dissertation may 2015 - ramsamy- managing operational risk in hr final
TRANSCRIPT
32
ABSTRACT
Operational risk is ever present and has proved to have disastrous effect when related to
human resource. This proposal reviews the literature around identifying and managing
such risks in HR.
It finds that operational risks are often attributed to lack of proper process of HR
functions, and that several factors related to the mentioned HR functions stability are
identified as important in managing operational risk in a bank.
Research was conducted based on secondary data to have an idea how respondents viewed
the identification of operational risks in HR and whether the organisation concerned has
the required tools to mitigate such risks.
The results received from the research were analysed and this gave an idea that
respondents felt that the main issue which stands as a barrier to mitigate operational risk
is mainly the failure to have a proper succession planning process coupled with an
unsuitable framework to deal with risk management.
In response to the above issues, this proposal set forth for remedial actions to deal with
each HR function with regards to assessing the operational risk associated and providing
solutions to reduce same.
Managing Operational Risk in HR by Kavin Ramsamy 1
ACKNOWLEDGEMENTS
This dissertation is the end product of the contribution of many people. My primary thanks
go to my project supervisor, Mr. L. Muneesamy for his helpful comments and expert
guidance throughout the study.
I wish to extend special thanks to Mr. Nemraj Jahaly and Mr. Roumesh Jhugbunthee who
guided me in the use of SPSS and statistical tools to analyse the data collected during the
survey.
Furthermore, I would like to extend a heartfelt appreciation to my family and parents for
supporting me in my studies all these years.
Finally, I would like to say a special thanks to my friends, who in a way or another had
helped me while I was doing this dissertation.
Managing Operational Risk in HR by Kavin Ramsamy 2
TABLE OF CONTENTS
ABSTRACT……………………………………………………………………………….I
ACKNOWLEDGEMENTS……………………………………………………………...1
TABLE OF CONTENTS……………………………………………………………….2-6
LIST OF TABLES AND FIGURES……………………………………………….…7-13
1. INTRODUCTION……………………………………………………………….14
1.1. PROBLEM STATEMENT……………………………………………………...15
1.2. RESEARCH
OBJECTIVES…………………………………………………….155
1.3. OUTLINE OF STUDY .................................................................................. 15-15
2. LITERATURE REVIEW ................................................................................... 17
2.1. INTRODUCTION ............................................................................................... 17
2.2. DEFINITION OF OPERATIONAL RISK………………………………...17-18
2.3. TYPES OF OPERATIONAL RISK .................................................................. 18
2.3.1. PEOPLE………………………………………………………………………….18
2.3.2. SYSTEMS ....................................................................................................... 18-19
2.3.3. PROCESS ....................................................................................................... 20-21
2.3.4. EXTERNAL FACTORS ....................................................................................... 21
2.4. THE NEED TO MANAGE THE RISK ............................................................ 21
2.5. OPERATIONAL RISK IN HR .................................................................... 22-22
2.5.1. POOR SUCCESSION PLANNING ............................................................... 23-24
Managing Operational Risk in HR by Kavin Ramsamy 3
2.5.2. FAILURES IN THE RECRUITMENT AND SELECTION PROCESS ..... 24-24
2.5.2.1. STAGES OF THE RECRUITMENT PROCESS .................................. 25-25
2.5.2.2. TYPES OF RECRUITMENT ........................................................................ 26
2.5.2.3. INTERNAL RECRUITMENT ................................................................. 26-27
2.5.2.4. EXTERNAL RECRUITMENT ..................................................................... 27
2.5.2.5. ADVERTISEMENT .................................................................................. 27-28
2.5.2.6. SELECTION .............................................................................................. 28-31
2.5.3. SKELETON WORK STRUCTURE ..................................................................... 32
2.5.4. NO PROPER INDUCTION PACK FOR NEW ENTRANTS ............................ 32
2.5.5. IMPROPER SEGREGATION OF TASKS ................................................... 32-32
2.5.6. MANIPULATION OF PAYROLL ................................................................. 33-33
2.5.7. OUTSOURCING OF SOME HR FUNCTIONS .......................................... 34-35
2.5.8. COMMUNICATION ............................................................................................ 36
2.5.9. NO PROPER CODE OF ETHICS & STANDARD OPERATING
PROCEDURES ................................................................................................................ 36
2.6. APPLYING RISK MANAGEMENT TO HR............................................. 37-37
2.7. STEPS FOR RISK MANAGEMENT IN HR ................................................... 38
2.7.1. RISK IDENTIFICATION AND ASSESSMENT ............................................... 40
2.7.2. RISK TREATMENT ............................................................................................. 40
2.7.3. RISK CONTROL .................................................................................................. 40
2.8. PROCESS FOR MANAGING OPERATIONAL RISK IN HR ..................... 42
Managing Operational Risk in HR by Kavin Ramsamy 4
2.8.1. SETTING UP OF AN HR AUDIT ...................................................................... 44
2.8.2. MANPOWER PLANNING ............................................................................ 44-44
2.8.3. RECRUITMENT AND SELECTION NEEDS ................................................... 45
2.8.3.1. TRANSPARENCY IN THE HIRING PROCESS ........................................ 45
2.8.3.2. USAGE OF E-RECRUITMENT ................................................................... 46
2.8.4. PERFORMANCE APPRAISAL .......................................................................... 46
2.8.5. QUANTIFYING THE RISK ................................................................................ 47
2.8.6. PAYROLL CONTROL SYSTEM ......................................................................... 48
2.8.7. CONTINGENCY PLAN ....................................................................................... 49
2.8.8. INTERNATIONAL RISK MANAGEMENT STANDARDS ........................ 49-50
2.8.9. MITIGATING OUTSOURCING RISKS ............................................................ 50
2.9. INVOLVEMENT OF TOP MANAGEMENT.................................................. 51
2.9.1. THE APPLICATION OF THE COSO CUBE TO HR ....................................... 52
2.9.2. GUIDELINES FOR MANAGING HR RISK ..................................................... 53
2.9.3. IMPLEMENTATION OF HR RISK MANAGEMENT AT BOARD LEVEL
………………………………………………………………………………………….…53
2.9.4. ORGANISATIONAL BACKGROUND ............................................................... 54
3. RESEARCH METHODOLOGY ....................................................................... 55
3.1. INTRODUCTION ............................................................................................... 55
3.2. DEFINING THE RESEARCH PROBLEM ..................................................... 56
3.3. RESEARCH OBJECTIVES ............................................................................... 56
Managing Operational Risk in HR by Kavin Ramsamy 5
3.4. RESEARCH DESIGN ......................................................................................... 57
3.4.1. EXPLORATORY RESEARCH ............................................................................ 57
3.4.2. DESCRIPTIVE RESEARCH .............................................................................. 57
3.4.3. CAUSAL RESEARCH ......................................................................................... 57
3.5. DATA SOURCES ................................................................................................ 57
3.5.1. PRIMARY DATA ................................................................................................. 57
3.5.2. SECONDARY DATA ........................................................................................... 58
3.6. DETERMINE THE DATA COLLECTION METHOD ................................. 58
3.7. SAMPLING .......................................................................................................... 58
3.7.1. DEFINE THE POPULATION ............................................................................ 58
3.7.2. SELECTION OF SAMPLING METHOD .......................................................... 59
3.7.3. SAMPLE SIZE ..................................................................................................... 59
3.8. DESIGN DATA COLLECTION FORM & QUESTIONNAIRE DESIGN .. 59
3.9. DATA COLLECTION ........................................................................................ 59
3.10. ANALYZE AND INTERPRET DATA ............................................................. 60
3.11. LIMITATIONS OF RESEARCH ...................................................................... 60
4. PRESENTATIONS AND DISCUSSION OF FINDINGS ............................... 61
4.1. INTRODUCTION ............................................................................................... 61
4.2. GENERAL ANALYSIS OF SECTIONS OF QUESTIONNAIRE ......... 61-103
5. CONCLUSION AND RECOMMENDATIONS ............................................ 104
5.1 CONCLUSION………………………………………………………………...104
Managing Operational Risk in HR by Kavin Ramsamy 6
5.2. RECOMMENDATIONS .................................................................................. 105
REFERENCES…………………………………………………………………….106-110
APPENDIX A………………………………………………………………………111-118
Managing Operational Risk in HR by Kavin Ramsamy 7
LIST OF TABLES & FIGURES
TABLE TITLE PAGE
Table 1 Applying risk management
to HR
37-38
Table 2 Do you agree with the
following statement:
'Operational Risk is defined
as the risk of loss resulting
from inadequate or failed
internal processes, people
and system or from external
factors
61
Table 3 Do you agree that people are
one of the most critical
factors in operational risk?
62
Table 4 While managing the root
cause of operational risk in
HR, which of the following
would you mostly consider?
63
Table 5 Do you agree that a risk
management plan is
important in tackling
operational risk in HR?
64
Table 6 According to you, what are
the main objectives of risk
management in HR?
65
Table 7 According to you, which of
the following HR functions
have a far more impact on
Operational Risk?
66
Managing Operational Risk in HR by Kavin Ramsamy 8
Table 8 Validity of questions 7 to 11
67
Table 9 Coso Cube to HR
95
Table 10 Application of a risk
management framework
96
Table 11 Implementation of risk
management standard as part
of Bank One’s strategy
97
Table 12 Gender
98
Table 13 Age Group
99
Table 14 Level of education
100
Table 15 Length of service at Bank
One Limited
101
Table 16 Department
102
Table 17 Level of operation at Bank
One Ltd
103
Managing Operational Risk in HR by Kavin Ramsamy 9
FIGURES TITLE PAGE
Fig 1 Stages of the recruitment
process
25
Fig 2 Process for managing
operational risk in HR
42
Fig 3 The application of the
COSO cube to HR
52
Fig 4 Stages in the research
process
55
Fig 5 All processes are clearly
followed with regards to
HR at Bank One Ltd?
68
Fig 6 The Risk Management
framework currently in
place at Bank One Ltd can
help identify operational
risk related to HR
69
Fig 7 There are appropriate and
adequate systems at Bank
One Ltd to counter
Operational Risk in HR
70
Fig 8 There are proper standard
operating procedures that
help the proper functioning
of the HR process
71
Managing Operational Risk in HR by Kavin Ramsamy 10
Fig 15 A systemic approach to
HR planning can assist in
reducing operational risks
78
Fig 16 Bank One Ltd reviews its 79
Fig 9 The HR department
promotes sound internal
policies and control
procedures to counter
operational risks
72
Fig 10 The setting up of an HR
audit function can assist in
mitigating operational risk
73
Fig 11 By ensuring transparency
in the hiring process,
operational risks can be
mitigated
74
Fig 12 A better control on the
payroll can mitigate
operational risk
75
Fig 13 Reviewing guidelines on
risk management on a
regular basis can help deal
with operational risks
76
Fig 14 Top Management should
be involved in devising
strategies to deal with
operational risks
77
Managing Operational Risk in HR by Kavin Ramsamy 11
risk limitations and
strategies regularly and
adjusts its operational risk
framework
Fig 17 The current risk
management system at
Bank One enables risks
associated with human
error to be promptly and
effectively dealt with
80
Fig 18
Bank one has an
appropriate Human
resource information
system which prevents
system failures, hence
prevents losses
81
Fig 19 Training on the core
banking software from
human resource
perspective
82
Fig 20 The current recruitment
and selection process is
proper and allows the best
candidates to be employed
83
Fig 21 As staff at Bank One are
properly motivated and
compensated, fraud is
reduced
84
Fig 22 The current system at
Bank One double check or
verification of the work of
operational staff
85
Managing Operational Risk in HR by Kavin Ramsamy 12
Fig 23 Bank One has appropriate
and adequate rules,
regulations, procedures,
system and people to
mitigate operational risks
86
Fig 24 New Employees at Bank
One Ltd normally go
through a well-designed
induction programme
87
Fig 25
Succession Planning is
properly made at Bank
One so that before an
employee leaves, the
successor is already
identified and trained
88
Fig 26 There is proper
segregation of duties at
Bank One Ltd and this
reduces risks.
89
Fig 27 I am fully aware of the
code of ethics at Bank
One and I comply with it
90
Fig 28 Promotion of employees
is fair and proper at Bank
One Ltd
91
Fig 29 There are proper
strategies at Bank One to
retain the best employees
92
Fig 30 Communication is
properly cascaded down
and there is smooth flow
of information at Bank
One
93
Managing Operational Risk in HR by Kavin Ramsamy 13
Fig 31 Employees are properly
supervised at to reduce
operational risks at Bank
One
94
Managing Operational Risk in HR by Kavin Ramsamy 14
1. INTRODUCTION
Operational risk management is at a crucial point in its development. Numerous
approaches have been developed across different industries, but many institutions are
struggling to make these fully effective by really embedding them into the day-to-day
management of their business.
Risk has always been a universal feature of any financial activity across the globe and one
of those risk referred to as Operational risk has often been associated with human
resources. Such a risk arising from human resources are those issues that hamper the good,
efficient and effective running of any HR department in an organisation.
Organizations should not restrict the management of risk to traditional areas like insurance
or financial operations. Human Resources risk management strategies, and organizational
policies and procedures must be included in risk management systems.
Risk management is often not seen by Human Resources professionals as a key element of
their contribution to the organizations in which they work. A prime responsibility of the
Human Resources function should be to provide the effective management of risk for
organizational activities that have a people dimension. Human Resources processes should
support and be recognized and accepted as supporting the management of risk.
Human Resources professionals should use risk management techniques to identify risk
exposures and evaluate control options to demonstrate how Human Resources risks can be
managed and how their effective management adds value to the business. They must also
show the cost of initiatives to improve the management of people risks compared to the
cost of inaction.
Human Resources professionals are called upon to adopt a proactive risk-based and
business-focused approach rather than a reactive and risk-averse legislative compliance
approach. This will create an environment where they can develop their professional and
personal competency and demonstrate added value.
Managing Operational Risk in HR by Kavin Ramsamy 15
As such the main focus of this study will be based on this aspect of operational risk which
HR Organisations faces on a day to day basis. The challenges for HR in terms of
operational risk will be identified and thoroughly discussed into more details in the
literature review section in chapter 2.
1.1. PROBLEM STATEMENT
Operational risk is for more difficult to capture because it is natural and is often not taken
seriously but it is still predictable. It can be threat to financial stability if not properly
mitigated. HR firms should review their risk limitation and strategies regularly but most
importantly adjust their operational risk framework. The aim of this proposal is to find out
how the HR department at Bank One Limited identifies and manage operational risks.
1.2. RESEARCH OBJECTIVES
To identify the types of operational risks that HR faces
To analyse how these risks can be managed and mitigated
1.3. OUTLINE OF STUDY
This research work is divided into 5 sections:
Chapter 1 is an introduction to the concept of Operational risk followed by the problem
statement and eventually the research objectives concerning identification of such risks in
human resource and how those risks will be mitigated.
Chapter 2 consists of a literature review based on the very definition of operational risk
and the types of operational risk that are existent and related topics such as factors
affecting Operational risk in HR, risk identification and assessment as well as steps to
manage operational risks in HR.
Chapter 3 deals mainly with the research methodology of this project with emphasis
mainly on
Managing Operational Risk in HR by Kavin Ramsamy 16
Research design which deals the type of research conducted, the medium used for data
collection as well as the sampling method used.
Chapter 4 depicts the discussion and analysis following the data collected from
respondents about operational risks in HR and with responses, trends would be identified
and represented though charts on excel and SPSS software 16.
Chapter 5 which is the last chapter is concerned with highlighting the main points that
have emerged from this study and necessary conclusions will be reached as well as
recommendations proposed about managing operational risk in HR.
32
2. LITERATURE REVIEW
2.1. INTRODUCTION
This section deals mainly with all theories and factors that have helped to identify
operational risks in HR and gives an overview of the different risks aspects with emphasis
in particular on HR functions which are prone to operational risks. Recruitment process,
succession planning and outsourcing amongst others have been thoroughly identified as
factors that can cause operational risk in HR. Moreover there are several steps that have
been identified in a way to better monitor and control operational risks.
2.2. DEFINITION OF OPERATIONAL RISK
As per the New Basel Accord 2001, operational risk is the “risk of loss resulting from
inadequate or failed internal processes, people and systems or from external event”.
According to Doerig (2003) operational risk management is ‘simply put good management
and close to quality management.” Operational risk is like a continuous process that all
banking and financial institutions trade with people. But system failures and payment
errors can cause operational risk.
Operational risk is no simple or self-evident category; it is a label for a diverse range of
practices, an aspiration for control and regulation in an elusive field and an imperative to
manage a newly visible range of problems. It is both a name for a set of problems and
interests, and a promise of a new way of intervening in the internal structure of financial
organizations.
Basically, operational risk is a financial risk consisting of the following three sources:
The first one relates to internal risk suck as risk of rogue traders
No discussion of operational risk would be complete without a mention of rogue
activity that is, the conscious departure from sanctioned operating policies and
procedures. To be clear, rogue activity is not always due to malign intent. While
firms may worry about the rogue who is actively seeking ways to cheat or
Managing Operational Risk in HR by Kavin Ramsamy 18
embezzle, the more common problem is employees who may sincerely want to do a
good job, but take shortcuts or triage their responsibilities when they are
overstretched. Another type of rogue activity is the senior staff member who
routinely ignores policies and procedures, a situation to which smaller firms may be
especially prone.
The second one narrates about external event risk which is an uncontrollable
external event such as terrorist attack or weather destruction.
And finally the third one depicts business event risk which captures many things
such as price wars.
2.3. TYPES OF OPERATIONAL RISK
There exist mainly four types of operational risk as outlined below:
People
Systems
Process
External Factors
2.3.1. People
The first one relates to Human error which is completely natural. According to Kats, he
points out that since human resources are involved in the undertaking of any business
activity, we will have a business process involving knowledge, skills, ability and
experience of the person. So this can be considered as a critical risk factor. Furthermore,
(Kingsley, Rolland, Timey and Hormes 1990) all stated that ‘people are an important
resource’ but however it is difficult to measure:
Human Error
All human activities harbour the risk of error. The more complex is the nature of an
activity, the higher is the risk. As a result, the risk of damage due to mistakes is
extremely varied. The range includes cases such as incorrect processing due to
insufficient expertise, clerical mistakes, wrong inputs in IT systems, omissions or
errors due to work-related or private stress among others. In contrast to criminal
Managing Operational Risk in HR by Kavin Ramsamy 19
acts, these mistakes do not involve any intent to make personal gain or cause
damage to the employer or third parties
Lack of Teamwork
Lack of culture of control
Poor Supervision
On another note, Wilson (2000) states that human resource are not the only cause of the
risk but also they will contribute in managing the risk.
2.3.2. Systems
In the Human resource context, failed internal systems can prove detrimental to the proper
running of the overall organisation. Any HR department in any sector is bound to face
risks if its internal systems are not good. In Banks, there have been problems with the
Human resource information system whereby there have been system failures where data
of employees have been mixed up and salary inputs have been reversed due to technical
issues.
Complex or poorly designed systems and processes can give rise to operational losses,
either because they are unfit for purpose, or because they malfunction. As a result, the
Bank may experience a wide range of problems, including settlement-processing errors,
fraud and information security failures. In addition, the increasing automation of systems
and our reliance on IT has the potential to transform risks from minor manual processing
errors to major systematic failures.
Moreover, there have also been cases where the attendance system in place to monitor
presence of staff have wrongly reported staff as absent and this has led to serious
implications including wage cut which is a serious operational risk. Hence, when we talked
about new technology it can be an advantage as well as a disadvantage because it can bring
implications such as complexity or uncertainty. The more advanced is the technology, the
more will be the risk associated with it.
Managing Operational Risk in HR by Kavin Ramsamy 20
Wilson (2000) stated that ‘system is the risk that will not keep track of progress of record’.
As far as we know it is partly through contribution of technology that a business can drive
forward towards its expansion.
2.3.3. Process
Operational risk is different from other types of risks because it deals with established
processes rather than managing the unknown circumstances. It does not mean that handling
operational risks is an easy undertaking as they are interrelated in many complex ways.
One operational risk can have impact on other operational risks in the system. Therefore,
managing risks in operations require a systemic and repeatable approach.
It is evident that processes are subject to operational risks and could even be considered as
the main risk factor. Wilson (2000) stated process risk is the risk of business processes
being insufficient and causing unexpected losses.
Failed internal processes in Human resources have very often been associated to serious
frauds including the embezzlement of more than Rs 80 million at the expense of Bramer
Banking Corporation in Mauritius.
Such a fraud was made possible since processes were either not fully followed or they
were simply poorer ones with no proper due diligence carried out by compliance at the
time the fraud was made.
The recruitment process would have indirectly been put into question as well in the sense
that the employment background of those people involved in the fraud were highly
discussed and questions were raised as to whether proper reference checks were done as
part of the hiring process.
It may also be argued that the people who were involved in this massive fraud either did
not receive the proper training in terms of detecting the likelihood that they were
committing a fraudulous transaction.
Managing Operational Risk in HR by Kavin Ramsamy 21
These are risks that may have been considered to have arisen through
i. Lack of training on the core banking software from human resource perspective.
ii. Poor recruitment of staff which will be questionable
iii. Lack of motivation among staff which may have led to the above fraud
2.3.4. External Factors
External factors forms parts in the operational risk management process, it is imperative
that there should be control as the external factors. However there might be internal
factors as well such as fraud risk, illegal actions of the banker’s employees. Systems risk
is also a risk factor.
According to Mayland (1993) stated that systems risk arises when a bank is involved in
transactions such as payment or securities. The risk is natural in human resources when
payroll is being conducted by an individual who is the sole inputter of entries and sole
verifier of those transactions.
2.4. THE NEED TO MANAGE THE RISK
According to Jacobus (2001), risk creates uncertainty, which can result into a loss for a
bank. According to Taylor (1983) said that “we clearly cannot eliminate risk, but we can
manage it”. According to Green (1992) argued risk management involves rules,
regulations, procedure, system as well as people and all these involvement should be
blended together to protect the financial institution from making losses. To some extent, if
an organisation is well regulated, this will show soundness which will contribute
effectively to achieve economic stability.
32
2.5. OPERATIONAL RISK IN HR
The reality about HR risk is that currently it is not as visible within organisations
internally. However, if there is not a deliberate identification and management of HR risk
internally, it could be exposed externally. Risk involved in Human Resource Management
function and its assessment is yet to take a firm root. Basic operational risk related to HR
can be the result of the below factors and each of these operational risks will be thoroughly
discussed
Poor succession planning
Failures in the recruitment and selection process
Skeleton work structure
No proper induction pack for new entrants
Improper segregation of tasks
Manipulation of payroll
Outsourcing of some hr functions
Communication
No Code of ethics & Standard operating Procedures
Newspapers, media, television, magazines and specialist reports have exposed some of the
incidents that can at best be called poor people practices, and at worst atrocities against
humanity. Such incidents can take the form of the below:
Poor safety, wellness and employee health;
Slavery and other forms of employee exploitation;
Employees being on temporary employment forever while doing permanent work;
Discrimination leading to gross racial, gender and other inequalities in terms of
appointments
Poor Pay package and benefits
Human right abuses such as employees being locked up over a weekend
Unfair labour practices
Slavery
Workplace bullying, victimisation and manipulation of employees
Employee theft
Fraud and corruption culminating in corporate scandals
Managing Operational Risk in HR by Kavin Ramsamy 23
Favouritism
Workplace violence
Non-compliance to legislation, rules, codes and standards
Pollution
Destruction of family life as a result of migrant labour
Poor wages for employees while executive remuneration continues to escalate
Poor employment relations and workplace conflict
Perpetuation of poverty and poor socio-economic conditions
Therefore the emergence of mistrust, failure to communicate, low morale and suspicion
among staff members, as well as increased turnover of staff, should be regarded as
indicative for potential increase in operational risk. This is why HR firms are now more
involved in the management and mitigation of operational risk as well as other risks that
are to their detriment.
2.5.1. Poor Succession Planning
Succession planning is a process for identifying and developing people’s abilities with the
aim to fill up key business leadership positions in the company. By adopting this strategy,
any HR firm is able to increase the availability of experienced and capable employees.
In turn, those employees will be fully prepared to assume these roles in the most proficient
way. One thing that is fundamental to the succession-management process is the core idea
that argues that top talent in the company must be managed for the greater good of the
enterprise. However, companies argue that a "talent mind set" must be part of the
leadership culture for these practices to be effective.
Poor Succession planning is one of the most critical operational risks that can be identified
within human resource. Such a risk is omnipresent and affects the whole company
throughout its lifetime.
Very often, in times of crisis, existing employees are not able to fill someone else shoes
and also new staff who are recruited are to fill only a key role within the company and are
not multi-skilled and not all-rounder employees.
Managing Operational Risk in HR by Kavin Ramsamy 24
The above is a serious thought of concern in the case of a CEO retiring on medical grounds
and in the event that there are no proper succession planning that have been devised to take
over his duties, this will eventually hamper the good running of the organisation. It may
lead to further key personnel leaving the company and causing a big operational issue.
Through a succession planning process, HR organisations are in a better position to recruit
superior employees, develop their knowledge, skills, and abilities, and prepare them for
advancement or promotion into ever more challenging roles. Thus, actively pursuing
succession planning ensures that employees are constantly developed to fill each needed
role.
Proper succession planning ensures that an organization manages, avoids, minimizes or
eliminates the risks of not having the right people, with the right skills, at the right time, to
accomplish the organization’s mission and ensure continuity of operations.
According to a 2006 Canadian Federation of Independent Business survey, it was found
that small and medium sized enterprises were not adequately prepared for their business
succession as follows:
Only 10% of owners have a formal and written succession plan
38% of them have an informal and an unwritten plan
Whilst the remaining 52% do not have any succession plan at all.
The above results are backed by a 2004 Canadian Independent Business survey which
suggests that succession planning is gradually becoming a precarious issue.
2.5.2. Failures in the Recruitment and Selection Process
Recruitment is basically the process of having the right person, in the right place, at the
right time. It refers to the process of attracting, screening, selecting, and on boarding a
qualified person for a job or vacancy within an organisation. It is an ongoing concern for
any firm. It becomes a strategy in that it offers a company the chance to renew its staff
bring new blood to the company and maintain its survival.
Managing Operational Risk in HR by Kavin Ramsamy 25
Successful recruitment and selection process not only depends upon not only finding
people with the necessary skills, expertise and qualifications to deliver organisational
objectives but the candidate who can best fits the organisation and has the ability to make
a positive contribution to the values and aims of the organisation. Hiring insufficiently
skilled staff introduces significant operational risk to an organization, and neglecting to
train new employees blends the error.
2.5.2.1. STAGES OF THE RECRUITMENT PROCESS
Fig 1: Stages of the recruitment process
The stages of the recruitment could be classified as both internal and external and could
also be online. As per the above diagram, it involves the stages of
Recruitment policies
Advertising
Job description
Job application process
Interviews
Assessment
Decision making
Legislation selection and training
Managing Operational Risk in HR by Kavin Ramsamy 26
The recruitment process also includes job analysis and developing some person
specification; the sourcing of candidates by networking, advertising, and other search
methods; matching candidates to job requirements and screening individuals using testing
(skills or personality assessment), assessment of candidates’ motivations and their fit with
organizational requirements by interviewing and other assessment techniques.
Finally the making and finalizing of job offers and the induction and on boarding of new
employees does not necessarily bring the recruitment process to a stop. In fact, the
retention exercise starts as the organisation uses its resources efficiently to keep motivate
new employees towards the prospect for growth.
2.5.2.2. TYPES OF RECRUITMENT
Depending on the size and practices of the organization, recruitment may be undertaken in-
house by managers, human resource generalists and recruitment specialists. Alternatively,
parts of the process may be undertaken by public-sector employment agencies, commercial
recruitment agencies, or specialist search consultancies. Companies make use of both
internal and external recruitment as part of their hiring strategy and at Bank one such types
of recruitment are widely employed
2.5.2.3. INTERNAL RECRUITMENT
It relates to recruitment which takes place within the concern or organization. Internal
sources of recruitment are readily available to an organization. Internal recruitment may
lead to increase in employee’s productivity as their motivation level increases. It also saves
time, money and efforts. But a drawback of internal recruitment is that it refrain the
organization from new blood. Also, not all the manpower requirements can be met through
internal recruitment. Hiring from outside has to be done.
Internal sources primarily consist of the following:
Transfers,
Promotions
Re-employment of ex-employees.
Managing Operational Risk in HR by Kavin Ramsamy 27
Transfers
Priority in filling up of vacant positions shall be given to employees with pending request
for transfer, provided that they meet the minimum requirement for the position and have
successfully gone through the required selection process. In case the company does not
have the right candidates among those who have asked for internal transfers, then the
hiring of new employees shall be considered.
Promotions
It is a policy inside many firms to first recruit internally. When internal recruiting is done
based on an advert for promotion, the firm offers its workers the chance for advancement
and recognises their effort and contribution. It is an added advantage of recruiting
internally since there is no cost incurred in placing an advert and recruitment efforts are
reduced. This measure can help to prevent operational risk on HR side since the staff
already knows the job and likelihood of errors is low.
Re-employment of ex-employees
Re-employment of ex-employees is one of the internal sources of recruitment in which
employees can be invited and appointed to fill vacancies. This can be an added advantage
to the organisation as well as a course of concern as there is a risk that such workers may
leave the organisation for a second time thereby causing a big operational issue. Such
practices have been discouraged so far for entry level jobs.
2.5.2.4. EXTERNAL RECRUITMENT
When Bank One fails to identify a talent within the organisation, then, external sources of
recruitment have to be solicited from outside the organization. But it involves lot of time
and money. The external sources of recruitment include most commonly the posting of job
adverts and recourse to Head Hunting which is widely used for Top Positions.
2.5.2.5. ADVERTISEMENT
It is an external source which has got an important place in recruitment procedure. The
biggest advantage of advertisement is that it covers a wide area of market and scattered
Managing Operational Risk in HR by Kavin Ramsamy 28
applicants can get information from advertisements. Medium used is Newspapers and
Television.
Recruitment is one of the most important parts of HR, as if you get this process right
you’re halfway there, as you have minimised any potential employee’s issues that can arise
in future. However, if the recruitment is not done effectively then this will have wide
reaching implications for the organisation long term.
Recruiting staff is a very costly exercise. It is also an essential part of any business and it
pays to do it properly. When organisations choose the right people for the job train them
well and treat them appropriately, these people not only produce good results but also tend
to stay with the organisation longer. In such circumstances, the organisation's initial and
ongoing investment in them is well rewarded. Eventually, they will be an added value to
the organisation.
Therefore, it is still quite amazing how often employers can get this process wrong, either
through neglect or ignorance. Even though everyone is aware how important and more
importantly how expensive it is to recruit employees in the current market.
The latest statistics show that to replace an existing member of staff it will cost the
company two and a half times the employee's salary. Therefore, it is important that the HR
is involved in the entire recruitment and selection process. Before recruiting for a new or
existing position, it is important to invest time in gathering information about the nature of
the job and conducting a job analysis of that role.
2.5.2.6. SELECTION
Selection in the human resource context is the process of putting the right men on right job.
It is a procedure of matching organizational requirements with the skills and qualifications
of people. Effective selection can be done only when there is effective matching. Selection
involves choosing the best candidate with best abilities, skills and knowledge for the
required job.
Managing Operational Risk in HR by Kavin Ramsamy 29
By selecting best candidate for the required job, the organization will get quality
performance of employees. Moreover, organization will face less of absenteeism and
employee turnover problems. By selecting the right candidate for the required job,
organization will also save time and money. Proper screening of candidates takes place
during selection procedure. All the potential candidates who apply for the given job are
tested.
The Selection Process
The Employee selection Process takes place in following order
Preliminary Interviews
It is used to eliminate those candidates who do not meet the minimum eligibility criteria
laid down by the organization. The skills, academic and family background, competencies
and interests of the candidate are examined during preliminary interview. Preliminary
interviews are less formalized and planned than the final interviews. The candidates are
given a brief up about the company and the job profile and it is also examined how much
the candidate knows about the company.
Selection Tests:
Jobseekers that have passed the preliminary interviews are called for tests. There are
various types of tests conducted depending upon the jobs and the company. These tests can
be Aptitude Tests, Personality Tests, and Ability Tests and are conducted to judge how
well an individual can perform tasks related to the job. Besides this there are some other
tests also like Interest Tests (activity preferences), Graphology Test (Handwriting),
Medical Tests, Psychometric Tests etc.
Written Tests
Various written tests conducted during selection procedure are aptitude test, intelligence
test, reasoning test, personality test, etc. These tests are used to objectively assess the
potential candidate. They should not be biased.
Employment Interviews
The next step in selection is employment interview. Here interview is a formal and in-
depth conversation between applicant’s acceptability. It is considered to be an excellent
Managing Operational Risk in HR by Kavin Ramsamy 30
selection device. Interviews can be One-to-One, Panel Interview, or Sequential Interviews.
Besides there can be Structured and Unstructured interviews, Behavioural Interviews,
Stress Interviews.
Reference & Background Checks
Reference checks and background checks are conducted to verify the information provided
by the candidates. Reference checks can be through formal letters, telephone
conversations. However it is merely a formality and selections decisions are seldom
affected by it.
Selection Decision
After obtaining all the information, the most critical step is the selection decision is to be
made. The final decision has to be made out of applicants who have passed preliminary
interviews, tests, final interviews and reference checks. The views of line managers are
considered generally because it is the line manager who is responsible for the performance
of the new employee.
Medical examination
Medical tests are conducted to ensure physical fitness of the potential employee. It will
decrease chances of employee absenteeism.
Appointment Letter
The next step in selection process is job offer to those applicants who have crossed all the
previous hurdles. It is made by way of letter of appointment.
Importance of the selection process
Selection means to choose the person from among the prospective candidates to fill in the
vacant posts in the organisation. The success of the organisation depends upon the quality
of personnel selected for the job. According to famous writer Mr Neil Kokemuller, “the
human resources selection process is important to short-term and long-term success of an
organization because employees are generally regarded as the most valued assets”
Managing Operational Risk in HR by Kavin Ramsamy 31
Procurement of qualified employees and reduced cost of training
Scientific selection facilitates the procurement of well qualified and skilled workers in the
organisation. It is in the interest of the organisation in order to maintain the power over the
other competitive firms. Selection of skilled personnel reduces the labour cost and
increases the production. Proper selection of candidates reduces the cost of training
because qualified personnel have better grasping power. They can understand the
technique of the work better and in no time. Further, the organisation can develop different
training programmes for different persons on the basis of their individual differences.
It is often mentioned that people can be your greatest asset, as well as your biggest
weakness too. Whilst recruitment has to basically do with having the right person, in the
right place, at the right time, at times, we often noticed that human resource departments
often gets this essential recruitment process poorly done.
The process involved in attracting, screening, selecting, and on boarding a qualified person
for a job or vacancy within an organisation has been a trouble for some HR firms in
Mauritius as well as over the world. It is an ongoing concern for any firm to have the right
and competent personnel to be able to make things happen.
In short, getting the wrong people on board may affect the overall company objectives and
hamper its good running. Hence, recruiting the wrong candidate will have many
operational risk on the company and in cases prevents it to work towards achievement of
the strategy.
As a matter of fact it is of utmost concern that such risks are meticulously monitored when
the HR department has the chance to renew its staff, bring new blood to the company and
maintain its survival.
The above recruitment selection process needs to be properly followed such that there are
no excuses for operational risk to occur within HR as if you get those two important
processes wrong, you get everything wrong.
32
2.5.3. SKELETON WORK STRUCTURE
Another operational risk also arises from insufficient human capital. This is the case when
a higher work load of the existing employees can be accounted for increases in the risk of
errors.
These errors in turn are likely to be associated to insufficient expertise or time. Moreover,
the pressure exerted on the employees due to tight personnel resources leads to stress and
subsequently often to frustration, two factors which makes the organisation highly proned
to face operational risk level.
Any organisation cannot operate efficiently and effectively without proper staffing. A
poor-structured department definitely is bound to face all types of operational risks ranging
from errors to demotivation and poor work culture among staff.
2.5.4. NO PROPER INDUCTION PACK FOR NEW ENTRANTS
It is very important that induction of the new employee on his first day of work is properly
done. Well-planned induction enables new employees to become fully operational quickly
and should be integrated within the recruitment process. New staff members that do not
have a clear picture of what is expected from him and how he should serve the organisation
will end up doing anything falling outside his tasks and responsibilities. As such it is
primordial that staff are prepared to face their new responsibilities in a smart way and not
be viewed a potential source of operational risk.
2.5.5. IMPROPER SEGREGATION OF TASKS
Given the number of moving parts in the recruitment and selection process, it’s no surprise
that the roles and responsibilities of those involved are not always appropriately defined.
The issue goes beyond opening the door to fraud and embezzlement. The failure to clearly
and properly assign duties can create conflicts of interest, throw up barriers to
accountability, and complicate matters of compliance and administration.
Managing Operational Risk in HR by Kavin Ramsamy 33
Moreover, these problems have become more common since the financial crisis and the
ensuing downsizing of operational and IT staff across the industry. The Reduction in the
workforce leaves fewer people in place to handle the same workload initially and, as the
market continues to recover, a growing volume of portfolios and transactions.
Not only does this mean that operational staff may become chronically overextended and
more prone to errors but it leads to situations where employees must wear multiple hats,
sometimes stretching or crossing the boundaries of good segregation controls.
It is not uncommon for firms that once had appropriate controls in place to no longer be
able to support those controls after a workforce reduction. Clearly smaller firms, especially
start-ups, are challenged from the outset by having a relatively small number of employees
available to handle multiple functions.
On a final note, it’s important to remember that issues relating to segregation of duties are
fluid and can crop up as a consequence of hiring or management decisions that seem
relatively harmless.
2.5.6. MANIPULATION OF PAYROLL
Payroll encompasses everything from the payment of wages, salaries, benefits, allowances
to other monies entitled to staff working in an organisation. Some HR firms have
contracted out the payroll function, while others run their own payroll.
The sizable sums of money involved in the payroll function have traditionally been a target
for theft and fraud. Corruption risks in the payroll function mainly relate to the integrity of
the information on which the payroll is based, particularly if the payroll function is
performed by a third party under contract. Thus it is a huge operational risk.
The security of the manual and electronic processes for transferring money and the security
of the information contained on the payroll system are also vulnerable aspects of the
payroll process. The improper conduct of an agency's payroll function can constitute
corrupt conduct as defined by the Independent Commission against Corruption Act 1988.
Managing Operational Risk in HR by Kavin Ramsamy 34
A risk assessment of payroll may identify some or all of the following corruption risks
whereby an employee obtaining payments to which they are not entitled, by:
Fraudulently claiming on their timesheet for hours not worked or allowances to
which they are not entitled
Failing to provide a leave form for leave taken
Colluding with other staff to cover unauthorised absences
Providing false information for the reimbursement of expenses not incurred or
above approved entitlements
Fraudulently claiming worker's compensation.
An employee may direct payments to himself in the below cases:
A manager drawing up a biased roster, for example, allocating the most profitable
shifts to favoured employees.
A manager planning unnecessary staff on shifts in order to increase payments to
them.
An employee stealing money directly from the payroll.
An employee improperly disclosing personal or banking details retrieved on
payroll.
2.5.7. OUTSOURCING OF SOME HR FUNCTIONS
Outsourcing came to existence for a long time under the form of subcontracting. In
response to the globalization of markets, some human resource companies choose to
outsource some of their activities with the aim to remain competitive. The principle of
outsourcing consists in entrusting some other company with activities one does not wish to
perform oneself anymore.
Yet, the main innovation of the last years is linked to the fact that outsourcing does not
solely apply to manufacturing, but also to more strategic functions such as IT’s, human
resource management, marketing amongst others. By “outsourcing”, the company parts
with certain activities, either by simply entrusting them to another company it consider to
be more efficient, or by separating these activities and making them autonomous.
Managing Operational Risk in HR by Kavin Ramsamy 35
The success of this approach is linked to certain situations in which the human factor plays
a key role. The reasons behind outsourcing some basic human resources functions are often
guided by the desire to mitigate costs and downsizing the structure.
Subcontracting arrangements require careful administration if they are to yield benefits.
However, where these outsourcing activities are not managed adequately, the magnitude of
operational risk faced by the firm may increase. In particular, another issue for concern is
the loss of control over processes which in turn can lead to a serious threat to the continuity
of its operations if these outsourced companies were to fail.
There are certain people who have experience in a particular area and enjoy goodwill and a
stand in the company. There are certain vacancies which are filled by recommendations of
such people. The biggest drawback of this source is that the company has to rely totally on
such people who can later on prove to be inefficient and unable to deliver the goods.
However, the supervision aspect remains a major area of operational risk because
breakdowns occur so often and in also so many different forms. Directing the decisions
and activities of others is a much bigger challenge and the larger the firm, the tougher is
that job.
Another set of risks is encountered when HR managers outsource critical support services
to recruitment specialists, a measure that, paradoxically, is often meant to reduce
operational risks. In light of the above, HR firms evaluating outsourcing providers should
recognize that due diligence is not a one-time occurrence, but a critical point of control that
should be repeated on a regularly scheduled basis.
With the globalization of markets intensifying and having a concrete influence on
economic structures, outsourcing operations make up one of the consequences of this
phenomenon. We have seen that sub contract operation presents significant risks. Besides
the risk of undermining the technical competencies of the company with an increased
dependence on subcontractors, the underestimation of the psychological consequences for
the human factor represents the most important risk.
Managing Operational Risk in HR by Kavin Ramsamy 36
2.5.8. COMMUNICATION
Communication is another important factor that upon identification of Operational risk
within an organisation. All aspects of communication need to be considered for proper
cascading of information within an organisation. Communication needs to flow from Top
management to employees and also both ways. The role of the HR is to ensure good flows
of communication between the different levels of the hierarchy. Poor communication can
lead to operational risk in the sense that directives are not properly communicated to
employees and they may end up committing errors. Hence
While there is an established framework for operational risk, active operational risk
management in the business line requires adequate communication with and between all
stakeholders including HR staff, management and other stakeholders. Decision makers and
process professionals have to be able to implement the concepts of risk in their daily work,
and the risk of misunderstanding those concepts in the business line has to be avoided.
Hence communication has a major role to play if an organisation like Bank One is to track
down operational risk issues related to its Human resources.
2.5.9. NO PROPER CODE OF ETHICS & STANDARD OPERATING PROCEDURES
A guide of principles designed to help professionals conduct business honestly and with
integrity. A code of ethics document may outline the mission and values of the business or
organization, how professionals are supposed to approach problems, the ethical principles
based on the organization's core values and the standards to which the professional will be
held.
Standard operating procedures are referred to as the documented processes that a company
has in place to ensure services and/or products are delivered consistently every time. When
a company is growing, it is often highly dependent on the owner for all major decisions. As
the company reaches a certain size, this form of decision making can limit its capacity to
grow further since the owner cannot possibly make all decisions properly. Additional
management and documented SOPs are required to allow the company to continue
growing, and also establish a succession plan and train the growing employee base.
Managing Operational Risk in HR by Kavin Ramsamy 37
2.6. APPLYING RISK MANAGEMENT TO HR
When developing a risk management plan for your HR activities, there are a number of
areas to focus on. This general list is very important for all organizations in order to
identify and evaluate the risks unique to their own organization.
HR Activity Potential Risk Potential considerations
Compensation
and Benefits
Financial abuse Who has signing authority?
How many signatures are required?
Are there checks and balances?
Hiring Discriminatory
practices
Hiring unsuitable
or unsafe
candidates
"Wrongful" hiring
Was a complete screening completed on
potential applicants?
Were provincial human rights laws
observed?
Is there a set probationary period?
Were promises made to the candidate that
cannot be honoured?
Did the employee sign off on the policies and
contract of employment before being hired?
Occupational
Health and Safety
Environmental
Personal injury or
death
Do we provide safe working conditions and
do we conduct safety checks regularly?
Do we provide adequate training for staff?
Do we ensure the use of appropriate clothing
and safety equipment?
Do we have adequate policies, procedures,
and committee in place?
Employee
supervision
Abuse
Reputation in the
community
Release of
personal
information
Do we provide sufficient orientation and
training?
Do we provide adequate supervision
(especially for activities that occur off-site or
after hours)?
Do we have a performance management
system in place?
Are personal information protection
guidelines followed?
Managing Operational Risk in HR by Kavin Ramsamy 38
HR Activity Potential Risk Potential considerations
Employee conduct Abuse
Reputation in the
community
Do we have clearly written position
descriptions for all positions?
Do we follow up when the parameters of the
job description are not respected?
Do we provide thorough orientation and
training?
Do we provide an employee handbook?
Do we have comprehensive policies and
procedures?
Do we provide ongoing training about our
policies and procedures?
Do we retain written records of performance
issues?
Do we ensure that organizational valuables
are secure?
Do we have cash management procedures?
Do we have adequate harassment policies
and procedures?
Table 1: Applying risk management to HR
Source: hrcouncil.ca/hr-toolkit/planning-risk-assessment.cfm
2.7. STEPS FOR RISK MANAGEMENT IN HR
According to famous management Consultant and HR Trainer Bhima Rao, ‘Risk is the
threat that an event or action will adversely affect an organisation’s business objectives and
business strategies’. Risk Management is the process of protecting an organisation from
financial loss and controlling risk at the lowest possible cost. The objective of Risk
Management is to identify, assess and resolve risk items before they become potential
threats.
HR which deals with the most valuable resource of the organisation has a vital role to play
to become part of the total Risk Management. Once HR becomes the part of risk
management plan, it will allow using human capital to pursue the company’s long term
Managing Operational Risk in HR by Kavin Ramsamy 39
goals more methodically and support HR to become a strategic business partner.
While phenomenal progress has been made globally in the field of risk management, both
form a general management perspective and specialised field of expertise. Thus, the
development and implementation of a fact sheet approaches risk management from an HR
perspective is imperial. The idea of the fact sheet is that the focus on the myriad of
business risks has clouded the real essence of risk, and that is the human side of risk. This
approach has been used in South African companies and it has helped to mitigate and
hedge risks.
Apart from natural disasters such as earth quakes occurring in the external environment,
we believe that all risk inside organisations originate from people. At the heart of every
risk in an organisation is a human being. People are not only responsible for managing
risk, they are also causing risks. You may have the most brilliant product or service,
process, policy or system, it is the people who operate these products, services, processes,
policies and systems that will determine how effective you are in achieving your business
objectives.
The need of the day is to assess the risk in the entire scope of HR function and in relation
to the objectives of the organisation. How to assess the risk of HR function, analyse and
estimate the risk which would impact business results and managing the identified risks
successfully is a new challenge to HR professionals.
In order to better manage operational risk in any sectors of business, the below needs to be
taken into consideration:
Risk identification and assessment,
Risk treatment
Risk control
Managing Operational Risk in HR by Kavin Ramsamy 40
2.7.1. RISK IDENTIFICATION AND ASSESSMENT
Operational risk is not a new concept for all financial institutions in the way that credit
institutions make use of a more or less formalized internal control system including
guidelines. In fact banks should be able to consider on their own numerous factors as this
will enable them to set up the risk profile during the risk identification and assessment.
The risk profile includes implementation process and systems, culture, environment of the
organization, design, products and finally types of customers. At Bank One like in any
organisation, the HR function carries risks. Thus, identifying threats in this function and
how it is going to impact the business results, reputation of the company and future
business is of utmost importance. However, the threats which are often tackled in a routine
manner or a focus is the most critical and difficult task for HR professionals who very
rarely approach this important area systematically.
2.7.2. RISK TREATMENT
In the risk treatment, there will be risk avoidance (“not taking every risk”), risk mitigation
(“intelligently minimizing risk in their development”), risk sharing and transfer
(“intelligently passing on risks to third parties”), risk acceptance (“deliberately taking
certain risks in a targeted way”).The measures might be misspecified which makes that the
measures will have to depend on cost and time so that it can become effective.
2.7.3. RISK CONTROL
In the risk control, there will be inspections of the business processes so that the employees
will know how they are performing the task and whether it is up to the standard with focus
on risk minimisation.
Moreover in the risk control there should be internal and external entities. In relation with
the banking regulation and supervision, the internal audit will make sure that all parties
involved should achieve their targets. Compliance department in banks on the other hand,
will effect regular checks to ensure processes are properly followed and that the employees
in banks are compliant to the guidelines. All these are important in a view to minimise
operational risks as far as possible.
Managing Operational Risk in HR by Kavin Ramsamy 41
However, despite the growth in risk management approaches and methodologies all over
the world, even this strong field of management science and practice has missed the most
important link in the organisation referred to as the human link.
No matter how sophisticated and smart your risk management system and dashboard, the
human element in organisations can make or break not only risk management, but your
whole organisation.
The explosion of technology, social media, governance, globalisation, sustainability and
other macro trends around the world has created a new world order, one that is more
difficult to manage and control than ever before. Even more frightening is the prospect of
new risks emerging.
Risks can weaken, destroy or even improve business, depending on how HR professionals
strategise, plan, react and deal with risk. Either organisations ignore a risk with the hope
that it will go away, or avoid the risk as long as possible until it becomes unavoidable and
inevitable.
Managing Operational Risk in HR by Kavin Ramsamy 42
2.8. PROCESS FOR MANAGING OPERATIONAL RISK IN HR
The below process needs to be followed in order to better manage operational risk related
to HR.
Fig 2: Process for managing operational risk in HR
Source:www.suntiva.com/blog/post/37/succession-planning-%E2%80%93-risk-
management-for-your-human-resources/
By applying the definition of risk management to the approach, it is easy to understand the
concept of Succession Planning as a risk management tool in HR. There are several steps
involved and questions that arise as follows:
Steps 1 to 3 relates to the identification of the risks and answering these fundamental
questions:
What is the current and future mission of the organization?
What mission-critical roles, knowledge, skills and competencies are required to
fulfill current and future organization goals and objectives?
Managing Operational Risk in HR by Kavin Ramsamy 43
- Step 4 is about the assessment and analysis of those risks and answers these crucial
questions:
What is the longevity of the current workforce?
What does the current workforce looks like in terms of knowledge, skills and
competencies they possess?
What is the potential and interest of the current workforce to assume mission-
critical roles in the future?
- Steps 5 and 6 deal with the aspects of controlling, avoiding, minimizing or eliminating
the risks and further answers these vital questions:
What development approaches can be put in place to close the gap between the
knowledge, skills and experience of the current workforce and the leadership and
technical competency requirements for the future?
How can we retain mission-critical knowledge within the organization?
What are the most effective strategies to identify and bring on board new
employees with the mission-critical skills we need to accomplish our future
business objectives?
At times, organizational leaders are disabled or unavailable during or after a disaster. In
case of no formal succession planning, individuals at all levels may be obliged to take on
leadership roles with increased responsibilities with basically little or no preparation.
Staffing issues can also emerge as a compact workforce tries to cope with the demands of
increased assignment.
Open and clear communication throughout the succession planning cycle, as well as
continuous evaluation of the succession planning outcomes are also essential to manage the
risks associated with internal recognition of the succession planning activities.
In summary, while some risks in life may seem inevitable, the human resource risks
associated with changing organization goals and objectives, vacancies left by retiring or
departing employees, loss of key institutional or technical knowledge or even lack of
leadership continuity can be managed through strategic and measured succession
planning.
Managing Operational Risk in HR by Kavin Ramsamy 44
2.8.1. SETTING UP OF AN HR AUDIT
Formal risk analysis and risk management in HR can help to evolve strategies to minimise
the disruptions of plans, control cost and control loss. Thus, HR audit is the first step to
understand the risk involved in daily HR function and in long term HR plans. In the recent
years, the HR function has become more reactive by helping business leaders cope with the
sudden downturn.
Hopefully, now the business is picking up and hiring activity is in full swing. In today’s
climate, HR faces surprising demands to be effective, efficient and most importantly,
responsive to address changing organisational and business realities. HR professionals
need to become champion of high-performance which adds measurable value to both the
top and bottom line of business, employee satisfaction and retention of talent. It is not easy
to jump to the entire new area of assessing HR risk area and thus HR departments have to
embrace new ideas.
2.8.2. MANPOWER PLANNING
This is the basic function of any HR department. Neglecting or undoing in this area results
in not having required manpower at the right time. Job analysis and job descriptions are
two important attempts to allocate the jobs and selecting a right person for a position. They
are important for conducting performance evaluation of employee. If it is not done
properly it brings disorder and accountability of a person. Organisations do give
importance to workforce planning since job analysis and written down job descriptions are
communicated to employees at the initial stage itself thereby avoiding risk.
There exist different types of workers with different personalities in an organisation. As
per Douglas McGregor's XY theory, we have Theory X workers who are normally are lazy
and perform only to the minimum of their capabilities and are employees who do not show
interest in their job and end up doing slack work due to lack of competencies, an employee
unwilling to take on additional responsibility. Such employees are often those staff who are
demotivated, frustrated and do not welcome changes. In turn these employees may be more
prone to committing mistakes and errors which may disturb operations. Hence it is of
utmost importance for HR Professional to be influential when taking people on board to fill
in high level positions to avoid the below:
Managing Operational Risk in HR by Kavin Ramsamy 45
Shortage of right kind of employees at a right time,
Attrition of experienced employees,
Employee leaving after completion of their internship programme
To cut it short, people are important in handling risk. People use their skills to solve
unexpected problems. There are employees who are willing to go the extra mile for the
organisation. Moreover employees who are multi-skilled and who can redesign their own
job to avoid unnecessary delays in getting work done is an added advantage to the
company and simply mitigate risk in times of crisis.
2.8.3. RECRUITMENT AND SELECTION NEEDS
Executing action plans to ensure the organisation is not left with a shortage of qualified
workers is one of the biggest challenges today. In the BPO sector, Software companies the
business loss due to non- availability of employees can be easily calculated based on loss
of revenue per employee. Similarly, in garment industry absence of employees brings
down the total production of one line or batch. HR is creating big risks to organisation by
not ensuring the right number of employees at a right time. If the risk analysis is carried
out on a regular basis, the quantum of loss or risk involved can be understood and possible
corrective actions can be initiated.
2.8.3.1. TRANSPARENCY IN THE HIRING PROCESS
Another way to better ensure proper transparency in the recruitment and selection process
at Bank One does keep records of the recruitment and selection process. These comprise of
applications received, screening report, shortlisting report and interview results, among
others. However, the marking sheets used to record marks allocated to candidates during
the interview are not available in all cases. One suggestion from the HR end might be to
record interviews using an electronic device. There should also be more transparent
procedures in recruitment and selection such that operational risk can be mitigated.
Managing Operational Risk in HR by Kavin Ramsamy 46
2.8.3.2. USAGE OF E-RECRUITMENT
Moreover, Bank One may consider E-recruitment as a means to combat operational risk
related to malpractices. E-recruitment means using internet for recruitment services. The
overall objective of E-recruitment is to reduce human intervention in the recruitment and
selection process and this will eventually help to reduce the risks of influence and
favouritism.
2.8.4. PERFORMANCE APPRAISAL
It is essential to have a well-designed performance appraisal system. Whether goal setting
is done methodically, appraisals are done in a timely manner and documentation is done
properly, reaping of those rewards are linked to actual performance.
As such, ineffective performance management system can result in a lack of good formal
and informal feedback from managers to employees, minimal employee development and
low employee engagement.
Evolving, implementing and institutionalising the performance evaluation system are the
major responsibilities which any HR department should get right. If not implemented
properly, the risks are multiple and will directly impact the morale, motivation and
productivity of the organisation.
Hence, no proper appraisal system would further lead to operational risk arising.HR
professionals should ensure that proper indicators are available to measure performance of
employees. As such, Bank One should set key performance indicators which are
measurable and achievable. To further motivate employees and identify causes of
operational risk at Bank One, 360 Degree Feedback exercise may be carried out to identify
how employees are performing.
Usually, managers and leaders within organizations use 360-degree feedback surveys to
get a better understanding of their strengths and weaknesses. The 360-degree feedback
system automatically tabulates the results and presents same in a format that helps the
feedback recipient create a development plan. This helps give the employee a clear picture
Managing Operational Risk in HR by Kavin Ramsamy 47
of his and her greatest overall strengths and weaknesses. In a nutshell, there is a common
practice nowadays for companies to carry out a swot analysis on a daily basis in order to
identify their strengths, weaknesses, opportunities and threats.
Other areas which may fall in either major or minor risk zone depending upon the
organisations and situation are:
Induction/Orientation
HR Policy and Procedures
Compensation and benefit
Learning and Development
Employee and labour relations
Labour law compliance
Safety and health program
HR Service Delivery
Retention and Management succession.
2.8.5. QUANTIFYING THE RISK
HR department shall run through a list of risks and to see if any threats are persisting.
Thereafter, review the systems, structures and analyse risks and see whether any
vulnerability persists. Take the opinion of others too, who might have different
perspectives. The next step is to work out the likelihood of the threat being realised and to
assess its impact.
Lastly, make the best estimate of the probability of the event occurring, and multiply this
by the amount it will cost/quantify the risk to set things right if it happens.
Once risk is identified and understood, adopt cost effective methods to mitigate the risks
and on a time bound basis.
Strategies to manage the risks need to be evolved internally through use of existing
unexploited resources effectively, improving the methods and systems and change the
accountability of persons by effective internal control. As a last resort, the firm should
bring in additional resources to overcome the risk.
Managing Operational Risk in HR by Kavin Ramsamy 48
2.8.6. PAYROLL CONTROL SYSTEM
The HR Function of payroll needs to ensure a proper framework as a means to mitigate
operational risk and must ensure the minimum requirements are followed as per below:
Introduce policy and procedures for payroll that contain elements listed in the
Policy Development Guide and Checklist
Include in the policy sanctions for any breach of the policy and procedures.
Review the policy every two years.
Refer to payroll in all relevant corporate documents such as codes of conduct.
Train all relevant employees in the policy and procedures to ensure they are aware
of their responsibilities.
Most importantly include payroll as a risk to be assessed in the agency's internal
audit and corruption risk management processes.
Following risk assessment of payroll systems the below risk management strategies might
be adopted depending on the exigencies of the HR Department concerned
Following appropriate delegations and procedures for any changes to pay and
timesheet transactions.
Establishing access controls for the payroll system such as passwords, routine
verification procedures and authorisation levels.
Segregating functions to ensure that no one person has complete control over any
aspect of the payroll process.
Ensuring mandatory advance approval by the supervisor for variations to payroll
such as overtime and leave.
Verifying and reconciling employee entitlements such as sick leave.
Imposing financial limits on overtime, allowances and payroll processing.
Conducting unannounced spot checks by managers to verify attendance and
timesheets.
Most importantly, HR firms needs to ensure the payroll system has the capacity to
Automatically integrate employee exits to cease payroll payments to departing
employees
Run fortnightly expenditure reports
Managing Operational Risk in HR by Kavin Ramsamy 49
Recognise and notify line management of anomalies and overpayments
Ensuring high-risk positions (such as payroll administrators) are adequately
supervised.
Routinely reviewing and testing data processing controls.
Reviewing the recordkeeping and reporting procedures to ensure that:
1. There are controls or systems to record and monitor all payroll transactions.
2. All access to the payroll systems and actions taken are recorded.
3. Records are kept of overtime approvals, staff rosters, travel and expenses
including approvals, receipts and supporting information.
2.8.7. CONTINGENCY PLAN
One way in which HR can deal with operational risk is simply by writing a contingency
plan. Such a plan is a structured way of deciding what to do if key operations are disrupted
or key personnel are not available. It can help the HR personnel at Bank One identify,
prevent or much simply modify the impact of unacceptable risks. In short, it helps the
organisation better recognize the best possible options and ensures that your risk
management rupees are spent wisely.
2.8.8. INTERNATIONAL RISK MANAGEMENT STANDARDS
The ISO 31000 international standard on risk management gives a useful frame of
reference to assist HR directors to place HR strategy within the context of risk
management. In particular, the ISO principles and guidelines document (ISO, 2009) is
extremely important. The document recommends that HR practitioners become directly
involved in:
• embedding risk management as an integral part of all organisational processes,
including managing change
• considering human and cultural factors and, more specifically, recognising the
capabilities, perceptions and intentions of external and internal people who can
facilitate or hinder the achievement of organisations’ objectives
• supporting managers to ensure that companies align their culture and risk
management policies
Managing Operational Risk in HR by Kavin Ramsamy 50
• supporting performance management by assisting managers to determine the risk
management performance indicators that align with the performance indicators of
organisations
• acting as drivers to ensure legal and regulatory compliance
• building capacity for effective risk management that begins with employee induction
and follows it with training in managing risk
• establishing appropriate organisational structures with clear roles and
accountabilities for managing risk
2.8.9. MITIGATING OUTSOURCING RISKS
Before sub-contracting is done, HR Leaders should ensure and agree that the below steps
have been properly followed:
• The process for selecting capable and reliable service providers
• Standards for outsourced services, including accuracy, security, privacy and
confidentiality
• Procedures to monitor the performance and risks related to outsourced services and
service providers
• Schedules for periodic reviews of outstanding contracts
On the other hand, appropriate rationale and business case should be developed to support
recommendations for outsourcing services. Services or functions that are typically
considered for outsourcing include:
• Investment management
• Information systems management
• Lending analysis and/or loan collection activities
• Records management
• Payroll administration
• Internal audit.
Sufficient analysis should be undertaken to confirm that the service provider has the
necessary expertise, capacity and viability to perform the functions or activities to be
outsourced. Appropriate due diligence and impact analysis of non-performance by a
Managing Operational Risk in HR by Kavin Ramsamy 51
service provider should also be undertaken. All outsourced services should be subject to
standard contract terms, which may include:
• The nature and scope of the service to be outsourced
• Rules and limitations concerning subcontracting
• Performance measures and reporting requirements
• Dispute resolution and conditions surrounding defaults and termination
• Ownership of information, tools, etc., and access restrictions
• Audit rights
• Confidentiality, privacy and security
• Pricing and insurance.
A review of the service provider’s performance should occur at a minimum annually, and
align with the length of the contract. Each review will ensure that the outsourcing
arrangement is being carried out in accordance with all contract terms and meets all
contract objectives. The review should also include an assessment of the financial strength,
technical competence and continuing viability of the service provider.
2.9. INVOLVEMENT OF TOP MANAGEMENT
Top management is a crucial factor of any Operational risk management system. Many
management systems studies have identified that the effective use of a management system
was directly associated with the role and attitude of top management in the organisation.
The main role of top management is to provide leadership and commitment to the ORM by
defining the ORM policy, integrating the ORM aspects into organisational decision-
making, providing adequate resources for deployment and maintenance of the ORM
system, assigning responsibilities and reviewing organisational risk performance. In
addition, top management also need to have their
i. Strategies adopted by the Board of Directors and oversight exercised by Senior
Management (the President, Vice-Presidents and the Secretary General)
ii. Strong internal operational risk culture (Internal operational risk culture is taken to
mean the combined set of individual and corporate values, attitudes, competencies
and behaviour that determine a firm’s commitment to and style of operational risk
management) and internal control culture, emphasizing on dual controls
Managing Operational Risk in HR by Kavin Ramsamy 52
iii. Effective monitoring and internal reporting
iv. Contingency and business continuity plans
v. High standards of ethics and integrity
vi. Commitment to effective corporate governance, including, among others,
segregation of duties, avoidance of conflicts of interest, and clear lines of
management responsibility, accountability and reporting, as reflected in the Bank’s
corporate governance documents. All levels of staff shall understand their
responsibilities with respect to operational risk management.
2.9.1. THE APPLICATION OF THE COSO CUBE TO HR
Fig 3: The application of the COSO cube to HR
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a
joint initiative of the five private sector organizations listed on the left and is dedicated to
providing thought leadership through the development of frameworks and guidance on
enterprise risk management, internal control and fraud deterrence. The above framework
has been used as a tool to safeguard against operational risks arising and to ensure the
effectiveness and efficiency of the below HR operations
Recruiting, Hiring and Termination
Compensation
Benefits (Overseas travel subsidy & Retirement)
Managing Operational Risk in HR by Kavin Ramsamy 53
Performance Management
Learning & Development
Payroll and HRIS
HR Administration
Diversity & Culture
Outsourcing Vendor Management
2.9.2. GUIDELINES FOR MANAGING HR RISK
HR risk management provides unique opportunities for HR directors, managers and
practitioners to support risk governance and management and to develop appropriate HR
risk management plans to address HR risks.
It is important that whilst redesign your organisation’s HR plan, HR Managers do include
HR risk management. It is the basis to align the HR policy with the overall business
strategy such that the management of HR risk is done effectively. When a company
pursues business projects, conduct HR due diligence to identify the HR risks relevant to
business plans should be a must.
2.9.3. IMPLEMENTATION OF HR RISK MANAGEMENT AT BOARD LEVEL
In order to better implement risk management, board members recognised that they
unconsciously applied HR risk management thinking without formalising it in the way
proposed in the standard.
HR directors operating across country borders indicated that they have applied HR risk
management since the time their management teams decided to operate in a different
country, because they were required to conduct a due diligence for HR, and this process is
very much aligned to HR risk management thinking and methodology.
In essence, HR risk management is about asking three fundamental questions as follows:
• What are the HR risks that could expose management in achieving its business
objectives?
Managing Operational Risk in HR by Kavin Ramsamy 54
• How serious are these risks in other words what are the impacts of these HR risks?
• How can these HR risks be mitigated?
2.9.4. ORGANISATIONAL BACKGROUND
Bank One focuses on customer needs and on building long-lasting relationships with its
customers. It caters both for domestic and international markets, and provides financial
solutions to all segments such as Retail banking ,Corporate Banking as well as Private
Banking .These include transactional and deposit accounts, personal finance, trade finance,
corporate finance and capital market services as well as a host of unique banking services.
Products and services include current, savings and term deposit accounts, personal finance,
trade finance, corporate finance, treasury services and capital market services, as well as a
host of other unique banking services including internet banking, mobile alerts and a full
set of credit cards. In line with its spirit of innovation, Bank One has also added e-
commerce acquiring to its range of offers.
Bank One operates with sixteen branches throughout Mauritius and has a well distributed
network of ATMs. Its endeavour is to bring a sharper focus to the requirements of
customers and to leverage cutting edge technology to provide the highest levels of service.
Since there was the need for Bank One to focus more on the International financial market,
there has been massive investment in enterprise risk management to safeguard against risk.
In year 2014, there has been the appointment of a Chief Risk Officer who has an overview
on all operational and credit risk at the Bank. This gives a clear indication of the bank’s
strategy moving forward.
Managing Operational Risk in HR by Kavin Ramsamy 55
3. RESEARCH METHODOLOGY
3.1. INTRODUCTION
Research refers to the search for knowledge through objective and systematic methods. It
is commonly carried out to find solutions to a problem or issue with the help of study,
observation, comparison and experiment. Indeed, research is the systematic process of
collecting and analysing data in order to increase understanding of the phenomenon under
consideration. While conducting research, it is important to pay particular attention to the
methodology. In this respect, research methods or techniques are evaluated and selected in
relation to their appropriateness to the research problem or study. This chapter describes
the research methodology, that is, how the research has been carried out, the way data has
been analysed and results have been presented.
For this research the steps proposed by Churchill have been used and these are outlined
below:
Fig 4 Stages in the research process (source: Churchill (1996)
Managing Operational Risk in HR by Kavin Ramsamy 56
Each of the above steps is discussed below:
1. Defining the Research problem
2. Research Objectives
3. Research Design
4. Collection of data
5. Data Analysis & Presentation of Findings
6. Discussion of Findings
7. Limitations of the Research
3.2. DEFINING THE RESEARCH PROBLEM
HR has often been considered a “soft” area, and many have not understood the inherent
risks involved with this function. The need has come to add total HR function to the
organisation’s regular audit cycle which is overlooked till now by HR professionals and
the top management. There are many operational risk associated with the hr function and if
same are not dealt with, they may hamper the good running of any personnel department.
Thus there is a vital need to identify those operational risks associated with these HR
functions and continuously find new ways to mitigate and hedge against those risks. Hence
in the case of Bank One, thorough focus will be done on identification of those risks and
how each issue will be addressed.
3.3. RESEARCH OBJECTIVES
There is a need nowadays for HR organisations to play a more strategic role and in order to
be able to do so, it is a requisite for the HR department at Bank one to implement an
enterprise risk management system for the organisational structure and culture. Such a tool
will provide an ideal way to align operational risk management and business continuity
with the business itself but the very basis would be to identify the types of operational risks
that firms faces and how these risks can be managed and mitigated.
Managing Operational Risk in HR by Kavin Ramsamy 57
3.4. RESEARCH DESIGN
A research design will typically include how data is to be collected, what instruments will
be employed, how the instruments will be used and the intended means for analysing data
collected. For this research proposal the exploratory, descriptive and causal research would
be used.
3.4.1. EXPLORATORY RESEARCH
Exploratory research is a type of research conducted for a problem that has not been
clearly defined. Exploratory research helps determine the best research design, data
collection method and selection of subjects.
3.4.2. DESCRIPTIVE RESEARCH
Descriptive research, also known as statistical research, describes data and characteristics
about the population or phenomenon being studied. The descriptive research was used to
find out the demographic profile of the respondents.
3.4.3. CAUSAL RESEARCH
It is a research designed to determine whether a change in one or more variables is
responsible for a change in another variable.Causal research was used to meet the
objectives of this research. Since, it was used to assess the way to mitigate of operational
risk
3.5. DATA SOURCES
For this research both the primary and secondary data have been used.
3.5.1. Primary data
The primary data was obtained by means of the questionnaire survey As the primary data
would be used to provide reliable answers on certain criteria related to Operational Risk
and HR Functions among others.
Managing Operational Risk in HR by Kavin Ramsamy 58
3.5.2. Secondary data
Secondary data are published data about a topic or issue that have been presented in reports
and/or publications. Secondary data were used as a starting point for this project. The
secondary data used were:
Internet
Books
International journals
The secondary data above had helped to better understand the various issues related to
operational risk, identify areas that affect operational risks in HR and to construct the
literature review.
3.6. DETERMINE THE DATA COLLECTION METHOD
Data will be collected from a survey via face to face interviews and telephones and the
questionnaire will be self-administered.
3.7. SAMPLING
Sampling methods are classified as either probability or non-probability. In probability
samples, each member of the population has a known non-zero probability of being
selected. Probability methods include random sampling, systematic sampling, and stratified
sampling. In non-probability sampling, members are selected from the population in some
non-random manner.
3.7.1. DEFINE THE POPULATION
The target population relate to the employees working at Bank one Limited which
constitute of 300 employees.
Managing Operational Risk in HR by Kavin Ramsamy 59
3.7.2. SELECTION OF SAMPLING METHOD
Quota sampling is a non-probability sampling technique where in the assembled sample
has the same proportions of individuals as the entire population with respect to known
characteristics, traits or focused phenomenon. Quota sampling is one where the elements or
units from a population are selected on a specific proportion.
The reasons for selecting a quota sampling are as follows:
constraint of time
Limited financial resources
3.7.3. SAMPLE SIZE
Determining the sample size for non-probability sampling is very subjective. Taking into
account the constraint of time and resources, a sample size of only 30 employees at Bank
One Limited was agreed upon to meet the objectives of this research. These 30 employees
were selected from departments of the Head office such as Credit Risk, HR, Corporate
Banking, E-commerce, International Banking, Retail Banking, and Risk.
3.8. DESIGN DATA COLLECTION FORM & QUESTIONNAIRE DESIGN
The questionnaire was designed according to the objectives and hypothesis of this
research. The types of questions used are as follows:
Multiple choice questions: are questions that offer three or more answers
Likert scale: is a statement with which the respondent shows the amount of
agreement or disagreement.
3.9. DATA COLLECTION
Once the collection stage was over, the information was input in SPSS 16 software. Also
respondents were asked to provide their contact details if any clarifications would be
required.
Managing Operational Risk in HR by Kavin Ramsamy 60
3.10. ANALYZE AND INTERPRET DATA
The data to be analysed are obtained from questionnaires. The data collected are analysed
using the SPSS 16 software. Moreover charts and tables are used for presentation of data
by using Microsoft Excel 2007.
3.11. LIMITATIONS OF RESEARCH
• Due to time and revenue constraints, sample size was restricted to 30 respondents
only. This may not be completely representative of the entire population as a non-
probability and quota sampling had been carried out.
• Information was collected only from staff who worked at the head office only.
Managing Operational Risk in HR by Kavin Ramsamy 61
4. PRESENTATIONS AND DISCUSSION OF FINDINGS
4.1. INTRODUCTION
In this section, the data collected were in the form of questionnaire which was designed
and later on filled in by respondents. The outcomes are analysed and explained based on a
sample of 30 respondents. These data collected from respondents will be analysed using
the SPSS 16 software and represented through charts. Following the survey done, several
findings relating to operational risks in HR will be thoroughly presented and critically
discussed.
4.2. GENERAL ANALYSIS OF SECTIONS OF QUESTIONNAIRE
4.1.1Section A (All questions tabulated through Spsss)
Question 1:
Do you agree with the following statement: 'Operational Risk is defined as the risk of
loss resulting from inadequate or failed internal processes, people and system or from
external factors '?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Yes 25 83.3 83.3 83.3
No 5 16.7 16.7 100.0
Total 30 100.0 100.0
Table 2: Do you agree with the following statement: 'Operational Risk is defined as the
risk of loss resulting from inadequate or failed internal processes, people and system or
from external factors
Managing Operational Risk in HR by Kavin Ramsamy 62
From the above survey tabulated through Spss, it was found that around 83% of
respondents agree to the above definition which implies that they a general knowledge of
what is operational risk. This can be due to the fact that respondents all are staff of Bank
One and that in performing their job, they may have at times experience operational risk
issues. This is greatly positive for the purpose of researching on this topic.
Question 2:
Do you agree that people are one of the most critical factors in operational risk?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Yes 27 90.0 90.0 90.0
No 3 10.0 10.0 100.0
Total 30 100.0 100.0
Table 3: Do you agree that people are one of the most critical factors in operational risk?
When the above question was put to respondents, 27 of them considered people as one the
most critical factor in operational risk representing a percentage of about 90% which is
significant. It may be assumed that since human capital is an organisation priceless asset, it
can turn out to be the most riskiest as well.
Managing Operational Risk in HR by Kavin Ramsamy 63
Question 3:
While managing the root cause of operational risk in HR, which of
the following would you mostly consider?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Procedures 3 10.0 10.0 10.0
All of the
above 17 56.7 56.7 66.7
People 10 33.3 33.3 100.0
Total 30 100.0 100.0
Table 4: While managing the root cause of operational risk in HR, which of the following
would you mostly consider?
When asked which factors they would consider to manage the core cause of operational
risk in HR, some staff from Bank One Ltd favoured all the factors which includes Rules,
regulations, Procedures and people with a response of around 57% compared to 33%
where staff pursued the fact that the factor relating to people is key whenever managing the
root cause of operational risk in HR.
Managing Operational Risk in HR by Kavin Ramsamy 64
Question 4:
Do you agree that a risk management plan is important in tackling operational risk in
HR?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Yes 27 90.0 90.0 90.0
No 3 10.0 10.0 100.0
Total 30 100.0 100.0
Table 5: Do you agree that a risk management plan is important in tackling operational
risk in HR?
When probed as to whether the availability of a risk management plan is important in
tackling risk related to HR, the majority of staff were in favour of such a plan since it is a
basic tool to counter against operational risk cropping up. Also, Operational risk is present
in practically every tasks being performed, supervised or even verified. The other 10%
who responded no to the question may simply view that the plan alone may not help in
tackling operational risk. This might be explained that the risk management plan can be
blended along with other HR related factors for an appropriate tackling of operational risk.
Managing Operational Risk in HR by Kavin Ramsamy 65
Question 5:
According to you, what are the main objectives of risk management in HR?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Identify Risk 5 16.7 16.7 16.7
Assess Risk 6 20.0 20.0 36.7
Resolve Risk 2 6.7 6.7 43.3
All of the
above 17 56.7 56.7 100.0
Total 30 100.0 100.0
Table 6: According to you, what are the main objectives of risk management in HR?
When the respondents were asked about the main objectives of risk management in HR,
around 57 % felt the main objectives were to identify, assess and resolve the risk which
does make sense. However, there were mixed response from some staff who argued that
the objectives are to identify the risk first and other staff claimed that assessment should be
the main aim in HR Risk management.
Managing Operational Risk in HR by Kavin Ramsamy 66
Question 6:
According to you, which of the following HR functions have a far more impact on
Operational Risk?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Poor succession
planning 11 36.7 36.7 36.7
Failures in the
recruitment and
selection process
5 16.7 16.7 53.3
Skeleton work structure 4 13.3 13.3 66.7
Improper segregation of
tasks 2 6.7 6.7 73.3
Manipulation of payroll 3 10.0 10.0 83.3
Outsourcing 2 6.7 6.7 90.0
Communication 3 10.0 10.0 100.0
Total 30 100.0 100.0
Table 7: According to you, which of the following HR functions have a far more impact on
Operational Risk?
When the respondents were told about which HR functions had more impact on
Operational risk, there were shared views in terms of percentage. The one HR function
which staff pointed out to have the more impact on operational risk was poor succession
planning reading a percentage of about 37%.This is a critical factor implying that it is
difficult to monitor such a risk. Also, some respondents representing about 17 % argued
that failures in the recruitment and selection process impacts also on operational risk. This
can be attributed to the fact that at times, HR professionals might end up recruiting the
wrong person for a job or the right person for the wrong job. To cut is short, the other
Managing Operational Risk in HR by Kavin Ramsamy 67
respondents constituting of about 46% pointed out functions mentioned above as having
the real impact on operational risk.
4.1.2 Section B: (All questions analysed through Spss and represented through Pie
Chart)
All processes
are clearly
followed with
regards to HR
at Bank One
Ltd?
The Risk
Management
framework
currently in
place at Bank
One Ltd can
help identify
operational
risk related to
HR
There are
appropriate
and adequate
systems at
Bank One Ltd
to counter
Operational
Risk in HR
There are
proper
standard
operating
procedures
that help the
proper
functioning of
the HR
process
The HR
department
promotes
sound internal
policies and
control
procedures to
counter
operational
risks
N Valid 30 30 30 30 30
Missing 0 0 0 0 0
Table 8: Validity of questions 7 to 11
From the above table, we can note that all respondents successfully answered questions 7
to 11 hence showing the validity of the sample chosen. Their responses to those questions
will be individually analysed below:
Managing Operational Risk in HR by Kavin Ramsamy 68
Question 7:
Fig 5: All processes are clearly followed with regards to HR at Bank One Ltd?
Based on the above Pie chart, we can depict that about 60% of respondents who agree and
strongly agree to the fact that processes with regards to HR are clearly being followed
accordingly which is a positive result for the Bank. However, there are another 40% who
still feels that processes are not clearly followed. This is a cause of concern and HR should
improve as well as fine tune its processes and communicate same to staff such that requests
sent to HR are entertained in the most convenient and in line with the processes devised.
Managing Operational Risk in HR by Kavin Ramsamy 69
Question 8:
Fig 6: The Risk Management framework currently in place at Bank One Ltd can help
identify operational risk related to HR
Based on the above diagram, we can found that most of respondents were unsure whether
the existing risk management framework can help identify operational risk related to HR.
These results give an indication that this framework needs an urgent revamping and
hopefully this has already started with key personnel having been recruited to review the
entire risk management framework. However, this review entails much time since
parameters associated with identification, validation and mitigation of overall risk at the
bank need to be clearly established.
Managing Operational Risk in HR by Kavin Ramsamy 70
Question 9:
Fig 7: There are appropriate and adequate systems at Bank One Ltd to counter
Operational Risk in HR
From the above chart, we can found that majority respondents were uncertain whether
there are appropriate and adequate systems at Bank One Ltd to counter operational risk in
HR. These results give a sign that the systems are not effective enough to safeguard risk in
HR. As such, it may be that these systems either require a complete review to make them
simpler or needs to be redesign. However, it appears the remaining respondents felt that the
systems are suitable and appropriate but with the latest technology, Bank one can adopt a
change management strategy and implement new sophisticated system to as a means to
counter operational risks related to Payroll in HR.
Managing Operational Risk in HR by Kavin Ramsamy 71
Question 10:
Fig 8: There are proper standard operating procedures that help the proper functioning of
the HR process
The above chart represents the level of agreement from respondents following the question
of whether there are proper standard operating procedures that help the proper functioning
of the HR process. At large, we can establish that the majority of them advocate that there
are proper SOP’S that enable the suitable running of the HR process. It is true that without
proper established SOP, no process can be followed properly. Yet, there are some
respondents who are uncertain as to whether there are proper procedures that aid in the
proper functioning of the HR process. This uncertainty may be addressed by notifying
employees of the proper procedures that needs to be followed by HR for any HR related
process.
Managing Operational Risk in HR by Kavin Ramsamy 72
Question 11:
Fig 9: The HR department promotes sound internal policies and control procedures to
counter operational risks
The above figure represents the level of agreement from respondents when asked whether
the HR department at Bank one promotes sound internal policies and control procedures to
counter operational risks. At large, we can establish that the majority of them believe that it
is not the case. It may be that they believe that it is more the role of compliance to ensure
sound internal policies and control procedures.
Nonetheless, there are others who clearly feel that HR is promoting sound internal policies
and control procedures. This can be explained due to the fact that there are detailed internal
policies on HR such as the HR Policy.
In such a policy all control procedures and related policies associated with HR functions
are clearly defined. On the basis of the above result, a copy of such a policy should be
readily made available to existing staff and new entrants to cater for such a lapse.
Managing Operational Risk in HR by Kavin Ramsamy 73
4.1.3 Section C (All questions analysed through Spss and represented through Bar
Chart)
Question 12:
Fig 10: The setting up of an HR audit function can assist in mitigating operational risk
From the above figure, we can denote that all respondents agree to the fact that the setting
up of an HR audit function can assist in mitigating operational risk. This can be explained
as usually there are audit exercises carried out by both internal and external auditors at the
bank. These audit exercises help to identify operational risks related to HR.
Hence the setting up of an audit function is an added advantage to the HR Department of
bank one which will be able to firstly identify the risk and provide for a corrective measure
instantaneously. There will be as such no need to rely on audit exercise to identification of
those risks.
Managing Operational Risk in HR by Kavin Ramsamy 74
Question 13:
Fig 11: By ensuring transparency in the hiring process, operational risks can be mitigated
From the above figure, we have a clear cut indication that respondents fully advocate that
by ensuring sound hiring procedures and transparency in that process, operational risk can
be mitigated. This is the case as Bank One is an equal opportunity employer and its
strength is built on teamwork, partnership and diversity of its people.
Normally, interviews are carried out and only the most successful candidates are recruited
by ensuring that all criteria of the recruitment process have been properly followed.
Moreover notifications are given to employees about how the hiring process is conducted
and the transparency prevailing in those recruitments.
Managing Operational Risk in HR by Kavin Ramsamy 75
Question 14:
Fig 12: A better control on the payroll can mitigate operational risk
From the above figure, we denote the views of respondents are well shared with regards to
the statement that a better control on the payroll can mitigate operational risk. Most of the
respondents are ambiguous that even with better control on the payroll, that operational
risk cannot be mitigated. This is a good argument in that the payroll system involves a
maker and a checker in processing any payments.
If for instance, there is only one person who makes the input and verifies it himself, then
the operation risk is present. However, there exist reconciliation reports that can trace out
whether all entries have been correctly inputted, verified and most importantly tally with
exception reports. Based on these reports, we can ascertain that some respondents agree
that a better control on payroll can help mitigate risks.
The remaining portion of the respondents disagreed with the above statement perhaps as
they feel that strengthening of the payroll control alone does not suffice when dealing with
operational risk within HR.
Managing Operational Risk in HR by Kavin Ramsamy 76
Question 15:
Fig 13: Reviewing guidelines on risk management on a regular basis can help deal with
operational risks
The above figure sheds light on the fact that the bulk of respondents largely indicated their
agreement on the above statement. It is of best practice for Banks to review guidelines on
risk management on a regular basis and respondents are in view that same is being done
with all reviews of such guidelines being communicated at all levels via intranet. Staff of
the bank will work as per these set guidelines and as such they will be more likely to
commit fewer errors. Hence, constant review of these guidelines will act as prevention to
operational risks.
Managing Operational Risk in HR by Kavin Ramsamy 77
Question 16:
Fig 14: Top Management should be involved in devising strategies to deal with
operational risks
From the above figure, we denote that respondents all agreed that top management should
definitely be involved in devising strategies to deal with operational risks since they are the
one who have a strategic view on the company’s long term objectives. Hence it is wise to
assume that the top management will need to develop strategies to safeguard the bank
against all types of risks precisely operational risk. Bank one is moving towards such a
direction but there is much more expected in terms of mitigation of risks given the risk of
investing in global markets.
Managing Operational Risk in HR by Kavin Ramsamy 78
Question 17:
Fig 15: A systemic approach to HR planning can assist in reducing operational risks
From the above figure, we can find that the majority of respondents advocate that a step by
step approach can assist in reducing operational risks. Such an argument holds true in the
sense that by properly elaborating on the different steps to follow into a process such as
recruitment in HR, the staff can minimise operational risks. The more precise the steps are
defined; the likelihood of errors will be minimal. Nevertheless, relying only on the
systemic approach is not to be fully trust since an error made at one step and can end up
into an operational risk issue. Hence a systemic approach requires time to devise and can
prove to be a two- bladed knife for Bank one if not well implemented.
Managing Operational Risk in HR by Kavin Ramsamy 79
Question 18:
Fig 16: Bank One Ltd reviews its risk limitations and strategies regularly and adjusts its
operational risk framework
From the above figure, we can find that the majority of respondents are uncertain as to
whether bank one review its risk limitations and strategies regularly and adjust its
operational risk framework. It may be that respondents perceive Bank One as a small bank
which is gradually rising in terms of size and which has a focus on international markets. It
will take time for the bank to fully operate its risk management framework but it is on the
right track since it usually reviews its strategies regularly to be in line with the demands of
the market. However, with its exposure in countries like Kenya, it can capitalise on same to
increase its know-how and adjust its framework better to mitigate risks.
Managing Operational Risk in HR by Kavin Ramsamy 80
Question 19:
Fig 17: The current risk management system at Bank One enables risks associated with
human error to be promptly and effectively dealt with
From the above figure, we can note that the majority of respondents are not convinced as
whether the current risk management system at Bank one enables risks associated with
human error to be quickly and effectively dealt with. This can account for the fact that
some errors of entries on banking software are at times discovered at a later date when the
reconciliation of reports is being carried out.
Hence the results of the survey gives an idea that the current risk management system is
not in a position to detect the errors of entry on the same day. On the other hand, there are
some respondents who agree that the system in place at bank one can detect human error
and remedial actions are taken accordingly. Such a scenario may involve the case of a
wrong input on payroll by a staff and at the time of verification, the verifier is immediately
notified of that error via the system.
Managing Operational Risk in HR by Kavin Ramsamy 81
Question 20:
Fig 18: Bank one has an appropriate Human resource information system which prevents
system failures, hence prevents losses
From the above figure, we can find that the majority of respondents advocate that an
appropriate human resource information system can prevent system failures and losses.
This is such the case as all inputs on such a system can be verified by another staff and a
report can be retrieved to reconcile whether all information on salaries are accurately done
and there are no grounds for mistakes.
Yet, we have other respondents who might argue that even with the human resource
information system; there is no guarantee that system failures and losses can be prevented.
As such, there is a need for Bank one to still rely on manual verification as a double means
to ensure the figures provided on salary by the system does tally with figures computed
manually.
Managing Operational Risk in HR by Kavin Ramsamy 82
Question 21:
Fig 19: Training on the core banking software from human resource perspective
With reference to the above figure, when asked whether they have received the proper
training on the core banking software from human resource perspective, the majority of
respondents responded quite positively while others were a bit unconvinced.
This can be related to the fact that most of the respondents are still on the learning curve
having been recruited for less than a year. This issue could be addressed by documentation
of the basic core banking software on the induction day of new entrants and also be
circulated in the form of a memo on a yearly basis among existing staff to enhance their
knowledge.
Managing Operational Risk in HR by Kavin Ramsamy 83
Question 22:
Fig 20: The current recruitment and selection process is proper and allows the best
candidates to be employed
The above figure relates to the actual recruitment and selection process at Bank one and
addresses whether such a process is appropriate and whether same caters for the best
candidate to be taken on board. By the look of things, we can denote that majority of
respondents quite agree that the process is being done in the best way possible.
Nevertheless there are some respondents who question the above statement. It may be
assumed that those respondents may think that there are other better ways in which the
current recruitment and selection process be improved. The above results may imply that
Bank One should devise additional recruitment medium like E-recruitment or even Head
hunting to fully attract the best employee.
Managing Operational Risk in HR by Kavin Ramsamy 84
Question 23:
Fig 21: As staff at Bank One are properly motivated and compensated, fraud is reduced
As per results provide by the above chart, we can depict the fact that majority of
respondents did not feel so sure that with motivation and compensation alone, fraud can be
reduced. This school of thought might be justified maybe due to the fact fraud can be done
based on influence of a staff rather than demotivation or lack of compensation.
Moreover, it may be that the staff unknowingly has done a fraud by simply acting upon
orders given by his superior. The risks of such cases happening is high and Bank one
should be able to identify the purpose, establish the severity of such a fraud and work out a
plan of action to prevent occurrence of similar type of frauds.
On the other hand, it is wise to assume that a staff who is well motivated and who loves his
job would be the least likely to commit fraud. Moreover, rewarding an employee a fair
month’s pay for a month’s work makes the worker more committed to his job and
obviously reduce cases of fraud happening.
Managing Operational Risk in HR by Kavin Ramsamy 85
As such based on the survey results, Bank one should be able to devise future strategies to
safeguard against such operational risks.
Question 24:
Fig 22: The current system at Bank One double check or verification of the work of
operational staff
From the above chart, we can notice that most respondents strongly agree that the current
system at Bank one allows double check and verification of the work of operational staff
since it is a basic requirement which needs to be ensured. For every transaction being
inputted on the system, there needs to be a verifier to ensure that same has properly been
made and does not put the bank at risk.
However, this may not be the case for a department operating with the minimum
workforce. It may be the case that a staff preparing a request for approval will be the one
who shall check and recommend same. These practices should not be encouraged by bank
one and the maker and checker principle should abide at all times so that not to trigger
unnecessary operational risks
Managing Operational Risk in HR by Kavin Ramsamy 86
Question 25:
Fig 23: Bank One has appropriate and adequate rules, regulations, procedures, system
and people to mitigate operational risks
With reference to the above figure, as per our survey conducted, majority of respondents
are not certain that Bank one has appropriate and adequate rules, regulations, procedures,
system and people to mitigate operational risks. On the other hand, there are some
respondents who feel like the bank is able to mitigate these risks based on these same rules
and regulations.
The views are quite shared perhaps relating to Bank One’s takeover by Ciel Group in year
2008 after some failed internal processes relating to the Ex-Delphis bank and maybe there
is still a perception among staff that the bank currently still needs to focus more on
strengthening all of its rules, regulations, procedures, system and people
Managing Operational Risk in HR by Kavin Ramsamy 87
Question 26:
Fig 24: New Employees at Bank One Ltd normally go through a well-designed induction
programme
The above figure shows clearly that respondents unanimously agreed that new employees
at Bank one normally go through a well-designed induction programme. This is a positive
point for Bank One to introduce to the new entrants the various procedures and operations
and make them knowledgeable. In turn, the bank can capitalise on that induction
programme to brief these new entrants on risk issues and implications. This would be a
preventive action towards operational risk.
Managing Operational Risk in HR by Kavin Ramsamy 88
Question 27:
Fig 25: Succession Planning is properly made at Bank One so that before an employee
leaves, the successor is already identified and trained
From the above figure, we can clearly identify that succession planning is not being
correctly implemented based on the responses received from staff. It is one of the dangers
that impacts directly on operational risk. About 77 % of respondents are uncertain and
disagree that succession planning is properly made. It is of utmost importance for Bank
One to urgently address these lapses and engage in strategies such as business continuity
and develop a crisis management plan in order to plan against such operational risks.
Managing Operational Risk in HR by Kavin Ramsamy 89
Question 28:
Fig 26: There is proper segregation of duties at Bank One Ltd and this reduces risks.
Based on results from the above figure, we can point out the views of respondents were
quite pooled when they were asked as to whether there is proper separation of duties at the
bank and if this eventually helps to reduce risk.
Yet, we had a percentage of respondents who stand out of the lot who unsure that
segregation of duties does lead to reduction in risk. This point of view holds true in the
sense that even though the duties are split up, human errors are natural and can always
happen, it is most of a preventive action which needs to be put in place. Conversely, other
respondents feel like that division of labour is the basis to make fewer errors.
The more specialised an employee gets in his job; the more little likely he is to commit
errors. On the basis of those results, Bank One should strike the right balance in terms of
adopting a structure where employees are at ease and know exactly what is expected of
them in terms of output.
Managing Operational Risk in HR by Kavin Ramsamy 90
Question 29:
Fig 27: I am fully aware of the code of ethics at Bank One and I comply with it
With regards to the above figure, we note that majority of respondents are fully aware of
the existence and purpose of the code of ethics and do comply unanimously. However, it is
to be noted that only a small section of respondents are maybe uncertain of what the code
of ethics actually implies. Nevertheless, this small issue can be addressed by HR in terms
of enhancing their knowledge on code of ethics and the implications of same.
Managing Operational Risk in HR by Kavin Ramsamy 91
Question 30:
Fig 28: Promotion of employees is fair and proper at Bank One Ltd
From the above chart, we may found that the bulk of respondents are uncertain when they
were asked whether the promotion of employees is fair and proper at Bank One Limited.
On the other hand, the remaining portion agreed that the promotional exercise is done in a
fair and proper manner. These results prove that this exercise is not being done in the most
proper way possible. It should be redesign and revamped such that all employees get the
feeling that such an exercise is being done with the best possible resources and with the
required standard.
Managing Operational Risk in HR by Kavin Ramsamy 92
Question 31:
Fig 29: There are proper strategies at Bank One to retain the best employees
From the above chart, we can denote that about 43% of the respondents felt that Bank One
has put in place proper strategies to retain the best employees. Normally, financial
incentives are at times offered to employees in order to further motivate them to work in
the interest of the bank and also when a counter offer has been made to these employees.
Yet, we have a cluster of respondents of around 40% who are uncertain as to whether those
strategies are effective in retaining top talents. It is a cause of worry and Bank One should
be able to address such an issue by either extending the benefits to other employees based
on their performances as well as recognise their efforts through an increase in pay packet.
On another note, we have a percentage of about 17% who disagree that the strategies are
not properly being implemented to retain the top performing employees at Bank One
Limited.
Managing Operational Risk in HR by Kavin Ramsamy 93
Question 32:
Fig 30: Communication is properly cascaded down and there is smooth flow of
information at Bank One
From the above figure, we can make a note that the majority of respondents feel that
communication is not properly cascaded down in terms of information. This is a serious
issue as improper information or part information can lead to operational risk.
Miscommunication should be dealt with at bank One Limited on a top priority. Not
ensuring good flows of communication can lead to repercussion not only in terms of profits
but also in terms of reputation for Bank One. In the case of HR, recruiting the wrong
profile due to lack of communication is simply unacceptable.
Managing Operational Risk in HR by Kavin Ramsamy 94
Question 33:
Fig 31: Employees are properly supervised at to reduce operational risks at Bank One
Referring to the above chart, we notice that majority of respondents strongly agree and
agree that employees are properly supervised at to reduce operational risks. This can be
accounted due to the fact that there are pre-established procedures at Bank one which staffs
need to properly follow and also there are sanctions which are applicable in cases where
staffs by pass those clear cut procedures.
Yet, there are some respondents who are uncertain that employees are not properly
supervised at when it comes to reduce of operational risks. This can be explained perhaps
by the lack of training which they have been given for them to perform these tasks and as
such they will need more coaching in order to become fully fledge. The more interest they
show in learning banking procedures, the easier will be the task of their superiors to
monitor their progress and ensure they commit no errors.
Managing Operational Risk in HR by Kavin Ramsamy 95
4.1.4Section D (All questions tabulated through Spsss and represented
diagrammatically)
Question 34:
Does the Coso Cube to HR an effective tool to mitigate
operational risk?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid No 30 100.0 100.0 100.0
Table 9: Coso Cube to HR
From our survey conducted, many respondents were not aware of the existence of the Coso
Cube to HR as a tool to mitigate against operational risk and this is quite surprising. As
such this gives a clear picture that Bank One limited is not using the latest tools as a means
of internal control. This would surely need to be implemented in the near future such that
staff would be able to use same when dealing with operational risk issues. It may also be
that Bank One has partly implemented same but there seem to be a lapse as to why same
has not been fully adopted among the staff. So this issue will need to be addressed by Bank
One as part of its risk management strategy.
Managing Operational Risk in HR by Kavin Ramsamy 96
Question 35:
Do you think that Bank One has been able to successfully
apply a risk management framework for dealing with
Operational Risk at HR level?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Yes 16 53.3 53.3 53.3
No 14 46.7 46.7 100.0
Total 30 100.0 100.0
Table 10: Application of a risk management framework
Based on the above question put forward, the views of respondents are quite shared. 53%
of them agree that the Bank has been successful in implementing a risk management
framework within HR. This can surely be associated with the fact that these staff have
experienced the downfall of Ex-Delphis Bank which was due to operational risk issues.
They appear to have noticed a more modern risk management framework that can counter
risks. However, the remaining 47% of respondents who do not share this view may feel
that Bank one still needs to fine tune its risk management framework towards best
practices.
Managing Operational Risk in HR by Kavin Ramsamy 97
Question 36:
Do you think that Bank One has been able to implement the
latest international risk management standards as part of its
strategy?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Yes 7 23.3 23.3 23.3
No 23 76.7 76.7 100.0
Total 30 100.0 100.0
Table 11: Implementation of risk management standard as part of Bank One’s strategy
When questioned about whether Bank One has been able to implement the latest
international risk management standards as part of its strategy, over 77% of respondents
felt massively that the bank has not yet reached that level. This is quite precarious since the
bank wants to be a global player in terms of international banking. The more compliant the
bank would be with regards to international risk management standards, the safer will it be
able to attract high profile business and top talents to build up its reputation. Nevertheless,
23% of respondents do feel that the bank has implemented international risk management
standards. This can be explained due to the recent appointment of a Chief risk officer and
slowly but steadily, bank one can aspire to meet those international risk standards.
Managing Operational Risk in HR by Kavin Ramsamy 98
4.1.5 Section E (Profile of respondents)
The profiles of the respondents are based on their gender, age group, Level of education,
length of service and different levels of the organisational structure of Bank One Limited.
Question 37:
Gender
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Male 11 36.7 36.7 36.7
Female 19 63.3 63.3 100.0
Total 30 100.0 100.0
Table 12: Gender
From the above table, it is noticed that out of a total of 30 respondents, the majority of
respondents were Female. This can be explained simply due to the fact that there are
actually more Female employees at the Bank.
Managing Operational Risk in HR by Kavin Ramsamy 99
Question 38:
Age Group
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid 21 to 30 20 66.7 66.7 66.7
31 to 40 5 16.7 16.7 83.3
41 to 50 3 10.0 10.0 93.3
Above 50 2 6.7 6.7 100.0
Total 30 100.0 100.0
Table 13: Age Group
From the above table, respondents have been grouped into four categories of age group.
The majority were from the age group of 21-30. This can be explained due to the
significant number of School leavers which the bank recently hired in replacement of
employees who have resigned and as part of its strategy of bringing new blood into the
business
Managing Operational Risk in HR by Kavin Ramsamy 100
Question 39:
Level of Education
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid School Certificate(Sc) 2 6.7 6.7 6.7
Higher School
Certificate(Hsc) 11 36.7 36.7 43.3
Diploma/Technical
Qualifications 3 10.0 10.0 53.3
Degree & above 14 46.7 46.7 100.0
Total 30 100.0 100.0
Table 14: Level of education
From the above table, respondents have been grouped into four categories in terms of level
of education. It can be noticed the majority have completed their hsc or degree which gives
an idea that the bank has clearly established pre requisites in terms of qualifications before
hiring future employees.
Managing Operational Risk in HR by Kavin Ramsamy 101
Question 40:
Length of service at Bank One Limited
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Less than 1 year 9 30.0 30.0 30.0
1 - 5 years 8 26.7 26.7 56.7
6 - 10 years 6 20.0 20.0 76.7
Above 10 years 7 23.3 23.3 100.0
Total 30 100.0 100.0
Table 15: Length of service at Bank One Limited
From the above table, we can find respondents have been grouped into four categories in
terms of their length of service at Bank One Limited. The majority of respondents were
new entrants who joined less than a year and their feedback was important with regards on
how they view operational risks. However, we also notice that the remaining respondents
have had wealth of experience at bank one limited as well and their feedback was really
appreciated given the purpose of the study on managing Operational risks in HR.
Managing Operational Risk in HR by Kavin Ramsamy 102
Question 41:
In which department do you currently work?
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid HR 5 16.7 16.7 16.7
Credit Risk 3 10.0 10.0 26.7
Retail Banking 6 20.0 20.0 46.7
E-Commerce 3 10.0 10.0 56.7
Corporate Banking 4 13.3 13.3 70.0
International
Banking 7 23.3 23.3 93.3
Risk 2 6.7 6.7 100.0
Total 30 100.0 100.0
Table 16: Department
From the above table, we can find that respondents have been grouped into three categories
in terms of the department in which they are posted at Bank One Limited. The majority of
respondents were from the international banking department followed closely by those
from the retail banking department which adds an interesting debate with regards to their
views on operational risk in HR.
Managing Operational Risk in HR by Kavin Ramsamy 103
Question 42:
Level at which you operate at Bank One Ltd.
Frequency Percent
Valid
Percent
Cumulative
Percent
Valid Strategic(Top Management) 8 26.7 26.7 26.7
Middle
Management/Supervisory 8 26.7 26.7 53.3
Operational level 14 46.7 46.7 100.0
Total 30 100.0 100.0
Table 17: Level of operation at Bank One Ltd
From the above table, we can depict that respondents have been grouped into three
categories in terms of their position at Bank One Limited. The majority of respondents
were from the operational level and questions on operational risks would have been much
easier for them to respond since at times they may have faced such risks in their career.
The other respondents were those at top Management level and middle management.
Managing Operational Risk in HR by Kavin Ramsamy 104
5. CONCLUSION AND RECOMMENDATIONS
5.1. CONCLUSION
Operational risk management provides a rational and methodical means of identifying and
controlling risk. Operational risk management is not a complex process, but does require
individuals to support and implement the basic principles on an ongoing basis.
In the HR context, operational risk management provides organizations a powerful tool for
only if properly managed and maintained. Top HR Professionals should have a voice in the
critical decisions that determine success or failure in all hr functions involving operational
risks.
This is of utmost importance such that prevention of such risks is catered for before it
becomes critical. The involvement of top management is not to be undermined when it
comes to risk management as they are the one who are in a better place to establish the
proper risk framework.
Managing Operational Risk in HR by Kavin Ramsamy 105
5.2. RECOMMENDATIONS
The aspects of operational risk related to HR requires management's attention given the
fact that we have find out that the main risk associated with HR is succession planning and
an improper risk management framework.
As such the below solutions may be recommended to improve operational risk
management:
Creating a system so that data can be recorded and which relates to operational
incidents.
Establishing or revamping the set of key risk indicators.
Establishing the potential risk that can occur especially in the context of operational
risk.
Designing and implementing proper controls for operational risk.
Periodical test on the implemented controls, reporting controls.
Last but not least, employees must be encouraged to take conscious of the proper processes
involved in their daily tasks such that error may be avoided. There should be a database
that will reflect operational events and losses and information based on operational risk
must be reported and revised regularly.
Managing Operational Risk in HR by Kavin Ramsamy 106
REFERENCES
Basel Committee on Banking Supervision. 1998a. Operational risk management. Basel:
(s.n), September.
Bhima, Rao (2015) Devising risk management in human resources Consultant and HR
Trainer
Basel Committee on Banking Supervision. 1998c. Risk management for electronic banking
and electronic money activities. Basel: (s.n), March.
Crouhy, M., Galai, D. and Mark, R. 1998. Key steps in Building Consistent Operational
Risk Measurement and Management, in Operational Risk and Financial Institutions
Culp, C. (2001). The risk management process: Business strategy and tactics. New York:
John Wiley & sons.
Douglas, M. (1992) ‘Risk and Blame’, in M. Douglas (ed:) Risk and Blame: Essays in
culturalTheory. London. Routledge.
Essinger, J. & Rosen, J. 1991. Using technology for risk management. Cambridge:
Woodhead-Faulkner.
Financial services Authority. 1999. A paper by the FSA Informal Working Party on
Allocating Regulatory Capital for Operational. (S.I.:s.n.)
Guidelines on Operational Risk Management by Oesterreichische National Bank in
cooperation with the Financial Market Authority.
Green, P.S, 1992. Reputation Risk Management. London: Pitman Publishing
Hiwatashi, J. (2002). Solutions on measuring operational risk. Capital markets news, the
federal reserve bank of Chicago (September)
Managing Operational Risk in HR by Kavin Ramsamy 107
Hoffman, D.G. 1998. New Trends in Operational Risk Measurement and Management in
Operational Risk and Financial Institutions, edited by Robert Jameson. London:
RiskBooks.
Jane Ure-Smith (2014). Article on the cost of hiring the wrong person
Freelance journalist in the UK
Jacobus, Y. (2001). A structured approach to Operational risk management in a banking
environment. Doctor of Commerce. University of South Africa.
Jameson, R. (ed.) (1998) Operational Risk and Financial Institutions, Risk books, London.
Katz, I.D. 1995. Financial Risk Manager. London: Euromoney Books.
Kingsley, S., Rolland, A., Tinney, A. & Holmes, P. 1998 Operational Risk and Financial
Institutions: Getting started in operational risk and financial institutions, edited by Robert
Jameson.
King, J.L. (2001): Operational Risk, Measurement and Modelling, Wiley Finance. New
York.
Mayland, P.F. 1993. Bank Operating Credit Risk Assessing and Controlling Credit Risk in
Bank Operating Services. United States of America: Probus Publishing.
Milkau, Udo Dr (27 March 2013) “Adequate communication about operational risk in the
business line’’ Journal of Operational Risk
Nystrom, K. (2002). Quantitative Operational Risk Management, Swedbank, Group
Financial Risk Control, Sweden.
Operational Risks in Financial Services “An old Challenge in a New Environment” Hans-
Ulrich Doerig. Credit Suisse Group Jan 2001
Quick, J. 1999. The Impetus for Change: Operational Risk Special Report. Risk, July: 8
Managing Operational Risk in HR by Kavin Ramsamy 108
Remenyi, D. & Heafield, A. 1996. Business Process Re-engineering: Some aspects of how
to evaluate and manage the risk exposure. International Journal of Project Management.
Wharton School (2002). Operational risk poses challenges to financial institutions and
regulators. Summary of 2002 risk roundtable series organized by Wharton financial
institutions centre (July 3). Available at:
Wilson, D. 2000. Operational Risk in the Professional’s Handbook of Financial Risk
Management, edited by M. Lore & L. Borodovsky Oxford: Butterworth Heinemann: 377-
412.nsylvania: Cambridge University.
WEBSITES:
http://knowledge.wharton.upenn.edu/articles.cfm?catid=1&articleid=582
http://pezzottaitejournals.net/index.php/IJAFMP/article/view/384
http://www.ifsmauritius.com/mauritius.php
http://www.mfw4a.org/mauritius/financial-sector-profile.html
http://www.mba.mu/pdf/Implementation%20of%20Basel%20III%20Framework%20in%2
0Mauritius-%20July%202014.pdf
http://en.wikipedia.org/wiki/Subprime_mortgage_crisis
http://www.nber.org/papers/w12234
https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_on_L
iquidity_20100802.pdf
http://www.investopedia.com/terms/c/creditrisk.asp
https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_on_C
redit_Risk_Management.pdf
Managing Operational Risk in HR by Kavin Ramsamy 109
https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/Guideline_Mark
etRisk.pdf
http://www.mba.mu/pdf/Implementation%20of%20Basel%20III%20Framework%20in%2
0Mauritius-%20July%202014.pdf
http://finance.flemingeurope.com/webdata/2275/Basel-III-and-operational-risk-the-
missing-piece.pdf
http://phd.lib.uni-corvinus.hu/617/2/Homolya_Daniel_den.pdf
http://business.mega.mu/2013/07/05/new-service-mcb-turns-your-mobile-phone-credit-
card/
http://motors.mega.mu/news/2011/09/25/misappropriation-rs-80-million-bramer-banking-
corporation-modus-operandi-fraudsters/
http://www.extension.org/pages/15506/the-role-of-human-resource-management-in-risk-
management#.VQ7pwYGgt4w
https://uk.linkedin.com/jobs2/view/10440562
http://www.proformative.com/articles/cost-hiring-wrong-person
http://www.icac.nsw.gov.au/preventing-corruption/knowing-your-risks/payroll/4906
http://humanresources.about.com/od/glossarys/g/successionplan.htm
http://www.simplicityhr.com/resources/articles/strategies/succession
http://blog.allstream.com/why-business-continuity-demands-succession-planning-of-papal-
proportions/
Managing Operational Risk in HR by Kavin Ramsamy 110
http://www.suntiva.com/blog/post/37/succession-planning-%E2%80%93-risk-
management-for-your-human-resources/
http://www.businesscontinuityuk.net/businesscontinuity/succession-planning-business-
continuity
https://www.seic.com/docs/ims/sei_opprisk_book_us.pdf
http://www.deccanherald.com/content/165365/devising-risk-management-human-
resources.html
http://events.centralbanking.com/kualalumpur/static/business-continuity-planning-and-
operational-risk-management-for-central-banks
http://www.custominsight.com/360-degree-feedback/what-is-360-degree-feedback.asp
https://www.google.com/search?q=coso+cube+2014&sa=X&biw=1280&bih=522&tbm=is
ch&tbo=u&source=univ&ei=h3JAVbqZLsLWUfq3grAJ&ved=0CCkQsAQ#imgrc=mMzJ
Vk8tu--kWM%253A%3BJs2TloVFTxt-
BM%3Bhttp%253A%252F%252Fdeloitte.wsj.com%252Friskandcompliance%252Ffiles%
252F2014%252F03%252FCOSO_-17-
principles1.png%3Bhttp%253A%252F%252Fofficeboots.net%252Ftag%252Fcoso-
internal-control-integrated-framework-2013%3B830%3B369
http://www.bankone.mu/en/
http://www.divestopedia.com/definition/967/standard-operating-procedures-sop
http://www.investopedia.com/terms/c/code-of-ethics.asp
https://www.google.com/search?q=QUOTA+SAMPLING&ie=utf-8&oe=utf-8
https://www.statpac.com/surveys/sampling.htm
Managing Operational Risk in HR by Kavin Ramsamy 111
APPENDIX A
Dear Respondent,
I am a Part-time student at the University of Technology of Mauritius and am currently
following a course leading to a Master in Business Administration (MBA). In order to
complete my degree, I need to conduct a research and submit a dissertation report. I have
chosen to research on the following: ‘Managing Operational Risks in Human Resources,
with particular reference to Bank One Ltd.’. The purpose of this study is to identify the
operational risks pertaining to human resources existing at Bank One Ltd. and to propose
ways to better manage these risks.
In this context, I would highly appreciate if you could kindly answer the questions or rate
statements in the attached questionnaire.
Kindly note that your opinion is of paramount importance as this survey will give an
indication whether proper strategies are being implemented at Bank One Ltd. to manage
operational risks pertaining to human resources.
You can rest assure that the information you are going to provide will be kept strictly
confidential and your answers will be considered anonymous. The information gathered
will be used solely for the purpose of this study.
I thank you for your participation in the survey.
Yours faithfully,
Kavin Ramsamy
Student
University of Technology, Mauritius
Managing Operational Risk in HR by Kavin Ramsamy 112
SECTION A
(Please tick (✓) the appropriate box)
1. Do you agree with the following statement: “Operational risk is defined as the
risk of loss resulting from inadequate or failed internal processes, people and
system or from external”?
Yes
No
2. Do you agree that people are one of the most critical factors in operational
risk?
Yes
No
3. While managing the root cause of operational risk in HR, which of the
following would you mostly consider?
Rules
Regulations
Procedures
People
All of the above
4. Do you agree that a risk management plan is important in tackling operational
risk in HR?
Yes
No
Managing Operational Risk in HR by Kavin Ramsamy 113
5. According to you, what are the main objectives of risk management in HR?
(You may choose for more than one answer)
Identify risk
Assess risk
Resolve risk
All of the above
6. According to you, which of the following HR functions have a far more impact
on operational risk? (You may choose for more than one answer)
Poor succession Planning
Failures in the recruitment and selection process
Skeleton work structure
No proper induction pack for new entrants
Improper segregation of tasks
Manipulation of Payroll
Outsourcing
Communication
No code of ethics and standard operating procedures
SECTION B
(Please tick (✓) the appropriate box)
S.N. Statements Strongly
Agree
Agree Neutral Disagree Strongly
Disagree
7. All processes are clearly
followed with regards to HR at
Bank One Ltd.
8. The risk management framework
currently in place at Bank One
Ltd. can help identify operational
risk related to HR
Managing Operational Risk in HR by Kavin Ramsamy 114
S.N. Statements Strongly
Agree
Agree Neutral Disagree Strongly
Disagree
9. There are appropriate and
adequate systems at Bank One
to counter Operational risk in HR
10. There are proper standard
operating procedures that help
the proper functioning of the HR
process
11. The HR department promotes
sound internal policies and
control procedures to counter
operational risks
SECTION C
(Please tick (✓) the appropriate box)
S.N. Statements Strongly
Agree
Agree Neutral Disagree Strongly
Disagree
12. The setting up an HR audit
function can assist in mitigating ,
operational risks
13. By ensuring transparency in the
hiring process, operational risks
can be mitigated
14. A better control on the payroll
system can mitigate operational
risks
15. Reviewing guidelines on risk
management on a regular basis
can help to deal with operational
risks
16. Top Management should be
involved in devising strategies to
deal with operational risks
17. A systemic approach to HR
planning can assist in reducing
operational risks
18. Bank One Ltd. reviews its risk
limitation and strategies regularly
and adjusts its operational risk
framework
Managing Operational Risk in HR by Kavin Ramsamy 115
S.N. Statements Strongly
Agree
Agree Neutral Disagree Strongly
Disagree
19. The current risk management
system at Bank One enables risks
associated with human error to be
promptly and effectively dealt
with
20. Bank One has an appropriate
Human resource information
system which prevents system
failures (such as data of
employees being mixed up or
salary inputs being reversed due
to technical issues), hence
prevents losses
21. I have been trained on the core
banking software from human
resource perspective
22. The current recruitment and
selection process at Bank One is
proper and allows the best
candidates to be employed
23. As staff at Bank One are properly
motivated and compensated,
fraud is reduced
24. The current system at bank One
always allow double check or
verification of the work of
operational staff
25. Bank One has appropriate and
adequate rules, regulations,
procedures, system and people to
mitigate operational risks
26. New employees at Bank One
Ltd. normally go through a well-
designed induction programme
27. Succession planning is properly
made at Bank One so that before
an employee leaves, the
successor is already identified
and trained
28. There is proper segregation of
duties at Bank One and this
Managing Operational Risk in HR by Kavin Ramsamy 116
S.N. Statements Strongly
Agree
Agree Neutral Disagree Strongly
Disagree
reduces risks
29. I am fully aware of the code of
ethics at Bank One and I comply
with it
30. Promotion of employees is fair
and proper at Bank One Ltd.
31. There are proper strategies at
Bank One to retain the best
employees
32. Communication is properly
cascaded down and there is
smooth flow of information at
Bank One
33. Employees are properly
supervised at to reduce
operational risks at Bank One
SECTION D
(Please tick (✓) the appropriate box)
34. Does the COSO Cube to HR an effective tool to mitigate operational risk?
Yes
No
35. Do you think that Bank One has been able to successfully apply a risk
management framework for dealing with operational risk at HR level?
Yes
No
36. Do you think that Bank One has been able to implement the latest international
risk management standard as part of its strategy?
Yes
No
Managing Operational Risk in HR by Kavin Ramsamy 117
SECTION E
(Please tick (✓) the appropriate box)
37. Gender
Male
Female
38. Age group
20 years & below
21 to 30
31 to 40
41 to 50
Above 50
39. Level of Education
School Certificate (SC)
Higher School Certificate (HSC)
Diploma / Technical Qualifications
Degree & above
40. Length of service at Bank One Ltd.
Less than 1 year
1 – 5 years
6 – 10 years
Above 10 years
41. In which department do you currently work?
___________________________________
Managing Operational Risk in HR by Kavin Ramsamy 118
42. Level at which you operate at Bank One Ltd.
Strategic (Top Management)
Middle Management / Supervisory
Operational level
Thank You!