Managing reward risks An integrated approachobservgo.uquebec.ca/...Managing_reward_risks.pdf ·...

Research insight

Managing reward risks An integrated approach

Acknowledgements

This report has been developed following a review

of existing research and advice in this area, alongside

workshops and interviews with risk managers, reward

managers, consultants and academics from the

following organisations:

ARUP

British Bankers Association

BT

Cabinet Office

Commerzbank

Cranfield School of Management

Financial Services Authority

First Group

Guardian Media Group

ING Direct

Mercer

MBDA

MM & K Independent Remuneration Solutions

Moog

Old Mutual

Promontory Consulting

PZ Cussons

Sainsbury’s

Standard Chartered

Towers Perrin

Towry Law

UBS

Wilts Wholesale Electrical Co.

We would like to thank all of the individuals and

organisations that contributed to the research.

Managing reward risks: an integrated approach 1

Contents

Foreword 3

Executive summary 4

Introduction and background 5

Reward risk framework 9

Current reward risk concerns and our state of readiness 18

Risk management process 22

Effective risk management – what does it take? 29

Conclusion 30

References and further reading 31

Appendix – Outline reward risk mapping tool 32


Foreword

The risk of reward encouraging inappropriate

behaviours among employees has been extensively

covered by both the UK and international media. Some

commentators have been calling for bonus awards to

be capped, while others are predicting the demise of

performance-related pay and the bonus culture.

However, as our report shows, most senior reward

professionals that we have interviewed and surveyed

do not rate this risk as the one that keeps them up

at night. They are far more concerned about the

reward management risks around implementation and

change management. In these uncertain times, when

agility and sustainability are key, reward professionals

are worried that the inability to change their reward

approach is holding them back and pulling them down.

As this report makes clear, risk management is not a

barrier to risk-taking. Rather, risk-taking is at the heart

of all organisational activity and is crucial if employers

are going to successfully seize the opportunities

afforded to them by a changing business environment.

This Research Insight is aimed at senior HR and reward

professionals who want to help their organisations grasp

the opportunities arising from change, yet do so in a

way that the risk that arises from change is managed

or mitigated. It creates a framework for practitioners to

identify and review the main reward risks faced by their

organisation as well as providing some tools to assist

them in managing and mitigating them.

Yet to be able to contribute effectively to managing

the risks that arise from how their organisation

rewards and recognises employees, they also need

to understand the business and its drivers. That way,

when they have to challenge a management decision

that they believe will bring an unacceptable level

of risk into the organisation, they are able to do so

with credibility, rather than reinforcing the case of HR

saying ‘no’ again.

This report is the first step in the CIPD’s journey on this

issue, so please let us have your views on the ideas

generated in this report and areas where further work

on examining risk in relation to reward and potentially

wider HR activities could be directed.

We hope that you find our report useful and

informative.

Charles Cotton

CIPD Adviser, Performance and Reward

[email protected]

Jonathan Chapman

Foundation for Management Education Fellow,

Cranfield School of Management

[email protected]

4 Managing reward risks: an integrated approach

Executive summary

In April 2006, a CIPD Change Agenda report, Risk and

Performance, made the case for all HR professionals

to get involved in risk management, encompassing

both how HR policies are actually working in practice

and, significantly, how employees respond to these

policies. The 2006 report called for the development

of checklists and toolkits to explicitly help HR

professionals identify and manage risk. This report

aims to meet this call through providing this support

for reward professionals.

While the research has been provoked by, and has

drawn on learning from, recent events in the financial

sector and the additional focus this has provided on

reward risk management, it is wider in remit than

financial services and the behavioural reward risks that

have been identified in that sector. It aims to capture

a broader range of reward-related risks and risk

management practices that are felt to be important

for all reward professionals.

This research shows that significant work is under way by

organisations, often led by their reward teams, to manage

risks arising from how they reward their employees.

However, what has emerged is that this work needs to

be carried out more proactively and systematically to

ensure that it is fully effective and the organisation does

not slip on a reward banana skin. Five recommendations

are made to assist organisations in adopting a more

systematic approach to reward risk management.

1 Establish effective reward risk intelligence-

gathering systems

Systematic reward risk management requires effective

intelligence-gathering on potential risks arising from

both outside (externally generated risks) and inside

(internally generated risks) your organisation. Use the risk

intelligence map presented in this report as a guide to

potential sources of intelligence for your ongoing reward

risk management process (see page 9).

2 Proactively review your reward strategy and

systems for risk

The research identifies seven risk groups that relate

specifically to reward strategy design, implementation

and impact. These are: strategic, behavioural, financial,

legal and ethical, operational, implementation, and

change and governance risks. Use the ‘Reward Risk

Framework’ developed as part of this research (page

9 and Appendix) to review your reward strategy for

these risks.

3 Use established risk management tools to

assess and manage identified reward risks

Apply risk management tools and processes – impact/

probability matrices (page 26) and risk map (page 28) – to

help you assess and manage the reward risks you identify.

4 Manage risk consistent with your reward risk

appetite

Reward risk management is not about eliminating

all risk in your business; it is about managing risk

against, ideally, predefined tolerances as to what risk

is acceptable to your business. Work with business

management to define your reward risk appetite and

manage reward risks accordingly (page 26).

5 Build your risk management capability and

build a permanent risk management culture

You cannot anticipate every risk to your organisation’s

reward strategy. You need to develop your overall

agility and resilience to manage reward risks should

they emerge. Reward risk management is not a one-off

or annual exercise but an ongoing process embedded

in all reward management work. This requires a

range of knowledge, skills and competencies. These

have been profiled in this report against the CIPD HR

Profession Map (page 29). Use these competencies as a

base to assess your ongoing capability in this area and

build plans to develop your reward team to improve its

all-round risk management capability.


What is covered in this report?

This report examines four areas. First, it introduces

seven key reward risk groupings in a reward risk

framework and uses this framework to review the

main risks that are seen to be most relevant today to

reward management professionals. Next, it discusses

the results of a CIPD survey that gathered views from

reward professionals about the main reward risks

they see ahead and how ready they believe their

organisation is to handle these risks. It then provides

some risk management tools to assist organisations in

reviewing their reward-related risks. Finally, it looks at

the skills, competencies and behaviours required by HR

professionals in this area.

The report identifies five recommendations for

reward practitioners to consider and provides some

practical ideas on how they might address these

recommendations in their day-to-day work. These

recommendations are intended to act as a catalyst

to the reward profession becoming more risk-aware

and, through this, begin a debate across the reward

community about the best way to identify, assess and

manage risks arising from how we reward employees

at all levels.

Who should read this report?

We expect that HR directors, reward directors,

managers and analysts as well as HR generalists

will be most interested in this report as they will

be closely involved in managing reward risk and

influencing others to identify and manage these

risks in their organisations. It will also be of interest

to other individuals who are involved in the risk

management process in organisations, for example

risk management, corporate recovery, compliance

and audit professionals. If you are a member of an

organisation’s remuneration committee you may also

be interested in the findings in order to use them to

challenge the HR and reward directors on whether

they are leading the organisation in effectively

managing the risks in their reward work.

In addition, the report will be of interest to public

policy-makers who are currently reviewing the role

that regulation should have in managing remuneration

risk. We also hope the report will provide material

for those supporting, training and educating HR and

reward professionals through academic, consultancy

and training work.

Introduction and background


Financial crisis and remuneration

In the summer of 2007, the world of financial service provision, both in the wholesale and retail

markets, changed dramatically. A sustained period of economic growth and bank lending came to

a sharp halt as financial institutions reassessed their perception of risk and, as a result, liquidity in

both the wholesale (business to business) and retail (business to consumer) markets contracted. This

contraction of liquidity came to be known as the ‘credit crunch’.

These events had a significant effect on a number of financial institutions that were reliant for their

ongoing business on funding from the wholesale market. In the UK the first casualty of this was

Northern Rock, which was taken into public ownership in September 2007 as it ceased to be able to

meet its liabilities due to the lack of access to wholesale funding. Intervention, by the regulatory and

public authorities in the form of central banks and government, continued throughout 2007 and 2008.

Central banks across the world provided billions of dollars of liquidity to the financial system and capital

injections through part-nationalisation of sections of the financial services industry, with the aim of

freeing up inter-bank lending to prevent further potentially systemic problems.

These events led to critical attention regarding the contribution that remuneration structures had

made to these problems. For example, Alastair Darling in his speech to the Labour Party Conference in

September 2008 stated that:

‘We need to look as well at the culture of huge bonuses which have distorted the way decisions are

made. It’s essential that bonuses don’t result in people being encouraged to take on more and more

risk without understanding the damage that might be done, not just to their bank, but to the rest

of us in the wider economy…Bonuses should encourage good long-term decisions, not short-term

reckless ones.’

The focus on remuneration practices led to industry, regulatory and government bodies across the globe

commenting on whether remuneration structures within the financial service industry were to blame for

the crises. While press coverage has been critical of remuneration structures and the role they played,

‘official’ reports have generally presented a more measured view:

‘Excessive risk taking in the financial services industry…has contributed to the failure of financial

undertakings…Whilst not the main cause of the financial crises that unfolded…there is widespread

consensus that inappropriate remuneration practices…also induced excessive risk taking.’

(European Commission 2009)

‘There is a strong prima facie case that inappropriate incentive structures played a role in

encouraging behaviour that contributed to the financial crisis. It is very difficult, however, to gauge

precisely how important that contribution was.’ (Turner Review 2009)


What is reward risk management and why does

it matter?

Large numbers of risk management approaches

have been developed and published (for example

BS31100_2008, AUS/NZ 4360_2004, Office of

Governance and Commerce Management of Risks

(OGC M_O_R), PRAM Guide, IEC 62198) to provide

definitions and practical tools for managing risk. The

Institute of Risk Management, Association of Insurance

and Risk Managers and the National Forum for Risk

Management in the public sector published a joint

standard for risk management, which defined the

following terms:

• risk – combination of the probability of an event

and its consequences

• risk management – co-ordinated activities to direct

and control an organisation with regard to risk.

However, risk management, as defined above, can

often be misunderstood. Good risk management is

not a barrier to risk-taking activity. Risk-taking is at

the heart of all organisational activity and crucial if

organisations are to innovate and develop. The failure

to take opportunities that arise from change is a

huge risk in itself. Risk management is as much about

this as it is about avoiding problems. Effective risk

management ensures that this risk-taking is carried out

as a conscious activity. Judgements need to be made

about the appropriateness of the risk-taking in line

with organisational objectives at that time.

Within this context, three separate phases to effective

reward risk management are proposed:

• Risk identification – what reward risk is your

organisation exposed to? We present a reward

risk framework on page 9 and guidance on

identification of the relevant risks for your

organisation to help you do this on page 22.

• Risk assessment – to what extent are the reward

risks identified likely to have a material impact on

your organisation? Impact and probability analysis

and risk-logging can help you do this; this is

discussed on page 26.

• Risk mitigation – what action do you need

to take to manage the reward risks to a level

that is considered appropriate or, using the risk

management jargon, in line with your risk appetite?

Suggestions of potential risk mitigation strategies

against specific risks are made throughout the report.

The main benefit of effective reward risk management

activity is, in the words of one research participant:

‘the reduction in uncertainty of outcome to reduce the

likelihood of nasty surprises’.

In the current social and political climate, the

reputation damage that perceived inappropriate

reward activities can have on an organisation is

potentially significant. The risk that reward practices

are seen in an unfavourable light by organisational

stakeholders such as employees, customers, media,

regulators and politicians is a significant issue for

organisations not only operating in the banking sector,

which is in the public limelight at present, but wider

as the focus on reward practices in all sectors remains

acute. Failure to identify a reward risk and then to

manage it can lead to damage to an organisation’s

brand, loss of customers and a reduced ability to

attract and retain employees.


Financial Services Authority regulation of remuneration structures

The financial crisis and the resulting analysis of what happened has led the Financial Services Authority

(FSA), the independent body that regulates the financial services industry in the UK, to set out a large

number of changes it intends to make in how it regulates the financial services industry in the future.

Among these changes are amendments to the way in which it views risk arising from remuneration

structures. The FSA has introduced a new regulatory rule to apply to larger banks and building societies,

namely that ‘a firm must establish, implement and maintain remuneration policies, procedures and

practices that are consistent with and promote effective risk management.’ This rule is supported by a

range of evidential provisions that were set out in a code of remuneration practice. Six key principles

emerge from the code:

1 Remuneration policies should be consistent with effective risk management.

2 Remuneration should reflect not only financial results but compliance with risk management policies

and alignment with an appropriate culture.

3 Financial measures of performance should be adjusted to reflect the relative riskiness of assets.

4 Governance structures (for example remuneration committees) should consider the implications of

remuneration for risk and risk management.

5 Significant bonuses should have a predominant amount deferred.

6 Deferred bonuses should be linked to financial performance during deferral period.

Source: Code of renumeration practice (FSA 2009)

At present, the new FSA rule applies only to major UK banks. However, it appears to be having a wider

influence across other financial services organisations and potentially to other industries. The FSA is still

considering whether to more formally extend the rule’s application to other financial services sectors.


What is reward risk management and what risks does

it imply need managing?

The workshops and interviews carried out identified 39

risks that were felt to apply to organisations’ reward

strategy, systems and practices. The workshops and

interviews then helped to cluster these risks into seven

reward risk groups, shown in Figure 1.

Reward risk framework

Figure 1: Seven reward risk groups

Strategic

RewardRisk

Groups

BehaviouralGovernance

Financial

Legal and ethical Operational

Implementation and change

management


These reward risk groups require reward professionals’

attention to identify, assess and manage these risks

within their organisations. The risks identified are

intended to illustrate a potential universe of reward-

related risks, but should not be considered exhaustive

or treated as a checklist. Each organisation will have a

different risk profile and consequently require different

reward risk management strategies. Each risk group is

defined in Table 1.

Each of these seven risk groups is now discussed to

identify key issues that reward managers need to

consider in managing each group. We focus on those

that have arisen in the research interviews. The full risk

map is provided in the Appendix to this report to assist

you in your reward risk identification, assessment and

mitigation work.

Strategic reward risks

A number of risks were identified that are felt to

be particularly significant for ensuring that the

organisation could attract and retain the employees it

needs to be successful, as shown in Table 2 below.

Table 1: Reward risk group definitions

Strategic risk The risk arising from the misalignment of reward strategy to the organisation’s goals. This risk can lead to the inability to attract and retain the employees needed for success.

Behavioural risk The risk arising from the misalignment of reward strategy to the required employee behaviours. This risk can lead to rewarding inappropriate or unproductive organisational activity and behaviour.

Financial risk The risk arising from inadequate reward cost management. This risk can lead to poor value for money and, where relevant, lower profitability or even loss.

Operational risk The risk arising from the poor execution or failure of reward systems and reward processes. This risk can lead to inefficiency or inaccuracy of the systems or fraud in their operation.

Implementation and change management risk

The risk arising from poor implementation or change to the reward strategy or processes. This risk can mean that the reward strategy is managed ineffectively and therefore does not have the required impact.

Legal and ethical risk The risk arising from non-compliance with organisational and societal values and legal and regulatory reward requirements. This risk can lead to employee claims or regulatory action, which can have financial and reputation effects on the organisation.

Governance risk The risk arising from inadequate oversight and challenge to organisational reward strategy. This risk can lead to inappropriate reward policies being pursued.

Table 2: Strategic risks

Attraction and retention of key talent

The risk that reward is structured (level, structure and mix) in such a way that the organisation is unable to attract or retain the talent it needs to be successful.

Misaligned reward and business strategy

The risk that reward strategy is not aligned to organisational goals.

Misaligned reward and organisational structure

The risk that reward structure and technical design (that is, market pricing, job evaluation, and so on) are not in line with organisational structure.

Misalignment with other HR activities

The risk that the reward strategy is not aligned, or even conflicting, with other HR activities, diminishing the effectiveness of the whole HR strategy.

Reputation/brand The risk that the organisation’s reputation is adversely influenced by poor publicity resulting from adverse press coverage of reward systems.


Fundamental to any HR strategy that is aligned with

the organisational business strategy is the attraction

and retention of employees that are needed to make

the organisation a success. This is both a matter of

the appropriate numbers of employees but also the

right skills and knowledge to deliver business priorities.

Management of this attraction and retention risk is

at the heart of remuneration design alongside wider

efforts to establish an effective employer brand. The

examination of key HR metrics is felt to be significant

in ensuring that reward levels are appropriate (neither

too high nor too low). In addition, it is suggested

that a critical approach is needed to benchmark

data, which, although helpful in guiding reward-level

decisions, should not be the only determinant of

reward strategy given the wider ‘total reward’ offered

in the organisation and the influence this can have

on managing attraction and retention risks. Aligning

reward strategy with other HR activities is seen as

essential in correctly positioning the reward package.

In larger organisations the risk of misalignment with

business strategy is felt to be significantly higher. One

size does not necessarily fit all and management of this

risk may require different variants of the overall reward

strategy to be executed in different business units. This is

particularly true when organisations are operating on an

international basis where, not only strategic considerations

may vary across countries and regions, but also local

cultures and legal requirements may differ.

The recent media interest in reward structures, not

just in financial services but also across other sectors

particularly at executive level, is raised as requiring

increased attention from reward professionals.

Consideration of how reward packages, especially at

board level, are likely to be interpreted by the media

should details leak out before it is officially made

public is required as an input to the reward decisions

and to develop robust media management plans to

handle the event should it occur.

Behavioural reward risks

Table 3 shows the behavioural risks that were raised

during the research.

An effective reward strategy is likely to be targeted

at influencing employee behaviour and activity

towards business goals. Key to this success is ensuring

that the behaviours encouraged are the right ones

for organisational success. Numerous examples of

remuneration structures not being appropriately aligned

to the required behaviours were raised through the

research, for example: sales performance bonuses based

solely on immediate sales, leading to poor post-sale

management and poor customer satisfaction and future

customer retention; or bonuses paid with regard to

production volumes with no quality adjustment, leading

to high failure rates in final production.

Management of these risks requires managing the

balance in performance measures used in reward

decisions including, where relevant, risk-adjusting these

measures to reflect the true value added by the team or

individual. Employee reward should be determined with

reference to clear performance criteria, which should

Table 3: Behavioural risks

Engagement The risk that the reward strategy does not engage employees.

Fairness internally of reward

The risk that reward is not seen as ‘fair’ between employees, leading to reduced engagement.

Incentives not motivating

The risk that incentive structures do not motivate employees to higher levels of performance or desired behaviours.

Incentivising inappropriate behaviour

The risk that incentives lead to inappropriate employee behaviour, such as product mis-selling or excessive risk-taking.

Innovation stifled by reward

The risk that reward structures discourage innovative behaviour.


include qualitative non-financial criteria appropriate for

the business. Successful organisations require more than

just financial success. Issues of longer-term sustainability

of the business also revolve around areas such as

customer satisfaction and retention, referrals, quality and

appropriate risk-taking. A typical approach for managing

performance on a more holistic basis is a balanced

scorecard approach (see box).

The interviews identified a view that for non-financial

elements to be influential, they have to have a

material effect on the overall size of the reward, either

through bonus pool or merit rise determination, to

encourage the behaviours required.

While organisations often claim to be using a

balanced scorecard approach to employee reward

determination, it is felt that, certainly for revenue-

generating staff and therefore those exposing the

organisation to most business risk, the reality is that

revenue or profit generated is the dominant method

by which reward, largely through bonus pools, is

calculated. Both of these approaches present potential

drawbacks that require managing. Revenue, while easy

to calculate and often a readily available metric, takes

no account of costs raised in generating the business.

Profit numbers are seen as one way to manage this

but it is recognised that these can often be difficult to

calculate at individual or even, at times, team level. In

addition, both revenue and profit numbers fail to take

into account the riskiness of the business undertaken

in calculating incentive or bonus payments. However,

events in the financial services sector have significantly

raised the awareness of the need to consider the

effect on business risk-taking in incentive and bonus

plan design, not just in financial services but also

other industries. While this can be done through

mathematical calculations – and increasingly is done

this way in the trading businesses of financial services

organisations – this is not essential. Discussions of

leverage in bonus schemes at the design and review

phase are significant in ensuring that thought is given

to the risk-taking effects bonus targets may have and

whether these effects are considered acceptable.

The balanced scorecard

Developed by Kaplan and Norton (1996), the balanced scorecard uses both financial and non-financial

metrics that are considered important to company success to assess organisational, business, team and

even individual performance. Typically, this revolves around measures on four dimensions:

• Financial perspective – how are we performing with respect to revenue, costs, profit and return on

equity?

• Customer perspective – how do we appear to our customers?

• Learning and growth perspective – are we developing our employees such that they can increase

their contribution to the organisation’s goals?

• Internal process perspective – how successful are we in establishing and operating our key

business processes?

While the original model proposed by Kaplan and Norton does not explicitly identify risk management as a dimension, risk factors have increasingly been incorporated into organisational scorecards.


Financial reward risks

A range of financial risks are inherent in all reward

systems. Employee reward is often a significant

proportion of total cost and therefore effective

management of this cost is essential if the organisation

is to be successful, either with regard to overall

profitability or for public sector organisations with

regard to achieving value for money in its spending.

The main risks identified in this group and discussed in

the interviews are shown in Table 4 below.

A range of suggestions has been made around the

management of a number of these financial risks.

A regular review of the cost of providing employee

benefits through competitive tendering and market

benchmarking is identified as an important way to

ensure that the organisation receives value for money.

The opportunity to negotiate better deals with benefit

suppliers given current market conditions is suggested

as one further way of potentially bringing costs down.

Alternatively, employers could consider self-insuring

some benefits, although this in turn does introduce

a potential larger risk should claims be higher than

would have been payable through standard insurance.

Self-insurance should be considered only where the

organisation has the understanding of the risks and

the scale and financial resources to manage the risk of

a large payout should it materialise.

Unsurprisingly, concerns have been raised about the

rising costs of pension and healthcare benefits. While

clearly at the forefront for reward professionals, it

is important that active management of these risks

remains a priority. Potential strategies to manage these

cost risks have been discussed extensively elsewhere so

will not be discussed in further detail here.

Overall, it is felt by those that we have interviewed

that creativity is required to balance out the often

conflicting risk of cost control against employee

satisfaction with their reward package. One suggestion

to manage these risks concurrently is to consider using

conjoint analysis (where employees trade off one set

of attributes or features against another to determine

their relative importance) to get at your employees’

underlying reward preferences and establish whether

there is a way of better meeting these preferences

while lowering overall reward costs.

In addition to cost management risks, the issue of

the sustainability of ongoing performance is raised as

presenting potential financial concerns. Management of

this risk requires that performance-related remuneration

should not be based solely on the profit of one

year’s results, where there is a possibility that profit

information may be interpreted differently over time.

Where doubt exists, remuneration could be deferred

to a point where greater certainty of profit is achieved.

Table 4: Financial risks

Employee benefits self-insurance

The risk that self-insured benefits are not managed, leading to unexpected costs to the organisation.

Healthcare costs The risk that healthcare costs are not controlled.

Inaccurate profit / revenue data

The risk that bonus payments or pay budgets are established with reference to incorrectly stated profit or revenue data, leading to payments that are not appropriate.

Organisational cash flow (ability to pay)

The risk that the organisation is unable to meet reward payments due to cash flow issues.

Overcompetitive reward

The risk that employees are paid more than is required based on market comparisons.

Pension cost management

The risk that pension costs are not managed and become unaffordable.

Pension investment strategy

The risk that the pension investment strategy does not deliver against investment goals.

Taxation The risk that employer and employee taxation is not managed correctly, leading to incorrect taxation payments or tax efficiencies being missed.


This is identified as a factor in the financial sector, where

‘mark to market’ (see box) valuations of collateralised

debt obligations that were used to calculate traders’

bonus payouts in 2007 were not actually realisable once

the extent of the difficulties in the underlying mortgage

markets became widely known.

The extent to which this risk applies to an organisation

will depend on the certainty of valuation that is used

in the financial accounts. Although most apparently

relevant to the financial services industry, as illustrated

above, other instances of this risk were raised by

interviewees with respect to, for example, sales teams

where credits may be received for bonus purposes

when an order is made that could be later cancelled,

as well as examples in the property and construction

sectors. This could also apply where organisations have

goods or services with high product return rates that

are not accounted for in bonus payments.

Where this doubt exists it is suggested that some form

of deferral of bonus payments should be considered to

hold back funds until the reliability of profit numbers

is more assured. The proportion of any bonus that

should be deferred should be related to the extent to

which there is doubt in the profits on which the bonus

has been paid. The length of any such deferment

will depend on the time period over which greater

accounting certainty can be attained.

Operational reward risks

The reward system itself will bring direct risks to the

organisation. Reward processes can be complex and,

if not appropriately managed, may lead to errors. The

system is also dealing with large amounts of personal

data and the confidentiality of this data has to be

a key priority for reward and payroll professionals.

Financial fraud is also possible. Unlike a number of

the strategic, behavioural and financial risks, these

risks are often more directly in the control of the

reward function. A number of interviewees also noted

frustrations with their reward IT capability, which often

led to workaround solutions and therefore potentially

increased the risk of error or of lower levels of security

on personal data. These plus other potential reward

operational risks are shown in Table 5.

Mark to market valuations in the financial

services industry

Marking to market is the practice of assigning

a value to financial products (for example

equities, bonds, foreign exchange, and so

on) based on the price prevailing in the

market for that product. This may be based

on data provided from a market exchange

or, alternatively, an estimate based on similar

trades made that day or theoretical model

valuations (also known as ‘marking to model’).

Table 5: Operational risks

Benchmark data quality

The risk that benchmark data is inaccurate, leading to the establishment of inappropriate pay structures and therefore overpaying and lowering organisation cost control or underpaying and bringing attraction risks into play.

Data confidentiality The risk that personal data on employees is not protected appropriately, leading to breaches of security and potential legal challenges.

IT system The risk that the reward IT system does not deliver efficient and secure reward processes.

Outsource provider management

The risk that outsource providers (for example payroll, benefits) do not meet agreed contractual requirements.

Payroll management (for example error or fraud)

The risk of payroll errors leading to incorrect or fraudulent payments.

Reward system legacy management

The risk that management of legacy reward systems (that is, merger, TUPE) lowers the overall effectiveness of the reward strategy.


It is suggested that operational reward risk

management needs to be the reward team’s first

priority. Managing this risk effectively is a prerequisite

to being able to focus on other, more ‘strategic’ risk

areas such as those discussed above.

The importance of understanding and controlling the

basic operational risks is a consistent theme running

through the research. If payroll administration or data

confidentiality risks are not under control, there is little

hope of more strategic or behavioural risks identified

by the reward team being considered. A number of

organisations have outsourced the management of

some of these risks through outsourced payroll and

the implementation of industry IT solutions. However,

this does not negate the need to manage these risks

through effective contract management processes

and ongoing development of IT systems. In larger

organisations this means that a number of these

operational reward risks are managed in close liaison

with procurement and IT functions.

Implementation and change management reward risks

Effective reward policy is meaningless if the

organisation is unable to implement the policy. A

range of implementation and change management

risks have been raised, often relating to the capacity

and competency of both the HR function and

organisational line managers to effectively implement

the policies that were developed. Of most significance

is the need for effective communication for successful

reward implementation. Reward management change

related risks are shown in Table 6.

It is recommended that HR directors and reward

directors review the overall organisational capacity and

capability to deliver on espoused reward strategy and

take corrective action where necessary.

Table 6: Implementation and change management risks

Change management The risk that the reward strategy is unresponsive to a changing business environment or changes required to the reward strategy are managed ineffectively and therefore are not having the required impact.

Communication The risk that employees do not understand their reward package and therefore the organisation does not achieve full value from its components.

Employee relations The risk that reward issues lead to problems with general employee relations.

Employee reward understanding

The risk that employees do not understand how their reward package is constructed and as a result the organisation does not achieve best value from its reward spend.

Line management reward capability

The risk that the reward strategy is ineffectively delivered by line managers.

Reward team capability

The risk that the reward team does not have the capability to develop and implement an appropriate reward strategy.

Reward team capacity

The risk that the reward team does not have the capacity to develop and implement an appropriate reward strategy.

Trade union/works councils

The risk that trade union/work councils relationships inhibit the operation of the preferred organisation reward strategy.


Legal and ethical reward risks

The volume of employment legislation in the UK

has significantly increased since 1970 with, for

example, equal pay rights between men and women,

compensation for loss of job, minimum wage rights,

maternity and paternity rights, hours of work and

holiday entitlements, share ownership and pensions

and various trade union legislative requirements having

been introduced. Perkins and White (2008) in their

CIPD Reward Management textbook feel that the legal

context is so significant that ‘while employers may

wish as far as possible to create reward strategies for

their own particular circumstances, the starting point

will always be what the law allows or requires’ and,

given this, ‘a major skill for reward specialists is being

able to implement strategy within the constraints of

the law’. In addition, research participants felt that

ethical issues are becoming more fundamental in

guiding the strategic direction of organisations.

In this context a number of legal and ethical reward

risks were raised (Table 7).

A major challenge for reward professionals is keeping

abreast of legislative and regulatory requirements and

ensuring that reward systems stay in line with these

requirements. As with other risk groups, this requires

drawing expertise from other areas, namely HR legal

teams, either in-house or advice provided by external

legal firms. This is discussed later in the report.

Governance reward risks

The significance of corporate governance in effective

people risk management was identified in the 2006

Change Agenda Risk and Performance (CIPD 2006).

In the context of reward risk management this has

been further reinforced by the findings in the Turner

Review (FSA 2006), outlined in the box on page 8,

and Sir David Walker in his initial review of corporate

governance in the banking sector (Walker 2009) in

their discussions of the causes and potential solutions

to remuneration-related risk in the financial services

industry. Lessons can be drawn for all sectors from

their findings. While a detailed review of reward

governance and, in particular, the role of remuneration

committees in overseeing the development and

implementation of reward structures is beyond the

scope of this report, two risks were repeatedly raised

in relation to oversight and governance of reward.

These are shown in Table 8 below.

Table 7: Legal and ethical risks

Ethical The risk that the reward strategy is developed or managed in an unethical manner.

Implied terms, that is, contractual custom and practice

The risk that organisations establish custom and practice from actions taken that have larger consequences at a later date.

Legislative change The risk that legislative changes impact on the alignment of reward strategy with wider organisational goals.

Regulatory The risk that regulation of reward structures requires changes that are not consistent with organisational goals.

Reward discrimination, for example equal pay

The risk that the reward system inappropriately and potentially illegally discriminates between employees.

Table 8: Governance risk

Board / remuneration committee reward knowledge

The risk that the knowledge of those accountable for overseeing the governance of reward structures at executive and other levels is insufficient to carry out the role effectively.

Conflicts of interest The risk that reward decisions are influenced by individuals with a conflict of interest in the final decisions.


The FSA, in its work on remuneration risk, has

highlighted the importance of organisations’

remuneration committees having sufficient knowledge

of organisational risks to ensure that the reward

structures adequately account for the management of

these risks. Further, the EU Commission identified the

important role that remuneration committees should

have in designing company remuneration strategy

beyond that of executives, thereby suggesting that

for many organisations the remuneration committee’s

remit should be extended. However, it is important

that the focus of reward governance is on the need for

independence and challenge in remuneration decisions

and not committees and process. Reward teams need

to ensure that this independence is present.

The Treasury Select Committee, in its report on the

financial crisis and the role of remuneration in this

crisis, notes that remuneration committees need to

identify the risks within the organisation’s business

strategy and from this the role reward can play in

helping to manage these risks. This could perhaps be

done through stronger or improved links between the

remuneration and risk and audit committees (where

they exist) that would typically review an organisation’s

risk map. This approach could then be mirrored

further down the organisation with links between

the reward function and other ‘risk-aware’ functions,

such as audit, finance and risk management. However,

questions have been raised over the ability and

time for remuneration committee members to carry

out this enhanced role and the knowledge of both

remuneration practice and organisational risk profiles

that this would require. This means that HR may have

to carry out a review of the level of knowledge of the

organisation’s remuneration committee (or equivalent

governance for reward strategy) to ascertain whether

the remuneration committee has the knowledge

and ability to adequately develop and challenge

remuneration design and the need for risk issues to be

considered in this design.

Conclusion: the reward professional’s contribution

The seven risk groups identified are intended to act

as a prompt for discussion about the reward risks that

organisations are incurring. Ensuring that management

considers each of these risk groups when taking both

reward design and implementation decisions may help

in ensuring that reward risk management is an integral

part of the reward function’s work on a day-to-day


Current reward risk concerns and our state of readiness

In June and July 2009 the CIPD conducted a survey

to learn how reward management professionals,

consultants and academics perceive the risks facing

their reward strategies. The questionnaire was in

two sections. First, they were asked to rate a list of

potential risks – which had been identified through

two workshops and a series of interviews with risk

management and reward professionals relating to

reward strategy and its implementation – for impact on

a scale of 1–5 and whether these risks were felt to be

rising, steady or falling.

Second, participants were asked to rate the readiness

of their organisation to manage the risk that they had

identified.

We received 285 responses. The breakdown of

respondents is shown in Figure 2.

The top ten ranked risks faced by employers are as

follows:

1 poor communication of reward leading to poor

organisational performance

2 inability to adapt reward policies and practices to

the changing business environment

3 reward failing to engage employees

4 reward failing to attract key talent

5 ineffective reward strategy causing poor

employee relations

6 poor employee understanding of reward

7 line management reward capability – not being

able to link pay to employee performance or

communicate what is being rewarded and why

8 employees not perceiving reward as fair

9 that bonuses and incentives do not motivate

10 how people are rewarded does not support the

business strategy.

The list is dominated by risks from the ‘implementation

and change management’ risk group, with five of the

top ten risks coming from this group. Given that risk

management is fundamentally about managing the

uncertainty of events, this is not surprising. Comments

made by respondents reflect this concern, focusing on

the burden of change required in current economic

conditions and the gap between the intention of the

organisation and employee understanding of what

organisations are looking to deliver.

Behavioural risks are the next group to be raised,

especially around engagement, fairness of reward

and the need to incentivise employees effectively. Of

interest – given the political and media attention in

this area following the financial crisis – is the fact that

the risk that incentives create inappropriate behaviour

finished 29th. This perhaps identifies a gap between

what reward professionals believe is needed within

organisations and media and political coverage.

Figure 2: Breakdown of survey respondents

Consultant

HR practitioner

Academic

1%

9%

90%


Strategic risks around attraction and the alignment

of reward strategy with both organisational strategy

and other HR policies all feature in the top 20. Brand

and organisational reputation concerns are also high,

just outside the top ten at 13, which is reflected in

written comments around media interest and the need

for reward policies to be seen to be appropriate, not

just by employees but by wider stakeholder groups.

Not surprisingly, financial risks focus on pension cost

management, both directly and with respect to the

investment strategies that firms are employing to

manage their pension liabilities. In addition, cash flow

risk is highlighted, which is undoubtedly related to

the timing of the survey with organisations struggling

to manage through the recession and taking radical

action to manage cash flow through actions such as

pension holidays, pay freezes and cuts. Legal risks

barely feature, with legislative change at 14 the only

legal concern raised in the top 20. Encouragingly,

operational risks are also lower down the list, with

benchmark data quality the highest at 18, followed

closely by concerns over IT systems.

The survey also asked participants to identify risks

that they think are growing and will need increasing

attention in the future. The top ten risks that are

predicted to grow and therefore warrant increased

focus are as follows:

1 inability to adapt reward policies and practices to

the changing business environment

2 pension investment strategy – returns not

meeting expectations

3 pension cost management – organisations unable

to meet increasing costs associated with providing

an employee pension scheme

4 poor communication of reward, leading to poor

organisational performance

5 reward failing to engage employees

6 ineffective reward strategy, causing poor

employee relations

7 legislative change leading to more rules and red

tape

8 poor employee understanding of reward

9 organisational cash flow – not having the money

to meet reward commitments

10 failing to comply with regulatory requirements.

Given the current economic climate, attention will be

increasingly focused on the cost management risks

around cash flow management, pension cost and

investment strategy management, and healthcare cost

control. In addition, there will be the risks associated

with change management issues associated with

changing policies in these areas and the resulting risk

of reductions in employee engagement and problems

with employee relations.

Clearly legal and regulatory reward risks are also seen

to be on the increase, which – given the survey was

being completed during the FSA’s consultation on

reward in the financial services sector and Sir David

Walker’s review of corporate governance in the banking

industry and significant media coverage of reward

issues – is to be expected.

Also of interest is the difference in views as to the

main reward risks between HR practitioners and their

consultants. These are shown in bold in Table 9. HR

concern over employee relations, employee reward

understanding, incentives and line management

capability did not feature in the equivalent top ten

risks identified by their consultants. They are more

concerned with board and remuneration committee

knowledge (perhaps reflecting increasing work in that

area and the focus of their consulting on executive

reward issues), reputation, misalignment with other

HR policies and reward team capability. Despite these

differences, there is a consensus that the change

management risks are important.


Table 9: Comparison of practitioners’ and consultants’ perceptions of reward risks

HR Consultants

1 Communication Change management

2 Change management Communication

3 Engagement Attraction of key talent

4 Attraction of key talent Board/remuneration committee knowledge

5 Employee relations Fairness internally of reward

6 Employee reward understanding Engagement

7 Fairness internally of reward Misaligned reward and business strategy

8 Incentives not motivating Reputation/brand

9 Line management reward capability Misalignment with other HR activities

10 Misaligned reward and business strategy Reward team capability

Table 10: Sector views of reward risks

Manufacturing and production

Private sector services

Voluntary, community and not-for-profit Public sector

1 Communication Change management Change management Attraction of key talent

2 Engagement Communication Communication Change management

3 Attraction of key talent Engagement Line management reward capability

Communication

4 Change management Attraction of key talent Attraction of key talent Engagement

5 Employee relations Employee reward understanding

Employee relations Employee relations

6 Employee reward understanding


Engagement Employee reward understanding

7 Pension cost management

Employee relations Fairness internally of reward


8 Incentives not motivating



Pension cost management

9 Benchmark data quality


Retention IT system

10 Fairness internally of reward

Line management reward capability

Benchmark data quality


The risk profile by industry sector is shown in Table 10.

Overall, between sectors there are not huge differences

in the risks that practitioners feel are significant.

Again, change management risks dominate. However,

‘employee reward understanding’ and ‘incentives not

motivating’ are less of a concern for the voluntary

sector, perhaps reflecting why people work in these

sectors in the first place. Pension cost concerns are

higher in the manufacturing and public sectors, which

may indicate a different stage within those sectors of

managing pension cost risks.


Preparedness

The survey asked respondents, ‘How well prepared

do you think your organisation is to manage the risks

you have identified?’ The breakdown of responses is

shown in Figure 3.

Only 17% feel they are well prepared to handle

the myriad risks they face, while 9% think they are

poorly prepared. The rest gave a mixed response

(74%). This cautious response may be a reflection of

current demanding times for reward management and

concern that the future, with respect to the state of

the economy, is still unclear. This was reflected in the

comments made.

Given this general concern over preparedness, this

report now provides some guidance and supporting

tools to assist reward professionals to identify, assess and

manage risks within their organisation’s reward strategy.

Figure 3: How well prepared do you think your organisation is to manage the risks you have identified?

Well

Mixed

Poor

17%9%

74%


Risk management process

Risk management techniques are well established

and used widely in many organisations. The following

advice is intended to provide a high-level route map

to reward teams as to how they might go about

identifying, assessing and managing risks that apply to

their reward strategy.

Reward professionals are advised to use established

risk management techniques (for example impact

and probability analysis, risk logs, stress testing) to

identify their organisation’s key strategic, behavioural,

financial, operational, legal, change management

and governance reward risks and manage and

control these risks in line with the organisation’s

defined risk appetite. These tools are intended to

support a proactive approach to predict and manage

unacceptably high risks rather than reactive ‘fire

fighting’ of ‘crystallised’ or realised risks after they

have occurred.

Where possible, the adoption of established

organisational risk management processes should be

used in managing reward risks. This has the dual benefit

of saving the time and effort required in designing

reward risk management processes and it can also help

increase the credibility of any reward risk assessment

results and resulting recommended actions through

presentation of results in line with organisational

standards. However, where such a process does not

exist, the support provided below will help.

A three-stage process for managing reward risk was

presented earlier and is shown in Figure 4.

Each of these stages will be discussed alongside

suggestions for how to carry out the stages efficiently

and effectively.

Figure 4: Three-stage process for managing reward risk

Stage 1

Risk identification

Stage 2

Risk assessment

Stage 3

Risk mitigation

• collection of risks from a diverse range of intelligence, both internal and external to the organisation

• initial risk assessment against two criteria: – impact that the risk occurring would have on the organisation – probability that the risk will occur

• decision on appropriate mitigating action to be taken• reporting of risk assessment to ‘appropriate’ persons


Stage 1 – risk identification

The research highlights the importance of reward

professionals using a range of sources of intelligence to

be able to begin to identify risks that may be pertinent

to their organisation’s reward strategy and delivery.

To successfully identify the risks that may influence the

effectiveness of the organisation’s reward strategy, it

is important to engage with a range of functions and

key individuals to get their intelligence on what might

happen and to involve them in brainstorming activities,

drawing on their particular expertise. Key functions for

reward to engage with in identifying reward risks are

presented in Table 11.

Table 11: Key functions to engage with in identifying reward risks

Function How they can help Questions to consider

Internal audit

Internal audit play a key role in assessing the controls in organisations. This requires them to assess the risks that organisational processes and functions are managing and how effective the controls are to manage these risks. They are likely to have done some form of organisational risk-mapping and may have already considered reward-related risks.

What risk-mapping work have they already done and where do reward-related risks appear on this map?

What do internal audit reports say about reward risks?

Compliance and risk management

In some industries a formal compliance team or a centralised risk management function will be in place. They can be a source of intelligence around business risks that may be impacted by reward structures. For financial services organisations in the UK, it is now regulatory guidance that reward decisions take into account the views of risk and compliance.

What regulatory issues may be emerging that may impact on the reward strategy?

What behavioural issues may impact on regulatory compliance and how is reward contributing or assisting with managing these issues?

Unions Unions (and works councils or equivalent), through their engagement with employees, will have intelligence on the current state of employee satisfaction and the likely reaction of employees to different reward approaches. They will also, because of their wider industry understanding, have thoughts on industry reward developments.

What is the union view on future reward risks that the organisation may face?

Finance Given that reward costs are often a high proportion of overall employee cost, the finance function is likely to have input on potential future cost risks through their understanding of the cost structure of employment costs. Specifically in relation to pension costs they may also have insight into future regulatory or accounting changes that may apply to these costs, which may influence reward decisions.

Where are our biggest reward expenditures?

What have we seen happen to those spends over time?

What are our views on likely future cost changes in areas such as pay and benefits?

HR business partners/line managers

What is happening in business units on the ground is crucial risk identification data.

What trends around recruitment, retention and motivation are HR business partners and line managers seeing?

What influence are reward structures having on front-line employee behaviour? Are these the behaviours that are required to make the business a success?


As well as engaging with key functions and individuals,

reward risks can be identified through review of

management information. Review of this data can help

identify emerging trends and concerns. Key sources

and where they may provide insight to reward risks are

shown in Table 12.

As well as these internal sources of data for identifying

reward risks, there are numerous external sources that

will assist you in thinking as widely as possible about

potential events that may impinge on the effectiveness

of your reward strategy. Some suggestions as to

potential sources are presented in Table 13.

Table 12: Key internal sources of management information for identifying reward risks

Organisational and HR risk maps

Does an HR risk management process already exist?

What risks have already been identified and do these include reward-related risks?

Exit interviews What reward issues are being raised by those leaving the organisation?

Equal pay audit results

What do your equal pay results tell you about potential discrimination risks?

Management accounts

What are the main drivers of organisational performance?

What are the main sources of organisational costs?

Business forecasts What are the future expectations of the business?

Balanced scorecard results

What are the main performance issues in the business – financial, process, people and customers? How might reward structures and systems impact on these (for example, customer satisfaction scores, sales results, process efficiency, and so on)?

Service level reports from suppliers (for example payroll, benefits, IT systems)

What level of performance are you getting from your external suppliers?

What level of errors are occurring and how are these being addressed?

HR management information

What level of recruitment offers are accepted? Why are offers rejected?

What is employee turnover? How does it vary by function and business unit?

How do actual pay levels compare with the market position that is being targeted?

What ongoing grievances or legal disputes do you have with employees and how do these relate to reward systems?

Table 13: Key external sources of information for identifying reward risks

Employment law alerts/briefings

Many of the legal firms provide regular updates on future employment law changes and recent cases. What legal changes are likely in the future and how will they impact on your reward strategy? What tribunal cases have been held and what implications may they have?

Government consultation papers

The Government regularly consults on proposed changes. These can provide an opportunity to mitigate the risk through engagement with the consultation process or alternatively early warning of potential changes for you to consider the implications for your reward strategy.

Press publications and trade conferences

Both the HR press and wider media will provide information on reward issues emerging and good practice carried out by other organisations. What can you learn from these with regard to potential threats to your reward strategy?

Research Economic data is crucial for understanding potential future reward-related issues. For example, what is inflation likely to be in the future and what influence might changes in this have on how you approach reward? Demographic data can also be useful in identifying particular employment trends that may have a disproportionate influence on your business. In addition, academic research is carried out on reward-related areas that may give you insights as to potential issues within your reward approach or ideas for future changes.


The significance of developing the discipline within

your reward function to continually engage with other

parts of your organisation and review key internal

and external data sources cannot be understated.

A successful reward risk manager will be assessing,

on a continual basis, all the data they are gathering

and considering its potential implications for the

effectiveness of the reward strategy.

Having developed a good understanding of what is

happening that may be relevant to your reward strategy,

both external to and within your organisation, you should

then be in a better position to identify reward risks. A

systematic approach to the identification of reward risks

can then be used as a guide to assess the main reward

risks relevant to your current organisational position.

Reward risk assessment will now be discussed.

MBDA is a defence company with industrial facilities in France, Germany, Italy, the USA and the UK.

It has 9,000 employees worldwide. As with all organisations in the defence industry, it faces future

challenges with reducing defence budgets and increased international competition from former Eastern

European defence companies, the United States and developing countries intent on building their own

indigenous technical capability.

At MBDA, a number of reward-related risks have been identified. The company has relatively long-

serving employees and consequently the principal focus hasn’t historically been on retention risks, but

rather, with the increased competition in the sector, employee motivation and cost control. As well

as these behavioural and financial reward risks, MBDA has also faced different legal requirements,

and resulting legal reward risks, in each country in which it operates. In addition, the cross-border

nature of its operations has meant that reward change management and communication risks have

required particular attention through careful consideration of how the company communicates with

its employees what is contained in their remuneration package, in each country, in order to raise the

visibility of the offer. This is to help ensure that employees know what they are receiving and get full

value from it, as it is felt that many employees are not fully aware of the extent of their package.

The company has an organisation-wide risk management process that includes an organisation-wide

risk register. However, this has typically focused on front-line business processes, such as supply chain

management, specific project management risks and business contingency planning, rather than on HR

and reward-related risks. The intention is to bring a more systematic approach to reward risk identification,

assessment and mitigation through the adoption of already established organisation risk management

practices. The initial focus is likely to be on using reward systems to help address the business challenge

of aligning employee reward to business performance which, due to relatively long product lifecycles,

can mean that employees lose sight of the ultimate customer and their needs. It is felt reward can help

manage this risk through revisions to the bonus scheme linked to both organisation-wide and local

performance measures alongside longer-term incentive programmes to help employees see both short-

and longer-term priorities. Risks that are having to be considered in the development of this reward

system include: communication risks to ensure that employees are fully aware of what they need to do

to increase their reward; and achieving the right balance between individual and team reward to manage

individual performance but support teamworking and contribution ultimately to the organisation’s bottom

line. Clearly, performance management is also key and educating and encouraging managers to more

actively differentiate between employees is an area of focus.

Going forward, the reward team will be looking to leverage off the organisation’s approach to risk

management, given the immediate advantage this presents with respect to linking into organisational

tools and using business language to highlight and give attention to HR and reward-related risks.

This information was supplied by John Murray, HR Director, Operations, at MBDA.

Reward risk management at MBDA: the start of a journey


Stage 2 – risk assessment

At this stage you should have an idea of the universe

of risks that apply to your reward strategy across

the seven risks groups – strategic, behavioural,

financial, operational, legal, change management and

governance risks. The next stage requires you to assess

the probability and impact of each of the reward risks:

• probability – the likelihood of the identified risk

actually occurring

• impact – the effect the risk occurring will have on

your overall reward strategy and, through this, your

business strategy.

Assessing both of these dimensions requires

judgement. One approach that is taken to support

this judgement is to map the identified risks onto an

impact and probability matrix. An example is given in

Figure 5.

Risk appetite

The coloured zones in Figure 5 show potential risk

management actions to be taken against each of

the reward risks identified. Where these zones lie in

your own reward risk map will depend on your risk

appetite. Risk appetite is the amount of risk that you

are willing to accept or be exposed to at a specific

point in time. Some organisations are willing to accept

higher levels of risk than others depending on the

prevailing culture at the time that the risk appetite

is defined. What is crucial is that you engage senior

management in defining what level of reward risk they

are willing to be exposed to. Potential questions that

can help you define your risk appetite are as follows:

• Financial cost – what is the potential financial

loss to the company should the risk materialise, for

example legal costs and fines should tribunal cases

be lost through running a legal risk?

Figure 5: Impact and probability matrix

8

11 2

57

3

4

96

Minimal risk – does not require specific attention

Contingency plans should be in place

Preventative controls should be put in place

Heavy risk management focus

High

Medium

Impa

ct

Low

Low Medium

Probability

High

1

2

3

Identified reward risk 1

Identified reward risk 2

Identified reward risk 3etc...


• Reputation – what level of publicity may occur if

the risk occurs? What level of bad publicity are you

willing to accept if a risk materialises?

• Regulatory – is potential regulatory intervention

acceptable to the business?

These are just examples. Many organisations

present potential negative scenarios to their senior

management and ask them whether the occurrence

of the scenario is acceptable or should be eliminated.

This allows them to carry out some calibration of the

organisation’s reward risk appetite.

Combining risk

While the framework presented identifies numerous

individual risks, they should not be considered in

isolation. A number of these risks are likely to arise in

tandem and as a result their individual influence may be

increased through combination effects. Consequently,

the risk assessment process should consider how the

identified risks are related and whether the combination

will lead to a higher impact or probability than may be

suggested by examining each risk individually.

Commerzbank is an international German bank providing retail and corporate banking worldwide. Its

UK operation focuses on investment and corporate banking. It employs around 1,200 staff in London.

Reward risks are examined systematically using assessment of both impact and probability criteria.

The probability of a reward risk occurring is assessed using a simple percentage (0–100%). Impact is

measured on a five-point scale, 1 being a non-material impact and 5 being an impact critical to business

performance. The probability percentage and impact are then multiplied to give an overall reward risk

score. This score is then used to identify where reward risk mitigation should be focused. Any scores

above 200 are considered to be red risks and require immediate action. The risks are then presented on

a ‘risk umbrella’ map to demonstrate the highest risks, as shown below.

The risks identified and the analysis of their probability and impact are then captured in a risk log, along

with defined mitigating actions where it is felt the risk is too high for Commerzbank’s reward risk appetite.

This information was supplied by Ian Davidson, Head of Compensation and Benefits, at Commerzbank, London.

Reward risk assessment at Commerzbank London

1 Set by Frankfurt300

250

200

150

100

50

0

19 Loss of reward knowledge in London

18 Regulatory communication

17 Employee communication

16 Senior management communication

15 Head office communication

14 Delivery not in accordance with contracts

13 Incorrect HMRC reporting

12 Correct levels of bonus

11 Correct levels of pay 10 Market issues

Probability Impact Total score

9 Discrimination issues

8 Bonus system

7 Bonus levels

6 Levels of base salary

4 Regulatory agreement

3 Understanding by HR business partners

2 Communications to senior management

5 Business impact


Stage 3 – risk mitigation

The final risk management stage is to consider what

risk mitigation actions may be required. This will be

heavily informed by your risk assessment process, with

higher impact and higher probability risks warranting

more attention. Typically, organisations capture the

risks identified and their assessments of these risks in

some form of risk map (also sometimes referred to as a

risk register or risk log), which then allows the actions

to be taken to be laid out and accountability to be

assigned for ongoing management of the risk.

A typical risk map is presented in Table 14, along with

some illustrative risks and potential action plans. Where

scoring is used, as in the Commerzbank case study, risk

maps will often include a column for this score alongside

a target score for the risk after the action plans have been

completed.

Clearly risk mitigation will be specific to the risks identified

and the assessment of their potential impact and their

likelihood of occurring. It is an area where creativity is likely

to be required in thinking through ways of managing the

risks so that the costs of carrying out the mitigating action

are proportionate to the costs of such action.

Scenario analysis can assist the development of

appropriate risk mitigation strategies. These are basically

‘what if’ questions intended to provoke ideas on what

strategies or controls should be put in place to prevent

potential risks occurring or alternatively the building of

contingency plans to manage the risk should it occur.

Table 14: Example risk map

Risk group Description Impact Probability Owner Action Review date

Operational Employee confidentiality is breached through loss of reward data

Medium Low Clare Brown Annual data confidentiality audit

January 2010

Financial Inaccurate profit data used to set bonus pool

High Medium Ann Jones Establish bonus deferral policy

Bonus pool set on audited profit

November 2009

Financial Escalating healthcare costs

Medium Medium Clare Brown Supplier re-tendering

Employee consultation as part of ‘total reward’ review

April 2010

Strategic Loss of key employees

High Low John Smith Intra-year review of market benchmarks for key groups

Retention bonus policy in place

Line management communication of the tool and its potential use

December 2009

Change management

HR capability to implement new job evaluation system

Medium High John Smith HRBP training sessions on new job evaluation system

Job evaluation guides developed

October 2009


There is no definitive list of the skills, knowledge and

competencies required by reward professionals to

successfully pursue a risk-based approach to their work.

However, the reward professionals that we talked to

have identified a number of competencies from the

CIPD’s HR Profession Map that they felt to be particularly

relevant in adopting a risk-based approach. These are

highlighted in Table 15 against each of the three stages

identified in the reward risk management process.

Clearly behaviours are important but can only be

effectively deployed in the reward risk management

approach described if they are accompanied by a

base of technical skills and knowledge. This skill

and knowledge will be a combination of business

understanding, technical reward knowledge and,

where relevant, operational management to ensure

all types of reward risk are well managed. The CIPD’s

‘reward and performance’ professional area in the

overall HR Profession Map can help establish the key

knowledge required.

For more detail on the CIPD HR Profession Map, go to

www.cipd.co.uk/hr-profession-map

Table 15: Risk management process and CIPD HR Profession Map competencies

Risk identification Curious– active interest in the internal and external environment– open-minded with a bias to learn and enquire

Collaborative– works effectively and inclusively with colleagues

Co

urag

e to ch

alleng

e

Shows courage and confidence to speak up, challenge others

when faced w

ith resistance.

Risk assessment Decisive thinker– analyse and understand data quickly– use judgement wisely to identify options and defendable decisions

Skilled influencer– gain the necessary commitment

Risk mitigation Driven to deliver– a consistent and strong bias to action

Personally credible– track record of reliable and valued delivery

Effective risk management – what does it take?


Conclusion

While the research identifies that reward risks are

on the increase, and practitioners are struggling to

manage these risks, there are many good examples of

organisations getting on top of their reward risks and

managing them effectively. Successful organisations

are assessing their reward strategy and systems for risk

so that they can proactively manage these dangers

and avoid unnecessary reward shocks. There are clear

steps that reward practitioners and their HR colleagues

can take to more effectively identify, assess and

then manage the risks that organisations face when

managing their reward practices. By adopting five

simple steps, organisations can significantly improve

their preparedness for managing reward-related risks:

1 Establish effective reward risk intelligence-

gathering systems.

2 Proactively review your reward strategy and

systems for risk.

3 Use established risk management tools to assess

and manage identified reward risks.

4 Know your reward risk appetite and manage risk

consistent with this.

5 Build your risk management capability and develop

a permanent risk management culture.

To assist practitioners in following these steps this

report has identified seven key reward risk groupings.

We have used this framework to review the main risks

that are seen to be most relevant today to reward

management professionals and have provided some

risk management tools to assist organisations in

reviewing their reward-related risks.


References and further reading

ASSOCIATION OF INSURANCE AND RISK MANAGERS,

ALARM and INSTITUTE OF RISK MANAGEMENT. (2002)

A risk management standard. [London]: AIRMIC,

ALARM and IRM. Online version also available at:

http://www.theirm.org/publications/PUstandard.html

[Accessed 22 September 2009].

CHARTERED INSTITUTE OF PERSONNEL AND

DEVELOPMENT. (2006) Risk and performance: HR’s

role in managing risk [online]. Change agenda.

London: CIPD. Available at: http://www.cipd.co.uk/

subjects/corpstrtgy/general/_rskprfrmnc.htm [Accessed

22 September 2009].

FINANCIAL SERVICES AUTHORITY. (2009) The Turner

review: a regulatory response to the global banking

crisis [online]. London: FSA. Available at: http://www.

fsa.gov.uk/pages/Library/Corporate/turner/index.shtml

[Accessed 22 September 2009].

KAPLAN, R.S. and NORTON, D.P. (1996) The balanced

scorecard: translating strategy into action. Boston,

MA: Harvard Business School Press.

PERKINS, S.J. and WHITE, G. (2008) Employee reward:

alternatives, consequences and contexts. London:

Chartered Institute of Personnel and Development.

STEVENS, J. (2005) Managing risk: the human

resources contribution. London: LexisNexis.

WALKER, D. (2009) A review of corporate governance

in UK banks and other financial industry entities

[online]. London: The Walker Review Secretariat.

Available at: http://www.hm-treasury.gov.uk/walker_

review_information.htm [Accessed 22 September

2009].

32

Managing rew

ard risks: an integrated approach

Appendix – outline reward risk mapping toolThe risks below were identified during the research as being

particularly relevant to reward risk management. They are

intended to act as a guide for reward functions in their

assessment of risks that are present and need managing

in their own reward systems. They are presented alongside

a simple tool to allow reward professionals to review

each of the risks against their own reward strategy and

systems. The list is intended to provide a potential universe

of reward-related risks but should not be considered

exhaustive or treated as a checklist. Each organisation

will have a different risk profile and consequently require

different reward risk management strategies.

Risk Definition Impact Probability Owner Action

Strategic risks

Attraction and retention of

key talent

The risk that reward is structured (level,

structure and mix) in such a way that the

organisation is unable to attract or retain the

talent it needs to be successful.

Misaligned reward and

business strategy

The risk that reward strategy is not aligned to

organisational goals.

Misaligned reward and

organisational structure

The risk that reward structure and technical

design (that is, market pricing, job evaluation,

and so on) are not in line with organisational

structure.

Misalignment with other

HR activities

The risk that the reward strategy is not aligned

with other HR activities, diminishing the

effectiveness of the whole HR strategy.

Reputation/brand The risk that the organisation’s reputation is

adversely influenced by poor publicity, resulting

from adverse press coverage of reward systems.

Uncompetitive reward The risk that employees are paid less than is

required based on market comparisons, leading

to attraction and retention difficulties.

Managing rew


33


Behavioural risks

Fairness internally of

reward

The risk that reward is not seen as ‘fair’

between employees, leading to reduced

engagement.

Engagement The risk that reward strategy does not engage

employees.

Incentives not motivating The risk that incentive structures do not

motivate employees to higher levels of

performance or desired behaviours.

Incentivising inappropriate

behaviour

The risk that incentives lead to inappropriate

employee behaviour, such as product mis-

selling or excessive risk-taking.

Innovation stifled by

reward

The risk that reward structures discourage

innovative behaviour.

34

Managing rew



Financial risks

Employee benefits self-

insurance

The risk that self-insured benefits are not

managed, leading to unexpected costs to the

organisation.

Healthcare costs The risk that healthcare costs are not

controlled.

Inaccurate profit / revenue

data

The risk that bonus payments or pay budgets

are established with reference to incorrectly

stated profit or revenue data, leading to

payments that are not appropriate.

Organisational cash flow

(ability to pay)

The risk that the organisation is unable to meet

reward payments due to cash flow issues.

Overcompetitive reward The risk that employees are paid more than is

required based on market comparisons.

Pension cost management The risk that pension costs are not managed

and become unaffordable.

Pension investment

strategy

The risk that the pension investment strategy

does not deliver against investment goals.

Taxation The risk that employer and employee taxation

is not managed correctly, leading to incorrect

taxation payments or tax efficiencies being

missed.

Managing rew


35


Operational risks

Benchmark data quality The risk that benchmark data is inaccurate,

leading to the establishment of inappropriate

pay structures and therefore overpaying

and lowering organisation cost control or

underpaying and bringing attraction risks into

play.

Data confidentiality The risk that personal data on employees is not

protected appropriately, leading to breaches of

security and potentially legal challenge.

IT system The risk that the reward IT system does not

deliver efficient and secure reward processes.

Outsource provider

management

The risk that outsource providers (for example

payroll, benefits) do not meet agreed

contractual requirements.

Payroll management (for

example error or fraud)

The risk of payroll error leading to incorrect or

fraudulent payments.

Reward system legacy

management

The risk that management of legacy reward

systems (that is, merger, TUPE) lowers the

overall effectiveness of the reward strategy.

36

Managing rew



Implementation and

change risks

Change management The risk that changes to reward strategy are

managed ineffectively and therefore are not

having the required impact.

Communication The risk that employees do not understand

their reward package and therefore the

organisation does not achieve full value from

its components.

Employee relations The risk that reward issues lead to problems

with general employee relations.

Employee reward

understanding

The risk that employees do not understand

how their reward package is constructed and

as a result the organisation does not achieve

best value from its reward spend.

Line management reward

capability

The risk that reward strategy is ineffectively

delivered by line managers.

Reward team capability The risk that the reward team does not have

the capability to develop and implement an

appropriate reward strategy.

Reward team capacity The risk that the reward team does not have

the capacity to develop and implement an

appropriate reward strategy.

Trade union / works

councils

The risk that trade union / works council

relationships inhibit the operation of the

preferred organisation reward strategy.

Managing rew


37


Legal and ethical risks

Ethical The risk that reward strategy is developed or

managed in an unethical manner.

Implied terms, that is,

contractual custom and

practice – precedent risk

The risk that organisation establishes custom

and practice from actions they take that has

larger consequences at a later date.

Legislative change The risk that legislative changes impact on

the alignment of reward strategy with wider


Regulatory The risk that regulation of reward structures

requires changes that are not consistent with


Reward discrimination The risk that the reward system inappropriately

and potentially illegally discriminates between

employees.

Governance risks

Board / remuneration

committee reward

knowledge

The risk that the knowledge of those

accountable for overseeing the governance of

reward structures at executive and other levels

is insufficient to carry out the role effectively.

Conflicts of interest The risk that reward decisions are influenced by

individuals with a conflict of interest in the final

decisions.

Chartered Institute of Personnel and Development151 The Broadway London SW19 1JQ Tel: 020 8612 6200 Fax: 020 8612 6201Email: [email protected] Website: www.cipd.co.uk

Incorporated by Royal Charter Registered charity no.1079797 Issu

ed:

Oct

ober

200

9 R

efer

ence

: 50

07 ©

Cha

rter

ed In

stitu

te o

f Pe

rson

nel a

nd D

evel

opm

ent

2009

We explore leading-edge people management and development issues through our research.

Our aim is to share knowledge, increase learning and understanding, and help our members

make informed decisions about improving practice in their organisations.

We produce many resources on people management and development issues including guides,

books, practical tools, surveys and research reports. We also organise a number of conferences,

events and training courses. Please visit www.cipd.co.uk to find out more.

Date post:	11-May-2018
Category:	Documents
Upload:	trannhan
View:	221 times
Download:	2 times

Managing reward risks An integrated approachobservgo.uquebec.ca/...Managing_reward_risks.pdf ·...

Documents