Risk and Reward Risk Management

Risk management and consequently reward risk management to be effectual and produce the desired effects need to be carried out having recourse to a structured and systematic approach. Effective reward risk management requires hence that a few but crucially important activities are performed in a specific and pre-defined order. Despite a number of different approaches to risk management have been developed over time, some steps, which are common to the majority of these methods, can be indeed identified.

 

 

 

In those organizations where a risk management system is already operational, it is highly recommended that reward risk management is developed and executed consistently with and according to this. This approach enables employers both to save the time required to design and develop the process from scratch and to confer it, and to the outcome it produces, a higher degree of reliability and credibility (CIPD, 2009).

 

 

 

The first step of risk management is in general represented by the risk identification and classification. This stage is actually particularly important in that putting reward professionals in a position to determine to what types of risks their organizations could be exposed in term of rewards, can consequently enable them to determine, amongst the identified risks, those which are likely to have or are deemed to have the most serious impact over the business reward system (CMI, 2010).

 

 

 

Reward managers and specialists should do whatever they can to identify the largest number of risks to which the organization reward system may be realistically potentially exposed. In order to effectively and successfully attain this objective reward professionals should bank on the support of the managers of the company different functions and develop a stable network enabling them to timely, constantly collect all the possible information about the events which might occur in the future and the effects these might produce upon the firm reward practices. The units which can clearly mostly help reward professionals in the risk identification process are risk management, compliance and internal audit.

 

 

 

The compliance and risk management functions can potentially provide reward managers some precious information about the range of risks to which a business may be potentially exposed. Whereas regulations directly associated with reward should, even though not necessarily, be known by reward specialists it is possible that the rules not directly and strictly associated with reward, but potentially affecting it might not. The support and knowledge of the compliance and risk managers may hence prove to be particularly significant.

 

 

 

Internal auditors could indeed prove to be an important source of relevant information for reward specialists too. Being aware of the threats which might affect the business and being regularly involved in the activities aiming at testing the effectiveness of the control system introduced within an organization to contrast them, these professionals are indeed in a position to identify and know the potential risks deriving from or potentially affecting the company reward system.

  

Some relevant information can actually be gathered within the HR function itself. The individuals in charge of drawing up the personnel budget, especially when using specific software enabling them to make future prediction costs by means of a “what-if” scenario tool, can clearly provide valuable information about the total personnel costs, and the related trend, which an employer is called to honour on a monthly basis. Whereas an organization should not have a personnel budget unit, reward managers should be able to collect this data from the Finance function.

 

HR Business Partners can also be regarded as effective, precious allies of reward managers in the development and execution of the reward risk management process. These can in fact prove to be a tremendous source of information about employee reactions and attitude towards the reward system operated within the business and the effects this practically enables employers to produce or otherwise in terms of retention (CIPD, 2009).

 

 

All of these sources are clearly of paramount importance, but there is indeed an additional source which can potentially enable employers to collect remarkably significant information, namely trade unions and works councils. Staying in close, constant contact with employees, the individuals leading these groups certainly know employees’ genuine view and perception of the current reward system and their likely reaction to, and appreciation of, a different reward system eventually introduced.  

 

Additional data, relevant for both present and future reward decisions, can be also gathered within the endogenous context by means of:

- Exit interviews: these can enable reward professionals to assess whether and eventually with which frequency individuals leave the business because of reward-related reasons;

- Equal pay audits outcome: which can permit reward specialists to determine whether pay is perceived as fair by the employees and whether these acknowledge the existence of discrimination issues within the firm;

- HR managers and line managers, who can provide information about: the rate of the employment offers accepted by the candidates to the different posts, why some of these have not been accepted, the turnover rate, etc. (CIPD, 2009).

 

 

 

The second stage of the process is represented by the risk measurement and evaluation activity. The analysis conducted during this stage enables employers to investigate the likelihood that the reward risks identified may occur in practice and eventually determine the magnitude of the consequent impact these might potentially make on the business (CIPD, 2009).

 

 

 

The approach most widely used in risk management to assess risk probability is the Probability Impact Matrix (PIM). This method basically consists in identifying risks and associating with each of them a numerical value to express both the prospect that these might occur – probability - and the impact that these would eventually have on the organization reward system – impact. The final index is obtained by multiplying for each risk the value associated with its probability by that associated with its impact. The higher the final score calculated for a risk, the stronger the probability that it actually may occur and make a considerable impact upon the reward system. This approach clearly enables employers to order and prioritize risks and thus identify the risks which need to be dealt with before the others (Risk Management Capability, 2011).

 

 

 

Impact and probability are habitually assessed having recourse to a five bands scale. To both variables is associated a numerical value corresponding to the scale: very low, low, moderate or medium, high and very high. It is indeed by multiplying these values, the one by the other, that it is achieved the final score for each risk.

 

 

Probability		Risks Probability Impact Index
Very High	0.8	2.4	5.6	12.8	32	80
High	0.6	1.8	4.2	9.6	24	60
Moderate	0.4	1.2	2.8	6.4	16	40
Low	0.2	0.6	1.4	3.2	8	20
Very Low	0.1	0.3	0.7	1.6	4	10
		3	7	17	80	100
		Very Low	High	Moderate	High	Very High
		Impact

Figure A

In the example - Figure A -, the risks whose indexes fall into the red-shaded cells represent the reward risks which most urgently need to be mitigated and against which reward managers should take immediate and firm action. Those showed in the orange-shaded cells are those risks against which reward professionals need to deal with immediately after having found effectual solutions for those showed in the red-shaded cells. Finally, it will be the time to deal with those risks whose index has fallen into the green-shaded cells.

 

 

 

It is important to underscore the circumstance that probability impact matrix approaches do not represent absolute methods to risks management. This type of approaches enable reward professionals to assess reward risks relativities, that is, to determine amongst the identified reward risks which are the most threatening for an organization and need hence to be promptly managed. This method, nonetheless, does not enable reward managers to identify risks so that those which have not been identified by other means and hence included into the matrix still continue to represent a serious threat for the business and, what worse, remain disregarded and unaccounted for.

 

 

 

Reward specialists should be aware of this circumstance, which cannot be however regarded as a real limitation of this approach in that this method simply aims at categorizing risks according to the detrimental effects these are expected to produce on organizations, whereas it is not concerned with also identifying the risks to which a business could be actually potentially exposed. The PIM is essentially to risk management as job evaluation is to grading jobs; job evaluation enables employers to determine a scale or relativities amongst the identified jobs, but whether not all of the existing roles have been considered, the exercise will obviously fail to yield the expected results.

 

 

 

There are indeed a series of additional activities which need to be performed in combination with the use of PIM approaches. Reward managers should first and foremost ensure that the ownership of each risk is clearly assigned and acknowledged by all the relevant reward risk team members as well as the existence of the relationships eventually identified amongst the risks object of assessment. Under these circumstances the bundling approach, even though in a negative fashion, could come to play. Each identified threat can clearly have a negative impact on the organization reward system, but in combination with others the extent of this impact risks resulting further magnified. Notwithstanding, it would be wrong having recourse to additional arithmetic calculations, for instance, add together the indexes calculated for each risk, to determine an overall risk index (RMC, 2011).

  

It is particularly important taking heed of the circumstance that not all of the identified risks need to be mitigated; this has to be decided and done according to the organization’s risk appetite and tolerance (RMC, 2011). This stage is hence crucially important in that it actually also provides precious insights to the employers helping them to make conscious decisions about whether to accept and hence manage each risk or otherwise.

 

 

 

The occurrences which may impact a reward system are not necessarily all negative, namely downside risks, these could indeed also prove to be genuine opportunities for reward specialists, that is to say upside risks, deserving and needing hence to be appropriately utilized. Positive events should be thus properly investigated and assessed too; to this extent the probability impact matrix can once again definitely help. A mirror matrix, developed from the matrix used to exclusively assess threats, can in fact enable reward specialists to fully attain this objective, that is, to assess at the same time and by means of the same tool both opportunities and threats (RMC, 2011), Figure B.

 

 

		Probability Impact Index
Probability		Risks					Opportunities						Probability
Very High	0.8	2.4	5.6	12.8	32	80	2.4	5.6	12.8	32	80	0.8	Very High
High	0.6	1.8	4.2	9.6	24	60	1.8	4.2	9.6	24	60	0.6	High
Moderate	0.4	1.2	2.8	6.4	16	40	1.2	2.8	6.4	16	40	0.4	Moderate
Low	0.2	0.6	1.4	3.2	8	20	0.6	1.4	3.2	8	20	0.2	Low
Very Low	0.1	0.3	0.7	1.6	4	10	0.3	0.7	1.6	4	10	0.1	Very Low
		3	7	17	80	100	3	7	17	80	100
		Very Low	High	Moderate	High	Very High	Very Low	High	Moderate	High	Very High
		Impact					Benefit

Figure B

During the risk assessment and evaluation phase it is also important duly considering that risks may, for instance, have a limited financial impact, but be likely to produce remarkable reputational downsides as it occurred, for example, to most of the employers of the financial services industry, prior to the emergence of the global financial crisis combined together the negative effects of financial loss with reputational loss.

 

The third stage of the process is represented by the risk management and mitigation phase. This step is basically concerned with deciding how to manage the reward risks identified consistently with the business risk appetite as defined by the company board. As discussed earlier, risks cannot be invariably completely averted and prevented by employers for the simple reason that risk is itself part of each business activity. Appropriate risk management should hence acknowledge that employers take risks having full understanding and consciousness of the impact specific events can make on their organizations at any time (CIPD, 2009). Whether on the one hand this means that employers deliberately take risks, on the other hand this also requires businesses to decide and set beforehand the limit or level of risk which they are willing to take. This limit is broadly known as risk appetite, albeit someone wrongly refer to this concept in terms of risk tolerance. In order to avoid possible mix-ups the Institute of Risk Management (2011) has made a clear distinction between the two terms. More in particular risk appetite is defined as the “amount” of risk an organization is willing to accept in order to facilitate the attainment of its pre-identified objectives. Although the term appetite might mostly induce to think about the food required for satisfying one’s needs, in term of risk management risk appetite should be rather intended as the level of risk in front of which an employer is still in the position to decide whether to “fight or flight.” This entails that under some circumstances, that is, those which are perceived by employers to be at the limit, these are still in a position to face the risk beyond the predefined limit or can, if anything, decide to do so. The idea of risk tolerance is, in contrast, associated with the level of risk which an employer is not prepared and ready to face or to venture in order to achieve its organizational objectives. This hence represents a limit whose borders are impassable.

 

In order for reward professionals to effectively and properly perform the activities concerned with this phase these need to have a thorough and overarching knowledge of all the risks likely to make an impact on reward. It is also crucially important that a scale of priorities consistent with the current risk appetite has been identified.

 

 

To approach risk management in a structured and systematic way, developing a risks map would definitely be beneficial, whether not absolutely necessary. An example of risk map is shown in Figure C (adapted from CIPD, 2009). The proposed mapping method includes the option to insert the risk index as determined by means of the probability impact matrix and to update the score further after the execution of the actions taken to mitigate it. 

Risk Group	Description	Index	Owner	Mitigating actions	Implementation date	Index after actions implementation

Figure C

 

A risk management processes invariably ends with the reporting and monitoring phase. This activity can be indeed properly associated with the lesson learned logs typical of project management. A reporting activity can prove to be very useful for future occurrences and to transfer to others and to the individuals who will be in charge of reward risk in the future information about the impact each risk previously made and the actions taken in order to mitigate these under the circumstances. A clear description of the outcome produced by the activities performed should be indeed also included.

 

 

 

Monitoring risks and producing reports containing valuable hints about how to assess occurrences, putting management in a position to make informed decisions, can definitely prove to be a tremendously useful activity (Risk Reward, 2011), definitely worth the efforts and time it requires.

 

 

 

Longo, R., (2012), Risk and Reward Risk Management, Milan: HR Professionals [online].

For an extended version of this article and much, much more, click here