dissertation may 2015 - ramsamy- managing operational risk in hr final

32

ABSTRACT

Operational risk is ever present and has proved to have disastrous effect when related to

human resource. This proposal reviews the literature around identifying and managing

such risks in HR.

It finds that operational risks are often attributed to lack of proper process of HR

functions, and that several factors related to the mentioned HR functions stability are

identified as important in managing operational risk in a bank.

Research was conducted based on secondary data to have an idea how respondents viewed

the identification of operational risks in HR and whether the organisation concerned has

the required tools to mitigate such risks.

The results received from the research were analysed and this gave an idea that

respondents felt that the main issue which stands as a barrier to mitigate operational risk

is mainly the failure to have a proper succession planning process coupled with an

unsuitable framework to deal with risk management.

In response to the above issues, this proposal set forth for remedial actions to deal with

each HR function with regards to assessing the operational risk associated and providing

solutions to reduce same.

Managing Operational Risk in HR by Kavin Ramsamy 1

ACKNOWLEDGEMENTS

This dissertation is the end product of the contribution of many people. My primary thanks

go to my project supervisor, Mr. L. Muneesamy for his helpful comments and expert

guidance throughout the study.

I wish to extend special thanks to Mr. Nemraj Jahaly and Mr. Roumesh Jhugbunthee who

guided me in the use of SPSS and statistical tools to analyse the data collected during the

survey.

Furthermore, I would like to extend a heartfelt appreciation to my family and parents for

supporting me in my studies all these years.

Finally, I would like to say a special thanks to my friends, who in a way or another had

helped me while I was doing this dissertation.


TABLE OF CONTENTS

ABSTRACT……………………………………………………………………………….I

ACKNOWLEDGEMENTS……………………………………………………………...1

TABLE OF CONTENTS……………………………………………………………….2-6

LIST OF TABLES AND FIGURES……………………………………………….…7-13

1. INTRODUCTION……………………………………………………………….14

1.1. PROBLEM STATEMENT……………………………………………………...15

1.2. RESEARCH

OBJECTIVES…………………………………………………….155

1.3. OUTLINE OF STUDY .................................................................................. 15-15

2. LITERATURE REVIEW ................................................................................... 17

2.1. INTRODUCTION ............................................................................................... 17

2.2. DEFINITION OF OPERATIONAL RISK………………………………...17-18

2.3. TYPES OF OPERATIONAL RISK .................................................................. 18

2.3.1. PEOPLE………………………………………………………………………….18

2.3.2. SYSTEMS ....................................................................................................... 18-19

2.3.3. PROCESS ....................................................................................................... 20-21

2.3.4. EXTERNAL FACTORS ....................................................................................... 21

2.4. THE NEED TO MANAGE THE RISK ............................................................ 21

2.5. OPERATIONAL RISK IN HR .................................................................... 22-22

2.5.1. POOR SUCCESSION PLANNING ............................................................... 23-24


2.5.2. FAILURES IN THE RECRUITMENT AND SELECTION PROCESS ..... 24-24

2.5.2.1. STAGES OF THE RECRUITMENT PROCESS .................................. 25-25

2.5.2.2. TYPES OF RECRUITMENT ........................................................................ 26

2.5.2.3. INTERNAL RECRUITMENT ................................................................. 26-27

2.5.2.4. EXTERNAL RECRUITMENT ..................................................................... 27

2.5.2.5. ADVERTISEMENT .................................................................................. 27-28

2.5.2.6. SELECTION .............................................................................................. 28-31

2.5.3. SKELETON WORK STRUCTURE ..................................................................... 32

2.5.4. NO PROPER INDUCTION PACK FOR NEW ENTRANTS ............................ 32

2.5.5. IMPROPER SEGREGATION OF TASKS ................................................... 32-32

2.5.6. MANIPULATION OF PAYROLL ................................................................. 33-33

2.5.7. OUTSOURCING OF SOME HR FUNCTIONS .......................................... 34-35

2.5.8. COMMUNICATION ............................................................................................ 36

2.5.9. NO PROPER CODE OF ETHICS & STANDARD OPERATING

PROCEDURES ................................................................................................................ 36

2.6. APPLYING RISK MANAGEMENT TO HR............................................. 37-37

2.7. STEPS FOR RISK MANAGEMENT IN HR ................................................... 38

2.7.1. RISK IDENTIFICATION AND ASSESSMENT ............................................... 40

2.7.2. RISK TREATMENT ............................................................................................. 40

2.7.3. RISK CONTROL .................................................................................................. 40

2.8. PROCESS FOR MANAGING OPERATIONAL RISK IN HR ..................... 42


2.8.1. SETTING UP OF AN HR AUDIT ...................................................................... 44

2.8.2. MANPOWER PLANNING ............................................................................ 44-44

2.8.3. RECRUITMENT AND SELECTION NEEDS ................................................... 45

2.8.3.1. TRANSPARENCY IN THE HIRING PROCESS ........................................ 45

2.8.3.2. USAGE OF E-RECRUITMENT ................................................................... 46

2.8.4. PERFORMANCE APPRAISAL .......................................................................... 46

2.8.5. QUANTIFYING THE RISK ................................................................................ 47

2.8.6. PAYROLL CONTROL SYSTEM ......................................................................... 48

2.8.7. CONTINGENCY PLAN ....................................................................................... 49

2.8.8. INTERNATIONAL RISK MANAGEMENT STANDARDS ........................ 49-50

2.8.9. MITIGATING OUTSOURCING RISKS ............................................................ 50

2.9. INVOLVEMENT OF TOP MANAGEMENT.................................................. 51

2.9.1. THE APPLICATION OF THE COSO CUBE TO HR ....................................... 52

2.9.2. GUIDELINES FOR MANAGING HR RISK ..................................................... 53

2.9.3. IMPLEMENTATION OF HR RISK MANAGEMENT AT BOARD LEVEL

………………………………………………………………………………………….…53

2.9.4. ORGANISATIONAL BACKGROUND ............................................................... 54

3. RESEARCH METHODOLOGY ....................................................................... 55

3.1. INTRODUCTION ............................................................................................... 55

3.2. DEFINING THE RESEARCH PROBLEM ..................................................... 56

3.3. RESEARCH OBJECTIVES ............................................................................... 56


3.4. RESEARCH DESIGN ......................................................................................... 57

3.4.1. EXPLORATORY RESEARCH ............................................................................ 57

3.4.2. DESCRIPTIVE RESEARCH .............................................................................. 57

3.4.3. CAUSAL RESEARCH ......................................................................................... 57

3.5. DATA SOURCES ................................................................................................ 57

3.5.1. PRIMARY DATA ................................................................................................. 57

3.5.2. SECONDARY DATA ........................................................................................... 58

3.6. DETERMINE THE DATA COLLECTION METHOD ................................. 58

3.7. SAMPLING .......................................................................................................... 58

3.7.1. DEFINE THE POPULATION ............................................................................ 58

3.7.2. SELECTION OF SAMPLING METHOD .......................................................... 59

3.7.3. SAMPLE SIZE ..................................................................................................... 59

3.8. DESIGN DATA COLLECTION FORM & QUESTIONNAIRE DESIGN .. 59

3.9. DATA COLLECTION ........................................................................................ 59

3.10. ANALYZE AND INTERPRET DATA ............................................................. 60

3.11. LIMITATIONS OF RESEARCH ...................................................................... 60

4. PRESENTATIONS AND DISCUSSION OF FINDINGS ............................... 61

4.1. INTRODUCTION ............................................................................................... 61

4.2. GENERAL ANALYSIS OF SECTIONS OF QUESTIONNAIRE ......... 61-103

5. CONCLUSION AND RECOMMENDATIONS ............................................ 104

5.1 CONCLUSION………………………………………………………………...104


5.2. RECOMMENDATIONS .................................................................................. 105

REFERENCES…………………………………………………………………….106-110

APPENDIX A………………………………………………………………………111-118


LIST OF TABLES & FIGURES

TABLE TITLE PAGE

Table 1 Applying risk management

to HR

37-38

Table 2 Do you agree with the

following statement:

'Operational Risk is defined

as the risk of loss resulting

from inadequate or failed

internal processes, people

and system or from external

factors

61

Table 3 Do you agree that people are

one of the most critical

factors in operational risk?

62

Table 4 While managing the root

cause of operational risk in

HR, which of the following

would you mostly consider?

63

Table 5 Do you agree that a risk

management plan is

important in tackling

operational risk in HR?

64

Table 6 According to you, what are

the main objectives of risk

management in HR?

65

Table 7 According to you, which of

the following HR functions

have a far more impact on

Operational Risk?

66


Table 8 Validity of questions 7 to 11

67

Table 9 Coso Cube to HR

95

Table 10 Application of a risk

management framework

96

Table 11 Implementation of risk

management standard as part

of Bank One’s strategy

97

Table 12 Gender

98

Table 13 Age Group

99

Table 14 Level of education

100

Table 15 Length of service at Bank

One Limited

101

Table 16 Department

102

Table 17 Level of operation at Bank

One Ltd

103


FIGURES TITLE PAGE

Fig 1 Stages of the recruitment

process

25

Fig 2 Process for managing

operational risk in HR

42

Fig 3 The application of the

COSO cube to HR

52

Fig 4 Stages in the research

process

55

Fig 5 All processes are clearly

followed with regards to

HR at Bank One Ltd?

68

Fig 6 The Risk Management

framework currently in

place at Bank One Ltd can

help identify operational

risk related to HR

69

Fig 7 There are appropriate and

adequate systems at Bank

One Ltd to counter

Operational Risk in HR

70

Fig 8 There are proper standard

operating procedures that

help the proper functioning

of the HR process

71


Fig 15 A systemic approach to

HR planning can assist in

reducing operational risks

78

Fig 16 Bank One Ltd reviews its 79

Fig 9 The HR department

promotes sound internal

policies and control

procedures to counter

operational risks

72

Fig 10 The setting up of an HR

audit function can assist in

mitigating operational risk

73

Fig 11 By ensuring transparency

in the hiring process,

operational risks can be

mitigated

74

Fig 12 A better control on the

payroll can mitigate

operational risk

75

Fig 13 Reviewing guidelines on

risk management on a

regular basis can help deal

with operational risks

76

Fig 14 Top Management should

be involved in devising

strategies to deal with

operational risks

77


risk limitations and

strategies regularly and

adjusts its operational risk

framework

Fig 17 The current risk

management system at

Bank One enables risks

associated with human

error to be promptly and

effectively dealt with

80

Fig 18

Bank one has an

appropriate Human

resource information

system which prevents

system failures, hence

prevents losses

81

Fig 19 Training on the core

banking software from

human resource

perspective

82

Fig 20 The current recruitment

and selection process is

proper and allows the best

candidates to be employed

83

Fig 21 As staff at Bank One are

properly motivated and

compensated, fraud is

reduced

84

Fig 22 The current system at

Bank One double check or

verification of the work of

operational staff

85


Fig 23 Bank One has appropriate

and adequate rules,

regulations, procedures,

system and people to

mitigate operational risks

86

Fig 24 New Employees at Bank

One Ltd normally go

through a well-designed

induction programme

87

Fig 25

Succession Planning is

properly made at Bank

One so that before an

employee leaves, the

successor is already

identified and trained

88

Fig 26 There is proper

segregation of duties at

Bank One Ltd and this

reduces risks.

89

Fig 27 I am fully aware of the

code of ethics at Bank

One and I comply with it

90

Fig 28 Promotion of employees

is fair and proper at Bank

One Ltd

91

Fig 29 There are proper

strategies at Bank One to

retain the best employees

92

Fig 30 Communication is

properly cascaded down

and there is smooth flow

of information at Bank

One

93


Fig 31 Employees are properly

supervised at to reduce

operational risks at Bank

One

94


1. INTRODUCTION

Operational risk management is at a crucial point in its development. Numerous

approaches have been developed across different industries, but many institutions are

struggling to make these fully effective by really embedding them into the day-to-day

management of their business.

Risk has always been a universal feature of any financial activity across the globe and one

of those risk referred to as Operational risk has often been associated with human

resources. Such a risk arising from human resources are those issues that hamper the good,

efficient and effective running of any HR department in an organisation.

Organizations should not restrict the management of risk to traditional areas like insurance

or financial operations. Human Resources risk management strategies, and organizational

policies and procedures must be included in risk management systems.

Risk management is often not seen by Human Resources professionals as a key element of

their contribution to the organizations in which they work. A prime responsibility of the

Human Resources function should be to provide the effective management of risk for

organizational activities that have a people dimension. Human Resources processes should

support and be recognized and accepted as supporting the management of risk.

Human Resources professionals should use risk management techniques to identify risk

exposures and evaluate control options to demonstrate how Human Resources risks can be

managed and how their effective management adds value to the business. They must also

show the cost of initiatives to improve the management of people risks compared to the

cost of inaction.

Human Resources professionals are called upon to adopt a proactive risk-based and

business-focused approach rather than a reactive and risk-averse legislative compliance

approach. This will create an environment where they can develop their professional and

personal competency and demonstrate added value.


As such the main focus of this study will be based on this aspect of operational risk which

HR Organisations faces on a day to day basis. The challenges for HR in terms of

operational risk will be identified and thoroughly discussed into more details in the

literature review section in chapter 2.

1.1. PROBLEM STATEMENT

Operational risk is for more difficult to capture because it is natural and is often not taken

seriously but it is still predictable. It can be threat to financial stability if not properly

mitigated. HR firms should review their risk limitation and strategies regularly but most

importantly adjust their operational risk framework. The aim of this proposal is to find out

how the HR department at Bank One Limited identifies and manage operational risks.

1.2. RESEARCH OBJECTIVES

To identify the types of operational risks that HR faces

To analyse how these risks can be managed and mitigated

1.3. OUTLINE OF STUDY

This research work is divided into 5 sections:

Chapter 1 is an introduction to the concept of Operational risk followed by the problem

statement and eventually the research objectives concerning identification of such risks in

human resource and how those risks will be mitigated.

Chapter 2 consists of a literature review based on the very definition of operational risk

and the types of operational risk that are existent and related topics such as factors

affecting Operational risk in HR, risk identification and assessment as well as steps to

manage operational risks in HR.

Chapter 3 deals mainly with the research methodology of this project with emphasis

mainly on


Research design which deals the type of research conducted, the medium used for data

collection as well as the sampling method used.

Chapter 4 depicts the discussion and analysis following the data collected from

respondents about operational risks in HR and with responses, trends would be identified

and represented though charts on excel and SPSS software 16.

Chapter 5 which is the last chapter is concerned with highlighting the main points that

have emerged from this study and necessary conclusions will be reached as well as

recommendations proposed about managing operational risk in HR.

32

2. LITERATURE REVIEW

2.1. INTRODUCTION

This section deals mainly with all theories and factors that have helped to identify

operational risks in HR and gives an overview of the different risks aspects with emphasis

in particular on HR functions which are prone to operational risks. Recruitment process,

succession planning and outsourcing amongst others have been thoroughly identified as

factors that can cause operational risk in HR. Moreover there are several steps that have

been identified in a way to better monitor and control operational risks.

2.2. DEFINITION OF OPERATIONAL RISK

As per the New Basel Accord 2001, operational risk is the “risk of loss resulting from

inadequate or failed internal processes, people and systems or from external event”.

According to Doerig (2003) operational risk management is ‘simply put good management

and close to quality management.” Operational risk is like a continuous process that all

banking and financial institutions trade with people. But system failures and payment

errors can cause operational risk.

Operational risk is no simple or self-evident category; it is a label for a diverse range of

practices, an aspiration for control and regulation in an elusive field and an imperative to

manage a newly visible range of problems. It is both a name for a set of problems and

interests, and a promise of a new way of intervening in the internal structure of financial

organizations.

Basically, operational risk is a financial risk consisting of the following three sources:

The first one relates to internal risk suck as risk of rogue traders

No discussion of operational risk would be complete without a mention of rogue

activity that is, the conscious departure from sanctioned operating policies and

procedures. To be clear, rogue activity is not always due to malign intent. While

firms may worry about the rogue who is actively seeking ways to cheat or


embezzle, the more common problem is employees who may sincerely want to do a

good job, but take shortcuts or triage their responsibilities when they are

overstretched. Another type of rogue activity is the senior staff member who

routinely ignores policies and procedures, a situation to which smaller firms may be

especially prone.

The second one narrates about external event risk which is an uncontrollable

external event such as terrorist attack or weather destruction.

And finally the third one depicts business event risk which captures many things

such as price wars.

2.3. TYPES OF OPERATIONAL RISK

There exist mainly four types of operational risk as outlined below:

People

Systems

Process

External Factors

2.3.1. People

The first one relates to Human error which is completely natural. According to Kats, he

points out that since human resources are involved in the undertaking of any business

activity, we will have a business process involving knowledge, skills, ability and

experience of the person. So this can be considered as a critical risk factor. Furthermore,

(Kingsley, Rolland, Timey and Hormes 1990) all stated that ‘people are an important

resource’ but however it is difficult to measure:

Human Error

All human activities harbour the risk of error. The more complex is the nature of an

activity, the higher is the risk. As a result, the risk of damage due to mistakes is

extremely varied. The range includes cases such as incorrect processing due to

insufficient expertise, clerical mistakes, wrong inputs in IT systems, omissions or

errors due to work-related or private stress among others. In contrast to criminal


acts, these mistakes do not involve any intent to make personal gain or cause

damage to the employer or third parties

Lack of Teamwork

Lack of culture of control

Poor Supervision

On another note, Wilson (2000) states that human resource are not the only cause of the

risk but also they will contribute in managing the risk.

2.3.2. Systems

In the Human resource context, failed internal systems can prove detrimental to the proper

running of the overall organisation. Any HR department in any sector is bound to face

risks if its internal systems are not good. In Banks, there have been problems with the

Human resource information system whereby there have been system failures where data

of employees have been mixed up and salary inputs have been reversed due to technical

issues.

Complex or poorly designed systems and processes can give rise to operational losses,

either because they are unfit for purpose, or because they malfunction. As a result, the

Bank may experience a wide range of problems, including settlement-processing errors,

fraud and information security failures. In addition, the increasing automation of systems

and our reliance on IT has the potential to transform risks from minor manual processing

errors to major systematic failures.

Moreover, there have also been cases where the attendance system in place to monitor

presence of staff have wrongly reported staff as absent and this has led to serious

implications including wage cut which is a serious operational risk. Hence, when we talked

about new technology it can be an advantage as well as a disadvantage because it can bring

implications such as complexity or uncertainty. The more advanced is the technology, the

more will be the risk associated with it.


Wilson (2000) stated that ‘system is the risk that will not keep track of progress of record’.

As far as we know it is partly through contribution of technology that a business can drive

forward towards its expansion.

2.3.3. Process

Operational risk is different from other types of risks because it deals with established

processes rather than managing the unknown circumstances. It does not mean that handling

operational risks is an easy undertaking as they are interrelated in many complex ways.

One operational risk can have impact on other operational risks in the system. Therefore,

managing risks in operations require a systemic and repeatable approach.

It is evident that processes are subject to operational risks and could even be considered as

the main risk factor. Wilson (2000) stated process risk is the risk of business processes

being insufficient and causing unexpected losses.

Failed internal processes in Human resources have very often been associated to serious

frauds including the embezzlement of more than Rs 80 million at the expense of Bramer

Banking Corporation in Mauritius.

Such a fraud was made possible since processes were either not fully followed or they

were simply poorer ones with no proper due diligence carried out by compliance at the

time the fraud was made.

The recruitment process would have indirectly been put into question as well in the sense

that the employment background of those people involved in the fraud were highly

discussed and questions were raised as to whether proper reference checks were done as

part of the hiring process.

It may also be argued that the people who were involved in this massive fraud either did

not receive the proper training in terms of detecting the likelihood that they were

committing a fraudulous transaction.


These are risks that may have been considered to have arisen through

i. Lack of training on the core banking software from human resource perspective.

ii. Poor recruitment of staff which will be questionable

iii. Lack of motivation among staff which may have led to the above fraud

2.3.4. External Factors

External factors forms parts in the operational risk management process, it is imperative

that there should be control as the external factors. However there might be internal

factors as well such as fraud risk, illegal actions of the banker’s employees. Systems risk

is also a risk factor.

According to Mayland (1993) stated that systems risk arises when a bank is involved in

transactions such as payment or securities. The risk is natural in human resources when

payroll is being conducted by an individual who is the sole inputter of entries and sole

verifier of those transactions.

2.4. THE NEED TO MANAGE THE RISK

According to Jacobus (2001), risk creates uncertainty, which can result into a loss for a

bank. According to Taylor (1983) said that “we clearly cannot eliminate risk, but we can

manage it”. According to Green (1992) argued risk management involves rules,

regulations, procedure, system as well as people and all these involvement should be

blended together to protect the financial institution from making losses. To some extent, if

an organisation is well regulated, this will show soundness which will contribute

effectively to achieve economic stability.

32

2.5. OPERATIONAL RISK IN HR

The reality about HR risk is that currently it is not as visible within organisations

internally. However, if there is not a deliberate identification and management of HR risk

internally, it could be exposed externally. Risk involved in Human Resource Management

function and its assessment is yet to take a firm root. Basic operational risk related to HR

can be the result of the below factors and each of these operational risks will be thoroughly

discussed

Poor succession planning

Failures in the recruitment and selection process

Skeleton work structure

No proper induction pack for new entrants

Improper segregation of tasks

Manipulation of payroll

Outsourcing of some hr functions

Communication

No Code of ethics & Standard operating Procedures

Newspapers, media, television, magazines and specialist reports have exposed some of the

incidents that can at best be called poor people practices, and at worst atrocities against

humanity. Such incidents can take the form of the below:

Poor safety, wellness and employee health;

Slavery and other forms of employee exploitation;

Employees being on temporary employment forever while doing permanent work;

Discrimination leading to gross racial, gender and other inequalities in terms of

appointments

Poor Pay package and benefits

Human right abuses such as employees being locked up over a weekend

Unfair labour practices

Slavery

Workplace bullying, victimisation and manipulation of employees

Employee theft

Fraud and corruption culminating in corporate scandals


Favouritism

Workplace violence

Non-compliance to legislation, rules, codes and standards

Pollution

Destruction of family life as a result of migrant labour

Poor wages for employees while executive remuneration continues to escalate

Poor employment relations and workplace conflict

Perpetuation of poverty and poor socio-economic conditions

Therefore the emergence of mistrust, failure to communicate, low morale and suspicion

among staff members, as well as increased turnover of staff, should be regarded as

indicative for potential increase in operational risk. This is why HR firms are now more

involved in the management and mitigation of operational risk as well as other risks that

are to their detriment.

2.5.1. Poor Succession Planning

Succession planning is a process for identifying and developing people’s abilities with the

aim to fill up key business leadership positions in the company. By adopting this strategy,

any HR firm is able to increase the availability of experienced and capable employees.

In turn, those employees will be fully prepared to assume these roles in the most proficient

way. One thing that is fundamental to the succession-management process is the core idea

that argues that top talent in the company must be managed for the greater good of the

enterprise. However, companies argue that a "talent mind set" must be part of the

leadership culture for these practices to be effective.

Poor Succession planning is one of the most critical operational risks that can be identified

within human resource. Such a risk is omnipresent and affects the whole company

throughout its lifetime.

Very often, in times of crisis, existing employees are not able to fill someone else shoes

and also new staff who are recruited are to fill only a key role within the company and are

not multi-skilled and not all-rounder employees.


The above is a serious thought of concern in the case of a CEO retiring on medical grounds

and in the event that there are no proper succession planning that have been devised to take

over his duties, this will eventually hamper the good running of the organisation. It may

lead to further key personnel leaving the company and causing a big operational issue.

Through a succession planning process, HR organisations are in a better position to recruit

superior employees, develop their knowledge, skills, and abilities, and prepare them for

advancement or promotion into ever more challenging roles. Thus, actively pursuing

succession planning ensures that employees are constantly developed to fill each needed

role.

Proper succession planning ensures that an organization manages, avoids, minimizes or

eliminates the risks of not having the right people, with the right skills, at the right time, to

accomplish the organization’s mission and ensure continuity of operations.

According to a 2006 Canadian Federation of Independent Business survey, it was found

that small and medium sized enterprises were not adequately prepared for their business

succession as follows:

Only 10% of owners have a formal and written succession plan

38% of them have an informal and an unwritten plan

Whilst the remaining 52% do not have any succession plan at all.

The above results are backed by a 2004 Canadian Independent Business survey which

suggests that succession planning is gradually becoming a precarious issue.

2.5.2. Failures in the Recruitment and Selection Process

Recruitment is basically the process of having the right person, in the right place, at the

right time. It refers to the process of attracting, screening, selecting, and on boarding a

qualified person for a job or vacancy within an organisation. It is an ongoing concern for

any firm. It becomes a strategy in that it offers a company the chance to renew its staff

bring new blood to the company and maintain its survival.


Successful recruitment and selection process not only depends upon not only finding

people with the necessary skills, expertise and qualifications to deliver organisational

objectives but the candidate who can best fits the organisation and has the ability to make

a positive contribution to the values and aims of the organisation. Hiring insufficiently

skilled staff introduces significant operational risk to an organization, and neglecting to

train new employees blends the error.

2.5.2.1. STAGES OF THE RECRUITMENT PROCESS

Fig 1: Stages of the recruitment process

The stages of the recruitment could be classified as both internal and external and could

also be online. As per the above diagram, it involves the stages of

Recruitment policies

Advertising

Job description

Job application process

Interviews

Assessment

Decision making

Legislation selection and training


The recruitment process also includes job analysis and developing some person

specification; the sourcing of candidates by networking, advertising, and other search

methods; matching candidates to job requirements and screening individuals using testing

(skills or personality assessment), assessment of candidates’ motivations and their fit with

organizational requirements by interviewing and other assessment techniques.

Finally the making and finalizing of job offers and the induction and on boarding of new

employees does not necessarily bring the recruitment process to a stop. In fact, the

retention exercise starts as the organisation uses its resources efficiently to keep motivate

new employees towards the prospect for growth.

2.5.2.2. TYPES OF RECRUITMENT

Depending on the size and practices of the organization, recruitment may be undertaken in-

house by managers, human resource generalists and recruitment specialists. Alternatively,

parts of the process may be undertaken by public-sector employment agencies, commercial

recruitment agencies, or specialist search consultancies. Companies make use of both

internal and external recruitment as part of their hiring strategy and at Bank one such types

of recruitment are widely employed

2.5.2.3. INTERNAL RECRUITMENT

It relates to recruitment which takes place within the concern or organization. Internal

sources of recruitment are readily available to an organization. Internal recruitment may

lead to increase in employee’s productivity as their motivation level increases. It also saves

time, money and efforts. But a drawback of internal recruitment is that it refrain the

organization from new blood. Also, not all the manpower requirements can be met through

internal recruitment. Hiring from outside has to be done.

Internal sources primarily consist of the following:

Transfers,

Promotions

Re-employment of ex-employees.


Transfers

Priority in filling up of vacant positions shall be given to employees with pending request

for transfer, provided that they meet the minimum requirement for the position and have

successfully gone through the required selection process. In case the company does not

have the right candidates among those who have asked for internal transfers, then the

hiring of new employees shall be considered.

Promotions

It is a policy inside many firms to first recruit internally. When internal recruiting is done

based on an advert for promotion, the firm offers its workers the chance for advancement

and recognises their effort and contribution. It is an added advantage of recruiting

internally since there is no cost incurred in placing an advert and recruitment efforts are

reduced. This measure can help to prevent operational risk on HR side since the staff

already knows the job and likelihood of errors is low.

Re-employment of ex-employees

Re-employment of ex-employees is one of the internal sources of recruitment in which

employees can be invited and appointed to fill vacancies. This can be an added advantage

to the organisation as well as a course of concern as there is a risk that such workers may

leave the organisation for a second time thereby causing a big operational issue. Such

practices have been discouraged so far for entry level jobs.

2.5.2.4. EXTERNAL RECRUITMENT

When Bank One fails to identify a talent within the organisation, then, external sources of

recruitment have to be solicited from outside the organization. But it involves lot of time

and money. The external sources of recruitment include most commonly the posting of job

adverts and recourse to Head Hunting which is widely used for Top Positions.

2.5.2.5. ADVERTISEMENT

It is an external source which has got an important place in recruitment procedure. The

biggest advantage of advertisement is that it covers a wide area of market and scattered


applicants can get information from advertisements. Medium used is Newspapers and

Television.

Recruitment is one of the most important parts of HR, as if you get this process right

you’re halfway there, as you have minimised any potential employee’s issues that can arise

in future. However, if the recruitment is not done effectively then this will have wide

reaching implications for the organisation long term.

Recruiting staff is a very costly exercise. It is also an essential part of any business and it

pays to do it properly. When organisations choose the right people for the job train them

well and treat them appropriately, these people not only produce good results but also tend

to stay with the organisation longer. In such circumstances, the organisation's initial and

ongoing investment in them is well rewarded. Eventually, they will be an added value to

the organisation.

Therefore, it is still quite amazing how often employers can get this process wrong, either

through neglect or ignorance. Even though everyone is aware how important and more

importantly how expensive it is to recruit employees in the current market.

The latest statistics show that to replace an existing member of staff it will cost the

company two and a half times the employee's salary. Therefore, it is important that the HR

is involved in the entire recruitment and selection process. Before recruiting for a new or

existing position, it is important to invest time in gathering information about the nature of

the job and conducting a job analysis of that role.

2.5.2.6. SELECTION

Selection in the human resource context is the process of putting the right men on right job.

It is a procedure of matching organizational requirements with the skills and qualifications

of people. Effective selection can be done only when there is effective matching. Selection

involves choosing the best candidate with best abilities, skills and knowledge for the

required job.


By selecting best candidate for the required job, the organization will get quality

performance of employees. Moreover, organization will face less of absenteeism and

employee turnover problems. By selecting the right candidate for the required job,

organization will also save time and money. Proper screening of candidates takes place

during selection procedure. All the potential candidates who apply for the given job are

tested.

The Selection Process

The Employee selection Process takes place in following order

Preliminary Interviews

It is used to eliminate those candidates who do not meet the minimum eligibility criteria

laid down by the organization. The skills, academic and family background, competencies

and interests of the candidate are examined during preliminary interview. Preliminary

interviews are less formalized and planned than the final interviews. The candidates are

given a brief up about the company and the job profile and it is also examined how much

the candidate knows about the company.

Selection Tests:

Jobseekers that have passed the preliminary interviews are called for tests. There are

various types of tests conducted depending upon the jobs and the company. These tests can

be Aptitude Tests, Personality Tests, and Ability Tests and are conducted to judge how

well an individual can perform tasks related to the job. Besides this there are some other

tests also like Interest Tests (activity preferences), Graphology Test (Handwriting),

Medical Tests, Psychometric Tests etc.

Written Tests

Various written tests conducted during selection procedure are aptitude test, intelligence

test, reasoning test, personality test, etc. These tests are used to objectively assess the

potential candidate. They should not be biased.

Employment Interviews

The next step in selection is employment interview. Here interview is a formal and in-

depth conversation between applicant’s acceptability. It is considered to be an excellent


selection device. Interviews can be One-to-One, Panel Interview, or Sequential Interviews.

Besides there can be Structured and Unstructured interviews, Behavioural Interviews,

Stress Interviews.

Reference & Background Checks

Reference checks and background checks are conducted to verify the information provided

by the candidates. Reference checks can be through formal letters, telephone

conversations. However it is merely a formality and selections decisions are seldom

affected by it.

Selection Decision

After obtaining all the information, the most critical step is the selection decision is to be

made. The final decision has to be made out of applicants who have passed preliminary

interviews, tests, final interviews and reference checks. The views of line managers are

considered generally because it is the line manager who is responsible for the performance

of the new employee.

Medical examination

Medical tests are conducted to ensure physical fitness of the potential employee. It will

decrease chances of employee absenteeism.

Appointment Letter

The next step in selection process is job offer to those applicants who have crossed all the

previous hurdles. It is made by way of letter of appointment.

Importance of the selection process

Selection means to choose the person from among the prospective candidates to fill in the

vacant posts in the organisation. The success of the organisation depends upon the quality

of personnel selected for the job. According to famous writer Mr Neil Kokemuller, “the

human resources selection process is important to short-term and long-term success of an

organization because employees are generally regarded as the most valued assets”


Procurement of qualified employees and reduced cost of training

Scientific selection facilitates the procurement of well qualified and skilled workers in the

organisation. It is in the interest of the organisation in order to maintain the power over the

other competitive firms. Selection of skilled personnel reduces the labour cost and

increases the production. Proper selection of candidates reduces the cost of training

because qualified personnel have better grasping power. They can understand the

technique of the work better and in no time. Further, the organisation can develop different

training programmes for different persons on the basis of their individual differences.

It is often mentioned that people can be your greatest asset, as well as your biggest

weakness too. Whilst recruitment has to basically do with having the right person, in the

right place, at the right time, at times, we often noticed that human resource departments

often gets this essential recruitment process poorly done.

The process involved in attracting, screening, selecting, and on boarding a qualified person

for a job or vacancy within an organisation has been a trouble for some HR firms in

Mauritius as well as over the world. It is an ongoing concern for any firm to have the right

and competent personnel to be able to make things happen.

In short, getting the wrong people on board may affect the overall company objectives and

hamper its good running. Hence, recruiting the wrong candidate will have many

operational risk on the company and in cases prevents it to work towards achievement of

the strategy.

As a matter of fact it is of utmost concern that such risks are meticulously monitored when

the HR department has the chance to renew its staff, bring new blood to the company and

maintain its survival.

The above recruitment selection process needs to be properly followed such that there are

no excuses for operational risk to occur within HR as if you get those two important

processes wrong, you get everything wrong.

32

2.5.3. SKELETON WORK STRUCTURE

Another operational risk also arises from insufficient human capital. This is the case when

a higher work load of the existing employees can be accounted for increases in the risk of

errors.

These errors in turn are likely to be associated to insufficient expertise or time. Moreover,

the pressure exerted on the employees due to tight personnel resources leads to stress and

subsequently often to frustration, two factors which makes the organisation highly proned

to face operational risk level.

Any organisation cannot operate efficiently and effectively without proper staffing. A

poor-structured department definitely is bound to face all types of operational risks ranging

from errors to demotivation and poor work culture among staff.

2.5.4. NO PROPER INDUCTION PACK FOR NEW ENTRANTS

It is very important that induction of the new employee on his first day of work is properly

done. Well-planned induction enables new employees to become fully operational quickly

and should be integrated within the recruitment process. New staff members that do not

have a clear picture of what is expected from him and how he should serve the organisation

will end up doing anything falling outside his tasks and responsibilities. As such it is

primordial that staff are prepared to face their new responsibilities in a smart way and not

be viewed a potential source of operational risk.

2.5.5. IMPROPER SEGREGATION OF TASKS

Given the number of moving parts in the recruitment and selection process, it’s no surprise

that the roles and responsibilities of those involved are not always appropriately defined.

The issue goes beyond opening the door to fraud and embezzlement. The failure to clearly

and properly assign duties can create conflicts of interest, throw up barriers to

accountability, and complicate matters of compliance and administration.


Moreover, these problems have become more common since the financial crisis and the

ensuing downsizing of operational and IT staff across the industry. The Reduction in the

workforce leaves fewer people in place to handle the same workload initially and, as the

market continues to recover, a growing volume of portfolios and transactions.

Not only does this mean that operational staff may become chronically overextended and

more prone to errors but it leads to situations where employees must wear multiple hats,

sometimes stretching or crossing the boundaries of good segregation controls.

It is not uncommon for firms that once had appropriate controls in place to no longer be

able to support those controls after a workforce reduction. Clearly smaller firms, especially

start-ups, are challenged from the outset by having a relatively small number of employees

available to handle multiple functions.

On a final note, it’s important to remember that issues relating to segregation of duties are

fluid and can crop up as a consequence of hiring or management decisions that seem

relatively harmless.

2.5.6. MANIPULATION OF PAYROLL

Payroll encompasses everything from the payment of wages, salaries, benefits, allowances

to other monies entitled to staff working in an organisation. Some HR firms have

contracted out the payroll function, while others run their own payroll.

The sizable sums of money involved in the payroll function have traditionally been a target

for theft and fraud. Corruption risks in the payroll function mainly relate to the integrity of

the information on which the payroll is based, particularly if the payroll function is

performed by a third party under contract. Thus it is a huge operational risk.

The security of the manual and electronic processes for transferring money and the security

of the information contained on the payroll system are also vulnerable aspects of the

payroll process. The improper conduct of an agency's payroll function can constitute

corrupt conduct as defined by the Independent Commission against Corruption Act 1988.


A risk assessment of payroll may identify some or all of the following corruption risks

whereby an employee obtaining payments to which they are not entitled, by:

Fraudulently claiming on their timesheet for hours not worked or allowances to

which they are not entitled

Failing to provide a leave form for leave taken

Colluding with other staff to cover unauthorised absences

Providing false information for the reimbursement of expenses not incurred or

above approved entitlements

Fraudulently claiming worker's compensation.

An employee may direct payments to himself in the below cases:

A manager drawing up a biased roster, for example, allocating the most profitable

shifts to favoured employees.

A manager planning unnecessary staff on shifts in order to increase payments to

them.

An employee stealing money directly from the payroll.

An employee improperly disclosing personal or banking details retrieved on

payroll.

2.5.7. OUTSOURCING OF SOME HR FUNCTIONS

Outsourcing came to existence for a long time under the form of subcontracting. In

response to the globalization of markets, some human resource companies choose to

outsource some of their activities with the aim to remain competitive. The principle of

outsourcing consists in entrusting some other company with activities one does not wish to

perform oneself anymore.

Yet, the main innovation of the last years is linked to the fact that outsourcing does not

solely apply to manufacturing, but also to more strategic functions such as IT’s, human

resource management, marketing amongst others. By “outsourcing”, the company parts

with certain activities, either by simply entrusting them to another company it consider to

be more efficient, or by separating these activities and making them autonomous.


The success of this approach is linked to certain situations in which the human factor plays

a key role. The reasons behind outsourcing some basic human resources functions are often

guided by the desire to mitigate costs and downsizing the structure.

Subcontracting arrangements require careful administration if they are to yield benefits.

However, where these outsourcing activities are not managed adequately, the magnitude of

operational risk faced by the firm may increase. In particular, another issue for concern is

the loss of control over processes which in turn can lead to a serious threat to the continuity

of its operations if these outsourced companies were to fail.

There are certain people who have experience in a particular area and enjoy goodwill and a

stand in the company. There are certain vacancies which are filled by recommendations of

such people. The biggest drawback of this source is that the company has to rely totally on

such people who can later on prove to be inefficient and unable to deliver the goods.

However, the supervision aspect remains a major area of operational risk because

breakdowns occur so often and in also so many different forms. Directing the decisions

and activities of others is a much bigger challenge and the larger the firm, the tougher is

that job.

Another set of risks is encountered when HR managers outsource critical support services

to recruitment specialists, a measure that, paradoxically, is often meant to reduce

operational risks. In light of the above, HR firms evaluating outsourcing providers should

recognize that due diligence is not a one-time occurrence, but a critical point of control that

should be repeated on a regularly scheduled basis.

With the globalization of markets intensifying and having a concrete influence on

economic structures, outsourcing operations make up one of the consequences of this

phenomenon. We have seen that sub contract operation presents significant risks. Besides

the risk of undermining the technical competencies of the company with an increased

dependence on subcontractors, the underestimation of the psychological consequences for

the human factor represents the most important risk.


2.5.8. COMMUNICATION

Communication is another important factor that upon identification of Operational risk

within an organisation. All aspects of communication need to be considered for proper

cascading of information within an organisation. Communication needs to flow from Top

management to employees and also both ways. The role of the HR is to ensure good flows

of communication between the different levels of the hierarchy. Poor communication can

lead to operational risk in the sense that directives are not properly communicated to

employees and they may end up committing errors. Hence

While there is an established framework for operational risk, active operational risk

management in the business line requires adequate communication with and between all

stakeholders including HR staff, management and other stakeholders. Decision makers and

process professionals have to be able to implement the concepts of risk in their daily work,

and the risk of misunderstanding those concepts in the business line has to be avoided.

Hence communication has a major role to play if an organisation like Bank One is to track

down operational risk issues related to its Human resources.

2.5.9. NO PROPER CODE OF ETHICS & STANDARD OPERATING PROCEDURES

A guide of principles designed to help professionals conduct business honestly and with

integrity. A code of ethics document may outline the mission and values of the business or

organization, how professionals are supposed to approach problems, the ethical principles

based on the organization's core values and the standards to which the professional will be

held.

Standard operating procedures are referred to as the documented processes that a company

has in place to ensure services and/or products are delivered consistently every time. When

a company is growing, it is often highly dependent on the owner for all major decisions. As

the company reaches a certain size, this form of decision making can limit its capacity to

grow further since the owner cannot possibly make all decisions properly. Additional

management and documented SOPs are required to allow the company to continue

growing, and also establish a succession plan and train the growing employee base.


2.6. APPLYING RISK MANAGEMENT TO HR

When developing a risk management plan for your HR activities, there are a number of

areas to focus on. This general list is very important for all organizations in order to

identify and evaluate the risks unique to their own organization.

HR Activity Potential Risk Potential considerations

Compensation

and Benefits

Financial abuse Who has signing authority?

How many signatures are required?

Are there checks and balances?

Hiring Discriminatory

practices

Hiring unsuitable

or unsafe

candidates

"Wrongful" hiring

Was a complete screening completed on

potential applicants?

Were provincial human rights laws

observed?

Is there a set probationary period?

Were promises made to the candidate that

cannot be honoured?

Did the employee sign off on the policies and

contract of employment before being hired?

Occupational

Health and Safety

Environmental

Personal injury or

death

Do we provide safe working conditions and

do we conduct safety checks regularly?

Do we provide adequate training for staff?

Do we ensure the use of appropriate clothing

and safety equipment?

Do we have adequate policies, procedures,

and committee in place?

Employee

supervision

Abuse

Reputation in the

community

Release of

personal

information

Do we provide sufficient orientation and

training?

Do we provide adequate supervision

(especially for activities that occur off-site or

after hours)?

Do we have a performance management

system in place?

Are personal information protection

guidelines followed?


HR Activity Potential Risk Potential considerations

Employee conduct Abuse

Reputation in the

community

Do we have clearly written position

descriptions for all positions?

Do we follow up when the parameters of the

job description are not respected?

Do we provide thorough orientation and

training?

Do we provide an employee handbook?

Do we have comprehensive policies and

procedures?

Do we provide ongoing training about our

policies and procedures?

Do we retain written records of performance

issues?

Do we ensure that organizational valuables

are secure?

Do we have cash management procedures?

Do we have adequate harassment policies

and procedures?

Table 1: Applying risk management to HR

Source: hrcouncil.ca/hr-toolkit/planning-risk-assessment.cfm

2.7. STEPS FOR RISK MANAGEMENT IN HR

According to famous management Consultant and HR Trainer Bhima Rao, ‘Risk is the

threat that an event or action will adversely affect an organisation’s business objectives and

business strategies’. Risk Management is the process of protecting an organisation from

financial loss and controlling risk at the lowest possible cost. The objective of Risk

Management is to identify, assess and resolve risk items before they become potential

threats.

HR which deals with the most valuable resource of the organisation has a vital role to play

to become part of the total Risk Management. Once HR becomes the part of risk

management plan, it will allow using human capital to pursue the company’s long term


goals more methodically and support HR to become a strategic business partner.

While phenomenal progress has been made globally in the field of risk management, both

form a general management perspective and specialised field of expertise. Thus, the

development and implementation of a fact sheet approaches risk management from an HR

perspective is imperial. The idea of the fact sheet is that the focus on the myriad of

business risks has clouded the real essence of risk, and that is the human side of risk. This

approach has been used in South African companies and it has helped to mitigate and

hedge risks.

Apart from natural disasters such as earth quakes occurring in the external environment,

we believe that all risk inside organisations originate from people. At the heart of every

risk in an organisation is a human being. People are not only responsible for managing

risk, they are also causing risks. You may have the most brilliant product or service,

process, policy or system, it is the people who operate these products, services, processes,

policies and systems that will determine how effective you are in achieving your business

objectives.

The need of the day is to assess the risk in the entire scope of HR function and in relation

to the objectives of the organisation. How to assess the risk of HR function, analyse and

estimate the risk which would impact business results and managing the identified risks

successfully is a new challenge to HR professionals.

In order to better manage operational risk in any sectors of business, the below needs to be

taken into consideration:

Risk identification and assessment,

Risk treatment

Risk control


2.7.1. RISK IDENTIFICATION AND ASSESSMENT

Operational risk is not a new concept for all financial institutions in the way that credit

institutions make use of a more or less formalized internal control system including

guidelines. In fact banks should be able to consider on their own numerous factors as this

will enable them to set up the risk profile during the risk identification and assessment.

The risk profile includes implementation process and systems, culture, environment of the

organization, design, products and finally types of customers. At Bank One like in any

organisation, the HR function carries risks. Thus, identifying threats in this function and

how it is going to impact the business results, reputation of the company and future

business is of utmost importance. However, the threats which are often tackled in a routine

manner or a focus is the most critical and difficult task for HR professionals who very

rarely approach this important area systematically.

2.7.2. RISK TREATMENT

In the risk treatment, there will be risk avoidance (“not taking every risk”), risk mitigation

(“intelligently minimizing risk in their development”), risk sharing and transfer

(“intelligently passing on risks to third parties”), risk acceptance (“deliberately taking

certain risks in a targeted way”).The measures might be misspecified which makes that the

measures will have to depend on cost and time so that it can become effective.

2.7.3. RISK CONTROL

In the risk control, there will be inspections of the business processes so that the employees

will know how they are performing the task and whether it is up to the standard with focus

on risk minimisation.

Moreover in the risk control there should be internal and external entities. In relation with

the banking regulation and supervision, the internal audit will make sure that all parties

involved should achieve their targets. Compliance department in banks on the other hand,

will effect regular checks to ensure processes are properly followed and that the employees

in banks are compliant to the guidelines. All these are important in a view to minimise

operational risks as far as possible.


However, despite the growth in risk management approaches and methodologies all over

the world, even this strong field of management science and practice has missed the most

important link in the organisation referred to as the human link.

No matter how sophisticated and smart your risk management system and dashboard, the

human element in organisations can make or break not only risk management, but your

whole organisation.

The explosion of technology, social media, governance, globalisation, sustainability and

other macro trends around the world has created a new world order, one that is more

difficult to manage and control than ever before. Even more frightening is the prospect of

new risks emerging.

Risks can weaken, destroy or even improve business, depending on how HR professionals

strategise, plan, react and deal with risk. Either organisations ignore a risk with the hope

that it will go away, or avoid the risk as long as possible until it becomes unavoidable and

inevitable.


2.8. PROCESS FOR MANAGING OPERATIONAL RISK IN HR

The below process needs to be followed in order to better manage operational risk related

to HR.

Fig 2: Process for managing operational risk in HR

Source:www.suntiva.com/blog/post/37/succession-planning-%E2%80%93-risk-

management-for-your-human-resources/

By applying the definition of risk management to the approach, it is easy to understand the

concept of Succession Planning as a risk management tool in HR. There are several steps

involved and questions that arise as follows:

Steps 1 to 3 relates to the identification of the risks and answering these fundamental

questions:

What is the current and future mission of the organization?

What mission-critical roles, knowledge, skills and competencies are required to

fulfill current and future organization goals and objectives?


- Step 4 is about the assessment and analysis of those risks and answers these crucial

questions:

What is the longevity of the current workforce?

What does the current workforce looks like in terms of knowledge, skills and

competencies they possess?

What is the potential and interest of the current workforce to assume mission-

critical roles in the future?

- Steps 5 and 6 deal with the aspects of controlling, avoiding, minimizing or eliminating

the risks and further answers these vital questions:

What development approaches can be put in place to close the gap between the

knowledge, skills and experience of the current workforce and the leadership and

technical competency requirements for the future?

How can we retain mission-critical knowledge within the organization?

What are the most effective strategies to identify and bring on board new

employees with the mission-critical skills we need to accomplish our future

business objectives?

At times, organizational leaders are disabled or unavailable during or after a disaster. In

case of no formal succession planning, individuals at all levels may be obliged to take on

leadership roles with increased responsibilities with basically little or no preparation.

Staffing issues can also emerge as a compact workforce tries to cope with the demands of

increased assignment.

Open and clear communication throughout the succession planning cycle, as well as

continuous evaluation of the succession planning outcomes are also essential to manage the

risks associated with internal recognition of the succession planning activities.

In summary, while some risks in life may seem inevitable, the human resource risks

associated with changing organization goals and objectives, vacancies left by retiring or

departing employees, loss of key institutional or technical knowledge or even lack of

leadership continuity can be managed through strategic and measured succession

planning.


2.8.1. SETTING UP OF AN HR AUDIT

Formal risk analysis and risk management in HR can help to evolve strategies to minimise

the disruptions of plans, control cost and control loss. Thus, HR audit is the first step to

understand the risk involved in daily HR function and in long term HR plans. In the recent

years, the HR function has become more reactive by helping business leaders cope with the

sudden downturn.

Hopefully, now the business is picking up and hiring activity is in full swing. In today’s

climate, HR faces surprising demands to be effective, efficient and most importantly,

responsive to address changing organisational and business realities. HR professionals

need to become champion of high-performance which adds measurable value to both the

top and bottom line of business, employee satisfaction and retention of talent. It is not easy

to jump to the entire new area of assessing HR risk area and thus HR departments have to

embrace new ideas.

2.8.2. MANPOWER PLANNING

This is the basic function of any HR department. Neglecting or undoing in this area results

in not having required manpower at the right time. Job analysis and job descriptions are

two important attempts to allocate the jobs and selecting a right person for a position. They

are important for conducting performance evaluation of employee. If it is not done

properly it brings disorder and accountability of a person. Organisations do give

importance to workforce planning since job analysis and written down job descriptions are

communicated to employees at the initial stage itself thereby avoiding risk.

There exist different types of workers with different personalities in an organisation. As

per Douglas McGregor's XY theory, we have Theory X workers who are normally are lazy

and perform only to the minimum of their capabilities and are employees who do not show

interest in their job and end up doing slack work due to lack of competencies, an employee

unwilling to take on additional responsibility. Such employees are often those staff who are

demotivated, frustrated and do not welcome changes. In turn these employees may be more

prone to committing mistakes and errors which may disturb operations. Hence it is of

utmost importance for HR Professional to be influential when taking people on board to fill

in high level positions to avoid the below:


Shortage of right kind of employees at a right time,

Attrition of experienced employees,

Employee leaving after completion of their internship programme

To cut it short, people are important in handling risk. People use their skills to solve

unexpected problems. There are employees who are willing to go the extra mile for the

organisation. Moreover employees who are multi-skilled and who can redesign their own

job to avoid unnecessary delays in getting work done is an added advantage to the

company and simply mitigate risk in times of crisis.

2.8.3. RECRUITMENT AND SELECTION NEEDS

Executing action plans to ensure the organisation is not left with a shortage of qualified

workers is one of the biggest challenges today. In the BPO sector, Software companies the

business loss due to non- availability of employees can be easily calculated based on loss

of revenue per employee. Similarly, in garment industry absence of employees brings

down the total production of one line or batch. HR is creating big risks to organisation by

not ensuring the right number of employees at a right time. If the risk analysis is carried

out on a regular basis, the quantum of loss or risk involved can be understood and possible

corrective actions can be initiated.

2.8.3.1. TRANSPARENCY IN THE HIRING PROCESS

Another way to better ensure proper transparency in the recruitment and selection process

at Bank One does keep records of the recruitment and selection process. These comprise of

applications received, screening report, shortlisting report and interview results, among

others. However, the marking sheets used to record marks allocated to candidates during

the interview are not available in all cases. One suggestion from the HR end might be to

record interviews using an electronic device. There should also be more transparent

procedures in recruitment and selection such that operational risk can be mitigated.


2.8.3.2. USAGE OF E-RECRUITMENT

Moreover, Bank One may consider E-recruitment as a means to combat operational risk

related to malpractices. E-recruitment means using internet for recruitment services. The

overall objective of E-recruitment is to reduce human intervention in the recruitment and

selection process and this will eventually help to reduce the risks of influence and

favouritism.

2.8.4. PERFORMANCE APPRAISAL

It is essential to have a well-designed performance appraisal system. Whether goal setting

is done methodically, appraisals are done in a timely manner and documentation is done

properly, reaping of those rewards are linked to actual performance.

As such, ineffective performance management system can result in a lack of good formal

and informal feedback from managers to employees, minimal employee development and

low employee engagement.

Evolving, implementing and institutionalising the performance evaluation system are the

major responsibilities which any HR department should get right. If not implemented

properly, the risks are multiple and will directly impact the morale, motivation and

productivity of the organisation.

Hence, no proper appraisal system would further lead to operational risk arising.HR

professionals should ensure that proper indicators are available to measure performance of

employees. As such, Bank One should set key performance indicators which are

measurable and achievable. To further motivate employees and identify causes of

operational risk at Bank One, 360 Degree Feedback exercise may be carried out to identify

how employees are performing.

Usually, managers and leaders within organizations use 360-degree feedback surveys to

get a better understanding of their strengths and weaknesses. The 360-degree feedback

system automatically tabulates the results and presents same in a format that helps the

feedback recipient create a development plan. This helps give the employee a clear picture


of his and her greatest overall strengths and weaknesses. In a nutshell, there is a common

practice nowadays for companies to carry out a swot analysis on a daily basis in order to

identify their strengths, weaknesses, opportunities and threats.

Other areas which may fall in either major or minor risk zone depending upon the

organisations and situation are:

Induction/Orientation

HR Policy and Procedures

Compensation and benefit

Learning and Development

Employee and labour relations

Labour law compliance

Safety and health program

HR Service Delivery

Retention and Management succession.

2.8.5. QUANTIFYING THE RISK

HR department shall run through a list of risks and to see if any threats are persisting.

Thereafter, review the systems, structures and analyse risks and see whether any

vulnerability persists. Take the opinion of others too, who might have different

perspectives. The next step is to work out the likelihood of the threat being realised and to

assess its impact.

Lastly, make the best estimate of the probability of the event occurring, and multiply this

by the amount it will cost/quantify the risk to set things right if it happens.

Once risk is identified and understood, adopt cost effective methods to mitigate the risks

and on a time bound basis.

Strategies to manage the risks need to be evolved internally through use of existing

unexploited resources effectively, improving the methods and systems and change the

accountability of persons by effective internal control. As a last resort, the firm should

bring in additional resources to overcome the risk.


2.8.6. PAYROLL CONTROL SYSTEM

The HR Function of payroll needs to ensure a proper framework as a means to mitigate

operational risk and must ensure the minimum requirements are followed as per below:

Introduce policy and procedures for payroll that contain elements listed in the

Policy Development Guide and Checklist

Include in the policy sanctions for any breach of the policy and procedures.

Review the policy every two years.

Refer to payroll in all relevant corporate documents such as codes of conduct.

Train all relevant employees in the policy and procedures to ensure they are aware

of their responsibilities.

Most importantly include payroll as a risk to be assessed in the agency's internal

audit and corruption risk management processes.

Following risk assessment of payroll systems the below risk management strategies might

be adopted depending on the exigencies of the HR Department concerned

Following appropriate delegations and procedures for any changes to pay and

timesheet transactions.

Establishing access controls for the payroll system such as passwords, routine

verification procedures and authorisation levels.

Segregating functions to ensure that no one person has complete control over any

aspect of the payroll process.

Ensuring mandatory advance approval by the supervisor for variations to payroll

such as overtime and leave.

Verifying and reconciling employee entitlements such as sick leave.

Imposing financial limits on overtime, allowances and payroll processing.

Conducting unannounced spot checks by managers to verify attendance and

timesheets.

Most importantly, HR firms needs to ensure the payroll system has the capacity to

Automatically integrate employee exits to cease payroll payments to departing

employees

Run fortnightly expenditure reports


Recognise and notify line management of anomalies and overpayments

Ensuring high-risk positions (such as payroll administrators) are adequately

supervised.

Routinely reviewing and testing data processing controls.

Reviewing the recordkeeping and reporting procedures to ensure that:

1. There are controls or systems to record and monitor all payroll transactions.

2. All access to the payroll systems and actions taken are recorded.

3. Records are kept of overtime approvals, staff rosters, travel and expenses

including approvals, receipts and supporting information.

2.8.7. CONTINGENCY PLAN

One way in which HR can deal with operational risk is simply by writing a contingency

plan. Such a plan is a structured way of deciding what to do if key operations are disrupted

or key personnel are not available. It can help the HR personnel at Bank One identify,

prevent or much simply modify the impact of unacceptable risks. In short, it helps the

organisation better recognize the best possible options and ensures that your risk

management rupees are spent wisely.

2.8.8. INTERNATIONAL RISK MANAGEMENT STANDARDS

The ISO 31000 international standard on risk management gives a useful frame of

reference to assist HR directors to place HR strategy within the context of risk

management. In particular, the ISO principles and guidelines document (ISO, 2009) is

extremely important. The document recommends that HR practitioners become directly

involved in:

• embedding risk management as an integral part of all organisational processes,

including managing change

• considering human and cultural factors and, more specifically, recognising the

capabilities, perceptions and intentions of external and internal people who can

facilitate or hinder the achievement of organisations’ objectives

• supporting managers to ensure that companies align their culture and risk

management policies


• supporting performance management by assisting managers to determine the risk

management performance indicators that align with the performance indicators of

organisations

• acting as drivers to ensure legal and regulatory compliance

• building capacity for effective risk management that begins with employee induction

and follows it with training in managing risk

• establishing appropriate organisational structures with clear roles and

accountabilities for managing risk

2.8.9. MITIGATING OUTSOURCING RISKS

Before sub-contracting is done, HR Leaders should ensure and agree that the below steps

have been properly followed:

• The process for selecting capable and reliable service providers

• Standards for outsourced services, including accuracy, security, privacy and

confidentiality

• Procedures to monitor the performance and risks related to outsourced services and

service providers

• Schedules for periodic reviews of outstanding contracts

On the other hand, appropriate rationale and business case should be developed to support

recommendations for outsourcing services. Services or functions that are typically

considered for outsourcing include:

• Investment management

• Information systems management

• Lending analysis and/or loan collection activities

• Records management

• Payroll administration

• Internal audit.

Sufficient analysis should be undertaken to confirm that the service provider has the

necessary expertise, capacity and viability to perform the functions or activities to be

outsourced. Appropriate due diligence and impact analysis of non-performance by a


service provider should also be undertaken. All outsourced services should be subject to

standard contract terms, which may include:

• The nature and scope of the service to be outsourced

• Rules and limitations concerning subcontracting

• Performance measures and reporting requirements

• Dispute resolution and conditions surrounding defaults and termination

• Ownership of information, tools, etc., and access restrictions

• Audit rights

• Confidentiality, privacy and security

• Pricing and insurance.

A review of the service provider’s performance should occur at a minimum annually, and

align with the length of the contract. Each review will ensure that the outsourcing

arrangement is being carried out in accordance with all contract terms and meets all

contract objectives. The review should also include an assessment of the financial strength,

technical competence and continuing viability of the service provider.

2.9. INVOLVEMENT OF TOP MANAGEMENT

Top management is a crucial factor of any Operational risk management system. Many

management systems studies have identified that the effective use of a management system

was directly associated with the role and attitude of top management in the organisation.

The main role of top management is to provide leadership and commitment to the ORM by

defining the ORM policy, integrating the ORM aspects into organisational decision-

making, providing adequate resources for deployment and maintenance of the ORM

system, assigning responsibilities and reviewing organisational risk performance. In

addition, top management also need to have their

i. Strategies adopted by the Board of Directors and oversight exercised by Senior

Management (the President, Vice-Presidents and the Secretary General)

ii. Strong internal operational risk culture (Internal operational risk culture is taken to

mean the combined set of individual and corporate values, attitudes, competencies

and behaviour that determine a firm’s commitment to and style of operational risk

management) and internal control culture, emphasizing on dual controls


iii. Effective monitoring and internal reporting

iv. Contingency and business continuity plans

v. High standards of ethics and integrity

vi. Commitment to effective corporate governance, including, among others,

segregation of duties, avoidance of conflicts of interest, and clear lines of

management responsibility, accountability and reporting, as reflected in the Bank’s

corporate governance documents. All levels of staff shall understand their

responsibilities with respect to operational risk management.

2.9.1. THE APPLICATION OF THE COSO CUBE TO HR

Fig 3: The application of the COSO cube to HR

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a

joint initiative of the five private sector organizations listed on the left and is dedicated to

providing thought leadership through the development of frameworks and guidance on

enterprise risk management, internal control and fraud deterrence. The above framework

has been used as a tool to safeguard against operational risks arising and to ensure the

effectiveness and efficiency of the below HR operations

Recruiting, Hiring and Termination

Compensation

Benefits (Overseas travel subsidy & Retirement)


Performance Management

Learning & Development

Payroll and HRIS

HR Administration

Diversity & Culture

Outsourcing Vendor Management

2.9.2. GUIDELINES FOR MANAGING HR RISK

HR risk management provides unique opportunities for HR directors, managers and

practitioners to support risk governance and management and to develop appropriate HR

risk management plans to address HR risks.

It is important that whilst redesign your organisation’s HR plan, HR Managers do include

HR risk management. It is the basis to align the HR policy with the overall business

strategy such that the management of HR risk is done effectively. When a company

pursues business projects, conduct HR due diligence to identify the HR risks relevant to

business plans should be a must.

2.9.3. IMPLEMENTATION OF HR RISK MANAGEMENT AT BOARD LEVEL

In order to better implement risk management, board members recognised that they

unconsciously applied HR risk management thinking without formalising it in the way

proposed in the standard.

HR directors operating across country borders indicated that they have applied HR risk

management since the time their management teams decided to operate in a different

country, because they were required to conduct a due diligence for HR, and this process is

very much aligned to HR risk management thinking and methodology.

In essence, HR risk management is about asking three fundamental questions as follows:

• What are the HR risks that could expose management in achieving its business

objectives?


• How serious are these risks in other words what are the impacts of these HR risks?

• How can these HR risks be mitigated?

2.9.4. ORGANISATIONAL BACKGROUND

Bank One focuses on customer needs and on building long-lasting relationships with its

customers. It caters both for domestic and international markets, and provides financial

solutions to all segments such as Retail banking ,Corporate Banking as well as Private

Banking .These include transactional and deposit accounts, personal finance, trade finance,

corporate finance and capital market services as well as a host of unique banking services.

Products and services include current, savings and term deposit accounts, personal finance,

trade finance, corporate finance, treasury services and capital market services, as well as a

host of other unique banking services including internet banking, mobile alerts and a full

set of credit cards. In line with its spirit of innovation, Bank One has also added e-

commerce acquiring to its range of offers.

Bank One operates with sixteen branches throughout Mauritius and has a well distributed

network of ATMs. Its endeavour is to bring a sharper focus to the requirements of

customers and to leverage cutting edge technology to provide the highest levels of service.

Since there was the need for Bank One to focus more on the International financial market,

there has been massive investment in enterprise risk management to safeguard against risk.

In year 2014, there has been the appointment of a Chief Risk Officer who has an overview

on all operational and credit risk at the Bank. This gives a clear indication of the bank’s

strategy moving forward.


3. RESEARCH METHODOLOGY

3.1. INTRODUCTION

Research refers to the search for knowledge through objective and systematic methods. It

is commonly carried out to find solutions to a problem or issue with the help of study,

observation, comparison and experiment. Indeed, research is the systematic process of

collecting and analysing data in order to increase understanding of the phenomenon under

consideration. While conducting research, it is important to pay particular attention to the

methodology. In this respect, research methods or techniques are evaluated and selected in

relation to their appropriateness to the research problem or study. This chapter describes

the research methodology, that is, how the research has been carried out, the way data has

been analysed and results have been presented.

For this research the steps proposed by Churchill have been used and these are outlined

below:

Fig 4 Stages in the research process (source: Churchill (1996)


Each of the above steps is discussed below:

1. Defining the Research problem

2. Research Objectives

3. Research Design

4. Collection of data

5. Data Analysis & Presentation of Findings

6. Discussion of Findings

7. Limitations of the Research

3.2. DEFINING THE RESEARCH PROBLEM

HR has often been considered a “soft” area, and many have not understood the inherent

risks involved with this function. The need has come to add total HR function to the

organisation’s regular audit cycle which is overlooked till now by HR professionals and

the top management. There are many operational risk associated with the hr function and if

same are not dealt with, they may hamper the good running of any personnel department.

Thus there is a vital need to identify those operational risks associated with these HR

functions and continuously find new ways to mitigate and hedge against those risks. Hence

in the case of Bank One, thorough focus will be done on identification of those risks and

how each issue will be addressed.

3.3. RESEARCH OBJECTIVES

There is a need nowadays for HR organisations to play a more strategic role and in order to

be able to do so, it is a requisite for the HR department at Bank one to implement an

enterprise risk management system for the organisational structure and culture. Such a tool

will provide an ideal way to align operational risk management and business continuity

with the business itself but the very basis would be to identify the types of operational risks

that firms faces and how these risks can be managed and mitigated.


3.4. RESEARCH DESIGN

A research design will typically include how data is to be collected, what instruments will

be employed, how the instruments will be used and the intended means for analysing data

collected. For this research proposal the exploratory, descriptive and causal research would

be used.

3.4.1. EXPLORATORY RESEARCH

Exploratory research is a type of research conducted for a problem that has not been

clearly defined. Exploratory research helps determine the best research design, data

collection method and selection of subjects.

3.4.2. DESCRIPTIVE RESEARCH

Descriptive research, also known as statistical research, describes data and characteristics

about the population or phenomenon being studied. The descriptive research was used to

find out the demographic profile of the respondents.

3.4.3. CAUSAL RESEARCH

It is a research designed to determine whether a change in one or more variables is

responsible for a change in another variable.Causal research was used to meet the

objectives of this research. Since, it was used to assess the way to mitigate of operational

risk

3.5. DATA SOURCES

For this research both the primary and secondary data have been used.

3.5.1. Primary data

The primary data was obtained by means of the questionnaire survey As the primary data

would be used to provide reliable answers on certain criteria related to Operational Risk

and HR Functions among others.

http://www.businessdictionary.com/definition/employment.html


3.5.2. Secondary data

Secondary data are published data about a topic or issue that have been presented in reports

and/or publications. Secondary data were used as a starting point for this project. The

secondary data used were:

Internet

Books

International journals

The secondary data above had helped to better understand the various issues related to

operational risk, identify areas that affect operational risks in HR and to construct the

literature review.

3.6. DETERMINE THE DATA COLLECTION METHOD

Data will be collected from a survey via face to face interviews and telephones and the

questionnaire will be self-administered.

3.7. SAMPLING

Sampling methods are classified as either probability or non-probability. In probability

samples, each member of the population has a known non-zero probability of being

selected. Probability methods include random sampling, systematic sampling, and stratified

sampling. In non-probability sampling, members are selected from the population in some

non-random manner.

3.7.1. DEFINE THE POPULATION

The target population relate to the employees working at Bank one Limited which

constitute of 300 employees.


3.7.2. SELECTION OF SAMPLING METHOD

Quota sampling is a non-probability sampling technique where in the assembled sample

has the same proportions of individuals as the entire population with respect to known

characteristics, traits or focused phenomenon. Quota sampling is one where the elements or

units from a population are selected on a specific proportion.

The reasons for selecting a quota sampling are as follows:

constraint of time

Limited financial resources

3.7.3. SAMPLE SIZE

Determining the sample size for non-probability sampling is very subjective. Taking into

account the constraint of time and resources, a sample size of only 30 employees at Bank

One Limited was agreed upon to meet the objectives of this research. These 30 employees

were selected from departments of the Head office such as Credit Risk, HR, Corporate

Banking, E-commerce, International Banking, Retail Banking, and Risk.

3.8. DESIGN DATA COLLECTION FORM & QUESTIONNAIRE DESIGN

The questionnaire was designed according to the objectives and hypothesis of this

research. The types of questions used are as follows:

Multiple choice questions: are questions that offer three or more answers

Likert scale: is a statement with which the respondent shows the amount of

agreement or disagreement.

3.9. DATA COLLECTION

Once the collection stage was over, the information was input in SPSS 16 software. Also

respondents were asked to provide their contact details if any clarifications would be

required.


3.10. ANALYZE AND INTERPRET DATA

The data to be analysed are obtained from questionnaires. The data collected are analysed

using the SPSS 16 software. Moreover charts and tables are used for presentation of data

by using Microsoft Excel 2007.

3.11. LIMITATIONS OF RESEARCH

• Due to time and revenue constraints, sample size was restricted to 30 respondents

only. This may not be completely representative of the entire population as a non-

probability and quota sampling had been carried out.

• Information was collected only from staff who worked at the head office only.


4. PRESENTATIONS AND DISCUSSION OF FINDINGS

4.1. INTRODUCTION

In this section, the data collected were in the form of questionnaire which was designed

and later on filled in by respondents. The outcomes are analysed and explained based on a

sample of 30 respondents. These data collected from respondents will be analysed using

the SPSS 16 software and represented through charts. Following the survey done, several

findings relating to operational risks in HR will be thoroughly presented and critically

discussed.

4.2. GENERAL ANALYSIS OF SECTIONS OF QUESTIONNAIRE

4.1.1Section A (All questions tabulated through Spsss)

Question 1:

Do you agree with the following statement: 'Operational Risk is defined as the risk of

loss resulting from inadequate or failed internal processes, people and system or from

external factors '?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Yes 25 83.3 83.3 83.3

No 5 16.7 16.7 100.0

Total 30 100.0 100.0

Table 2: Do you agree with the following statement: 'Operational Risk is defined as the

risk of loss resulting from inadequate or failed internal processes, people and system or

from external factors


From the above survey tabulated through Spss, it was found that around 83% of

respondents agree to the above definition which implies that they a general knowledge of

what is operational risk. This can be due to the fact that respondents all are staff of Bank

One and that in performing their job, they may have at times experience operational risk

issues. This is greatly positive for the purpose of researching on this topic.

Question 2:

Do you agree that people are one of the most critical factors in operational risk?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Yes 27 90.0 90.0 90.0

No 3 10.0 10.0 100.0

Total 30 100.0 100.0

Table 3: Do you agree that people are one of the most critical factors in operational risk?

When the above question was put to respondents, 27 of them considered people as one the

most critical factor in operational risk representing a percentage of about 90% which is

significant. It may be assumed that since human capital is an organisation priceless asset, it

can turn out to be the most riskiest as well.


Question 3:

While managing the root cause of operational risk in HR, which of

the following would you mostly consider?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Procedures 3 10.0 10.0 10.0

All of the

above 17 56.7 56.7 66.7

People 10 33.3 33.3 100.0

Total 30 100.0 100.0

Table 4: While managing the root cause of operational risk in HR, which of the following

would you mostly consider?

When asked which factors they would consider to manage the core cause of operational

risk in HR, some staff from Bank One Ltd favoured all the factors which includes Rules,

regulations, Procedures and people with a response of around 57% compared to 33%

where staff pursued the fact that the factor relating to people is key whenever managing the

root cause of operational risk in HR.


Question 4:

Do you agree that a risk management plan is important in tackling operational risk in

HR?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Yes 27 90.0 90.0 90.0

No 3 10.0 10.0 100.0

Total 30 100.0 100.0

Table 5: Do you agree that a risk management plan is important in tackling operational

risk in HR?

When probed as to whether the availability of a risk management plan is important in

tackling risk related to HR, the majority of staff were in favour of such a plan since it is a

basic tool to counter against operational risk cropping up. Also, Operational risk is present

in practically every tasks being performed, supervised or even verified. The other 10%

who responded no to the question may simply view that the plan alone may not help in

tackling operational risk. This might be explained that the risk management plan can be

blended along with other HR related factors for an appropriate tackling of operational risk.


Question 5:

According to you, what are the main objectives of risk management in HR?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Identify Risk 5 16.7 16.7 16.7

Assess Risk 6 20.0 20.0 36.7

Resolve Risk 2 6.7 6.7 43.3

All of the

above 17 56.7 56.7 100.0

Total 30 100.0 100.0

Table 6: According to you, what are the main objectives of risk management in HR?

When the respondents were asked about the main objectives of risk management in HR,

around 57 % felt the main objectives were to identify, assess and resolve the risk which

does make sense. However, there were mixed response from some staff who argued that

the objectives are to identify the risk first and other staff claimed that assessment should be

the main aim in HR Risk management.


Question 6:

According to you, which of the following HR functions have a far more impact on

Operational Risk?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Poor succession

planning 11 36.7 36.7 36.7

Failures in the

recruitment and

selection process

5 16.7 16.7 53.3

Skeleton work structure 4 13.3 13.3 66.7

Improper segregation of

tasks 2 6.7 6.7 73.3

Manipulation of payroll 3 10.0 10.0 83.3

Outsourcing 2 6.7 6.7 90.0

Communication 3 10.0 10.0 100.0

Total 30 100.0 100.0

Table 7: According to you, which of the following HR functions have a far more impact on

Operational Risk?

When the respondents were told about which HR functions had more impact on

Operational risk, there were shared views in terms of percentage. The one HR function

which staff pointed out to have the more impact on operational risk was poor succession

planning reading a percentage of about 37%.This is a critical factor implying that it is

difficult to monitor such a risk. Also, some respondents representing about 17 % argued

that failures in the recruitment and selection process impacts also on operational risk. This

can be attributed to the fact that at times, HR professionals might end up recruiting the

wrong person for a job or the right person for the wrong job. To cut is short, the other


respondents constituting of about 46% pointed out functions mentioned above as having

the real impact on operational risk.

4.1.2 Section B: (All questions analysed through Spss and represented through Pie

Chart)

All processes

are clearly

followed with

regards to HR

at Bank One

Ltd?

The Risk

Management

framework

currently in

place at Bank

One Ltd can

help identify

operational

risk related to

HR

There are

appropriate

and adequate

systems at

Bank One Ltd

to counter

Operational

Risk in HR

There are

proper

standard

operating

procedures

that help the

proper

functioning of

the HR

process

The HR

department

promotes

sound internal

policies and

control

procedures to

counter

operational

risks

N Valid 30 30 30 30 30

Missing 0 0 0 0 0

Table 8: Validity of questions 7 to 11

From the above table, we can note that all respondents successfully answered questions 7

to 11 hence showing the validity of the sample chosen. Their responses to those questions

will be individually analysed below:


Question 7:

Fig 5: All processes are clearly followed with regards to HR at Bank One Ltd?

Based on the above Pie chart, we can depict that about 60% of respondents who agree and

strongly agree to the fact that processes with regards to HR are clearly being followed

accordingly which is a positive result for the Bank. However, there are another 40% who

still feels that processes are not clearly followed. This is a cause of concern and HR should

improve as well as fine tune its processes and communicate same to staff such that requests

sent to HR are entertained in the most convenient and in line with the processes devised.


Question 8:

Fig 6: The Risk Management framework currently in place at Bank One Ltd can help

identify operational risk related to HR

Based on the above diagram, we can found that most of respondents were unsure whether

the existing risk management framework can help identify operational risk related to HR.

These results give an indication that this framework needs an urgent revamping and

hopefully this has already started with key personnel having been recruited to review the

entire risk management framework. However, this review entails much time since

parameters associated with identification, validation and mitigation of overall risk at the

bank need to be clearly established.


Question 9:

Fig 7: There are appropriate and adequate systems at Bank One Ltd to counter

Operational Risk in HR

From the above chart, we can found that majority respondents were uncertain whether

there are appropriate and adequate systems at Bank One Ltd to counter operational risk in

HR. These results give a sign that the systems are not effective enough to safeguard risk in

HR. As such, it may be that these systems either require a complete review to make them

simpler or needs to be redesign. However, it appears the remaining respondents felt that the

systems are suitable and appropriate but with the latest technology, Bank one can adopt a

change management strategy and implement new sophisticated system to as a means to

counter operational risks related to Payroll in HR.


Question 10:

Fig 8: There are proper standard operating procedures that help the proper functioning of

the HR process

The above chart represents the level of agreement from respondents following the question

of whether there are proper standard operating procedures that help the proper functioning

of the HR process. At large, we can establish that the majority of them advocate that there

are proper SOP’S that enable the suitable running of the HR process. It is true that without

proper established SOP, no process can be followed properly. Yet, there are some

respondents who are uncertain as to whether there are proper procedures that aid in the

proper functioning of the HR process. This uncertainty may be addressed by notifying

employees of the proper procedures that needs to be followed by HR for any HR related

process.


Question 11:

Fig 9: The HR department promotes sound internal policies and control procedures to

counter operational risks

The above figure represents the level of agreement from respondents when asked whether

the HR department at Bank one promotes sound internal policies and control procedures to

counter operational risks. At large, we can establish that the majority of them believe that it

is not the case. It may be that they believe that it is more the role of compliance to ensure

sound internal policies and control procedures.

Nonetheless, there are others who clearly feel that HR is promoting sound internal policies

and control procedures. This can be explained due to the fact that there are detailed internal

policies on HR such as the HR Policy.

In such a policy all control procedures and related policies associated with HR functions

are clearly defined. On the basis of the above result, a copy of such a policy should be

readily made available to existing staff and new entrants to cater for such a lapse.


4.1.3 Section C (All questions analysed through Spss and represented through Bar

Chart)

Question 12:

Fig 10: The setting up of an HR audit function can assist in mitigating operational risk

From the above figure, we can denote that all respondents agree to the fact that the setting

up of an HR audit function can assist in mitigating operational risk. This can be explained

as usually there are audit exercises carried out by both internal and external auditors at the

bank. These audit exercises help to identify operational risks related to HR.

Hence the setting up of an audit function is an added advantage to the HR Department of

bank one which will be able to firstly identify the risk and provide for a corrective measure

instantaneously. There will be as such no need to rely on audit exercise to identification of

those risks.


Question 13:

Fig 11: By ensuring transparency in the hiring process, operational risks can be mitigated

From the above figure, we have a clear cut indication that respondents fully advocate that

by ensuring sound hiring procedures and transparency in that process, operational risk can

be mitigated. This is the case as Bank One is an equal opportunity employer and its

strength is built on teamwork, partnership and diversity of its people.

Normally, interviews are carried out and only the most successful candidates are recruited

by ensuring that all criteria of the recruitment process have been properly followed.

Moreover notifications are given to employees about how the hiring process is conducted

and the transparency prevailing in those recruitments.


Question 14:

Fig 12: A better control on the payroll can mitigate operational risk

From the above figure, we denote the views of respondents are well shared with regards to

the statement that a better control on the payroll can mitigate operational risk. Most of the

respondents are ambiguous that even with better control on the payroll, that operational

risk cannot be mitigated. This is a good argument in that the payroll system involves a

maker and a checker in processing any payments.

If for instance, there is only one person who makes the input and verifies it himself, then

the operation risk is present. However, there exist reconciliation reports that can trace out

whether all entries have been correctly inputted, verified and most importantly tally with

exception reports. Based on these reports, we can ascertain that some respondents agree

that a better control on payroll can help mitigate risks.

The remaining portion of the respondents disagreed with the above statement perhaps as

they feel that strengthening of the payroll control alone does not suffice when dealing with

operational risk within HR.


Question 15:

Fig 13: Reviewing guidelines on risk management on a regular basis can help deal with

operational risks

The above figure sheds light on the fact that the bulk of respondents largely indicated their

agreement on the above statement. It is of best practice for Banks to review guidelines on

risk management on a regular basis and respondents are in view that same is being done

with all reviews of such guidelines being communicated at all levels via intranet. Staff of

the bank will work as per these set guidelines and as such they will be more likely to

commit fewer errors. Hence, constant review of these guidelines will act as prevention to

operational risks.


Question 16:

Fig 14: Top Management should be involved in devising strategies to deal with

operational risks

From the above figure, we denote that respondents all agreed that top management should

definitely be involved in devising strategies to deal with operational risks since they are the

one who have a strategic view on the company’s long term objectives. Hence it is wise to

assume that the top management will need to develop strategies to safeguard the bank

against all types of risks precisely operational risk. Bank one is moving towards such a

direction but there is much more expected in terms of mitigation of risks given the risk of

investing in global markets.


Question 17:

Fig 15: A systemic approach to HR planning can assist in reducing operational risks

From the above figure, we can find that the majority of respondents advocate that a step by

step approach can assist in reducing operational risks. Such an argument holds true in the

sense that by properly elaborating on the different steps to follow into a process such as

recruitment in HR, the staff can minimise operational risks. The more precise the steps are

defined; the likelihood of errors will be minimal. Nevertheless, relying only on the

systemic approach is not to be fully trust since an error made at one step and can end up

into an operational risk issue. Hence a systemic approach requires time to devise and can

prove to be a two- bladed knife for Bank one if not well implemented.


Question 18:

Fig 16: Bank One Ltd reviews its risk limitations and strategies regularly and adjusts its

operational risk framework

From the above figure, we can find that the majority of respondents are uncertain as to

whether bank one review its risk limitations and strategies regularly and adjust its

operational risk framework. It may be that respondents perceive Bank One as a small bank

which is gradually rising in terms of size and which has a focus on international markets. It

will take time for the bank to fully operate its risk management framework but it is on the

right track since it usually reviews its strategies regularly to be in line with the demands of

the market. However, with its exposure in countries like Kenya, it can capitalise on same to

increase its know-how and adjust its framework better to mitigate risks.


Question 19:

Fig 17: The current risk management system at Bank One enables risks associated with

human error to be promptly and effectively dealt with

From the above figure, we can note that the majority of respondents are not convinced as

whether the current risk management system at Bank one enables risks associated with

human error to be quickly and effectively dealt with. This can account for the fact that

some errors of entries on banking software are at times discovered at a later date when the

reconciliation of reports is being carried out.

Hence the results of the survey gives an idea that the current risk management system is

not in a position to detect the errors of entry on the same day. On the other hand, there are

some respondents who agree that the system in place at bank one can detect human error

and remedial actions are taken accordingly. Such a scenario may involve the case of a

wrong input on payroll by a staff and at the time of verification, the verifier is immediately

notified of that error via the system.


Question 20:

Fig 18: Bank one has an appropriate Human resource information system which prevents

system failures, hence prevents losses

From the above figure, we can find that the majority of respondents advocate that an

appropriate human resource information system can prevent system failures and losses.

This is such the case as all inputs on such a system can be verified by another staff and a

report can be retrieved to reconcile whether all information on salaries are accurately done

and there are no grounds for mistakes.

Yet, we have other respondents who might argue that even with the human resource

information system; there is no guarantee that system failures and losses can be prevented.

As such, there is a need for Bank one to still rely on manual verification as a double means

to ensure the figures provided on salary by the system does tally with figures computed

manually.


Question 21:

Fig 19: Training on the core banking software from human resource perspective

With reference to the above figure, when asked whether they have received the proper

training on the core banking software from human resource perspective, the majority of

respondents responded quite positively while others were a bit unconvinced.

This can be related to the fact that most of the respondents are still on the learning curve

having been recruited for less than a year. This issue could be addressed by documentation

of the basic core banking software on the induction day of new entrants and also be

circulated in the form of a memo on a yearly basis among existing staff to enhance their

knowledge.


Question 22:

Fig 20: The current recruitment and selection process is proper and allows the best


The above figure relates to the actual recruitment and selection process at Bank one and

addresses whether such a process is appropriate and whether same caters for the best

candidate to be taken on board. By the look of things, we can denote that majority of

respondents quite agree that the process is being done in the best way possible.

Nevertheless there are some respondents who question the above statement. It may be

assumed that those respondents may think that there are other better ways in which the

current recruitment and selection process be improved. The above results may imply that

Bank One should devise additional recruitment medium like E-recruitment or even Head

hunting to fully attract the best employee.


Question 23:

Fig 21: As staff at Bank One are properly motivated and compensated, fraud is reduced

As per results provide by the above chart, we can depict the fact that majority of

respondents did not feel so sure that with motivation and compensation alone, fraud can be

reduced. This school of thought might be justified maybe due to the fact fraud can be done

based on influence of a staff rather than demotivation or lack of compensation.

Moreover, it may be that the staff unknowingly has done a fraud by simply acting upon

orders given by his superior. The risks of such cases happening is high and Bank one

should be able to identify the purpose, establish the severity of such a fraud and work out a

plan of action to prevent occurrence of similar type of frauds.

On the other hand, it is wise to assume that a staff who is well motivated and who loves his

job would be the least likely to commit fraud. Moreover, rewarding an employee a fair

month’s pay for a month’s work makes the worker more committed to his job and

obviously reduce cases of fraud happening.


As such based on the survey results, Bank one should be able to devise future strategies to

safeguard against such operational risks.

Question 24:

Fig 22: The current system at Bank One double check or verification of the work of

operational staff

From the above chart, we can notice that most respondents strongly agree that the current

system at Bank one allows double check and verification of the work of operational staff

since it is a basic requirement which needs to be ensured. For every transaction being

inputted on the system, there needs to be a verifier to ensure that same has properly been

made and does not put the bank at risk.

However, this may not be the case for a department operating with the minimum

workforce. It may be the case that a staff preparing a request for approval will be the one

who shall check and recommend same. These practices should not be encouraged by bank

one and the maker and checker principle should abide at all times so that not to trigger

unnecessary operational risks


Question 25:

Fig 23: Bank One has appropriate and adequate rules, regulations, procedures, system

and people to mitigate operational risks

With reference to the above figure, as per our survey conducted, majority of respondents

are not certain that Bank one has appropriate and adequate rules, regulations, procedures,

system and people to mitigate operational risks. On the other hand, there are some

respondents who feel like the bank is able to mitigate these risks based on these same rules

and regulations.

The views are quite shared perhaps relating to Bank One’s takeover by Ciel Group in year

2008 after some failed internal processes relating to the Ex-Delphis bank and maybe there

is still a perception among staff that the bank currently still needs to focus more on

strengthening all of its rules, regulations, procedures, system and people


Question 26:

Fig 24: New Employees at Bank One Ltd normally go through a well-designed induction

programme

The above figure shows clearly that respondents unanimously agreed that new employees

at Bank one normally go through a well-designed induction programme. This is a positive

point for Bank One to introduce to the new entrants the various procedures and operations

and make them knowledgeable. In turn, the bank can capitalise on that induction

programme to brief these new entrants on risk issues and implications. This would be a

preventive action towards operational risk.


Question 27:

Fig 25: Succession Planning is properly made at Bank One so that before an employee

leaves, the successor is already identified and trained

From the above figure, we can clearly identify that succession planning is not being

correctly implemented based on the responses received from staff. It is one of the dangers

that impacts directly on operational risk. About 77 % of respondents are uncertain and

disagree that succession planning is properly made. It is of utmost importance for Bank

One to urgently address these lapses and engage in strategies such as business continuity

and develop a crisis management plan in order to plan against such operational risks.


Question 28:

Fig 26: There is proper segregation of duties at Bank One Ltd and this reduces risks.

Based on results from the above figure, we can point out the views of respondents were

quite pooled when they were asked as to whether there is proper separation of duties at the

bank and if this eventually helps to reduce risk.

Yet, we had a percentage of respondents who stand out of the lot who unsure that

segregation of duties does lead to reduction in risk. This point of view holds true in the

sense that even though the duties are split up, human errors are natural and can always

happen, it is most of a preventive action which needs to be put in place. Conversely, other

respondents feel like that division of labour is the basis to make fewer errors.

The more specialised an employee gets in his job; the more little likely he is to commit

errors. On the basis of those results, Bank One should strike the right balance in terms of

adopting a structure where employees are at ease and know exactly what is expected of

them in terms of output.


Question 29:

Fig 27: I am fully aware of the code of ethics at Bank One and I comply with it

With regards to the above figure, we note that majority of respondents are fully aware of

the existence and purpose of the code of ethics and do comply unanimously. However, it is

to be noted that only a small section of respondents are maybe uncertain of what the code

of ethics actually implies. Nevertheless, this small issue can be addressed by HR in terms

of enhancing their knowledge on code of ethics and the implications of same.


Question 30:

Fig 28: Promotion of employees is fair and proper at Bank One Ltd

From the above chart, we may found that the bulk of respondents are uncertain when they

were asked whether the promotion of employees is fair and proper at Bank One Limited.

On the other hand, the remaining portion agreed that the promotional exercise is done in a

fair and proper manner. These results prove that this exercise is not being done in the most

proper way possible. It should be redesign and revamped such that all employees get the

feeling that such an exercise is being done with the best possible resources and with the

required standard.


Question 31:

Fig 29: There are proper strategies at Bank One to retain the best employees

From the above chart, we can denote that about 43% of the respondents felt that Bank One

has put in place proper strategies to retain the best employees. Normally, financial

incentives are at times offered to employees in order to further motivate them to work in

the interest of the bank and also when a counter offer has been made to these employees.

Yet, we have a cluster of respondents of around 40% who are uncertain as to whether those

strategies are effective in retaining top talents. It is a cause of worry and Bank One should

be able to address such an issue by either extending the benefits to other employees based

on their performances as well as recognise their efforts through an increase in pay packet.

On another note, we have a percentage of about 17% who disagree that the strategies are

not properly being implemented to retain the top performing employees at Bank One

Limited.


Question 32:

Fig 30: Communication is properly cascaded down and there is smooth flow of

information at Bank One

From the above figure, we can make a note that the majority of respondents feel that

communication is not properly cascaded down in terms of information. This is a serious

issue as improper information or part information can lead to operational risk.

Miscommunication should be dealt with at bank One Limited on a top priority. Not

ensuring good flows of communication can lead to repercussion not only in terms of profits

but also in terms of reputation for Bank One. In the case of HR, recruiting the wrong

profile due to lack of communication is simply unacceptable.


Question 33:

Fig 31: Employees are properly supervised at to reduce operational risks at Bank One

Referring to the above chart, we notice that majority of respondents strongly agree and

agree that employees are properly supervised at to reduce operational risks. This can be

accounted due to the fact that there are pre-established procedures at Bank one which staffs

need to properly follow and also there are sanctions which are applicable in cases where

staffs by pass those clear cut procedures.

Yet, there are some respondents who are uncertain that employees are not properly

supervised at when it comes to reduce of operational risks. This can be explained perhaps

by the lack of training which they have been given for them to perform these tasks and as

such they will need more coaching in order to become fully fledge. The more interest they

show in learning banking procedures, the easier will be the task of their superiors to

monitor their progress and ensure they commit no errors.


4.1.4Section D (All questions tabulated through Spsss and represented

diagrammatically)

Question 34:

Does the Coso Cube to HR an effective tool to mitigate

operational risk?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid No 30 100.0 100.0 100.0

Table 9: Coso Cube to HR

From our survey conducted, many respondents were not aware of the existence of the Coso

Cube to HR as a tool to mitigate against operational risk and this is quite surprising. As

such this gives a clear picture that Bank One limited is not using the latest tools as a means

of internal control. This would surely need to be implemented in the near future such that

staff would be able to use same when dealing with operational risk issues. It may also be

that Bank One has partly implemented same but there seem to be a lapse as to why same

has not been fully adopted among the staff. So this issue will need to be addressed by Bank

One as part of its risk management strategy.


Question 35:

Do you think that Bank One has been able to successfully

apply a risk management framework for dealing with

Operational Risk at HR level?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Yes 16 53.3 53.3 53.3

No 14 46.7 46.7 100.0

Total 30 100.0 100.0

Table 10: Application of a risk management framework

Based on the above question put forward, the views of respondents are quite shared. 53%

of them agree that the Bank has been successful in implementing a risk management

framework within HR. This can surely be associated with the fact that these staff have

experienced the downfall of Ex-Delphis Bank which was due to operational risk issues.

They appear to have noticed a more modern risk management framework that can counter

risks. However, the remaining 47% of respondents who do not share this view may feel

that Bank one still needs to fine tune its risk management framework towards best

practices.


Question 36:

Do you think that Bank One has been able to implement the

latest international risk management standards as part of its

strategy?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Yes 7 23.3 23.3 23.3

No 23 76.7 76.7 100.0

Total 30 100.0 100.0

Table 11: Implementation of risk management standard as part of Bank One’s strategy

When questioned about whether Bank One has been able to implement the latest

international risk management standards as part of its strategy, over 77% of respondents

felt massively that the bank has not yet reached that level. This is quite precarious since the

bank wants to be a global player in terms of international banking. The more compliant the

bank would be with regards to international risk management standards, the safer will it be

able to attract high profile business and top talents to build up its reputation. Nevertheless,

23% of respondents do feel that the bank has implemented international risk management

standards. This can be explained due to the recent appointment of a Chief risk officer and

slowly but steadily, bank one can aspire to meet those international risk standards.


4.1.5 Section E (Profile of respondents)

The profiles of the respondents are based on their gender, age group, Level of education,

length of service and different levels of the organisational structure of Bank One Limited.

Question 37:

Gender

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Male 11 36.7 36.7 36.7

Female 19 63.3 63.3 100.0

Total 30 100.0 100.0

Table 12: Gender

From the above table, it is noticed that out of a total of 30 respondents, the majority of

respondents were Female. This can be explained simply due to the fact that there are

actually more Female employees at the Bank.


Question 38:

Age Group

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid 21 to 30 20 66.7 66.7 66.7

31 to 40 5 16.7 16.7 83.3

41 to 50 3 10.0 10.0 93.3

Above 50 2 6.7 6.7 100.0

Total 30 100.0 100.0

Table 13: Age Group

From the above table, respondents have been grouped into four categories of age group.

The majority were from the age group of 21-30. This can be explained due to the

significant number of School leavers which the bank recently hired in replacement of

employees who have resigned and as part of its strategy of bringing new blood into the

business


Question 39:

Level of Education

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid School Certificate(Sc) 2 6.7 6.7 6.7

Higher School

Certificate(Hsc) 11 36.7 36.7 43.3

Diploma/Technical

Qualifications 3 10.0 10.0 53.3

Degree & above 14 46.7 46.7 100.0

Total 30 100.0 100.0

Table 14: Level of education

From the above table, respondents have been grouped into four categories in terms of level

of education. It can be noticed the majority have completed their hsc or degree which gives

an idea that the bank has clearly established pre requisites in terms of qualifications before

hiring future employees.


Question 40:

Length of service at Bank One Limited

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Less than 1 year 9 30.0 30.0 30.0

1 - 5 years 8 26.7 26.7 56.7

6 - 10 years 6 20.0 20.0 76.7

Above 10 years 7 23.3 23.3 100.0

Total 30 100.0 100.0

Table 15: Length of service at Bank One Limited

From the above table, we can find respondents have been grouped into four categories in

terms of their length of service at Bank One Limited. The majority of respondents were

new entrants who joined less than a year and their feedback was important with regards on

how they view operational risks. However, we also notice that the remaining respondents

have had wealth of experience at bank one limited as well and their feedback was really

appreciated given the purpose of the study on managing Operational risks in HR.


Question 41:

In which department do you currently work?

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid HR 5 16.7 16.7 16.7

Credit Risk 3 10.0 10.0 26.7

Retail Banking 6 20.0 20.0 46.7

E-Commerce 3 10.0 10.0 56.7

Corporate Banking 4 13.3 13.3 70.0

International

Banking 7 23.3 23.3 93.3

Risk 2 6.7 6.7 100.0

Total 30 100.0 100.0

Table 16: Department

From the above table, we can find that respondents have been grouped into three categories

in terms of the department in which they are posted at Bank One Limited. The majority of

respondents were from the international banking department followed closely by those

from the retail banking department which adds an interesting debate with regards to their

views on operational risk in HR.


Question 42:

Level at which you operate at Bank One Ltd.

Frequency Percent

Valid

Percent

Cumulative

Percent

Valid Strategic(Top Management) 8 26.7 26.7 26.7

Middle

Management/Supervisory 8 26.7 26.7 53.3

Operational level 14 46.7 46.7 100.0

Total 30 100.0 100.0

Table 17: Level of operation at Bank One Ltd

From the above table, we can depict that respondents have been grouped into three

categories in terms of their position at Bank One Limited. The majority of respondents

were from the operational level and questions on operational risks would have been much

easier for them to respond since at times they may have faced such risks in their career.

The other respondents were those at top Management level and middle management.


5. CONCLUSION AND RECOMMENDATIONS

5.1. CONCLUSION

Operational risk management provides a rational and methodical means of identifying and

controlling risk. Operational risk management is not a complex process, but does require

individuals to support and implement the basic principles on an ongoing basis.

In the HR context, operational risk management provides organizations a powerful tool for

only if properly managed and maintained. Top HR Professionals should have a voice in the

critical decisions that determine success or failure in all hr functions involving operational

risks.

This is of utmost importance such that prevention of such risks is catered for before it

becomes critical. The involvement of top management is not to be undermined when it

comes to risk management as they are the one who are in a better place to establish the

proper risk framework.


5.2. RECOMMENDATIONS

The aspects of operational risk related to HR requires management's attention given the

fact that we have find out that the main risk associated with HR is succession planning and

an improper risk management framework.

As such the below solutions may be recommended to improve operational risk

management:

Creating a system so that data can be recorded and which relates to operational

incidents.

Establishing or revamping the set of key risk indicators.

Establishing the potential risk that can occur especially in the context of operational

risk.

Designing and implementing proper controls for operational risk.

Periodical test on the implemented controls, reporting controls.

Last but not least, employees must be encouraged to take conscious of the proper processes

involved in their daily tasks such that error may be avoided. There should be a database

that will reflect operational events and losses and information based on operational risk

must be reported and revised regularly.


REFERENCES

Basel Committee on Banking Supervision. 1998a. Operational risk management. Basel:

(s.n), September.

Bhima, Rao (2015) Devising risk management in human resources Consultant and HR

Trainer

Basel Committee on Banking Supervision. 1998c. Risk management for electronic banking

and electronic money activities. Basel: (s.n), March.

Crouhy, M., Galai, D. and Mark, R. 1998. Key steps in Building Consistent Operational

Risk Measurement and Management, in Operational Risk and Financial Institutions

Culp, C. (2001). The risk management process: Business strategy and tactics. New York:

John Wiley & sons.

Douglas, M. (1992) ‘Risk and Blame’, in M. Douglas (ed:) Risk and Blame: Essays in

culturalTheory. London. Routledge.

Essinger, J. & Rosen, J. 1991. Using technology for risk management. Cambridge:

Woodhead-Faulkner.

Financial services Authority. 1999. A paper by the FSA Informal Working Party on

Allocating Regulatory Capital for Operational. (S.I.:s.n.)

Guidelines on Operational Risk Management by Oesterreichische National Bank in

cooperation with the Financial Market Authority.

Green, P.S, 1992. Reputation Risk Management. London: Pitman Publishing

Hiwatashi, J. (2002). Solutions on measuring operational risk. Capital markets news, the

federal reserve bank of Chicago (September)


Hoffman, D.G. 1998. New Trends in Operational Risk Measurement and Management in

Operational Risk and Financial Institutions, edited by Robert Jameson. London:

RiskBooks.

Jane Ure-Smith (2014). Article on the cost of hiring the wrong person

Freelance journalist in the UK

Jacobus, Y. (2001). A structured approach to Operational risk management in a banking

environment. Doctor of Commerce. University of South Africa.

Jameson, R. (ed.) (1998) Operational Risk and Financial Institutions, Risk books, London.

Katz, I.D. 1995. Financial Risk Manager. London: Euromoney Books.

Kingsley, S., Rolland, A., Tinney, A. & Holmes, P. 1998 Operational Risk and Financial

Institutions: Getting started in operational risk and financial institutions, edited by Robert

Jameson.

King, J.L. (2001): Operational Risk, Measurement and Modelling, Wiley Finance. New

York.

Mayland, P.F. 1993. Bank Operating Credit Risk Assessing and Controlling Credit Risk in

Bank Operating Services. United States of America: Probus Publishing.

Milkau, Udo Dr (27 March 2013) “Adequate communication about operational risk in the

business line’’ Journal of Operational Risk

Nystrom, K. (2002). Quantitative Operational Risk Management, Swedbank, Group

Financial Risk Control, Sweden.

Operational Risks in Financial Services “An old Challenge in a New Environment” Hans-

Ulrich Doerig. Credit Suisse Group Jan 2001

Quick, J. 1999. The Impetus for Change: Operational Risk Special Report. Risk, July: 8


Remenyi, D. & Heafield, A. 1996. Business Process Re-engineering: Some aspects of how

to evaluate and manage the risk exposure. International Journal of Project Management.

Wharton School (2002). Operational risk poses challenges to financial institutions and

regulators. Summary of 2002 risk roundtable series organized by Wharton financial

institutions centre (July 3). Available at:

Wilson, D. 2000. Operational Risk in the Professional’s Handbook of Financial Risk

Management, edited by M. Lore & L. Borodovsky Oxford: Butterworth Heinemann: 377-

412.nsylvania: Cambridge University.

WEBSITES:

http://knowledge.wharton.upenn.edu/articles.cfm?catid=1&articleid=582

http://pezzottaitejournals.net/index.php/IJAFMP/article/view/384

http://www.ifsmauritius.com/mauritius.php

http://www.mfw4a.org/mauritius/financial-sector-profile.html

http://www.mba.mu/pdf/Implementation%20of%20Basel%20III%20Framework%20in%2

0Mauritius-%20July%202014.pdf

http://en.wikipedia.org/wiki/Subprime_mortgage_crisis

http://www.nber.org/papers/w12234

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_on_L

iquidity_20100802.pdf

http://www.investopedia.com/terms/c/creditrisk.asp

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_on_C

redit_Risk_Management.pdf

http://pezzottaitejournals.net/index.php/IJAFMP/article/view/384

http://www.ifsmauritius.com/mauritius.php

http://www.mfw4a.org/mauritius/financial-sector-profile.html

http://en.wikipedia.org/wiki/Subprime_mortgage_crisis

http://www.nber.org/papers/w12234

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_on_Credit_Risk_Management.pdf

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_on_Credit_Risk_Management.pdf


https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_Mark

etRisk.pdf

http://www.mba.mu/pdf/Implementation%20of%20Basel%20III%20Framework%20in%2

0Mauritius-%20July%202014.pdf

http://finance.flemingeurope.com/webdata/2275/Basel-III-and-operational-risk-the-

missing-piece.pdf

http://phd.lib.uni-corvinus.hu/617/2/Homolya_Daniel_den.pdf

http://business.mega.mu/2013/07/05/new-service-mcb-turns-your-mobile-phone-credit-

card/

http://motors.mega.mu/news/2011/09/25/misappropriation-rs-80-million-bramer-banking-

corporation-modus-operandi-fraudsters/

http://www.extension.org/pages/15506/the-role-of-human-resource-management-in-risk-

management#.VQ7pwYGgt4w

https://uk.linkedin.com/jobs2/view/10440562

http://www.proformative.com/articles/cost-hiring-wrong-person

http://www.icac.nsw.gov.au/preventing-corruption/knowing-your-risks/payroll/4906

http://humanresources.about.com/od/glossarys/g/successionplan.htm

http://www.simplicityhr.com/resources/articles/strategies/succession

http://blog.allstream.com/why-business-continuity-demands-succession-planning-of-papal-

proportions/

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_MarketRisk.pdf

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_MarketRisk.pdf

http://www.mba.mu/pdf/Implementation%20of%20Basel%20III%20Framework%20in%20Mauritius-%20July%202014.pdf

http://www.mba.mu/pdf/Implementation%20of%20Basel%20III%20Framework%20in%20Mauritius-%20July%202014.pdf

http://finance.flemingeurope.com/webdata/2275/Basel-III-and-operational-risk-the-missing-piece.pdf

http://finance.flemingeurope.com/webdata/2275/Basel-III-and-operational-risk-the-missing-piece.pdf

http://phd.lib.uni-corvinus.hu/617/2/Homolya_Daniel_den.pdf

http://business.mega.mu/2013/07/05/new-service-mcb-turns-your-mobile-phone-credit-card/

http://business.mega.mu/2013/07/05/new-service-mcb-turns-your-mobile-phone-credit-card/

http://motors.mega.mu/news/2011/09/25/misappropriation-rs-80-million-bramer-banking-corporation-modus-operandi-fraudsters/

http://motors.mega.mu/news/2011/09/25/misappropriation-rs-80-million-bramer-banking-corporation-modus-operandi-fraudsters/


http://www.suntiva.com/blog/post/37/succession-planning-%E2%80%93-risk-

management-for-your-human-resources/

http://www.businesscontinuityuk.net/businesscontinuity/succession-planning-business-

continuity

https://www.seic.com/docs/ims/sei_opprisk_book_us.pdf

http://www.deccanherald.com/content/165365/devising-risk-management-human-

resources.html

http://events.centralbanking.com/kualalumpur/static/business-continuity-planning-and-

operational-risk-management-for-central-banks

http://www.custominsight.com/360-degree-feedback/what-is-360-degree-feedback.asp

https://www.google.com/search?q=coso+cube+2014&sa=X&biw=1280&bih=522&tbm=is

ch&tbo=u&source=univ&ei=h3JAVbqZLsLWUfq3grAJ&ved=0CCkQsAQ#imgrc=mMzJ

Vk8tu--kWM%253A%3BJs2TloVFTxt-

BM%3Bhttp%253A%252F%252Fdeloitte.wsj.com%252Friskandcompliance%252Ffiles%

252F2014%252F03%252FCOSO_-17-

principles1.png%3Bhttp%253A%252F%252Fofficeboots.net%252Ftag%252Fcoso-

internal-control-integrated-framework-2013%3B830%3B369

http://www.bankone.mu/en/

http://www.divestopedia.com/definition/967/standard-operating-procedures-sop

http://www.investopedia.com/terms/c/code-of-ethics.asp

https://www.google.com/search?q=QUOTA+SAMPLING&ie=utf-8&oe=utf-8

https://www.statpac.com/surveys/sampling.htm


APPENDIX A

Dear Respondent,

I am a Part-time student at the University of Technology of Mauritius and am currently

following a course leading to a Master in Business Administration (MBA). In order to

complete my degree, I need to conduct a research and submit a dissertation report. I have

chosen to research on the following: ‘Managing Operational Risks in Human Resources,

with particular reference to Bank One Ltd.’. The purpose of this study is to identify the

operational risks pertaining to human resources existing at Bank One Ltd. and to propose

ways to better manage these risks.

In this context, I would highly appreciate if you could kindly answer the questions or rate

statements in the attached questionnaire.

Kindly note that your opinion is of paramount importance as this survey will give an

indication whether proper strategies are being implemented at Bank One Ltd. to manage

operational risks pertaining to human resources.

You can rest assure that the information you are going to provide will be kept strictly

confidential and your answers will be considered anonymous. The information gathered

will be used solely for the purpose of this study.

I thank you for your participation in the survey.

Yours faithfully,

Kavin Ramsamy

Student

University of Technology, Mauritius


SECTION A

(Please tick (✓) the appropriate box)

1. Do you agree with the following statement: “Operational risk is defined as the

risk of loss resulting from inadequate or failed internal processes, people and

system or from external”?

Yes

No

2. Do you agree that people are one of the most critical factors in operational

risk?

Yes

No

3. While managing the root cause of operational risk in HR, which of the

following would you mostly consider?

Rules

Regulations

Procedures

People

All of the above

4. Do you agree that a risk management plan is important in tackling operational

risk in HR?

Yes

No


5. According to you, what are the main objectives of risk management in HR?

(You may choose for more than one answer)

Identify risk

Assess risk

Resolve risk

All of the above

6. According to you, which of the following HR functions have a far more impact

on operational risk? (You may choose for more than one answer)

Poor succession Planning

Failures in the recruitment and selection process

Skeleton work structure

No proper induction pack for new entrants

Improper segregation of tasks

Manipulation of Payroll

Outsourcing

Communication

No code of ethics and standard operating procedures

SECTION B


S.N. Statements Strongly

Agree

Agree Neutral Disagree Strongly

Disagree

7. All processes are clearly

followed with regards to HR at

Bank One Ltd.

8. The risk management framework

currently in place at Bank One

Ltd. can help identify operational

risk related to HR



Agree


Disagree

9. There are appropriate and

adequate systems at Bank One

to counter Operational risk in HR

10. There are proper standard

operating procedures that help

the proper functioning of the HR

process

11. The HR department promotes

sound internal policies and

control procedures to counter

operational risks

SECTION C



Agree


Disagree

12. The setting up an HR audit

function can assist in mitigating ,

operational risks

13. By ensuring transparency in the

hiring process, operational risks

can be mitigated

14. A better control on the payroll

system can mitigate operational

risks

15. Reviewing guidelines on risk

management on a regular basis

can help to deal with operational

risks

16. Top Management should be

involved in devising strategies to

deal with operational risks

17. A systemic approach to HR

planning can assist in reducing

operational risks

18. Bank One Ltd. reviews its risk

limitation and strategies regularly

and adjusts its operational risk

framework



Agree


Disagree

19. The current risk management

system at Bank One enables risks

associated with human error to be

promptly and effectively dealt

with

20. Bank One has an appropriate

Human resource information

system which prevents system

failures (such as data of

employees being mixed up or

salary inputs being reversed due

to technical issues), hence

prevents losses

21. I have been trained on the core

banking software from human

resource perspective

22. The current recruitment and

selection process at Bank One is

proper and allows the best


23. As staff at Bank One are properly

motivated and compensated,

fraud is reduced

24. The current system at bank One

always allow double check or

verification of the work of

operational staff

25. Bank One has appropriate and

adequate rules, regulations,

procedures, system and people to

mitigate operational risks

26. New employees at Bank One

Ltd. normally go through a well-

designed induction programme

27. Succession planning is properly

made at Bank One so that before

an employee leaves, the

successor is already identified

and trained

28. There is proper segregation of

duties at Bank One and this



Agree


Disagree

reduces risks

29. I am fully aware of the code of

ethics at Bank One and I comply

with it

30. Promotion of employees is fair

and proper at Bank One Ltd.

31. There are proper strategies at

Bank One to retain the best

employees

32. Communication is properly

cascaded down and there is

smooth flow of information at

Bank One

33. Employees are properly

supervised at to reduce

operational risks at Bank One

SECTION D


34. Does the COSO Cube to HR an effective tool to mitigate operational risk?

Yes

No

35. Do you think that Bank One has been able to successfully apply a risk

management framework for dealing with operational risk at HR level?

Yes

No

36. Do you think that Bank One has been able to implement the latest international

risk management standard as part of its strategy?

Yes

No


SECTION E


37. Gender

Male

Female

38. Age group

20 years & below

21 to 30

31 to 40

41 to 50

Above 50

39. Level of Education

School Certificate (SC)

Higher School Certificate (HSC)

Diploma / Technical Qualifications

Degree & above

40. Length of service at Bank One Ltd.

Less than 1 year

1 – 5 years

6 – 10 years

Above 10 years

41. In which department do you currently work?

___________________________________


42. Level at which you operate at Bank One Ltd.

Strategic (Top Management)

Middle Management / Supervisory

Operational level

Thank You!

dissertation may 2015 - ramsamy- managing operational risk in hr final

Documents