Torquepoint Ltd New Zealand. Unclas. Risk

Plan of Attack – Human Resources Risk Management

Dr Simon Ewing-Jarvie

(Re-Print May 2014. Original in Employment Today, Issue 96, Sep 2004)

They say that everyone is happy on their wedding day … it’s learning to live with each other after the party is over that gets tricky. It won’t be any surprise to managers of people that the metaphor of marriage is very apt when considering risks. Long after the ROI, enhanced margins and lowered overheads have been calculated, the challenge of getting and keeping people in the ‘performance zone’ continues to elude many. As one dour Scot said “there’s nae sa queer as folk”. Dealing with people is inherently risky.

So was all this risk always around? If not, what has changed to create it? I guess you could liken risk to AIDS. Evidence of a mysterious new disease first surfaced back in the late 1970s but it wasn’t until mid-1982 that it was given a name. Likewise, business has always been a risk-taking venture—it’s just now it is frequently connected with litigation. It is a moot point as to the reasons for the rise in litigation. Is it that there is more unacceptable behaviour in business? Is there a change in societal values upon us where we no longer know what is right, only what we must do? Or is it that we just have too many lawyers?

There is no doubt that we now have an increased understanding of human behaviour and, when combined with a compliance framework, this means that we have the ability to name the issue of risk as a specific process rather than just accepting that things sometimes go wrong. I don’t believe that it is a separate discipline but really a function of every business process. Disregard it at your peril.

Risk comes from two main sources. First, there are ongoing threats to an organisation’s continuity, such as earthquakes, competitors, terrorists and industrial unrest. While the World Trade Centre leaps to mind, New Zealand has no shortage of local examples—the Auckland power crisis of the 90s, factory closures following lengthy disputes, and the partial withdrawal of subsidies to Wellington rail services following service problems associated with tracks buckling in the heat.

Second, there is the risk associated with the organisation seeking to expand or diversify – ‘growing pains’. Internal weaknesses and external threats, the ‘W’ and ‘T’ in SWOT analysis, should result in the development of a business continuity (BC) and organisational development (OD) plan. Combining these two is a new way of looking at things, but it makes sense. They are the right and left glove of organisational resilience but the approach has been pioneered in this country by only a few companies, like NZ Post, which takes a capability rather than scenario-based approach to resilience.

More often, BC thinking is used interchangeably with disaster recovery planning in IT, or emergency management in the broader civil defence context. Most organisations do not have BC professionals and the role frequently finds its way to other functional areas like corporate services or HR. Few HR professionals have any training in BC planning and management.

Whether the organisation is surviving or thriving, there is still a lot of emphasis placed on strategic planning, normally based around the models made famous by the big US business schools. However, given that most organisations have a plan that they are happy with and 80 percent have trouble implementing it, one must consider this type of strategic planning as an activity of questionable overall value. From as far back as the studies of Peters and Waterman (In Search of Excellence) it has been shown that most successful organisations are more likely to have a clear and coherent vision and culture in common than a detailed plan with goals, objectives and KPIs. That’s not to say the latter is irrelevant, just that on its own it is. You can’t manage risk with a calculator alone.

If you want to test this, ask any staff member at The Warehouse what their organisation is about and they will be able to tell you that they are making a difference through making the desirable affordable, some even mentioning when they met ‘Steve’. Think about how many rules the Virgin empire has broken in relation to brand extension and strategic finance and then you begin to understand the power of Richard Branson’s persona in developing a resilient vision and culture.

Putting aside theories of transformational leadership for a moment, what I have described for you is a powerful but relatively unknown part of military command theory. It hasn’t migrated far out of military colleges but is the underpinning of effective risk management and is encapsulated in the operational art that links strategy with tactics. Its attendant theories of ‘manoeuvre thinking’ carry a host of tools with them. The most fundamental of these, mission analysis, is based centrally on an intuitive understanding of what your boss would do if they were there ‘right now’ to deal with the dilemma you face.

And now there is risk management. In the UK, the Turnbull Report led to legislation making directors personally responsible for risk management failures. Here, there is a voluntary New Zealand standard (AS/NZS 4360/1999 Risk Management), which gives very little specific guidance on the subject. Boards and CEOs know that this risk thing needs managing and the only question, in the context of flat organisations and limited resources, is who will do it? In many cases it will end up being you—not only because you might receive it as a hospital pass but also because the HR professional is the best person to perform many aspects of the role.

Onion Skin Model - adapted

Pauchant & Mitroff’s 1992 onion skin model (see adapted diagram) is a useful way of demonstrating the need to involve HR in risk management. While legal, economic, accounting and other formulae-based checking will reveal issues on the outer two rings, the behaviour of the organisation will only be revealed by an understanding of the inner two rings. As they aptly identified in their 1990 book, We’re So Big and Powerful Nothing Bad Can Happen to Us, the games we play inside ourselves are those that bring the greatest challenges to managing risk.

Whether attempting to grow the organisation organically or exponentially, a comprehensive approach to organisational development (OD) planning is essential. OD is the most basic form of risk management as it hedges against tight labour market conditions, employment litigation rates and the effect of changing customer demands on skill sets.

For instance, the National Bank solved its short-term staffing problems when moving to a 24-hour, seven-day telephone banking operation in the mid 90s by contracting out the non-standard hours to a temping company. Over time, the two workforces merged into one without the industrial problems that might otherwise have arisen.

While ‘raise, train and sustain’ the workforce can be a no-brainer, how many HROD staff spend time assessing and reporting the effect on the culture or workforce morale of a competitor’s activity. For instance, recent radio and TV ads by Pacific Blue (“Up High, Down Low prices”) and Qantas (the ground crew having fun on the tarmac) not only send a message to the customer about the advertiser and their product, they also have the secondary effect—whether intended or not—of painting any other airline they are in competition with as high-priced and the staff as squeaky-voiced (whining, not real blokes) and boring. If not dealt with, this eats away at the target culture.

OD is the simplest yet most poorly understood facet of people management. The OD manager is one of the most senior of HR practitioners in an effective risk management structure.

Exponential growth strategies are normally based around mergers, acquisitions (M&A) and new ventures. The basis for this can be vertical (eg, a manufacturer buys a chain of retail stores to get increased margin), horizontal (eg, two similar organisations in the same industry to get economies of scale), conglomerate (a purchase in a completely unrelated activity, eg, a music company buys an airline) or concentric (a purchase in an unfamiliar but related field eg, a sports goods manufacturer buys a leisure wear manufacturer).

M&A are based on due diligence reports which are essentially an audit of the target organisation by the bidder. While there is plenty of activity, information and experience on the legal and financial side of due diligence, it is ‘after the wedding’ that the troubles of implementing strategy begin. Can cultures be put together?

This can only be answered by one group of professionals—those who are experts in the way people behave. HR due diligence is a specialist form of risk management aimed not only at exposing HR liabilities in the target company but also for considering the needs of organisational culture, structure and staffing in the future. Will, for instance, the organisational experience of operating train sets be enough for Toll Holdings to understand and perform within the New Zealand rail, road transport and coastal shipping culture across national boundaries? Time will tell, but the experience of so many international M&A in this part of the world suggests that it will be a rough ride!

HR professionals have long talked about getting into the top level of management and into the board room. A few have made it and most will have realised by now that to join those levels means being bilingual, being able to speak the language of HR and the language of business—money. This is not to degrade people to book entry items but to establish enough commercial credibility to have their opinion on cultural and staffing intangibles taken into account.

HR due diligence is conducted in a covert and overt manner. When the potential bidder sees a likely target, the process begins and the HR representative must consider issues such as:

  • What is the quality of the senior management team?
  • How does the organisation see itself and portray itself through communications such as annual reports, internal and external writing?
  • What is the quality and number of the consultants, advisors, recruiters etc that they use?
  • What media coverage does the organisation get and how does this tie in with the organisation’s own image of itself?
  • Does anyone know anyone that works there now or has done in the past?
  • Do people want to work there or do they talk about wanting to leave?

The overt phase is not unlike a normal HR audit but it must go beyond gathering data into tables. It must be capable of asking the ‘so what?’ questions, making the deductions and stating the recommendations that may be contrary to those of other members of the team.

What, after all, is the ultimate goal for HR? I believe that it is to develop sustainable competitive advantage through people. This is actually the only sustainable competitive advantage since product, price and promotional methods can all be copied. Likewise, restructuring to cut overhead costs does not bring sustainable competitive advantage either as, after the cut, competitors can study the cost-structure and follow suit. Even to survive requires a detailed understanding of the area.

In the US, it is estimated that 25 percent of the workforce was affected by M&A activity in the last decade. Clearly, standing still is not an option for the market and HR professionals can view risk management as yet another encumbrance or as the best opportunity to move up a gear that has been presented in several years.

For more information and free downloads visit my websites at: or

Blatant Advertising Bit: Have you read my short story trilogy “A Poke in the Fifth Eye”? It’s available in Kindle format for only 99c. A ripping good yarn about dirty bomb drone swarms in Wellington New Zealand, a couple of destroyed spy bases, an air force base on fire and only a hastily assembled bunch of Kiwi Reservists standing between the terrorists and their ultimate goal.