Measures to minimize personnel risks. The concept of personnel risk. Types of personnel risk, their classification. Personnel risks of the organization
The dominant role in the emergence of personnel risks is played by the internal uncertainty of the organization's functioning process, which is associated with the impossibility of accurately predicting human behavior in the process of work (human uncertainty), the complexity of the technology used, the level of equipment reliability, the pace of technical re-equipment of production, etc. (technical uncertainty) and the desire of people to form social ties and groups, to behave in accordance with accepted mutual obligations, roles, traditions (social uncertainty).
It is necessary to take into account the fact that the corresponding risks arise at each stage of the personnel management process, but at the same time there are conditions for their minimization. For example, at the stage of developing requirements for personnel, job risks may arise as a discrepancy between a particular position and the types of activities, functions, goals, tasks, and technologies. The cause of job risk should be sought in the irrational distribution of functional responsibilities in the company's staffing table or in a distorted job description. To minimize such a risk, it is necessary to form a reasonable structure of positions, powers and responsibilities and use as a tool not a job description describing the main functions of an employee, but a description (model) of the workplace - the main document that allows, among other things, to assess whether a candidate is capable of filling a vacant position perform the respective functions.
Statistics show that about 20% of employees, in order to satisfy their needs, seek to harm the organization (even at the risk to themselves). Researchers of internal corporate relations claim that about 50% of employees are ready to break the law and corporate rules, causing damage to their company, if this does not entail any consequences for them. And only no more than 30% of employees are absolutely loyal to their organization. Therefore, the management of personnel risks is not only an urgent problem today, but also acts as a significant factor in improving the financial performance, and, consequently, increasing the value of the organization.
Personnel risk management begins with their identification, which is carried out on the basis of a systematic personnel audit and monitoring, allowing:
- evaluate the actual and potential level of knowledge, skills and abilities of the employee, his tolerance, creativity and loyalty;
- objectively determine the category of the employee;
- establish the possibility of the influence of an individual employee and the team as a whole on the financial results and value of the enterprise.
Personnel risk management is based on the fact that personnel risks manifest themselves through:
- a) change in the capital of the organization (or its components related to the activities of employees). These include human, social and intellectual capital;
- b) the implementation of the human factor, which is reflected in the possible errors that arise in the implementation of the personnel of their functional and official duties;
- c) the level of quality of human resources existing or being created by the organization, which is assessed by the actual results of the activities of employees, depending on the totality of their knowledge, skills and abilities, as well as the psychophysiological characteristics of each employee.
In the process of managing personnel risks, they are influenced in order to prevent or minimize risks. The validity of the decisions made on managerial impact is determined by the use of appropriate risk management methods and personally oriented staff motivation.
In modern management practice, the following risk management methods are distinguished: 1) avoidance; 2) transfer; 3) separation; 4) self-insurance; 5) association; 6) localization; 7) dissipation (diversification); 8) restriction; 9) compensation; 10) risk prevention.
These groups of methods are generally accepted and can be used to influence various types of risks. On fig. 8.3 shows a model for adapting some management methods in relation to personnel risks.
Thus, personnel risk management, being an element of the organization's risk management, is aimed at such work with personnel, at establishing such labor and ethical relations that could be defined as break-even. All this activity is not a separate area in the activities of the personnel management service, but only organically fits into it. And here practically no additional resources are involved, provided that all the functions of personnel management are implemented in the organization.
|
General methods of influencing risks |
Methods of influencing personnel risks |
|
|
Avoiding risks, avoiding risks |
Conducting testing and certification |
|
|
Risk transfer |
Widespread use of the contract system |
|
|
Distribution (separation) of risks |
Delegation of duties, development of regulations |
|
|
Creation (reservation) of funds |
Creation of personnel reserves |
|
|
Risk Pooling |
Creation of teams, implementation of personnel policy |
|
|
Risk localization |
Adaptation of workers, overcoming barriers |
|
|
Risk diversification |
Retraining, development of new specialties |
|
|
Risk limiting |
Rotation, development of job descriptions |
Rice. 8.3. Model of adaptation of general methods of influencing risks in relation to
to personnel risks
Currently, one of the most important conditions for the functioning of an organization with a focus on increasing its value, stable profit and efficient operation is personnel risk management, which is becoming one of the main competitive advantages of an organization, regardless of its organizational and legal form and type of activity.
Personnel risk is understood as the threat of losses arising from the inefficient functioning of the organization's personnel management system, mistakes made by the organization's management and personnel department when developing a personnel strategy or in the process of making operational decisions in the field of personnel management.
Personnel risk is a complex risk, therefore, it is necessary to classify the types of personnel risks, which means their distribution into separate groups according to certain characteristics in order to achieve certain goals. Each risk has its own risk management approach.
The following groups of personnel risks can be distinguished:
- 1. According to the nature of the manifestation personnel risks can be divided into quantitative and qualitative ones. Personnel risks quantitative associated with a lack or excess of human resources in a particular organization. They can manifest themselves in the form of various losses due to the discrepancy between the actual number of employees and the current needs of the organization and include:
- - risks of untimely replacement of newly created or released jobs;
- - risks of untimely reduction in the number of personnel of not fully loaded structural divisions of the organization;
- - risks of disproportions in the number of personnel in various departments, characterized by an excess number of personnel in some departments and the presence of vacancies in others;
- - job risks, consisting in the inconsistency of the position itself with the types of activities, goals, tasks, functions and technologies. The reasons for their occurrence may be inadequate staffing or a distorted job description.
Personnel risks qualitative character due to the discrepancy between the actual characteristics of the personnel available to the organization and the requirements for it. They include:
- - qualification and educational risk, the essence of which is the inconsistency of the employee with the position held;
- - risks of insufficient qualification of personnel;
- - risks of specific employees lacking the necessary professional qualities (for example, work experience in a given position, responsibility, diligence, creativity, business intuition, etc.);
- - risks of personnel disloyalty;
- - risks of lack of necessary personal qualities in specific employees (for example, intellectual potential, psychological stability, sociability, etc.);
- - the risk of abuse and dishonesty, depending on the level of work on the selection and hiring of personnel, the effectiveness of the security services, the effectiveness of the control and audit apparatus, leadership style, corporate culture;
- - the risk of rejection by employees of innovations. Innovation management involves timely informing people, choosing clear goals and strategies, flexible planning and organization, stimulating staff and involving them in changes at all stages, training staff and targeting their behavior.
- 2. For reasons of occurrence personnel risks are divided into individual and organizational.
Individual personnel risks include the following types:
- - biological risks (age, health level, psycho-physiological characteristics, performance capacity);
- - socio-psychological risks (motives, values, norms, culture, social roles performed, conflict, loyalty);
- - intellectual risks (level of intelligence, education);
- - professional risks (creative potential, professional potential, competencies, qualifications, work experience);
- - personal risks (short-sightedness, negligence, fear of blackmail, sudden worsening or improvement of financial situation, social status, vanity, desire to maintain position, easy suggestibility, gullibility, deceit, criminal record, greed, resentment, vindictiveness, meanness, instability to stress, loneliness , secrecy).
Organizational personnel risks are primarily due to inefficient work in the field of personnel management, namely, inefficient systems for the selection and selection of personnel, motivation and incentives for personnel, career management, etc.
- 3. According to the possible damage personnel risks are divided into:
- - property risks, the damage from which can be accurately determined in monetary terms;
- - non-property (or non-material) risks associated with damage caused, for example, to the image of the enterprise as a business partner.
- 4. Possible extent of damage personnel risks are most often classified as local, only in the rarest cases an organization can suffer significant losses, which are usually determined by erroneous decisions of the top management of the organization.
- 5. According to the degree of regularity of manifestation personnel risks are divided into one-time or occasional, regular, permanent risks.
- 6. Depending on the degree of sensitivity to risks of various stakeholder groups allowable, acceptable and unacceptable personnel risks are allocated.
The following groups of main factors influencing the occurrence of personnel risks in the organization are distinguished.
Internal factors - managed, i.e. depending on the management of the enterprise and (indirectly) on external factors that determine the conditions for the occurrence of risks:
- discrepancy between the qualifications of employees and the requirements for them;
- insufficient qualification of employees;
- weak organization of the personnel management system;
- poor organization of the training system;
- inefficient system of motivation;
- errors in personnel resource planning;
- reduction in the number of rationalization proposals and initiatives;
- care of qualified employees;
- orientation of employees to the solution of internal tactical tasks;
- orientation of employees to the observance of the interests of the unit;
- absence or weak corporate policy;
- low-quality checks of candidates when hiring, etc.
Without a doubt, HR managers can continue this list, which should be done by analyzing the state of personnel work in terms of safety and break-even labor relations in the enterprise.
External factors - unmanaged, i.e. not dependent on organizational management, but determining the personnel policy of the enterprise and the degree of risk:
- competitors have better motivation conditions;
- installation of competitors to lure personnel;
- external pressure on employees;
- getting employees into various types of addiction;
- inflationary processes (it is impossible not to take into account when calculating wages and forecasting its dynamics). Risk cases are divided into random (unintentional) and non-random (targeted).
Random is mainly caused by the following reasons:
- lack of awareness of the essence of what is happening and the consequences of their actions;
- negligence, inattention, violation or lack of relevant rules and regulations;
- inadequate in-house training;
- own vision of the situation (good intentions);
- gap between true and declared organizational values.
Purposeful risk behavior is mainly due to:
- own vision of the situation (good intentions);
- personal gain;
- individual values that are different from those of the organization;
- gap between true and declared organizational values;
- low interest in the existence (development) of the organization;
- intracorporate intrigues, intergroup conflicts;
- disloyalty, demotivation, conflicts (sometimes with a separate specific person);
- atmosphere of dark mystery.
The efficiency of the company depends on the ability of its management to constantly monitor and take into account various internal and external risk factors that affect the position of the company in a competitive market environment.
The risks associated with the activities of personnel are the main ones in the process of functioning of the organization and the desire to develop and improve its efficiency.
Risks in personnel management can be defined as the probability of losses arising from investing in new areas of personnel work. HR risk management is a process that begins at the stage of developing a personnel management strategy and covers the entire personnel management system of a company at all its levels.
Risks arise from both the external and internal environment of the company. The main causes of risk, on the one hand, are the objective incompleteness or insufficiency of information, on the other hand, the subjectivity of information perception and the possibility of making the wrong decision by the manager or employee.
The absence or low level of involvement of an employee in the organization is one of the main reasons for the emergence of personnel risks.
An analysis of personnel management shows that there is no work on personnel risk management at domestic enterprises. Personnel risk management is a process that covers the entire personnel management system of an organization at all its levels.
Currently, most of the operating organizations do not belong to the public sector and their activities are most often not regulated by clear instructions and regulations regarding personnel management, which entails risky situations. There is reason to believe that the risks will increase as the economy globalizes, as products and services become more complex, and clients and investors become more demanding.
The company's personnel management process is continuous and should include the following elements: the formation of goals, objectives and requirements for personnel, the selection and selection of employees, training and development, personnel movement, rationalization of labor motivation, remuneration and incentives, performance evaluation. It must be taken into account that the corresponding risks arise at each stage of the personnel management process, but at the same time there are conditions for their minimization.
Consider the main groups of risks that arise in the personnel management system (Fig. 4.2).
Rice. 4.2.
This classification allows you to see the most important risk areas in personnel management.
The main risk group is risks of erroneous choice of directions of personnel policy. One of the reasons is the unreasonable prioritization of the personnel management strategy that can contribute to the achievement of the company's goals. This can happen due to an erroneous assessment of the role of short-term and long-term interests of the company's owners. Specialists may also make mistakes in assessing the financial condition of the organization and the prospects for the company's business, which will provoke them to include in the personnel policy those areas of activity that are obviously unfeasible.
The second group is risks associated with low-quality staffing activities of the company, and they occupy a significant place in the general list of company management risks. The success of the company's activities depends on how the staff involved in the work is aware of their responsibility and interest in the results of work. Personnel mistakes can be made: during the development of technical documentation, in the process of technical implementation in production, due to insufficient qualification and training of personnel, as a result of overload, fatigue, illness, as well as negligence and malicious intent. In this regard, it is especially necessary to highlight the risks associated with identifying the compliance of qualification requirements for a position and the quality indicators of new employees applying for this position. The cause of job risk should also be sought in the irrational distribution of functional responsibilities in the company's staffing table or in a distorted job description. To minimize such a risk, it is necessary to form a reasonable structure of positions, powers and responsibilities and use as a tool not a job description, which does not include additions and changes, but a document in which an analysis of the candidate's abilities to fill a vacant position will be carried out.
The classification of risks, which involves their division into groups according to certain criteria, makes it possible to assess the place of each in the overall system and creates potential opportunities for choosing the most effective appropriate methods and techniques for managing risks. The proposed classification of personnel risks is based on the principles of complexity, continuity, hierarchy, autonomy, flexibility
Taking into account where personnel risks are localized, they are divided into two large groups: external and internal.
External personnel risks- these are the negative impacts of the external environment that affect both the processes within the company as a whole and its personnel security.
External personnel risks include:
- political - imperfection of the legislative base, activities of public organizations, movements, parties, etc.,
- economic - inflationary processes, difficult situation in the labor market, etc.;
- socio-demographic - getting employees into various types of addiction (alcohol, drugs, etc.), the activities of the criminal environment, etc.;
- natural and climatic - floods, landslides, etc.; technogenic factors;
- market (competitive) - the presence of competitors more attractive working conditions, luring employees, exerting external pressure on employees (bribery, blackmail), etc.
The internal ones are personnel risks, the sources of which are located within the organization. They can be no less destructive than external ones. It should not be forgotten that there is a close relationship between external and internal personnel risks. It may consist in the fact that a source of external danger, for example, a competitor, purposefully reinforces morbid tendencies within the rival organization in order to weaken or destroy it entirely.
Internal personnel risks, in turn, according to risk sources, are subdivided on personal risks and risks of the personnel management system.
Personal risks arise as a result of manifestations of professional, business and personal qualities of the personnel of the enterprise. In turn, personal risks include the following types:
- biological risks (age, health level, psychophysiological features, abilities);
- socio-psychological risks (demotivation, loyalty, social roles performed, interpersonal conflicts);
- moral risks (beliefs, beliefs, values, culture);
- intellectual risks (level of intelligence, education);
- economic risks (creative and professional potential, qualifications, work experience);
- risks of unreliability (short-sightedness, negligence, sudden change in financial situation, gullibility, deceit, criminal record, etc.).
The risks of the personnel management system are differentiated by subsystems of the personnel management system:
1) risks associated with personnel planning and marketing, including:
- lack of allocation of positions from which the most dangerous security threats can come;
- ineffective determination of the required number of personnel (or lack thereof);
- non-optimal quantitative composition;
- balance of gender, age and educational groups of personnel;
- low qualification level, etc.;
2) risks associated with labor relations, including:
- the presence of conflicts of interest between employees and the employer;
- unfavorable socio-psychological climate in the team;
- unformed policy of honesty in relation to clients, employees and the employer;
- lack of measures to identify, prevent and suppress undesirable actions on the part of employees that could cause harm to the interests of the organization, etc.;
3) risks of working conditions and labor protection, including:
- lack of measures to preserve and maintain the physical and psychological health of personnel;
- inefficient socio-economic working conditions;
- unfavorable psychophysiological and sanitary and hygienic working conditions;
- inefficient organization of personnel work;
- irrational modes of work and rest, etc.;
4) personnel motivation risks, including:
- lack of a staff motivation program;
- lack of a liability system;
- lack of motivation among employees to make initiative proposals to improve the safety of the organization;
- lack of incentives to retain staff;
- lack of mechanisms to identify the motives and reasons for the dismissal of valuable employees and the place of their subsequent employment, etc.;
5) risks of personnel training and development, including:
- lack of connection between training and evaluation of results;
- the structure and culture of the organization do not contribute to the implementation of the acquired knowledge;
- lack of relationship between training and certification procedure;
- poor quality of education, etc.;
6) risks of business evaluation of personnel, including:
- lack of assessment of various forms of manifestation of disloyalty and unreliability of employees of the organization;
- different standards for workers doing the same job;
- the similarity of beliefs and views as a factor influencing the business assessment;
- subjectivity of methods of business evaluation of personnel;
- assessment of the employee not by the results of activity, but by personal qualities;
- changing standards in the course of business evaluation;
- use of a narrow range of estimates;
- comparison of employees with each other, and not with performance standards;
- lack of business assessment conclusions, management decisions, etc.;
7) risks of social development of personnel, including:
- lack of conditions aimed at increasing the loyalty of employees;
- lack of additional social guarantees for the reduced personnel and assistance in finding employment;
- lack of a social package, taking into account the safety requirements on the part of the organization and the employee, etc.;
8) risks of an inefficient organizational structure, including:
- groundlessness of the number of personnel, taking into account the development strategy of the organization;
- irrationality of the organizational structure of the organization;
- lack of personnel management service;
- inefficient functional distribution of responsibilities and duties for personnel management, etc.;
9) risks of legal support, including:
- lack of control over the observance by the employee of the current labor and civil legislation in the performance of labor duties;
- lack of measures to minimize the liability of the employee and the employer for arising labor disputes;
- lack of local regulations regarding personnel security, etc.;
10) information security risks, including:
- lack of information and explanatory work with employees of the organization about the rules for conducting confidential business negotiations, communicating with clients, tactics of behavior when trying to recruit and blackmail, ensuring the information security of the employer during working and non-working hours;
- untimely and high-quality provision of complete and reliable information necessary for the performance of labor duties, etc.
In turn, among the risks of personnel, one can name the risk of violation of the rights and freedoms of the individual, physical and mental violence at work, humiliation of honor and dignity, the risk of damage to health, the risk of losing a job, the risk of reducing income.
The personnel risks of an organization include the risk of a decrease in tangible assets, the risk of losing information resources, the risk of forming a negative image of the company, the risk of bankruptcy.
State personnel risks include the risk of default, the risk of social instability and tension in society, the risk of public protests, labor strikes, the risk of distrust of the population and the resignation of the government.
According to the results of activities, pure personnel risks are distinguished, which are caused only by the possibility of losses due to the fault of the personnel, for example: risks of disability; risks of fraud and theft, etc.; and speculative personnel risks associated with the possibility of both loss and increase in income, for example, recruitment risks, organizational culture risks, etc.
According to the criterion of potential damage, personnel risks are subdivided on local, medium, significant and global (strategic) personnel risks.
According to the degree of regularity of the potential manifestations of risk can be identified as one-time or occasional, regular and permanent personnel risks.
According to the degree of sensitivity to personnel risks different groups of stakeholders should highlight acceptable, acceptable and unacceptable personnel risks.
According to the degree of legality, justified(lawful) and unjustified (illegal) personnel risks.
In addition, depending from the causes personnel risks can be divided into accidental (not intentional) and non-random (purposeful).
HR RISKS OF THE ORGANIZATION
1. The concept and classification of personnel risks of the organization
2. Risk measurement
3. Identification of personnel risks of the company
4. Methods for managing personnel risks
The concept and classification of personnel risks of the organization
Personnel risk- the danger of a possible loss of company resources or a shortfall in income as a result of miscalculations and errors in personnel management.
Key risks associated with human resources:
Insufficient qualification of employees;
The problem of replacing old frames with new ones;
Concerns about leaving high-value employees.
Classification of personnel risks:
By the nature of possible losses:
1. Material: entail additional. costs or loss of property;
2. Labor: high turnover and low productivity as a result of dissatisfaction and disloyalty;
Loyalty implies the desire to perform at the best, the desire to live up to the principles of the company, unconditionally contribute to the achievement of its goals, resignation to some requirements and the ability to accept others - those that were not previously part of the company's vision.
3. Financial: direct monetary damage associated with non-payments, fines, etc.
4. Loss of time: due to unforeseen circumstances;
5. Special: damage to health and life.
For risk reasons:
1. Risks of disloyalty: the result of ill-conceived motivation, lack of involvement and satisfaction;
2.Risks of interactions: dangers of intragroup conflicts, mobbing
Mobbing is a form of psychological violence in the form of harassment of an employee in a team, as a rule, with the aim of his subsequent dismissal.
3. Risks of lack of information: incompleteness, inaccuracy, distortion, untimeliness
4. Risks of non-professionalism of an HR manager: as a result of proceedings with the Labor Inspectorate, complaints, conflicts
5. Risks associated with the leader: autocrat (bias, large power distance); conniving (crisis of control systems, chaos); democrat (risk of delegation of authority and responsibility);
6. Risks from competitors: bribery, poaching employees, theft of secrets, competitive intelligence, company discrimination, damage to reputation.
Risk measurement
risk probability- a number from zero to one, the closer to one, the higher the probability of the event. It is calculated subjectively (expertly) or objectively (calculation of the frequency with which certain events occur).
It is also necessary to consider the vulnerability and threats to the organization.
Rice. 1. Components that form the basis of risk and their ratio
Vulnerability shows weaknesses in the strategy, structure, the company's CP is characterized by the level of complexity in order to take advantage of it, depending on this it happens: a high-risk vulnerability or a low-risk vulnerability.
The threat is an act or event capable of violating the security of the company, its constituents:
· Goals. The security component that is being attacked (assets, information, people, services).
· Agents. People or organizations that pose a threat.
· Developments. Actions that constitute a threat.
Agents
Threat agents are people who seek to harm an organization. To do this, they must have the following.
· Access. The ability to achieve a goal.
· Knowledge. The level and type of target information available.
· Motivation. Reason for defeating purpose.
Threat + Vulnerability = Risk
Risk levels
· Short. Fix a vulnerable spot with little damage.
· Average. Action to address the vulnerability is appropriate.
· High. Action to address the vulnerability must be taken immediately.
To assess risks, a risk map is drawn up.
Figure 2 Example of a risk map
Identification of personnel risks of the company
There are two approaches to identifying and assessing personnel risks:
Investment approach - personnel management as the risk of the necessary investment to cover the losses of non-professional personnel activities. The stages of personnel activity are considered in the form of projects: training, selection, motivation, evaluation, etc. The project appraisal sequence starts with qualitative analysis, all possible types of risks are identified and identified, causes and factors are determined, a cost estimate of the possible consequences of risks is given, and mitigation measures are proposed with cost calculation.
Stages of qualitative analysis:
1. Identification of all vulnerabilities in the personnel management system (for example, at the recruitment stage: how reliable is the recruitment agency, are all types of candidate verification carried out, the reliability of the future employee, etc.).
2. Definition of real threats. Targeted threats are identified (a combination of a known agent with known access and motivation and a known event directed at a known target), but this is very labor intensive, so the overall level of threats is usually estimated based on the identified vulnerabilities.
3. Suggested countermeasures - countermeasures are defined for each threat access point, e.g.:
A) access control;
B) two-factor authentication system (Authentication is the act of verifying a claim of identity);
C) badge (identification card);
D) biometrics ( Biometrics are methods for automatically identifying a person and confirming a person's identity based on physiological or behavioral characteristics. Examples of physiological characteristics are fingerprints, hand shape, facial characteristics, iris);
E) a smart card reader at the entrance to the premises;
E) security;
G) file access control;
H) encryption;
I) awareness and training of employees;
K) intrusion detection system;
L) automation. receive management policy updates
The main method of qualitative analysis is peer review method includes a complex of logical and mathematical-statistical methods. Expert analyst finds the most effective solution
Quantitative risk analysis- involves a cost assessment of the damage of individual risks and the overall level of risk as a whole.
The most obvious way to assess risk is to determine the monetary cost in the event of a successful attack. These costs include:
1. performance degradation or downtime;
2. theft of equipment or money;
3. the cost of the investigation;
4. the cost of attracting a new employee;
5. the cost of expert assistance;
6. overtime work of employees, etc.
Project risk analysis methods: method of expert assessments; SWOT analysis; rose (star), spiral of risks; analogy method or conservative forecasts; method of critical values; "Tree" of decisions; scenario analysis; simulation modeling; planning of experiments.
resource approach – recognition of the characteristics of the human resource and the development of a strategy for managing it in order to manage personnel risks at each stage of personnel work.
The main task is to determine the ways of developing effective production behavior among the staff, as well as the development of plans for organizational and technical measures (OTM) to eliminate the discrepancy between the desired and existing behavior through motivation, training, adaptation, etc.