Is it time for HR to become 'Human Risk' specialists?


People Risk is the most vital component of modern day risk management and those organisations that are not good at this; or ignoring it, stand to be exploited by those who are. How much time and ...

Read More Risk Culture Builder
Add a comment

As HR leaders we have a responsibility to understand the drivers behind failures

Our recent history is marked by scandals. No sector, type or scale of firm is immune. From Hillsborough to the banking crisis, vehicle emissions to Jimmy Savile, the factors behind each are complex and the motivations different. But what they have in common is starting with human failings.

As HR leaders we have a responsibility to understand the drivers behind these failures. If we can apply insight from our professional disciplines we can provide our firms with the practices they need to remain agile in this increasingly risky world. Is it time to become ‘Human Risk’ specialists?

The media like to tell failure stories through the drama of ‘the bad apple’, ‘the lone wolf’ or ‘the fat cat executive’. But look at any corporate failure in depth and you will see a chain of events triggered by:

A ‘fuzzy’ culture: the rules of what it means to succeed are unclear. This lack of clarity is often driven by complexity. Sometimes too many rules, guides and processes obscure what matters. When our heads are full it’s difficult to make ‘good’ choices and notice when things are going wrong.

Leaders under pressure. Our expectations of senior leaders rise daily, against a backdrop of uncertain tenure and change. Our leaders play a critical role in championing a healthy risk appetite and cultural environment. The things they choose to encourage or sanction set the tone. Are they sufficiently equipped with the capacity and data to ask critical questions? In the face of ‘group think’ do they have the resilience and ethics to challenge?

Dark corners and broken windows. Every firm has its team or division where instances of poor performance are excused or tolerated. These ‘islands’ have their own cultural microclimate. Similarly there are understaffed project teams who cut corners or individuals who repeatedly ‘overlook’ routine processes. Boring though these routines often are, they are red flags that signal individuals acting in their own interest.

How do we monitor and mitigate these risks? Firstly, we need to determine and safeguard the frontline. Are you clear on your organisation’s boundaries and gatekeepers? Do you use background checks, have robust auditing teams who are respected internally, and have tight financial and pay controls?

Then we need to make sure we are setting simple rules where everyone can determine what is in the organisation’s best interest. Can your newest employees tell you what they need to do to succeed or fail?

Do your performance, reward and incentive systems align to this? How do you determine underperformance and what do you tolerate? Do you assess people for judgement, resilience and ethics?

Finally, consider if your leaders are equipped to curate your culture. Think about how easily the board can articulate company culture and ethics, and how this is translated into RemCo and NomCo decisions. Are key decisions made based on short-term and financial measures or values? Are leaders updated on practices related to risk appetite, cyber crime, and employee behaviour, health and engagement?

How are the broken windows, near misses and failures recorded and discussed? What happens to related actions and those who raise them?

These matters are too important to leave solely to the risk function. Today’s risks require us to look at our contribution to culture, leadership development, employee health and incentives. Asking the questions is part of our professional responsibility and should form part of our everyday contribution to the executive and board tables.

Not paying attention will mean our perspective is overlooked, and any firm without a considered ‘Human Risk’ perspective has no credible risk management practices at all.

Jacqueline Davies is former HR director of the Financial Conduct Authority and master of the Guild of HR Professionals


For much greater practical analysis and detail on behavioural and organisational risks and their consequences, try reading 'Rethinking reputational risk'. (I confess I am one of its authors.)


People Risk is the most vital component of modern day risk management and those organisations that are not good at this; or ignoring it, stand to be exploited by those who are. How much time and effort will we spend to attempt to predict human behaviour and human error in risk-taking situations? The results will remain distorted views of the situations, behind every loss there is a person, even if he/she was just not performing a routine check. Risky stars with HERO status are taking many companies to ZERO status. Trying to set standards and benchmarks in the area of people risk is just subjective juggling- it cannot be done. People risk is incalculable and in this wide open psychological mind space it is best to start by working on the mitigation of people risk. This is where the value lies, do not focus on efforts to quantify the level of people risk in your organisation, accept that it is too high and move on to build an effective mitigation strategy and a good risk culture.


Jacqueline. Thank you for sharing your thoughts. I like the way you have linked human beings, culture and risk. So often when the subject of risk is written about - there is only a focus on processes and policies. I am currently conducting research into how to build employee trust when an organisation's is threatened. I am hoping you might be open to a conversation?

Change the CAPTCHA codeSpeak the CAPTCHA code

All comments are moderated and may take a while to appear.