Causes of personnel risks. HR risk management. Qualitative risk analysis
Currently, one of the most important conditions for the functioning of an organization with a focus on increasing its value, stable profit and efficient operation is personnel risk management, which is becoming one of the main competitive advantages of an organization, regardless of its organizational and legal form and type of activity.
Personnel risk is understood as the threat of losses arising from the inefficient functioning of the organization's personnel management system, mistakes made by the organization's management and personnel department when developing a personnel strategy or in the process of making operational decisions in the field of personnel management.
Personnel risk is a complex risk, therefore, it is necessary to classify the types of personnel risks, which means their distribution into separate groups according to certain characteristics in order to achieve certain goals. Each risk has its own risk management approach.
The following groups of personnel risks can be distinguished:
- 1. According to the nature of the manifestation personnel risks can be divided into quantitative and qualitative ones. Personnel risks quantitative associated with a lack or excess of human resources in a particular organization. They can manifest themselves in the form of various losses due to the discrepancy between the actual number of employees and the current needs of the organization and include:
- - risks of untimely replacement of newly created or released jobs;
- - risks of untimely reduction in the number of personnel of not fully loaded structural divisions of the organization;
- - risks of disproportions in the number of personnel of various departments, characterized by an excess number of personnel in some departments and the presence of vacancies in others;
- - job risks, consisting in the inconsistency of the position itself with the types of activities, goals, tasks, functions and technologies. The reasons for their occurrence may be inadequate staffing or a distorted job description.
Personnel risks qualitative character due to the discrepancy between the actual characteristics of the personnel available to the organization and the requirements for it. They include:
- - qualification and educational risk, the essence of which is the inconsistency of the employee with the position held;
- - risks of insufficient qualification of personnel;
- - the risks of specific employees lacking the necessary professional qualities (for example, work experience in this position, responsibility, diligence, creativity, business intuition, etc.);
- - risks of personnel disloyalty;
- - the risks of lack of necessary personal qualities in certain employees (for example, intellectual potential, psychological stability, communication skills, etc.);
- - the risk of abuse and dishonesty, depending on the level of work on the selection and hiring of personnel, the effectiveness of the security services, the effectiveness of the control and audit apparatus, leadership style, corporate culture;
- - the risk of rejection by employees of innovations. Innovation management involves timely informing people, choosing clear goals and strategies, flexible planning and organization, stimulating staff and involving them in changes at all stages, training staff and targeting their behavior.
- 2. For reasons of occurrence personnel risks are divided into individual and organizational.
Individual personnel risks include the following types:
- - biological risks (age, health level, psycho-physiological characteristics, performance capacity);
- - socio-psychological risks (motives, values, norms, culture, social roles performed, conflict, loyalty);
- - intellectual risks (level of intelligence, education);
- - professional risks (creative potential, professional potential, competencies, qualifications, work experience);
- - personal risks (short-sightedness, negligence, fear of blackmail, sudden worsening or improvement of financial situation, social status, vanity, desire to maintain position, easy suggestibility, gullibility, deceit, criminal record, greed, resentment, vindictiveness, meanness, instability to stress, loneliness , secrecy).
Organizational personnel risks are primarily due to inefficient work in the field of personnel management, namely, inefficient systems for the selection and selection of personnel, motivation and incentives for personnel, career management, etc.
- 3. According to the possible damage personnel risks are divided into:
- - property risks, the damage from which can be accurately determined in monetary terms;
- - non-property (or non-material) risks associated with damage caused, for example, to the image of the enterprise as a business partner.
- 4. Possible extent of damage personnel risks are most often classified as local, only in the rarest cases an organization can suffer significant losses, which are usually determined by erroneous decisions of the top management of the organization.
- 5. According to the degree of regularity of manifestation personnel risks are divided into one-time or occasional, regular, permanent risks.
- 6. Depending on the degree of sensitivity to risks of various stakeholder groups allowable, acceptable and unacceptable personnel risks are allocated.
The following groups of main factors influencing the occurrence of personnel risks in the organization are distinguished.
Internal factors - managed, i.e. depending on the management of the enterprise and (indirectly) on external factors that determine the conditions for the occurrence of risks:
- discrepancy between the qualifications of employees and the requirements for them;
- insufficient qualification of employees;
- weak organization of the personnel management system;
- poor organization of the training system;
- inefficient system of motivation;
- errors in personnel resource planning;
- reduction in the number of rationalization proposals and initiatives;
- care of qualified employees;
- orientation of employees to the solution of internal tactical tasks;
- orientation of employees to the observance of the interests of the unit;
- absence or weak corporate policy;
- low-quality checks of candidates when hiring, etc.
Without a doubt, HR managers can continue this list, which should be done by analyzing the state of personnel work in terms of safety and break-even labor relations in the enterprise.
External factors - unmanaged, i.e. not dependent on organizational management, but determining the personnel policy of the enterprise and the degree of risk:
- competitors have better motivation conditions;
- installation of competitors to lure personnel;
- external pressure on employees;
- getting employees into various types of addiction;
- inflationary processes (it is impossible not to take into account when calculating wages and forecasting its dynamics). Risk cases are divided into random (unintentional) and non-random (targeted).
Random is mainly caused by the following reasons:
- lack of awareness of the essence of what is happening and the consequences of their actions;
- negligence, inattention, violation or lack of relevant rules and regulations;
- inadequate in-house training;
- own vision of the situation (good intentions);
- gap between true and declared organizational values.
Purposeful risk behavior is mainly due to:
- own vision of the situation (good intentions);
- personal gain;
- individual values that are different from those of the organization;
- gap between true and declared organizational values;
- low interest in the existence (development) of the organization;
- intracorporate intrigues, intergroup conflicts;
- disloyalty, demotivation, conflicts (sometimes with a separate specific person);
- atmosphere of dark mystery.
UDC 331.101
ANALYSIS AND PREDICTION OF PERSONNEL RISKS IN ORGANIZATIONS
E.S. Nechaev
Existing classifications of risk factors in the human resource management system of organizations are considered. Approaches are considered and proposed that make it possible to predict the emergence and development of personnel risks based on systems of qualitative and quantitative indicators.
Key words: personnel risk; risk factors; personnel profile; risk levels.
Ensuring the success of the functioning and security of any organization is due to the complex management impact on real and potential threats (risks) arising in unstable conditions of the external and internal environment. The main element in the security system is the human factor, which can have a critical impact on the competitiveness of the organization.
The human resource management subsystem is objectively the key subsystem of the organization, since provides the techno-economic system with living intelligence, the driving (or destroying) force of business ideas and business processes. The human resource ultimately predetermines the risks of direct and indirect losses due to inefficient construction of business processes, decision-making and implementation procedures, technological deviations, unpredictable and unpredictable actions of personnel, inadequate response and adaptation in relation to environmental factors.
The need for conscious risk management in the field of human resource management (personnel risks) leads to the relevance of analyzing and systematizing the main risks, factors that determine the emergence and development of risk situations, as well as indicators that signal the emergence of a risk (pre-risk) situation. Personnel risks in the general sense can be considered as any action or inaction on the part of the staff (human resource).
Personnel risk is a complex risk, which predetermines the difference in approaches to risk classification, risk factors, risk consequences, risk management methods in the works of A.G. Badalova, E.S. Zharikova, L.V. Zubareva, Yu.G. Odegova, S.G. Radko, A.L. Slobodchikova, N.V. Samoukina, V. Fedoseeva, I.I. Tsvetkova, S.V. Shekshni and other authors.
In the practice of managing organizations, there are two polar points of view on personnel risks. According to the first point of view
HR risks are mostly random, temporary, partly cyclical in nature, due to minor errors, rare miscalculations in personnel management or deterioration in the overall external situation. Consequently, managers do not need to pay attention and allocate resources to managing personnel risks. The second point of view is based on the understanding that personnel risks are the result of insufficiently effective work with human resources in the organization and the cause of all other types of risks in the organization. This position justifies the need to study and analyze the causes, factors, indicators of the occurrence of personnel risks in the organization, the development and application of management methods and minimization of personnel risks. Polar points of view are an idealized model, which in practice is represented by management activities, with varying degrees of activity aimed at predicting and minimizing personnel risks.
The classification of personnel risks is multifaceted and quite fully presented in publications devoted to personnel risks. The classifications reproduced below are necessary for the analysis of factors and indicators of personnel risks.
I.I. Tsvetkova, systematizing risks, identifies the following types of risks:
Job risk arising from inadequate staffing, inadequate job description that does not correspond to the types of activity, goals, tasks, functions, technology;
Qualification and educational risk arising from inadequate recruitment, selection, development of personnel in case of discrepancy between the education, profession, qualifications of the employee of the position held;
The risk of abuse and dishonesty arising from the imbalance of the various subsystems of the organization (corporate culture, management methodology and technology, the activities of security services);
The risk of non-acceptance by employees of innovations that occurs when key principles and procedures of organizational development are violated (goal setting, flexible planning, information, adaptation, training, stimulation and involvement of personnel).
Depending on the stage of human resource management technology, the following risks are often described in the literature.
1. Risks associated with the recruitment, selection and selection of personnel. These risks can eventually lead to qualification risks, risks of abuse and bad faith, risks of non-adoption of innovations, as well as economic risks with various consequences. An important factor to be considered in the selection is
dialogue and mutual coincidence of the expectations of the organization and the employee, the possibility of harmonious inclusion of the employee in the existing organizational culture. Uncomfortable culture for the employee leads to many negative consequences, leading to a variety of risks;
2. Risks associated with inadequate motivation and ineffective incentives. These risks can lead to disloyalty, abuse, dishonesty and rejection of innovations;
3. Risks associated with the dismissal of employees. These risks can lead to significant material and non-material damage in the absence of proper work with dismissed employees;
4. Risks associated with information security and trade secret protection. It is this group of risks that is most often considered and taken into account due to the perception of a clear threat to the organization's business. Publications note that about 80% of material damage to organizations is caused by their own personnel;
5. Risks caused by the presence in the organization of certain groups of employees included in the "risk groups" for observed or expected behavior. Most competitive successful organizations can minimize these risks as a result of adequate non-formalized selection, in which potential employees can show the full range of their strengths and weaknesses.
These risks can be divided into risks at the entry stage (recruitment, selection), risks at the activity stage (performance of labor functions and achievement of results) and risks at the exit stage (release).
The division of risks into quantitative and qualitative is fully consistent with the goal of human resource management of the organization, which is to provide the organization with personnel of the required quality in the planned quantity at the set time. Personnel risks of a quantitative nature can manifest themselves in the form of losses due to a discrepancy between the actual number of employees and the planned needs of the organization and include:
Risks of untimely replacement of vacancies (vacated or created);
Risks of untimely release of personnel in the presence of hidden unemployment in the divisions of the organization;
Staff turnover risks.
Personnel risks of a qualitative nature can manifest themselves in the form of losses due to a discrepancy between the actual characteristics of the organization's personnel and the requirements for it and include:
Risks of insufficient qualification of employees;
Risks of employees lacking the necessary professionally significant qualities;
Risks of employees lacking the necessary personal qualities;
Risks of inadequate motivation of employees;
Risks of disloyalty.
Considering the form of possible damage, it is necessary to state that personnel risks can cause property and non-property damage to organizations. Moreover, the latter can be very significant, because. associated with intangible assets, reputation and image, which are acquired by purposeful long-term efforts.
Identification, analysis and monitoring of risk factors allows targeted management of personnel risks.
Not every leader can agree with the fact that the key risk-forming factor in the management of an organization and in the field of human resource management is the competitiveness of the subject of management - the head of the organization, associated with personal and professional qualities. It is the leader who is the person who determines the mission of the organization, makes key strategic decisions, performs decision-making, informational and interpersonal roles. The manager's competitiveness is influenced by qualifications, professional authority, leadership, management style, adequacy of role performance, professional motivation.
Intermediate factors - consequences of the key factor are the factors of competitiveness of the management system, which includes the following factors.
1. Competitiveness of the management team associated with the procedures and results of team building. Competitiveness is influenced by the goals facing the team and approaches to their implementation, the quality of team members, the degree of achievement of a synergistic effect;
2. The competitiveness of the organization associated with the presence and execution of the mission, strategy, mechanisms for its implementation;
3. Competitiveness of infrastructure, including workers
4. Competitiveness of the technology for making, supporting and implementing management decisions, including personnel ones;
5. Competitiveness of the corporate culture associated with its attractiveness for competitive personnel in the external and internal markets, business partners and other target audiences;
6. Competitiveness of results, expressed in the competitiveness of products, customer and staff satisfaction.
The competitiveness of the manager and the management system leads to the attraction and retention of the necessary competitive
personnel whose compliance with the corporate culture and whose loyalty ensures the potential minimization of personnel risks. The presented ideal model is practically not achievable, since the balance between the organization and the staff is constantly in a state of dynamic equilibrium. Dynamic balance obliges the management of the organization and the HR department to monitor the situation in human resource management, including personnel risk management. A.G. Badalova considers the initial prerequisite for creating an effective mechanism for minimizing operational (personnel) risk to be the formation of an internal control system (personnel audit) of an organization, which should ensure:
Continuous monitoring of the current activities of the organization's personnel;
Prompt identification and assessment of risk factors;
Availability of reliable, timely and complete information for assessing current activities and making decisions.
Not every manager considers it necessary and expedient to continuously monitor the current activities of the staff, because this requires the attraction of additional resources, the shortage of which is constantly felt. Moreover, the leader “and so knows” the situation. However, studies show that what managers “know” about employees and their needs does not quite match the actual actual needs of employees.
The personnel audit (monitoring) system should be based on the personnel profile of the organization, which, based on the definition of the organization as a socio-technical system, should be built separately for the production and management personnel of the organization. A.G. Badalova proposes to represent the personnel profile of the organization by three categories of personnel:
Another variant of the personnel profile includes a set of four
These classifications are based on theories "X" and<^» Д. МакГрегора, теории «7» В. Оучи, модели ситуационного лидерства Херсея и Бланшара.
A rational personnel profile of the organization's personnel should have a level of personnel qualification sufficient to perform labor functions and a high degree of motivation to work while minimizing the number of employees who are unable and unwilling to work. The basis of human
The physical resources of organizations in practice are employees of the category<^» - сотрудники среднего возраста, активно развивающие свой человеческий капитал, знания и умения. Работники категории «7», способные и желающие работать, составляют персонал-капитал, повышая интегральную конкурентоспособность персонала организации в целом. Основой конкурентных преимуществ организации являются ее ключевые и уникальные компетенции, отражающие уровень знаний, навыков и умений персонала.
To assess the level of personnel risk, A.G. Badalova recommends the following ratios of shares in the personnel profile of the organization, shown in the table.
Personnel profile and level of risk
High Risk Principle (10:90) Medium Risk Principle (40:60): Low Risk Principle (70:30)
Personnel-capital not more than 5% 15-20% not less than 40%
Personnel-resource no more than 5% 20-25% 25-30%
Staff 10-15% 35-40% 20-25%
Frames up to 75%. 20-25% no more than 5%
To compile the personnel profile of the organization's personnel, various methods of personnel assessment are used, the most common of which are interviews and testing. The method of complex assessment of personnel is the method of the Assessment Center.
In practice, the conviction of the overwhelming majority of managers that it is inappropriate to conduct personnel monitoring is partly reinforced by HR departments that are unwilling and often unable to carry out methodical and practical work on monitoring, analyzing results, presenting recommendations and developing activities.
An available option for analyzing the personnel situation and predicting risks is the analysis of documents. An increase in the likelihood of personnel risks can be predicted on the basis of a systematic analysis of the following indirect indicators that do not require the laborious collection of additional information.
1. Reducing the qualification level of employees. The following indicators signal an increase in the probability of risk:
The share of employees with basic professional training (retraining) corresponding to their position;
The share of employees with a certain level of education, in accordance with the qualification requirements.
Reducing the proportion of workers with the necessary training and
level of education may lead to an increase in the likelihood of risks.
2. Systematic discrepancy between the planned and actual number of personnel (in general and for individual professional qualification groups) and the impossibility of timely staffing. The following indicators signal an increase in the probability of risk:
The absolute indicator of the deviation of the fact from the plan and the relative indicator of the implementation of the plan in terms of number. Indicators changing in the direction of increasing deviation indicate an unfavorable situation associated with the non-competitiveness of the organization;
The time needed to find the candidates needed by the organization. An increase in the search time for applicants for vacancies is also a signal for analyzing the causes of the problem;
Qualification level of applicants for vacancies. The decrease in the number of applicants with a high level of qualification applying for vacancies indicates a decrease in the competitiveness of jobs (and, consequently, organizations) in the external labor market;
The level of staff turnover in general and by key categories. Particular, but not unimportant indicators are the indicators of turnover among personnel accepted during the year, turnover in the age group up to 28-30 years. An increase in the level of turnover significantly affects the quantitative and qualitative provision of the organization with personnel, as well as its image.
Threat level of potential, latent turnover.
Samoukina N.V. rightly notes that as a result of high
hidden, latent fluidity, the organization is steadily losing stability. Latent turnover is related to employee satisfaction and loyalty to the organization. Qualified dissatisfied and disloyal employees can leave the organization at any time (including the most inopportune) when profitable offers are received.
Potential turnover can be studied on the basis of periodic (regular) anonymous surveys on job satisfaction and intention to find a new job. Personnel Satisfaction Survey is the most popular survey conducted in organizations.
Samoukina N.V. believes that the results of the survey allow us to distinguish five groups of employees:
1. Satisfied with work, not looking for a new job;
2. Satisfied with the job, looking for a new job;
3. Dissatisfied with work, not looking for a new job;
4. Dissatisfied with work, looking for a new job;
5. Those who declined to answer, who found it difficult to answer or answered that they had not thought about this issue.
The share of employees of the first group (motivated, stable and loyal) in the number of respondents should be at least 20% and should not decrease during repeated surveys. It is necessary to pay attention to what stabilization factors are distinguished by these employees and to develop these conditions. The second group may include young employees aged 17-27 who do not have prospects for further career and professional growth in the organization, which are priorities for them. The fourth group includes energetic, self-confident, often competent and competitive in the labor market employees who are not only actively engaged in job search, but also influence the level of loyalty of the employees of the first group, informing them of information about the state of the market. A skilled employee who leaves the organization can lure colleagues away with more attractive conditions, as well as “take away” customers and “take away” information. The third group is essentially a liability, the priorities of which lie somewhere outside the labor activity of the organization, the share of which should not exceed 10%. An increase in the proportion of this group may lead to an increase in the likelihood of risks. The fifth group is probably not homogeneous and may be the subject of a special analysis, given its significant proportion in the population. The group may include apathetic passive employees; cautious, avoiding possible negative consequences; those in opposition to the leadership, etc. Satisfaction and Loyalty Classification combined with the above "X" classification,<^», «7» позволяет формировать прогнозы кадровой ситуации и вероятности кадровых рисков.
Compilation of questionnaires is a procedure that requires qualified goal setting and a description of the form of expected results. Depending on the situation in specific organizations and monitoring purposes, the questionnaires may include indicators reflecting working conditions, working regime (work schedule), content of work, wage level, dependence of remuneration on work results, social package, moral motivation, attitude of direct leadership, atmosphere in the team, relationship with colleagues, career opportunities, the opportunity to receive training, the prestige of working in the organization, its image, corporate culture, policy, ideology, strategy, compliance by the employer with social guarantees provided for by law, transport accessibility, remoteness from home and other. Indicators can be evaluated and ranked when raising the question of satisfaction with the factor and the significance of the factor.
With the help of surveys, in addition to job satisfaction, the employer can find out:
The degree of staff loyalty;
Attitude towards upcoming or upcoming innovations;
The level of commitment to the company (willingness and desire to work in the company for a long time);
The level of awareness of the staff about the life of the company;
The level of personnel involvement in solving corporate problems;
The level of tension in the team.
An acceptable method of preliminary risk assessment is the method of expert assessment, which allows you to build a risk map that reflects the significance (strength of impact) of the risk on the organization and the probability (frequency of occurrence) of risks. The method allows you to rank and group risks according to their significance and probability, complementing the questionnaire and other research methods.
An important role in minimizing personnel risks is played by the development and application of a system of motivation and incentives for employees, taking into account the specifics of each category of personnel.
Thus, it is more profitable for a business to monitor staff loyalty and retain active and in-demand employees than to allow losses. It is necessary to regularly monitor the loyalty of personnel, especially key employees. Stabilization factors should be developed, potential turnover factors, if possible, should be excluded.
The results of the study of risk factors, indicators of increasing the likelihood of personnel risks, the risky personnel profile of personnel allow us to develop a set of personnel strategies and technologies for preventing and minimizing risks based on the application of risk management methods.
Bibliography
1. Badalova A.G., Moskvitin K.P. Enterprise personnel risk management // Russian Journal of Entrepreneurship. 2005. No. 7(67). S.92-98.
2. Samoukina N.V. Personnel loyalty and personnel risks [Electronic resource] // Central Committee: http://www.samoukina.ru/article (Accessed: 07.12.2012).
3. Tsvetkova I.I. Classification of personnel risks // Economics and management. 2009. No. 6. S. 38-43.
Nechaeva Elena Stanislavovna, Ph.D. tech.sci., Assoc., [email protected], Russia, Tula, Tula branch of the Russian University of Economics. G.V. Plekhanov
ANALYSIS AND FORECASTING OF PERSONNEL RISKS IN ORGANIZATIONS
The current classifications of risk factors in a management of human resources of organization are considered. The approaches, allowing to predict the occurrence and development of personnel risks on the basis of qualitative systems and quantity indicators are considered and offered.
Keywords: personnel risk; the risk factors; a personnel profile; risk levels.
Nechaeva Elena Stanislavovna, candidate of technical science, docent, es [email protected], Russia, Tula, the Tula branch of the Russian economic university of G.V. Plekhanov
PROBLEMS AND COGNITIVE DISTORTIONS ASSOCIATED WITH CHANGES IN PROCUREMENT ACTIVITIES OF ROSATOM STATE CORPORATION
M.E. Annenkov
The problems of managing the change in procurement activities in the State Corporation Rosatom are analyzed, the mechanism for the formation of vicious problems is analyzed using the methodology developed by the author of the article.
Keywords: vicious problem; organizational changes; cognitive distortion.
In the practice of managing large Russian enterprises, such as the State Corporation Rosatom, vicious problems often arise, characterized by fundamental ambiguity and confusion, which cannot be explained from the standpoint of the assumption of the rationality of human behavior. Such problems are formed as a result of the action of cognitive distortions. The general principle behind cognitive biases is that people resort to thinking methods called heuristics to get quick but approximate answers. These answers are in most cases quite satisfactory, but they are a source of serious systematic errors called cognitive biases.
HR RISKS OF THE ORGANIZATION
1. The concept and classification of personnel risks of the organization
2. Risk measurement
3. Identification of personnel risks of the company
4. Methods for managing personnel risks
The concept and classification of personnel risks of the organization
Personnel risk- the danger of a possible loss of company resources or a shortfall in income as a result of miscalculations and errors in personnel management.
Key risks associated with human resources:
Insufficient qualification of employees;
The problem of replacing old frames with new ones;
Concerns about leaving high-value employees.
Classification of personnel risks:
By the nature of possible losses:
1. Material: entail additional. costs or loss of property;
2. Labor: high turnover and low productivity as a result of dissatisfaction and disloyalty;
Loyalty implies the desire to perform at the best, the desire to live up to the principles of the company, unconditionally contribute to the achievement of its goals, resignation to some requirements and the ability to accept others - those that were not previously part of the company's vision.
3. Financial: direct monetary damage associated with non-payments, fines, etc.
4. Loss of time: due to unforeseen circumstances;
5. Special: damage to health and life.
For risk reasons:
1. Risks of disloyalty: the result of ill-conceived motivation, lack of involvement and satisfaction;
2.Risks of interactions: dangers of intragroup conflicts, mobbing
Mobbing is a form of psychological violence in the form of harassment of an employee in a team, as a rule, with the aim of his subsequent dismissal.
3. Risks of lack of information: incompleteness, inaccuracy, distortion, untimeliness
4. Risks of non-professionalism of an HR manager: as a result of proceedings with the Labor Inspectorate, complaints, conflicts
5. Risks associated with the leader: autocrat (bias, large power distance); conniving (crisis of control systems, chaos); democrat (risk of delegation of authority and responsibility);
6. Risks from competitors: bribery, poaching employees, theft of secrets, competitive intelligence, company discrimination, damage to reputation.
Risk measurement
risk probability- a number from zero to one, the closer to one, the higher the probability of the event. It is calculated subjectively (expertly) or objectively (calculation of the frequency with which certain events occur).
It is also necessary to consider the vulnerability and threats to the organization.
Rice. 1. Components that form the basis of risk and their ratio
Vulnerability shows weaknesses in the strategy, structure, the company's CP is characterized by the level of complexity in order to take advantage of it, depending on this it happens: a high-risk vulnerability or a low-risk vulnerability.
The threat is an act or event capable of violating the security of the company, its constituents:
· Goals. The security component that is being attacked (assets, information, people, services).
· Agents. People or organizations that pose a threat.
· Developments. Actions that constitute a threat.
Agents
Threat agents are people who seek to harm an organization. To do this, they must have the following.
· Access. The ability to achieve a goal.
· Knowledge. The level and type of target information available.
· Motivation. Reason for defeating purpose.
Threat + Vulnerability = Risk
Risk levels
· Short. Fix a vulnerable spot with little damage.
· Average. Action to address the vulnerability is appropriate.
· High. Action to address the vulnerability must be taken immediately.
To assess risks, a risk map is drawn up.
Figure 2 Example of a risk map
Identification of personnel risks of the company
There are two approaches to identifying and assessing personnel risks:
Investment approach - personnel management as the risk of the necessary investment to cover the losses of non-professional personnel activities. The stages of personnel activity are considered in the form of projects: training, selection, motivation, evaluation, etc. The project appraisal sequence starts with qualitative analysis, all possible types of risks are identified and identified, causes and factors are determined, a cost estimate of the possible consequences of risks is given, and mitigation measures are proposed with cost calculation.
Stages of qualitative analysis:
1. Identification of all vulnerabilities in the personnel management system (for example, at the recruitment stage: how reliable is the recruitment agency, are all types of candidate verification carried out, the reliability of the future employee, etc.).
2. Definition of real threats. Targeted threats are identified (a combination of a known agent with known access and motivation and a known event directed at a known target), but this is very labor intensive, so the overall level of threats is usually estimated based on the identified vulnerabilities.
3. Suggested countermeasures - countermeasures are defined for each threat access point, e.g.:
A) access control;
B) two-factor authentication system (Authentication is the act of verifying a claim of identity);
C) badge (identification card);
D) biometrics ( Biometrics are methods for automatically identifying a person and confirming a person's identity based on physiological or behavioral characteristics. Examples of physiological characteristics are fingerprints, hand shape, facial characteristics, iris);
E) a smart card reader at the entrance to the premises;
E) security;
G) file access control;
H) encryption;
I) awareness and training of employees;
K) intrusion detection system;
L) automation. receive management policy updates
The main method of qualitative analysis is peer review method includes a complex of logical and mathematical-statistical methods. Expert analyst finds the most effective solution
Quantitative risk analysis- involves a cost assessment of the damage of individual risks and the overall level of risk as a whole.
The most obvious way to assess risk is to determine the monetary cost in the event of a successful attack. These costs include:
1. performance degradation or downtime;
2. theft of equipment or money;
3. the cost of the investigation;
4. the cost of attracting a new employee;
5. the cost of expert assistance;
6. overtime work of employees, etc.
Project risk analysis methods: method of expert assessments; SWOT analysis; rose (star), spiral of risks; analogy method or conservative forecasts; method of critical values; "Tree" of decisions; scenario analysis; simulation modeling; planning of experiments.
resource approach – recognition of the characteristics of the human resource and the development of a strategy for managing it in order to manage personnel risks at each stage of personnel work.
The main task is to determine the ways of developing effective production behavior among the staff, as well as the development of plans for organizational and technical measures (OTM) to eliminate the discrepancy between the desired and existing behavior through motivation, training, adaptation, etc.
Introduction
For most executives and managers, the security of any enterprise - large and small, commercial and non-commercial, industrial and operating in the service sector, does not fall within the competence of personnel management services. The security of the organization is most often the responsibility of the enterprise security service. In the understanding of the management of the enterprise, security is not protecting the organization from threats and risks from a legal point of view, but only protecting the enterprise from the physical aggression of the criminal warehouse of persons. The possibility of using one's official position for personal purposes, for example, by an employee holding a key position in the company, is not taken into account. Often not taken into account is such a risk that can bring a lot of financial and time costs, such as incomplete or poor-quality performance of official duties, theft, dissemination of confidential official information, trade secrets, and so on.
In modern conditions, when the practice of unfair competition is widespread, such a negligent attitude of the management towards protecting the enterprise from the risks and threats posed by the main resource and wealth of the organization - the already working "fixed" personnel, turns into millions of losses, and often - bankruptcy.
In organizations, often, there is a special service for this, which comes into contact with personnel, mainly if it is necessary to “break through the bases” of key employees being hired, or to suppress, for example, fights between employees during a corporate holiday, as well as to protect the building from penetration by strangers, etc. Basically, the tasks of “protecting” the company lie, as it were, not inside, but outside it, starting with physical protection from unwanted persons and ending with ingenious measures to prevent threats from criminals or unscrupulous competitors. For this, not an internal division of the organization is often used, but an external, often completely third-party security company that performs its duties only within the strictly limited framework of the contract for the provision of services. The performance of non-standard security functions against threats posed by the company's own personnel remains on the "conscience" of its management. And each time in each new specific case, the enterprise is faced with the need to find means for a possible solution to the problem that has arisen and neutralize its consequences. Often such a "catching up" policy turns into the liquidation of the enterprise.
In reality, in addition to external threats to the company's security, there are also internal threats arising from its main resource - personnel. This is not only about someone's negligence or incompetence, but also about quite deliberate theft, sabotage, bribery, disclosure of trade secrets and other dishonest actions of employees. Such actions actually cause more damage and harm to enterprises than, for example, industrial espionage.
Managers think about external threats more, prepare for them more carefully, and as a result, experience their consequences more easily. They deliberately perceive the environment as hostile, they do not expect mercy and handouts from it. The internal environment of the organization is our divisions, our people, whom we hired and whom we trust. And accordingly, internal threats become more unexpected for us and cause more moral and psychological damage.
Therefore, it is reasonable to create a management structure at the enterprise, which will be obliged to perform the functions of checking employees, protecting the enterprise from risks and threats posed by personnel. Modern enterprises, faced with the abuse of their legal rights by their employees, forgery of documents, disclosure of the company's trade secrets and other intentional and unintentional "sabotage", create their own security service within the framework of the personnel department or legal service, assign these functions to it and legally prescribe management procedures taking into account the specifics of the personnel. Practice shows that a preventive personnel policy in the field of protecting an organization from risks and threats associated with the action or, conversely, with inaction of personnel, turns out to be not only economically beneficial for an enterprise in the modern market, where information security is becoming increasingly important, but often from it depends on the very existence of the organization in principle.
The presented work is devoted to the topic "Protection of the enterprise from risks and threats posed by personnel". The problem of this study has relevance in the modern world. This is evidenced by the frequent study of the issues raised: personnel control, assessment of the level of personnel loyalty, as well as the selection and hiring of reliable personnel. This topic is studied at the junction of several interrelated disciplines at once. These are psychology, management and sociology.
Many works have been devoted to research questions. These include the works of such famous people as Shipilova O., in the field of personnel loyalty, Borodina I.A., in the field of corporate security, Chumarina I.G. - Director of the Agency for Research and Prevention of Fraud and Nezhdanov I.Yu. There are also many works by foreign authors: Michael Levy, Barton A. Weitz.
Further attention to the issue of "Protecting the enterprise from risks and threats posed by personnel" is necessary in order to more deeply and substantiate the resolution of particular topical problems of the subject of this study. This is the selection of reliable personnel, support of personnel and painless dismissal of personnel, both for the company and for the employee.
The relevance of this work is due, on the one hand, to the great interest in this topic in the modern world, on the other hand, its insufficient development. Consideration of issues related to the subject of protecting the enterprise from risks and threats is of both theoretical and practical significance. The results can be used to develop a methodology for protecting the enterprise from risks and threats posed by personnel.
Personnel security is the dominant element of the economic security of the enterprise, due to the fact that employees are the primary element of any organization. Therefore, the personnel is the object of this study.
At the same time, the subject of the study is the system of protecting the enterprise from risks and threats posed by personnel. The aim of the work is to study the topic "Protection of the enterprise from risks and threats posed by personnel" from the point of view of the latest domestic and foreign research, as well as the development of management methods for protecting the enterprise from risks and threats posed by personnel.
In order to achieve this goal, I have set the following tasks:
a) study the theoretical aspects and identify the nature of the risks and threats posed by personnel;
b) show that ensuring internal security should be a permanent, purposeful and clearly understood component of the personnel policy of the enterprise;
c) outline possible measures to protect the enterprise from risks and threats posed by personnel.
The work has a traditional structure and includes an introduction, the main part, consisting of 4 chapters, a conclusion and a bibliographic list.
The introduction substantiates the relevance of the choice of topic, sets the goal and objectives of the study, characterizes the research methods and sources of information.
Chapter one deals with general questions. It defines the basic concepts, describes the theoretical aspects and the nature of the risks and threats posed by personnel.
The second chapter considers the consulting company NOU “Baikal Institute of Training”, gives its characteristics, organizational structure, considers potentially outgoing threats from personnel.
Chapter three is of a practical nature and, based on individual data, an adequate system of regulatory and legal regulation is being developed, which will allow the enterprise to experience fewer threats and incur fewer losses from the actions of personnel.
The fourth chapter describes the safety and environmental friendliness of the project.
The sources of information for writing the work were basic educational literature, theoretical works of thinkers in the field under consideration, articles and reviews in specialized and periodicals devoted to the topic "Enterprise Security", reference literature, and other relevant sources of information.
1 Risks and threats related to personnel
Own personnel, which is the primary component of any company, is often capable of causing harm hundreds of times greater than unscrupulous competitors or intruders. An unscrupulous employee, being in a team, ruins and destroys the company from the inside, and no one will ever suspect him of this. It is not at all necessary for him to be a person who wishes bankruptcy for the enterprise or harms the leader. He can simply act “according to the situation”, or even be confident in the correctness of his actions, absolutely not repenting of them.
A distinction should be made between the concepts of risks and threats. Let's fix the concepts: "risk" is the possibility of danger, failure. The company takes a risk by keeping an employee who performs his duties in bad faith. "Threat" is a potential danger. As threats, we can consider the threat of theft of confidential information (material or financial resources), corporate fraud, loss of customers, etc. The list of threats is quite varied. Deliberate harm to employees poses a greater threat to the company's security than, for example, dishonest performance of duties.
Description of the risks associated with the work of personnel
1.1.1 Unfair performance of duties due to the employee's lack of adaptation
The unfair performance by the employee of his duties occupies one of the first places among the problems associated with personnel. After all, the work of the organization as a whole depends on how a single employee works.
In the face of fierce competition, it is very important that the service offered by the company is higher than that of other companies. Therefore, how the staff works is very important. Does he perform his duties correctly, does he know what his functions are. Otherwise, the risk of losing customers increases.
Incorrectly organized management procedures, in the first place, are the cause of dishonest performance by the employee of his professional duties. The adaptation of employees in the company is the first management procedure that we will consider.
The main reason for non-fulfillment or incorrect fulfillment by an employee of his duties is the following aspect: often no one deals with a newcomer, at best, he is provided to colleagues and offered to familiarize himself with job descriptions. Most companies don't even have basic onboarding programs. However, the impression of the first days in a new place usually leaves a deep mark and can have a negative impact on the motivation and attitude towards the team, and most importantly, the duties of the employee.
It is precisely because of the lack of an adaptation system that an employee may experience a feeling of alienation and take a negative position towards the company right from the first day of work.
A new employee, as a rule, lacks certain professional knowledge. It is in order to replenish this knowledge and remove the difficulties of the initial period that technology is needed, a system for training a new employee, covering all areas of adaptation: organizational, professional and socio-psychological.
Organizational adaptation, in our opinion, is the acceptance by a new employee of his status in the company, understanding of its structure and existing management mechanisms.
For beginners, at best, local regulations, instructions, structural diagrams are offered for study. However, practice shows that usually acquaintance with such documents is of a formal nature, since it is difficult to absorb a large amount of information in a short time, put it into practice and evaluate the importance of certain provisions.