Even when you proactively anticipate all the people risks that have the potential to impact your workplace, it’s easy to convince yourself there is no risk to you — that it will never happen here.
You may think no one at your workplace will harass anyone, no one will sue you over an honest mistake made in administering workers’ comp, no one will accidentally cause a data breach, or no one will ever bring a weapon to the office. You might think managing people risk is extremely time consuming and not worth the effort. Rationalizations like this may lead you to believe you don’t need to do anything to prevent these risks.
However, these risks are very real and can happen anywhere, at any time. It’s imperative you cover all of your bases, and it’s actually very straightforward, especially if you have a partner on your side.
Ideally, you will integrate people risk management (PRM) with your business practices so it’s not something extra to do; it’s a way of doing things you already do. PRM can be a lens through which you look through when evaluating your policies, procedures, and other aspects of how you run your company.
Acknowledging and Preventing Risk: A Four-Step Plan
When you are anticipating risk, you are thinking about what might happen. Then you need to look at what you should do when something actually happens and it’s time to acknowledge the risk.
Maybe a law passes or regulation is finalized, you realize your pay policies are not in compliance with the law, or an employee informs you they have been prescribed medical marijuana but you have a very strict drug use policy. What tools to do you have to deal with that?
Once you acknowledge the risks inherent in these issues, there are four steps to putting a plan of action into place to prevent the risks from causing damage to your company’s bottom line, its reputation, or to its level of employee engagement:
Understand when and how the risk will impact you. If it’s a law or regulation, when does it go into effect? Is it an ongoing issue or something that can be addressed and then set aside? What are the potential penalties or pitfalls presented by the risk?
Determine the best course of action. Does the situation require simple changes to operations or a more complicated approach? Where do changes need to be implemented — in handbook policy updates, procedural documentation, or new training programs?
Craft communication strategies around the risk. Who needs to know what, and how much information should be given to people at each level? What information should be held back to preserve confidentiality? What information is only relevant to a handful of people (such as when an OSHA report is due) and what information is relevant to everyone (such as who needs sexual harassment training in your state)?
Decide what change management activities are required to get buy-in. It’s one thing to decide to do something but getting people ready to embrace the change is another thing. If change management is good, then the changes will take hold, the implementation will be smooth, and the risks will be lower.
by Larry Dunivan, CEO ThinkHR
Originally posted on ThinkHR.com