hr risk: managing risks that matter - chapters site county/iia oc presentation... · hr risk:...
TRANSCRIPT
HR Risk: managing risks that matter
A meeting with IIA – Orange County13 September 2012
People drive business success
Page 2HR Internal Audit Discussion
� People related risk in today’s environment
� HR risk universe
� Hot topics
� How leading companies manage HR risk
� Questions
Discussion agenda
Page 3HR Internal Audit Discussion
People related risk in today’s environment
Megatrends in HR Risk affecting business success today
► Sub-optimal results due to misalignment of Talent and business needs
► Ever-increasing retirement fund deficits
► Increased oversight and governance of remuneration
► HR compliance challenges from accelerating regulatory change
► Inability to implement a genuinely global business model
► Under-investment in HR systems and resources
HR Risk management creates a significant competitive advantage. Human Resource functions that understand risk implement effective processes and controls to manage the risks that matter, anticipate the impact of a rapidly changing business environment and drive business success.
Page 4HR Internal Audit Discussion
People related risk in today’s environmentMarket reach
75%of 350 Global companies surveyed had changed or expanded their suite of
mobility policies within the last 24 months, and over
half were planning to do so in the next six months**
20%of expatriates have left their employer within two years of
repatriation **
* Source: EY - Managing today’s global workforce** Source: EY Global Mobility Effectiveness Survey 2011. North America only
HR challenges Trends in successful organizations…
• Right person, right place, right time• Regulatory diversity• Global rewards strategy• Leveraging workforce data• Standardization of global operating
models collides with national and sub-national regulation
• Amplified risk from cross-border mobility
• Global organizations aligning talent management programs with strategic business objectives
• Expanded focus on international reporting through payroll, labor law, and immigration• Talent management programs, IT systems and processes integrated globally,
regionally or by business unit• Increased suite of mobility policies reviewed regularly• Inclusion of international assignments in their overall talent management framework
and increased suite of mobility policies reviewed regularly• Co-ordinated identification and management of a human resource risk across multiple
internal business functions, and heightened wider corporate awareness
The inability to deploy and compete in a global market will impede growth
Are the careers of internationally mobile employees managed on an enterprise-wide basis (as part of an
overall strategic talent management program)?*
Page 5HR Internal Audit Discussion
People related risk in today’s environmentOperational agility
73%of companies cited
inadequate HR compliance riskas a major area
of concern**
58%of HR leaders
cited management HR compliance as
one of their top three issues*
HR challenges Trends in successful organizations…
• Pace of regulatory change• Diminished employee engagement • Data security and Integrity• Leveraging HRIS technology• Compliance with global tax and social
security reporting• Increased corporate audit focus on HR
processes and global compensation programs
• Increased administrative and financial costs resulting from additional employee tax levies
• Formal global pay policies and increased Board oversight resulting in greater flexibility to respond quickly to local regulatory changes
• A standardized approach to understand and meet the appropriate compliance requirements
• Integrated approach across corporate functions e.g., policy compliance, payroll, legal etc.
• Internal HR processes and implementation of appropriate controls to ensure compliance with internal audit procedures
• Linkage of the impact of legislative changes to HR strategy in order to validate that both cost competitiveness and value to the employee is maintained
Tax Information Exchange Agreements have expanded
rapidly during the last three years from 23 to over 378 agreements
now in place globally
The pace of legislative change is increasing risk and uncertainty
* Source EY Global Human Capital Conference Survey 2011** Source: EY Global Mobility Effectiveness Survey 2011
Golden age of technical change
Massive increase in domestic legislative change around employee taxation
EU Directive on Social Security
OECD Article 15 changes
New employment levies to
supplement tax and social security
23 378355
Page 6HR Internal Audit Discussion
People related risk in today’s environmentCost competitiveness
HR challenges Trends in successful organizations…
• Pension funding gap• Disparate HR systems• Ineffective service delivery model• Increased regulatory complexity• Gathering accurate employee data for
strategic decision making across multiple systems
• Use of shared services and centers of excellence driving consistency and reducing HR process costs globally
• A shift from defined benefits to defined contribution plans• Performance of pension asset liability matching• Improved labor and stakeholder relations• Aggressively harmonized human resource and payroll systems• HR services aligned with key business needs and objectives
Pension underfunding can have a severe impact on business
continuityLong term bond yields have fluctuated by 2.5% since 2000 resulting in a 50%
movement in liabilities
Yield on global equities since 2000 has been 4.5% per annum against an expected return closer to 9%.
Life expectancy in Western Europehas increased by 7 years since 1980
resulting in a 20% increase in liabilities*
Before center of excellence After center of excellence
HR systems can be the last in line for corporate investment, compromising service delivery
* Source: Hewitt 2009 study
Mexico Switz
Brazil
Canada
USA
UK
Sweden
France
Czech
Germany
Italy
Australia
Japan
Mexico Switz
Brazil
Canada
USA
UK
Sweden
France
Czech
Germany
Italy
Australia
Japan
Center of Excellence
Page 7HR Internal Audit Discussion
People related risk in today’s environmentStakeholder confidence
HR challenges Trends in successful organizations…
• Data privacy• Executive regulatory compliance• Stakeholder scrutiny of executive
remuneration• Managing low 'yes' votes during
shareholder meetings and control possible reputational damage
• Pay plans are not performance oriented leading to dissatisfied shareholders and media scrutiny
• Adhering to differences in global executive remuneration regulation with associated compliance risk
• Pervasive and sophisticated attacks and penetration of HR-related systems
• HR data integrity and security elevated to a strategic level• Engagement with shareholders and proxy advisors in preparing remuneration
disclosures and for annual meetings • Reworked remuneration plans linking pay to business strategy, company
performance and shareholder value• Established formal global pay policies and increased Board oversight and flexibility to
respond quickly to local regulatory changes• HR Risk Management embedded in performance metrics and goals
Pay for performance measures:
Influenced by shareholder interest groups e.g., ISS in UK, Australia, US
Say on pay legislation:
US: Dodd-Frank Act (2009)Germany: VorstAG (2009)
Australia: 2 Strikes Law (2011)UK: Executive pay reform (2012)
73%Only 73% of IT professionals
surveyed have a clear understanding of privacy
laws impacting their organization**
47%47% of companies cited their
greatest challenge in managing compliance and risk was
inefficient HR processes or lack of resources*
* Source: EY Global Human Capital Conference Survey 2011** Source: EY Global Information Security Survey 2011
Executive remuneration and data security are in the media spotlight
Page 8HR Internal Audit Discussion
Planning and Resource Allocation► Training / Talent
Development ► Organizational Structure
and Design► Deployment and Utilization
Global Workforce Management► Employer Relations► Health, Safety and Security► Union Relations► Policies and Procedures► Employee Satisfaction► Whistleblower
Governance► Corporate Culture and
Social Responsibility► Code of Conduct / Ethics► Transparency of Pay
Programs► Talent Management
HR Performance and Policies► HR service delivery & risk ► Sourcing Strategy ► Vendor Contracts and
Service Level Agreements► Vendor performance/fees► Human resource data
Talent Management► Role and competency
design► Recruitment, sourcing and
on/off boarding► Performance management► Career mapping,
succession planning and leadership development
► Learning and training► Workforce analytics and
planning
Regulatory► Employee Privacy and Data
Protection► Labor law / Collective
Bargaining► Pension / Retirement
Benefits► HIPAA and PPACA policies
and proceduresWage and Hour► Determination of hours
worked and OT requirements
► Employee classification (Exemptions, Independent Contractors, etc).
► Time and Recordkeeping requirements
► State law considerationsPayroll► Global and domestic
mobility compliance► Payroll process► Payroll tax and reporting
Executive Compensation Risk Review► 409A, 280G, 162(m) ► Incentive Compensation
plan ► Executive Benefits and
Perquisites ► Equity compensation and
incentives► Severance programs
Employee Benefits and Retirement► 401(k) plan operations►Pension/OPEB plan
operations►Pension plan terminations►Health Care reform
readiness assessment►Fiduciary requirements/plan
asset payments
Strategic
Operations
Financial
Com
plia
nce
The HR risk universe
Page 9HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Misclassifying workers under the Fair Labor Standards Act
►exempt vs. non-exempt
►independent contractor vs.
employee
►Not paying workers for all work performed
►Improperly calculating overtime
►Not training employees and
supervisors on wage and hour practices
►Not responding to changes in federal and state wage and hour laws
►Change in HR, Pay or Time system results in incorrect calculations of overtime hours and rate
►Exposure to litigation and government audits, potentially resulting in the following--
►civil and criminal penalties
►back wages
►liquidated damages (e.g., “double damages”)
►attorney’s fees
►additional taxes
►Is the company periodically reviewing its workers’ classifications and documenting these classification decisions?
►How does the company ensure that workers are paid for all hours worked (e.g., for pre- and post-shift activities, work performed during meal breaks)?
►Are workers trained on wage and hour practices and required to report policy violations?
►Are wage and hour issues part of HR’s routine self audits?
►Have the HR, pay and time systems been tested for compliance?
Wage and hour and employment law compliance
Page 10HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Mobility of global workforce as expatriates or business travelers
►Entity restructuring, merger, acquisition, divestiture
►Joint venture or contract employment
►Expansion into new markets
►Permanent establishment in foreign country
►Reduction-in-force, and/or employment surge
►Not using workforce planning tools to identify and fill talent shortages
►Failure to develop a dynamic global workforce
►Noncompliance with foreign and domestic tax laws and regulations—at a corporate, individual, and/or social tax level
►Double taxation (by host country and home country)
►Failure to properly budget and allocate costs
►Immigration risk, risk of prosecution, and payroll risk
►Failure to drive global growth and efficiency
►Reputational risk
►Poor organizational agility
►Are you monitoring and fully aware of all employees’ international business travel and their potential tax risk?
►Are you effectively managing the tax costs of your mobile workforce?
►Do you have policies in place covering all types of mobile employees?
►Do you monitor immigration status of your employees in light of your tax and/or compensation reporting practices?
►Are you monitoring the changes in laws and regulations of countries your employees are located in?
Global and domestic mobility
Page 11HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Payroll policies, procedures, processes, and controls are inadequate
►Accurate workforce data not readily available to help make strategic planning decisions
►Standardized and integrated payroll processes across business units/organizations does not exist
►Lack of monitoring service level agreements with payroll vendors
►HR data has errors resulting in pay errors
►Over/underpayments to employees
►Incorrect income tax withholding
►Delayed remittances to third-parties (including taxing authorities)
►Erroneous reporting
►Qualified plan (e.g., 401k) disqualification
►Penalties and late fees
►Not receiving full value of vendor services currently being paid for
►What calculation routines are included as a part of your gross-to-net calculations?
►How often are your state level garnishment policies reviewed?
►How is third-party remittance to taxing authorities monitored?
►Does your organization use a Shared Service Center to manage payroll?
►Does your organization selectively outsource any payroll processes?
►What roles do the Time and HR system play in calculating pay and has the end to end scenario/data flow been examined?
Payroll operations, tax, and reporting
Page 12HR Internal Audit Discussion
Common Triggers Risks Questions to consider►Pay programs and practices are not periodically reviewed and benchmarked with appropriate industry peer groups ►Ineffective performance evaluation, promotion practices, and leadership evaluation►Failure to link pay programs and practices to individual and corporate performance metrics►Disparate training, deployment, and utilization processes across different business areas, geographies►Company does not have infrastructure to develop skill sets needed in the next 3-5 years►Lack of transparency of pay programs►Failure to develop talent globally
►Increased costs of operations and deployment►Missed opportunities to put the right person in right job and loss of top performers►The company does not have the resources and/or capacity to capitalize on business transaction opportunities►Loss of Return on Equity (ROE)►Poor reputation both internally and externally, including employee discontentment at perceived unfair pay practices►Poor demographic diversity
►What are the company’s key performance indicators (KPIs) for talent management purposes?►Does the company have succession strategies for areas affected by retirement or skill shortages?►How close are middle managers to retirement? ►Is there a process in place to identify and communicate with key talent?►Is employee data currently accurate and updated globally?►Is short-term incentive eligibility limited to those with a direct line of sight to how their performance/decisions affect outcomes?►How large of a role does peer comparison play into your company’s compensation strategy?►Are recognition awards based on an explicit program design or on recommendations?
Talent management
Hot topics: triggers, risks and considerations
Page 13HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Need to change platforms as part of a company-wide ERP strategy
►Outsourcing the support of the HRIS platform
►Acquisitions, divestitures or large reorganizations are difficult to execute
►Systems bandaged together through interfaces that are failing
►HRIS system of record is an older model and does not provide integrated functionality with newer programs such as recruitment, talent management, performance or comp planning
►Ability to respond to changes to federal and state law, OFCCP compliance, etc.
►Different data definitions in disparate HR systems resulting in incorrect pay or program/plan coverage
►Plan qualification if compliance is affected due to incorrect underlying HR data
►Pay errors from incorrect data or interfaces from time keeping systems
►Financial misstatement because of pay errors or payroll posting errors because of data issues
► Compliance with federal and state record keeping requirements around new hires, terminations, changes
►Inability to pursue larger HR strategies or performance objectives because of outdated technology such as performance planning
►What is our long term HRIS strategy?
►How does HR fit into my company’s ERP strategy/choice?
► If I have outsourced record keeping, is my vendor performing to the service level agreement? How can I know that?
►Do I have ready access to detailed reports to audit my HR data?
►What key areas of functionality am I missing from my current system?
►When is my system due for its next major upgrade? What additional functionality comes as a part of that upgrade?
HR information systems
Page 14HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Misalignment of pay and company performance
►Incomplete or inaccurate proxy disclosures resulting in shareholder/institutional shareholder scrutiny
►Not anticipating the effect a change in control has on parachute payments (§280G)
►Not planning for deduction limits when granting non-performance based compensation (§162(m))
►Not evaluating a plan’s compensation deferral and distribution election rules with respect to §409A
►Lack of corporate and employee tax planning around global equity
►Poor employee or shareholder relations and reputational consequences (e.g., failed say on pay or withhold votes for directors)
►Inability to take deduction for excess parachute payments
►Non-deductible 20% excise tax on recipient of excess parachute payment
►Inability to take deduction for certain non-performance based compensation to top executives
►Excise tax on amounts
►Over/understatement of financial reporting due to erroneous compensation accrual calculations
►Noncompliance, resulting in fines and penalties
►How does executive pay align with company performance?
►What has the company done to address disclosures under the newly enacted Dodd-Frank Act?
►What type of equity vehicles does the company use currently and why?
►How do the equity awards vest (time based or performance based vesting)?
►Where are the executives based receiving awards?
►How are compensation records maintained?
►What is the process to review and revise agreements affecting executive compensation?
Executive compensation
Page 15HR Internal Audit Discussion
Common Triggers Risks Questions to consider►Failure to provide participant notices in a timely manner
►Corrections are not performed timely
►Plan violates IRS non-discrimination requirements
►Incomplete or inaccurate data feeds to third-party benefit providers
►Failure to effectively and timely govern global pension plans
►Inadequate benefit plan design
►Plan disqualification
►Penalties, interest, and late fees
►Having to correct plan errors
►Exposure to government audits
►Civil and criminal penalties for breaching ERISA duties
►Additional taxation when certain errors not timely corrected
►Time-consuming reconciliations between payroll and the third-party vendor(s) (e.g., trust, administrator, etc.)
►How often are your company’s retirement plans reviewed?
►Is indicative employee data (e.g., level, hire date, financial data) gathered and submitted to your providers in the same manner across all business units?
►How are disbursement errors/exception reporting monitored?
Employee benefit plan compliance
Hot topics: triggers, risks and considerations
Page 16HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Misalignment of compensation practices with the company’s strategic objectives
►Lack of integration of the risk management function into the decision making process around compensation policies and incentive design
►Lack of a correlation between the incentive period and the time horizon of underlying risks
►Ineffective use of risk mitigating or incentivizing features
►Employees take risks beyond the company’s risk profile (or vice versa)
►Poor employee or shareholder relations and reputational consequences (e.g., failed say on pay or withhold votes for directors)
►Company performance and employee engagement suffers
►Proxy disclosure noncompliance
►What is the company’s definition of an acceptable risk threshold?
►Has the company reviewed and identified the links between the key organizational risks and the incentive compensation programs and policies?
►Do the current performance metrics encourage excessive or inappropriate risk-taking by employees that could have a material adverse effect on the company?
►What risk mitigating features are built into the current incentive compensation programs and policies?
►What controls does the company have in place to mitigate the risks?
Incentive compensation
Page 17HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Split accountabilities and responsibilities between local HR and corporate HR
►Current HR service delivery is focused on transactions and administrative functions (back-office efforts) rather than serving as a strategic business driver
►Disconnect between HR service owners and understandings of business needs in their service areas
►Specialty support unavailable or not centralized through corporate HR
►Inadequate communication of benefit and retirement choices
►Lack of clarity around accountability and delivery of HR services
►Inconsistent application and understanding of central HR services
►Limited ability to expand and globalize by providing appropriate HR support to new geographies
►HR service delivery model that is not market competitive and does not provide business with a transparent method of cost management
►Excessive financial exposure, operational inefficiencies and a lack of coordination with overall business objectives due to an ineffective HR service delivery model and/or sourcing strategy.
►Do formal reporting and functional lines exist between local HR and corporate HR?
►Could your current HR delivery model support international expansion or geographical scalability?
►Do various business units have diverging demands and resources for HR services?
►Does corporate HR focus solely on services that provide its business units with a competitive advantage?
►Has the company performed a shared service analysis to determine whether it is cost effective or fits within the organization’s strategic initiatives?
HR service delivery
Page 18HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider► Performance issues resulting in incorrect records or paychecks
►Unexpected or excessive fees billed
►Sale of vendor to new organization who has different technology, pricing, and processes
►Vendor upgrades or changes technology platform
►Merger, sale, or integration with a new company who processes in-house or with a different vendor
► Vendor is not performing to the level of service agreed upon in the contract
►Vendor is not complying with state and federal reporting and deposit requirements resulting in penalties and potential suspension of business activities
►Cost of outsourcing is higher than expected due to hidden or unexpected fees
► Plan qualification is at risk due to vendor operational errors with the data or non-compliance in their administration
►Has the company experienced service issues or fee concerns with its current HR outsourcing vendors (e.g., 401(k) administration, benefit calculations, HRIS, payroll etc.)?
► Have periodic assessments of vendor performance been performed?Do you have the means to audit vendor performance?
►Has an audit of vendor fees been performed?
►When is the vendor contract set to expire? Is this a good time to go back to market for the outsourced services?
Vendor management
Page 19HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider►Failure to develop and implement policies and procedures that are consistent with company values and that support the company’s commitment to compliance
►Failure to establish and maintain an internal control environment which aligns stakeholders and regulatory expectations
►Disparate policies within the organization post merger or other corporate acquisition
►Internal controls and policies drive behaviors and results inconsistent with company values
►Difficult to administer and communicate multiple policies within the organization
►Changes to underlying tax or labor law to which policies are associated
►Is there a process to audit HR practices, transactions and processes for compliant with applicable laws and regulations (e.g., federal and state wage and hour laws, ERISA requirements, EEOC requirements, exempt vs. nonexempt employee classification, state and local garnishment rules, etc.)?
HR policies and controls
Page 20HR Internal Audit Discussion
Hot topics: triggers, risks and considerations
Common Triggers Risks Questions to consider► Mergers, acquisitions, and/or
divestitures► Leadership changes► Reduction in force► Technology implementation► Changes to how employees
access HR benefits, payroll and all other HR programs
► Changes to the HR function► Multiple organizational changes
happening at once► Disengaged employees► Higher than average attrition► Failure to develop a process that
monitors and tracks feedback from employees
► Failure to develop an understanding of what communication channels are most effective in reaching employees
► Organizational change initiatives do not deliver their ROI
► Employees are unproductive or do not perform at their highest level
► Rumors and misperceptions dominate the communications environment
► Communication channels are unutilized, insufficient or inappropriate for circumstances
► Formal and informal communications are inconsistent
► Important key messages are not understood by the audience
► Difficulty to implement process and product/service improvements quickly
► Failure to effectively manage integration issues associated with organizational HR changes to programs, policies, and systems
► Strained employee relations
► Is there a formal communications strategy and plan, updated on an annual basis?
► Is feedback from communications being gathered to enhance messaging?
► Are your communication channels effective for intended audiences?
► Are there opportunities to standardize messages across locations and across functions to improve effectiveness and efficiency of communications?
► Are leaders and managers prepared for the challenging employee question related to organizational change?
► Is communications effectiveness tracked on a consistent basis?
Communication and change management
Page 21HR Internal Audit Discussion
How leading companies manage HR risk
Sub-optimal results due to misalignment of talent & business needs
Ever-increasing retirement fund deficits
Increased oversight and governance of remuneration
HR compliance challenges under accelerating regulatory change
Inability to implement a genuinely global business model
Under-investment in HR systems and resources
Internal Audit, Compliance, IT Risk Management, Information Security, Legal, Tax, Transactions, SOX Compliance
Strengthen risk governance and oversightDefine risk strategy and oversight with accountability for risk management at the Board and Executive levels
Improve controls and
processes
Integrate risk and performance managementEmbed an enterprise approach to risk assessment and monitoring into business planning and performance management
Coordinate multiple risk functionsImprove leverage across multiple risk functions to expand coverage, reduce cost and enhance value to the business
Enhance business level performanceEnable the organization to differentially manage key risks with optimized processes and controls at the business level
Optimize risk management
functions
Embed risk
management
Enhance risk
strategy
Traditional risk management
functions
Enable risk management, communicate risk coverage
The RISK Agenda
Executive visibility
International Mobility
Industry
Geographic profile
Emerging Markets
RiskmultipliersGlobal HR Mega Trends
Appl
ying
a b
road
“ris
k le
ns”
to th
e bu
sine
ss
Page 22HR Internal Audit Discussion
Questions
Cathy Goonetilleke► Senior Manager
► Ernst & Young LLP
► Los Angeles
► Office phone number: (213) 977-7758
► Email address: [email protected]