HR Risk Management

One of the important components of good corporate governance is to have a comprehensive Risk Management System in place that enables you to plan for the effective management of things that could go wrong.  It also serves to clarify accountability and responsibility.

If your Organisation does have a Risk Management System, have you checked whether the risk register lists the organisation’s HR or People risks?

HR practitioners should play an integral role in an organisation’s risk management processes by using their unique knowledge, skills and experience to identify any people-related, HR compliance and HR operational factors that could have an adverse impact on operations.

Typical HR/People Risks:

Below is a list of some of the typical HR-related risks that could have an adverse impact on your organisation if not managed correctly:

  • Legislative Compliance
  • Fraud and Corruption
  • Cyber Security
  • Ethics and Employee Behaviour
  • Critical Skills
  • Recruitment and Selection 
  • Employee and Visitor Safety
  • Social circumstances (human calamities)
  • Diversity problems
  • Sexual Harassment and Discrimination
  • Succession Planning
  • Strikes
  • Absenteeism
  • Presenteeism
  • Performance
  • Staff Retention
  • Employee Wellness
  • Training and Development

Risk Management Frameworks:

To mitigate HR risk effectively, the HR leadership should gain a proper understanding of risk management methods and then set out to identify, mitigate and manage the HR risks.

The HR Risk management process would involve:

  1. Risk identification
  2. Risk impact, ranking and tolerance levels (normally on a scale of 1-5)
  3. Practices/Procedures implemented to mitigate the risk
  4. Regular monitoring of measures implemented
  5. Annual reviews and audits

Typical tools include Risk Maps, Risk Registers and Risk Reports.  While risk management mainly relies on document-based systems it should not be confined to documents only.  The HR leadership should work together with line managers to determine and evaluate HR risk and tolerance levels in key areas.

The Risk Management Framework should also outline the potential financial and overall impact of the risks identified on the business, as well as ranking the probability of an event and the organisation’s tolerance levels. 

The HR leadership should present the exco with a complete report of employee-related, HR compliance and HR operational risks, as well as the recommended actions for mitigating those risks. 

Key staff members should be trained to manage identified risks and the HR leadership should be responsible for monitoring implemented measures on a regular basis to ensure that risk management remains a priority.

Reviews should be conducted annually to evaluate the impact of previous interventions and to identify new/different risks.

Each organisation is different

Not all organisations experience risks in the same way.  Some may have unique HR risks, or the impact of the risks may be different, or some will occur more often in certain businesses than others.

Approach your HR risk identification process with an open mind and be mindful of new risks that may emerge in the future.  A pro-active approach of identifying and mitigating HR risks can contribute greatly towards decreasing the overall risk profile of the organisation.

(Click here for my explanatory comments on the typical HR risks listed above)



Meyer, M., Roodt, G., & Robbins, M. (2011) Human resources risk management:  Governing people risks for improved performance.  SA Journal of Human Resource Management/SA Tydskrif vir Menslikehulpbronbestuur, 9(1), Art. #366, 12 pages.  Doi:10.4102/sajhrm.v9ijhrm.v9i1.366 

SABPP Fact Sheet July 2014 HR Risk Management

SABPP 2014 HR Management Standard for South Africa – S3 – HR Standard Elements