Ultimately directors are responsible for the stewardship of the organisation. Dropping the ball by failing to assess and manage organisational risks on a regular basis can result in a range of undesirable consequences such as reputational damage, high leadership turnover, share price decline and potential litigation from various stakeholders, not to mention physical and psychosocial hazards impacting the health and safety of your employees.
Management should have effective internal controls such as policies, procedures and systems in place to effectively manage exposure to risk.
Such policies and procedures should cover the following:
Human Resources – including recruitment policies, conflict of interest, job descriptions, training, performance evaluations, remuneration and disciplinary procedures, investigations of workplace incidents, etc.
Risk & Compliance – including regular compliance certifications from responsible officers, breach and incidents registers, risk assessments and rating, etc.
Administration & Financial – including job responsibilities, segregation of duties, procedures for key administration activities, reporting relationships, financial authorities and access to assets.
Reporting – including regular review of financial and operational reports and controls, preparation responsibility, etc.
Systems – including security, system hardware and software, procedures for key activities e.g. procurement, business continuity, etc.
The starting point for any organisation is to identify and assess its risk. Generally, the board/ management will conduct a risk assessment to identify the key business risks, assess their probability of occurrence and rate these risks.
A risk assessment assists management to focus on the key business risks. It is important for managers to regularly monitor, review these risks and the effectiveness of the internal controls.
As a guide, risks can be classified into broad categories, for example:
1. Asset
2. Financial
3. Operational
4. Regulatory/Compliance
5. Reputational
For a business with a high reliance and dependency on staff, Human Resources will be a key business risk and most employers would have a range of policies, procedures and systems in place. Employers may also bring in a consultant with subject matter expertise to ensure that they have adequate and effective internal controls.
Listed below is a limited selection of internal controls which your organisation may implement for risks associated with Human Resources:
Recruitment Policy
References to hiring procedures, such as anti-discrimination, legal compliance, police checks, type of employment contracts (full-time, part-time, casual), probationary period if applicable, safety ,induction etc.
Remuneration Policy
Identifying Fair Work, ordinary pay rates, overtime, time in lieu, providing payslips, submitting withholding tax to the ATO, payment of superannuation, worker compensation, leave and entitlements, etc.
Other Human Resources Policies
Bullying & Harassment, Workplace Health & Safety, Performance Management, Social Media, Conflict of Interest, Confidentiality, Privacy, Family and Domestic Violence, Ceasing Employment, etc.
To ensure the effectiveness of the relevant internal controls, staff need to be aware and regularly trained on the respective of policies, procedures and systems.
Compliance with respective legislative requirements should be identified as a regulatory risk for all organisations. For example, the Fair Work Act sets out various obligations for an organisation, such as minimum pay rates, working conditions, unfair dismissal to name a few. In recent times, there have been a number of high profile employers who have received negative media exposure for underpaying staff. This has created a negative impact on their respective reputation, not to mention the potential financial impact.
For assistance with your organisation's internal controls, please contact us today.
Comentarios