Learning Center
Plans & pricing Sign in
Sign Out

Moral hazard


Moral hazard

More Info
									Moral hazard
In a radically changing world, HR will bear a large share of the responsibility for managing
By Carolyn Rance

   • Major global changes mean a broader approach to risk management is needed.
   • HR has a central role to play in building resilient organisational cultures.
   • Improving employee performance and corporate practice includes skill-building in disaster scenario

At the heart of risk management in the 21st century is the need to expect the unexpected. From the effects of climate
change, to threats of pandemics and terrorism, to the emergence of new technologies, huge economies and a global
job market, the world is changing in ways that are hard to imagine, let alone predict.
In the commercial sphere, businesses are finding compliance with existing laws and standards arduous enough, but
survival and success in coming decades will be increasingly dependent on the ability to identify and mitigate
multiple, often previously unheard-of, risks. Clearly, HR will have a crucial role in building resilient organisational
cultures where potential problems are discussed and addressed rather than concealed or ignored, and where patterns
of behaviour are recognised as a predictor of outcomes.
“In the past, risk has been seen as the preserve of accountants, but, if you look at a company like Enron, financial
failure was preceded by a very poor culture with hubris in large doses,” says AHRI national president Peter Wilson.
If HR and finance are to share responsibility for good governance and legal compliance, organisations will need
more people who are alert to bad behaviour and operational risk, he says. “We need HR managers with courage and
instinct to apply themselves in a proactive risk management domain rather than a reactive administrative domain.”
In a study by Accenture late last year, 436 senior executives at major North American, European and Asian
companies rated managing risk as their top priority. It outranked growth, increasing shareholder value, acquiring
new customers, IT, and organisational culture and performance issues. “The study illustrates that companies realise
they must address the increased risks associated with geo-political instability, globalisation, aggressive growth,
increased competition and the information explosion,” says Walt Shill, the consultancy’s managing director of
strategy practice.
Risk management is a logical component of HR, says psychologist Dr Robert Heath, associate professor in risk and
management at the University of South Australia and author of Crisis Management for Managers and Executives
(1998). “People are the greatest source of risk,” says Heath. “They have accidents, behave stupidly, make mistakes
and do fraudulent things. The people hiring and managing them need to look beyond OHS and the physical
environment. Although these are important, they must understand the less tangible psychological environment of
how the workforce sees the workplace. There’s no doubt that we need better-qualified risk management specialists
coming out of universities, but we also need to realise that every person who manages someone has to be a risk
Too many organisations have processes in place that lack real content, he says. “They are apparently meeting all the
requirements of good management practice, ticking all the boxes, but not necessarily following through. I often see
companies where risk management is an add-on rather than part of a job. Until it is seen as part of current work,
rather than an extra, there will be a problem. HR needs to push for active risk management teams drawn from all
areas and to be able to say, ‘Listen, folks, every time you do that [over there], this happens over here.’”

Integrating risk management into mainstream business activities is crucial, says Peter Hanzlicek, a director of the
Risk Management Institution of Australasia. He sees no conflict between the formal documentation, audit and
compliance duties involved, and innovation. “While understanding risk may raise negatives, it also reveals
opportunities. Risk management moves things from the unconscious to the conscious and lets us look at the big
picture. There is risk in everything we do—we manage it subconsciously through the cultural rules we learn as we
grow up.
“In an organisational environment, we often need to be instructed or coaxed. Formalising risk management enables
people to understand what is meant when the business talks about risk, so getting the culture and language right is
important. If senior executives are seen to take ownership of strategic risk, others in the business will accept
responsibility for the wide span of operational, project and emerging risks.”
Hanzlicek believes that moans about compliance are a passing phase, with many business managers moving to a
mindset where managing risk is no longer regarded as a reactive process aimed only at highlighting problems.
This view seems to be supported by growing evidence here and overseas of corporate willingness to go beyond the
letter of the law. In complying with post-Enron legislation known as the Sarbanes-Oxley Act, US-owned enterprises
are using the process to improve financial reporting, anti-fraud controls and investor confidence, noted KPMG’s
Brian Bogardus last year. “Compliance doesn’t have to be an end in itself,” he says. “We are seeing companies
move from ‘How do we comply?’ to ‘How do we use the improved controls to gain competitive advantage?’”
Annual reports from Australian listed companies reveal increasing levels of awareness of the link between culture
and risk, and the way both need to be managed to achieve compliance with the financial, social and environmental
demands of legislation and the Australian Stock Exchange’s Principles of Good Corporate Governance.
When National Australia Bank issued its 2006 annual report, it was still smarting from losses in its US business, and
the unauthorised currency trading scandal that resulted in former employees being jailed and the CEO and chairman
stepping down. NAB reported that its performance management and reward framework were now guided by
principles “ensuring our people are rewarded for the way they behave and do their jobs, rather than just the
outcomes they achieve”.
A year earlier, Amcor chairman Chris Roberts assured shareholders that, in the wake of a discovery that some
employees appeared to be in breach of competition laws and the subsequent resignation of top executives, the
company had “started the process of changing the behaviour and, all importantly, the culture” within its troubled
corrugated box business. But, his proviso in the same speech, that there were “inherent limitations to the
effectiveness of any system of disclosure and internal controls” rings true to Heath. “You can’t control risk. You can
only try to manage it,” he observes.
Hanzlicek has no doubt that companies are taking the challenge seriously in a trend likely to strengthen as
shareholders and fund managers demand greater transparency, and corporate regulators flex their muscles. He cites
the National Packaging Covenant as an example of companies being proactive in waste management rather than
waiting for legislation. Mergers and acquisitions will also focus executives on risk as they devise ways to make new
entities innovative and compliant.
Heath similarly views risk management as a positive activity in which opportunity will be analysed to achieve “less
downtime, less faulty product and more profit”. But he notes that the consequences of change need to be considered
broadly to lessen the likelihood of unforeseen problems, and when HR practitioners consider their role they should
think about human expectations. “The difference between what people expect and the reality creates all sorts of
problems. For HR, the facilitating role between management and workforce has to be about reducing expectation—
not squeezing the hell out of everybody, but reducing misperceptions.” When rogue traders imperil a bank’s
reputation and profits, or production workers become slack about safety, it may be because they reflect a corporate
culture where it is assumed that, unless they are told differently, everything will be okay. “People assume they are in
a safe workplace, but in reality no-one can guarantee safety. You can’t abolish risk, but you can use positive
reinforcement and practical demonstrations to make clear the consequences of certain actions.”
HR needs to understand that, every time you make a change to human resources, it changes the corporate asset and
financial balance. “You need to think in terms of two, five and 10-year planning,” says Heath. “For example, if you
are in the car industry, you know that over time the sales of gas-powered cars will increase, so you need to be
thinking about adding people to the workforce who can put together the gas components. You might look at the LPG
conversion industry as a source of employees for the assembly line. Risk management is a dynamic, analytical
process where every day you need to think about what has changed, its possible impact and what you should be

Expanding existing databases can be a practical first step. “Think about new categories of information that could be
useful,” says Heath. “If you have a multicultural workforce, list the languages each employee speaks. In an
emergency you’d know who to call on to explain things or calm people in their own language. We often have that
sort of information only in our heads. Putting it on the system adds to your capacity to deal with unforeseen
Peter Wilson says HR tools such as 360-degree feedback and cultural workplace inventories that identify
management behaviours against expected norms can help in building compliant and risk-aware corporate cultures.
“The edge of HR is moving further out to understand how people are behaving. CEOs and senior HR people have a
responsibility to drive culture in an ethical and legally compliant way, and monitor exceptions.”
Identifying and managing risk must be consultative, says Wilson. “The people at the coalface understand workplace
risks best.” An increasing number of Australian companies are developing practices recommended by the Treadway
Commission of Canada. “It says the best way to understand risk is to conduct workshops of your people at all levels
and have them identify economically, culturally and socially the key things that could go wrong.”
Ironically, the success of western economies increases the risks they face. As in Australia, households in the UK and
US are carrying large debt burdens and there are growing signs of consumer distress. In January the UK’s Financial
Services Authority urged companies to increase their stress testing.
The complexity and interrelatedness of systems, technology and networks makes them more productive, but
simultaneously more vulnerable in the face of extreme events such as flood, fire, power outages and external attack,
says Michael Tarrant, assistant director, education and training, at Emergency Management Australia, a division of
the Attorney-General’s department that works with government, business and the community to foster a
comprehensive national approach to emergency management.
“Management teams spend time thinking about how organisations can do what they do better, but we have tended to
consume the efficiency dividend rather than use some of it to build in resilience and make sure we have the
resources to deal with something that comes out of left field,” he says.
Tarrant says HR could contribute to greater preparedness by looking at whether rewards and recognition are solely
geared to doing the routine better and measuring the measurable, when we also need to be thinking about having the
strategies and types of people able to operate in different and difficult situations. He says having people look at
disaster scenarios as part of their operations improves their ability to think laterally and solve problems, which
benefits organisational performance and practice.

Beef at stake
Henry Lawson and Banjo Paterson wouldn’t recognise the bush today. Station managers are internet-connected and
workplace safety means much more than carrying a bandage in the saddlebag.
The Australian Agricultural Company operates 24 huge cattle stations and two feedlots, where training,
communication and compliance are crucial to managing risks, including biosecurity and environmental threats, and
health, safety and staffing issues, says quality systems manager Trish Quirk.
“AAco is a very old company [founded in 1824], with a lot of tradition and a long history—but all new
documentation and systems.”
The organisation moved into the 21st century with a stock exchange listing in 2001 and a proactive approach to risk
and environmental management. Last year it won two categories at the NAB agribusiness awards.
Quality management and assurance programs aim to combine risk management with a focus on performance and
continuous improvement. The company has implemented the ISO 9001:2000 standard across all operations. A
certified food safety system (HACCP) helps manage production risks for its 1824 and Wagyu beef products and on
feedlots, and AAco is a recognised leader in its compliance with the National Feedlot Accreditation Scheme and
Livestock Production Assurance quality program CattleCare.
Quirk says such compliance provides a logical, consistent way to identify risk and put in monitoring and
management practices along a supply chain that includes breeding cattle in one part of the country and sending them
to another part to grow, and another to fatten in feedlots, before transportation to market.
Senior management workshops have identified the company’s top 20 risks and developed documented management
A breakout of an exotic animal disease in Australia is one risk. “We have a business continuity plan for dealing with
an outbreak, and run scenarios at one of the feedlots on what we would do if animals became sick,” says Quirk.
“And we’ve taken that learning to senior management and the people working on the cattle stations.”
HR is integral to induction and training that make risk awareness part of the staff mindset. “All new station
managers come to head office in Brisbane and receive induction from every department in the procedures and risks
relevant to their job. We can follow up if required with face-to-face support out on the station.” Administration
systems are standardised and reference manual updates are sent out in hard copy format. A teleconference follows,
where changes to procedures and practices are explained and discussed. Once a process is captured in a procedure it
becomes identified as “the company way”.
Regional managers provide a constant link between station managers and the Brisbane head office. Regional
meetings ensure station managers meet head office staff from a range of disciplines to establish lines of
communication. Risk and compliance messages from head office target frontline staff as well as more senior
Head stockmen play a crucial part in managing operational risk, with responsibility for things like chemical safety,
animal treatment and vaccination programs. Each year they attend a week’s training.
“Last year we developed a head stockman’s toolkit—a practical mini reference manual in a hardwearing plastic pack
to carry in their vehicles.”
Corporate governance, with its requirement for a risk management plan and risk register, drives Aaco’s approach to
all types of risk, says Quirk. “Everyone is expected to look at their business responsibilities in an integrated way and
understand the range of risks that could have an impact on their area and the company as a whole.”
For HR, this includes looking at training and overseas recruitment as ways of addressing staff shortages. “Finding
people who want to work in the outback is really difficult.”

Looming issues
Climate change and recruitment and retention issues loom large for Australian businesses, says Aon Australia as it
awaits the findings of its latest annual risk survey. Expectations are that the survey will reveal potential disruptions
for business, says Ross Castle, national manager, client research and development.
“With the hospitality, energy and resource sectors already starting to cite climate change as a key risk, we expect
this concern to become more widespread,” says Castle. “Social and community activism may see governments take
a far more active role in the debate and demand a greater level of action and involvement from business in terms of
regulation and personal accountability.”
Continuity risks and labour market issues that have concerned business for a number of years look set to remain
pressing. “We predict increased concern around business dependency, and business disruption from supply chain
risks, heavy reliance on systems and technology, and the proliferation of outsourcing and off-shoring.”
The ability to attract and retain staff and develop the right organisational culture will continue to worry executives,
says Castle. “Tight labour market conditions and a shortage of skilled staff are likely to heighten this concern.
Combined with an ageing population, Generation Y issues and the emergence of stress as an OHS issue, workforce
issues are likely to weigh heavily on the minds of Australian executives.”

AHRI is running a risk assessment and management program nationally from August to September. Designed for
HR practitioners, managers and business owners, the workshops cover the principles of risk and the role that HR has
to play.
VIC: 23–24 August
SA: 11–12 September
WA: 13–14 September
NSW: 2–3 October
TAS: 22–23 October
QLD: 17–18 September
Visit for details and to register.

Carolyn Rance is a freelance writer.

To top