Career development insight
the aspects of risk management, there are key messages. Effective risk management should follow six distinct steps always documented and logged in a risk register, which is an important document.
you can exploit the risk: can you transfer it, accept it and so on. Again, there are some great tools out there that you can use, but I like to use tools like the probability impact grid. This tool helps to set a numeric value to the likelihood of risk and its impacts. It’s how you learn from these that is important so that you can manage the risk effectively ... l Assess and evaluate – This is an in important step in the process because it’s how you identify how sensitive your business is to the risks and what tolerances you can withstand for the risks that are identified and to identify the expected value of them. l Plan – So now that you have identified your risks, it’s time to plan. Have you identified how you are going to respond to them? This is the time to do it. Document how you plan to manage them, give them a specific owner and make them accountable for the actions – remembering you can have a responsible owner and a responsible actioner. This would also be the time to conduct a cost/benefit analysis on each risk to help you identify what is acceptable for each action. l Implement – The next thing you need to do is to update your records and implement your plan. If you don’t have a risk register, you should really investigate implementing one. It documents all the steps and what is likely to happen and what has happened alongside who owns the risk. It should contain the following as a basic entry, but of course this is my view and may not be applicable to your business: l risk ID l category of risk (strategic, operational, financial, etc) l date raised l description in detail l risk status (active, closed, ongoing, etc) l pre- and post-response actions (probability, cost impact, expected risk value, proximity) l risk response actions (detailing the
options to manage the risk and why the favoured one has been chosen) l action status (detailing what the risk owner must do to action the chosen option) l secondary risks (what else could happen as a result of this risk) l risk owner/actioner/closing date. Risk management done well really makes a difference to the way you run your business. If you don’t deal with the threat or risk, it then becomes an issue. Payroll Assurance Scheme Since 2012, the CIPP has offered its own robust payroll accreditation service which many of its customers use as part of their risk and compliance methodology. The Payroll Assurance Scheme (PAS) has grown over the years and now has over 100 supporters, each of whom enjoy a day with one of our assessors biannually to obtain the peace of mind that their payroll processes and people development are truly fit for purpose. The CIPP fully understands the challenges in payroll as an industry, so PAS has continued to evolve and is now divided into employer payroll services and payroll service providers. The new format recognises the different risks on both sides of the processing industry and addresses these distinctly. Equally, PAS offers a fresh view on your current ways of working and often delivers innovative ideas for improvement whilst identifying potential risks as part of the final reports derived from the assessment. It is one way to help define your processes in payroll and seek best practice advice and guidance. PAS supporters also feel that the accreditation ensures they continually refresh their ways of working which identifies the detail to understand where the risks are within the payroll department. The following quote, which is relevant as an approach to risk management, is from Latrice Royale who is a fan favourite on RuPaul’s Drag Race (https:// en.wikipedia.org/wiki/RuPaul%27s_Drag_ Race): “It’s okay to make mistakes. It’s okay to fall down. Get up, look sickening and make them eat it!” If I could change that quote, it would say: “It’s okay to make mistakes. It’s okay to fall down. It’s how you learn from these that is important so that you can manage the risk effectively in the future.” n
Steps to effective risk management
l Identify the context of the risk – This can be done in several ways ranging from using, for example, SWOT (strengths, weaknesses, opportunities, threats) and PESTLE (political, economic, socio-cultural, technological, legal, environmental) analyses of the situation. However, I like to draw up a list of stakeholders and see who and how they could be affected by the new situation. We have all seen low/high matrices and no doubt used them. Though simple they are an effective tool. It is at this point you could also use a RACI (responsible, accountable, consulted, informed) diagram. Again, using this tool, you can then assign actions to the team so that the risk is managed effectively. l Identify the risks – I am a ‘list person’, and this is where I normally go into overdrive. You can do so much here, create checklists, prompts and cause and effect diagrams. Get together a group of people to share ideas about the barriers and risks and identify anything that will constrain the mitigation of the risk. One way to manage the get together, would be to consider the Delphi technique (https://en.wikipedia.org/wiki/Delphi_ method) which was developed by RAND in the 1950s. It enables a group of people to share ideas and estimate the impact, so that you can forecast an outcome more accurately. Of course, there is more to Delphi than that, but it helps to stop decisions by committee. A very useful way of identifying the cause and effect is to use an Ishikawa diagram (https://en.wikipedia.org/wiki/ Ishikawa_diagram) – more commonly known as a fishbone diagram – where you identify the major causes of risk and plot them into a diagram with all the issues that reach that final cause. l Assess and estimate – This is more of a detailed process where probability, impact, proximity and the expected value of the risk are estimated. There are ways that you can lessen the risk by looking at a few variables like how
11
| Professional in Payroll, Pensions and Reward |
Issue 51 | June 2019
Made with FlippingBook - Online magazine maker