Applying risk management principles to HR

Organizations of all types have a moral and legal obligation to take reasonable care of the health and safety of their employees, volunteers, and communities they serve in all circumstances, including not exposing them to unnecessary risk. This duty of care extends to both physical and mental health.

Organizations need to consider risk throughout their entire operation and incorporate risk management principles into all planning and decision-making activities. However, the specific focus of this article is risk management as it applies to HR activities.

When developing a risk management plan for your HR activities, there are several areas to focus on. This general list will get you started, but it's very important that each organization identifies and evaluates the risks unique to their own structure and operations.


There is a connection between risk management and liability. Therefore, it is critical to obtain legal advice about your risk management plan.

Compensation and benefits


  • Financial abuse
  • Uncontrolled use of personal reimbursements
  • Unfair distributions of bonuses or other perquisites ("perks")
  • Clerical errors resulting in overpaid or underpaid employees
  • Honorariums or external contractors that would be defined as employees under the law
  • Failing to make mandatory provincial and federal payroll remittances
  • Failure to ensure pay equity


  • Who has payroll approval and signing authority?
  • How many signatures are required?
  • Are there controls in place?
  • Is there segregation of duties in the finance function?
  • Are we paying lower salaries for similar work to jobs that have been historically done by women?
  • Have we done job analysis, and do we have job categories and salary bands that allow for progression?
  • Do we have policies and procedures that link performance management to salary progression and bonus awards?



  • Discriminatory practices of any kind
  • Hiring unsuitable candidates
  • Conflict of interest in hiring or appointment (nepotism)
  • Tokenistic hiring, the practice of making only a symbolic effort to be inclusive to members of minority groups, especially by recruiting people from underrepresented groups, regardless of competence, to give the appearance of racial or gender equality within a workplace
  • Selecting or filtering candidates on gut feelings or intuition
  • “Wrongful” hiring, meaning over-promising certain aspects of the job to attract talented candidates and then not delivering on the promises. If there are major discrepancies between what was promised and the reality of the job, your organization could face serious legal consequences.


  • Was a complete screening conducted on potential hires, including reference checks and, where required, criminal record checks?
  • Were human rights laws observed?
  • Were accommodations offered and provided when requested?
  • Was there a set probationary period?
  • Was a realistic job preview and contract terms made clear to the candidate?
  • Were interviews conducted by a panel with formal questions and an objective rating system?

Occupational Health and Safety


  • Physical - such as falls, cuts, burns
  • Biological - such as dust, molds, bacteria and viruses
  • Chemical such as poisons, gases, burns, and vapours
  • Psychosocial - such as bullying, harassment, or discrimination
  • Ergonomic - such as noise, light, temperature, vibration, and unadapted equipment


  • Are staff provided with safe working conditions and are safety checks conducted regularly?
  • Are staff informed about their rights and responsibilities regarding health and safety?
  • Is adequate staff training provided?
  • Are work spaces well-engineered in an effort to mitigate risk to workers?
  • Are sufficient policies, procedures, and/or committees in place?
  • Is the use of appropriate clothing, personal protective equipment, and/or safety equipment ensured?
  • Are feedback and/or or complaint policies and procedures in place?
  • Is there internal capacity to handle internal investigations or the resources to bring in external support?

As most workplaces adopt fully remote or hybrid work practice as a result of the pandemic, it's important to consider the risk related to working remotely:

  • How do we address health and safety concerns for remote work?
  • Do employees have a secure work environment at home?
  • Do we have policies restricting work from other locations such as cafes with unsecured internet connections?
  • Do we offer technical support to employees who experience technical difficulties?
  • Do we have resources and support in place to address employee well-being when working remotely?
  • Do we have practices to address misuse of position by staff that could result in cyberbullying or unrealistic expectations of others such as working after hours or during weekends?
  • Do we have support for managers to help them transition from managing on-site to off-site teams?

Employee supervision


  • Abuse of power and authority
  • Inefficient or unclear management practices
  • Disengaged or burned out employees
  • Poor handling of personal information
  • Ineffective conflict management


  • Is sufficient orientation, training, and mentorship provided to new managers and existing leaders?
  • Is there adequate employee supervision?
  • Is a performance management system in place?
  • Are personal information protection guidelines followed?
  • Is a “whistleblower” policy in place? A whistleblower policy states the process for reporting wrongdoing and the protections for those who report in good faith.
  • Is there a process for filing complaints by employees against supervisors? (including on issues of harassment, mistreatment and discrimination)
  • Is there internal capacity to handle internal investigations or the resources to bring in external support?

Employee conduct


  • Abuse of position for personal gain (undeclared conflict of interest)
  • Breach of the code of conduct
  • Loss of resources, materials or other goods belonging to the organization
  • Physical or psychological harm to staff, clients and other stakeholders
  • Release of confidential information
  • Loss of reputation in the community due to employee misconduct


  • Is there a clearly written conflict of interest policy complete with consequences of undeclared conflict of interest?
  • Is there a policy and/or procedure when the parameters of a job description are not respected?
  • Is thorough orientation and ongoing training provided?
  • Is there an employee handbook, including signed acknowledgement?
  • Are there comprehensive policies and procedures, especially regarding confidentiality, privacy, and code of conduct, complete with consequences for not following them?
  • Are written records of performance issues retained?
  • Are organizational valuables secured?
  • Are there cash management procedures?
  • Are there adequate harassment & discrimination policies and procedures?

Exiting employee


  • Unreturned or damaged property
  • Damage to the employer brand (the reputation of the organization)
  • Ensuring appropriate compensation
  • Maintaining employee morale in situations of mass lay-offs


  • Is there a policy and procedure to retrieve organizational information and equipment when an employee is dismissed (especially those working remotely)?
  • Is there an asset management system where serial numbers are recorded for equipment given to employees?
  • Do employees have to sign off when they receive new equipment?
  • Is there a “buy-back” plan for assets of exiting employees?
  • Are other employees and/or contacts notified that this individual has moved on from the organization?
  • Is there a procedure in case the employee returns damaged assets?
  • Is there a procedure to ensure all access codes and passwords are deactivated?
  • Will an exit interview be conducted?
  • Are lieu time and vacation balances recorded?

Sponsor message

Reduce your risks by securely handling personal information and private documents in Partner HR. Sign up for a free trial of Partner HR, the people management software designed and priced specifically for nonprofits.

Was this article helpful?
0 out of 0 found this helpful