this means how the organization is directed and controlled to achieve its objectives.

Human Resources Direction Services of human resources will be directed by: Human resources management laws, Human Resources Management policies, Human Resources Rules, Regulations and Procedures, Human Resources Instructions and training, Human Resources Management plans and targets and many more others.

Human Resources Management Control The control is the implementation of the provisions in the Direction and the spirit of correcting divergences from the direction. This is done through the structures and related distribution of authority and power as defined in the regulatory framework of the organization. Control environment has significant role to play for the organization to realize its maximum potential.

Control Model There are several control models but the frequently used model is COSO Control Model. This model has five levels as follows: Control environment Risk assessment Control activities Information and communication Monitoring and evaluation

Why is governance necessary in human resources management? For the Board and management to make strategic and operational decisions For the Board and management to oversee risk management and control of the organization, For promoting appropriate ethics and values within the organization, To ensure effective organizational performance management and accountability

Cont’d To promote communication of risks and control information to appropriate areas of the organization, To coordinate the activities of, and communication of information among the Board, external and internal auditors, other assurance providers and management.

Human Resources Risk management Risk The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Risk Management A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives.

Cont’d Risk Appetite The level of risk that an organization is willing to accept. This assists in setting up minimum tolerable behaviours above which disciplinary action can start. Establishment of any control in an organization comes from: Well defined objectives to be pursued,

Cont’d Well assessed risks that can impact the achievement of the defined objectives. Design controls that can mitigate the risks to bring them down to tolerable levels. This can be presented in a cycle form: Objective Setting Control Activities Risk Assessment

Cont’d Take note that controls are set up to mitigate particular risks. In this case, controls can never be established from vacuum. Other factors to note are: Risk begins with strategic and objective setting. This means that an organization is in business to achieve particular strategies and objectives and risks represent barriers to successfully achieve those objectives.

Cont’d Risk does not represent a single point of estimate rather it represents a range of possible outcomes. Risks may relate to preventing bad things from happening. While many risks do in fact present a threat to the organization, failure to achieve positive outcomes may also a barrier to achievement of objectives is also a risk. Risks are inherent in all aspects of life.

What is Risk Management Risk Management is the name given to a logical and systematic method of identifying, analyzing, treating and monitoring the risks involved in any activity or process also is referred to as: Good management practice Process steps that enable improvement in decision making A logical and systematic approach Identifying opportunities Avoiding or minimising losses treating and monitoring the risks involved in any activity o

Risk Management process Establish the Context. The strategic and organizational context in which risk management will take place, for example, the nature of your business, the risks inherent in your business and your priorities. Identify the risks. Defining types of risk, for instance, ‘Strategic’ risks to the goals and objectives of the organization. Identifying the stakeholders, (i.e., who is involved or affected). Past events, future developments.

Cont’d Analyze the risks. How likely is the risk event to happen? (Probability and frequency?)What would be the impact, cost or consequences of that event occurring? (Economic, political, social?) Evaluate the risks. Rank the risks according to management priorities, by risk category and rated by likelihood and possible cost or consequence. Determine inherent levels of risk.

Cont’d Treat the risks. Develop and implement a plan with specific counter-measures to address the identified risks. Consider: Priorities (Strategic and operational) Resources (human, financial and technical) Risk acceptance, (i.e., low risks) Document your risk management plan and describe the reasons behind selecting the risk and for the treatment chosen. Record allocated responsibilities, monitoring or evaluation processes, and assumptions on residual risk.

Cont’d Monitor and review. In identifying, prioritizing and treating risks, organizations make assumptions and decisions based on situations that are subject to change, (e.g., the business environment, trading patterns, or government policies). Risk Managers must monitor activities and processes to determine the accuracy of planning assumptions and the effectiveness of the measures taken to treat the risk. Methods can include data evaluation, audit, compliance measurement.

Cont’d Communication & consultation. ‘Risk’ is dynamic and subject to constant change, so the process requires continuous monitoring & review and communication & consulting.

Compliance Is defined as adherence to regulatory framework to which the organization is subject. Others define compliance as effective control to achieve organization’s set strategies and objectives for which the organization is set up to attain and achieve. Effective control is about: Establishing standards of performance, Measuring performance, Comparing actual results against standards Take corrective actions where required.

Cont’d Effective control comprise of: Directive controls to ensure that there is a clear direction and drive towards achieving stated objectives. Preventive controls to ensure the systems work in the first place. Detective controls to pick up transactional errors that have not been prevented. Corrective controls to ensure that where problems are identified, they are properly dealt with.

Cont’d The four control types will assist HR to address four other questions in performance and the questions are: How do we get the right culture and drive to ensure these risks are appreciated and anticipated? How do we install specific measures to prevent the risks that we now understand? How can we find out if despite our best efforts things are still going wrong? How can we plan in advance to address problems that we detect particularly when they represent significant risk to our business?

Cont’d Any committed HR manager will not watch and tolerate any issues of non compliance with any provisions of the organization. It is for this reason that corrective controls become the only sure way of bringing situations back to normal or original state,.

Conclusion Human capital is the most critical tool for converting any resources into outputs and outcomes. Effective use of Human Capital demands proper definition of strategies and objectives and communicate to all stakeholders. There is need for defining the risks that may hinder achievement of the objectives and provide for mitigating measures to counter-act on the risks for the purpose to be realized. Finally, efforts to compare practice and regulatory framework should provide closer monitoring and review of performance of the organization.

Closing the presentation Thank you for your attention and may the Almighty God look after you all as the program progresses. Thank you