Publications & Articles
- Publications
- Articles
- Accounting (3)
- Banking (7)
- Corporate Governance (3)
- Financial Management (9)
- General (10)
- Marketing (1)
- Markets (19)
- Risk Management (73)
- Wealth Management (4)
- Islamic Finance (2)
- Financial Services Sector (2)
- Anti Corruption (1)
- Corporate Social Responsibility (2)
- Economics (6)
- Research (1)
- Bonds (1)
- Human Resources (2)
- Business and Management (1)
- Expert Opinion
IABFM Articles > > Risk Management > 'Personnel or People Risk' in Risk Management
'Personnel or People Risk' in Risk Management
By Mohammad Kahn
22 September, 2019
People are involved in every action taken in an organization, so understanding people, their behaviour’s and their decision making can enable a better understanding of organisational risk as a whole. 'People Risk' in the context of Operational Risk is referenced by the Basel Committee as one of the key Operational Risk category of events being 'the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events'. Conduct Risk is now also recognized as a major risk that arises due to people or Personnel risk. Whether we talk about employees, managers, directors, auditors or accountants or those outside an organization such as customers, suppliers, regulators and shareholders, ultimately people, and their decision-making, are a significant source of risk for all organizations. Consequently, their effective management is a very important area of operational risk management. People Risk as a concept matters a lot because it seeks to combine often disconnected types of risk through their common variable i.e, people.
One of the first attempts at modelling People Risk came from US sociologist and criminologist Donald Cressey, with ‘The Fraud Triangle’.The classic case in Cressey's Fraud Triangle is one where an employee, often under financial pressure and using their knowledge of the organization's control systems, has sufficient incentive and opportunity to redirect funds for their own use. The employee would then rationalise the action to themselves as e.g, " I am due the money because the firm does not appreciate all the hard work I have put in”. This model can be used beyond fraud and cover other examples of human decision making. The Cressey model has been used since the 1970s but the study of People Risk has developed considerably since then. Blacker and McConnell’s ‘People Risk Triangle’ as explained in their book, i.e, ' People Risk Management' categorises People Risk based on human opportunity, motivation and rationalisation. They consider that 'situations where there are confused emotions, such as ambiguous motivations, unintended opportunities and collective rationalization will naturally give rise to the greatest risks because of the effect of uncertainty'. Blacker and McConnell’s People Risk Triangle provides a useful categorization for understanding the diversity of potential people risks across an organization as shown in the following table:
This modeling of people risk reflects an appreciation for the psychological elements at play particularly the unreliability of the human brain in decision making and how an understanding of the common factors across the People Risk spectrum can inform their management. Paying greater attention to People Risk as a framework for understanding all risks, from misconduct to fraud, can help businesses understand the root causes of employee behaviour, irrational or otherwise, and employee decision-making, good and bad.Personnel risk can occur both within the operations area as well as within the organization generally. It is the risk of not having sufficiently qualified or experienced people within an organization to adequately manage and control the level or type of business. Personnel are the key resource for any organization and this is particularly the case for a financial institution. In order to take advantage of developments and to create innova- tive technological solutions, financial institutions need to ensure that they have the required staff, skills and development pro- grammes. Management needs to ensure that they can recruit, retain and develop their staff and to ensure that they manage the employee relationships effectively in order to fully tap their skills and commitment. People risks are numerous and multi-faceted i.e, from workplace safety, absenteeism and succession planning, through to loss of key people and other internal issues, such as fraud and theft of material and intellectual property. Therefore, many organizations struggle to get a handle on the human element in risk management. Larger organizations tend to manage personnel risk better when it comes to managing people related risks because they have a better framework and infrastructure in place. Not having the right people in place with the skills needed to compete, innovate or grow can seriously hamper an organization’s future. Employees are an organization's main asset, but any risk manager knows that a rogue employee can become the source of tremendous financial, operational and public relations stress if a serious employment claim arises. Effective risk management must include a thoughtful audit of human resources, a review of personnel policies, procedures and training, and a working plan for effective future implementation and enforcement. Paying attention to people risk is important because it acts a framework for understanding the root cause of human decision-making, good or bad, in business situations.
