Risk Management Flashcards
Risk Management Process
- Identify risks
- Assess/analyze risks.
- Manage risks.
- Review risks.
5 Risk Areas
- Compliance - Legal
- Continuity
- Security
- Safety and Health
- Privacy in the Workplace
HR Audit
Can be used to see what HR functions need to be done, to identify opportunities for improving business results, and to identify organizational risks, A comprehensive audit reviews HR activities in all functional areas.
auditing strategy - organization of HR function
- Reviews org chart
- Verifies the existence of current job descriptions for all departmental positions and ensures the existence of clear accountability for different functions.
- evaluate the size and effectiveness of the HR team, ratio of HR staff to total employees, commitment to professional development for the team, and how well the team meets customer needs.
- HR programs align to organizational goals
- reviews the HCMP
- evaluates the departmental mission statement
- analyzes the budget.
auditing workforce planning and employment
- Examines the recruiting philosophy and process
- whether the company promotes from within
- job posting and candidate sourcing procedures and the approval process
- existence and status of affirmative action and diversity programs
- review of the staffing needs analysis and its use in projecting the availability of candidates for future needs is based on labor market demographics
- Verifies the job analysis process and whether job descriptions include essential job functions
- The selection process is also examined.
auditing development
- Looks at learning and development practices and programs
- the existence of regular training
- performance management practices.
- evaluation process is assessed for adequacy, equity, and content.
auditing compensation and benefits
- Reviewed for consistency with the practices and level of communication
- Adequacy of compensation procedures is examined, and the frequency of salary survey comparisons is analyzed
- Salary administration practices, including pay ranges, compression, salary budgets, and incentive pay practices, are reviewed
- Benefits are compared to competitor programs
- Health care programs are analyzed.
- Programs for controlling absenteeism, unemployment, and other costs are analyzed
- Time off policies and accrual practices are also examined.
auditing employee relations
- Assess the org’s ER philosophy for alignment with corporate goals and reviews practices for conflict-resolution and disciplinary procedures.
- Communication philosophy is reviewed, and written tools, such as handbooks, policies, procedures, work rules, code of conduct, and behavior expectations, are examined.
- Orientation programs are assessed for content and frequency.
- Absentee rates and turnover demographics are analyzed
- exit-interview practices and reporting are examined.
- Procedures for voluntary and involuntary org exits are reviewed.
- Diversity practices are analyzed.
auditing labor relations
Existence of labor unions, collective bargaining agreements, and union-avoidance practices are examined.
auditing risk management
Legal compliance for all applicable federal, state, and local governments are reviewed. Safety, health, and wellness programs are analyzed.
workplace investigation
conducted when management receives complaints about inappropriate or unlawful behavior; identifies a potential financial loss from embezzlement or theft; receives accusations about an employee; or becomes aware of some other type of loss.
steps for workplace investigations
- Begin planning the investigation immediately after receiving the complaint
- Determine whether an employee or third-party investigator would be the most appropriate for the situation.
- Develop a clear strategy before beginning to collect evidence or conduct interviews.
- Compile a list of individuals to be interviewed and documentation to be collected.
- Prepare a list of questions based on the information presented by the complainant.
- Conduct interviews, ask each interviewee to provide a signed, written statement, or to sign your notes after each interview. Interview the complainant first, then interview witnesses, then interview the accused.
- Make a note of the interviewee’s demeanor and openness at the end of each interview but do not add personal opinions or judgments
- Stress the importance of confidentiality for the integrity of the investigation, and reiterate company policy with regard to retaliation against accusers and witnesses.
- At the conclusion of the interview with the accused, clearly state that retaliation or intimidation of those interviewed during the investigation isn’t acceptable and that the accused shouldn’t attempt to discuss the situation with the complainant or witnesses.
- If the accused provides an alternate description of events, completely investigate the new information, re-interviewing witnesses if necessary.
- Conclude the investigation. Make a finding of fact based on the evidence obtained and observations during the interviews, include any relevant documentation that supports your finding, evaluate possible reasons for false accusations and the credibility of those involved, and notify the complainant and the accused of the results of the investigation.
- As appropriate, take disciplinary action consistent with the org’s policy.
- If there is no clear finding, explain and document the finding.
- Compile and close the investigation file, including signed statements from witnesses, complainant, and accused; relevant documentation, and the original handwritten notes with transcribed copies.
- Communicate resolution only to those who have a need to know.
- If necessary, and without violation of those involved, take appropriate action to subdue rumors.
risk assessment
The process used to determine the likelihood that an organization will be affected by a particular risk. An assessment estimates the cost of the loss if one should happen and the impact it would have on the ability of the organization to continue operations. With this knowledge, it’s possible to identify which losses are most likely to occur and what controls must be in place to prevent them. Identifying and ranking risks provides organizations with the opportunity to be proactive and implement controls to prevent losses.
risk related to perceived disability and ADA protection
If an employer believes an employee has a disability and believes that the disability would limit the employee’s ability to perform his or her job duties, causing a danger to himself or others, the employer could be liable for discrimination.
- A disability must be real, not perceived, for management to take action.
- The disability must actually impact the employee’s ability to perform essential job functions.
- Employers must engage in an interactive process to search for reasonable accommodations.
- Reasonable accommodation would result in an undue hardship to the employer.
caregiver discrimination or childcare discrimination or family-responsibility discrimination
EEOC guidelines describe circumstances that constitute unlawful disparate treatment of caregivers:
- disparate treatment of female caregivers when compared to male caregivers (not hiring women with preschool children)
- stereotyping female caregivers (denying a promotion to women with young children based on the assumption that she can’t move)
- pregnancy discrimination
- discriminating against male caregivers (giving women leave but not men)
- discriminating against employees providing care for disabled persons
Sarbanes-Oxley Act (SOX)
SOX requires info that materially affects an org’s financial status to be reported to the SEC when the org becomes aware of the info. For HR, this includes:
- ensuring that material liabilities from pending lawsuits or settlements of employment practices claims are reported in financial statements
- participating in the review and testing of internal controls for hiring, compensation, and termination processes.
- reporting immediately any material changes to the org’s financial condition (such as settlement of a class action lawsuit)
SOX and Whistleblower Retaliation
SOX prohbits employers from retaliating against whistle-blowers who report financial conduct they reasonably believe violates federal laws designed to protect shareholders from fraudulent activity.
Drug Free Workplace Act of 1988
Applies to businesses with fed contracts of $100k or more. Contractors must:
- develop and publish a written policy
- establish an awareness program
- notify employees about contract conditions
- notify the contracting agency of violations
- establish penalties for illegal drug convictions
- maintain a drug free workplace
Basically, if an employee has a conviction of a criminal drug offense, they must inform their employer within 5 days, who must then notify the contracting agency within 10 days of being informed. Within 30 days of being informed, the employer must take disciplinary action or require participation in a drug rehab program.
Occupational Health and Safety (OSH) Act of 1970 - general duties
Three simple duties:
- Employers must provide every employee a place to work that is free from recognized hazards that are causing or are likely to cause death or serious physical harm
- Employers must comply with all safety and health standards disseminated in accordance with the act
- Employees are required to comply with occupational safety and health standards, rules, and regulations that impact their individual actions and behavior.
OSHA
Agency that enforces the OSH Act. Has authority to develop and enforce mandatory standards applicable to all businesses engaged in interstate commerce. This is all businesses except mines (covered separately), sole proprietors without employees, and family farms.
National Institute of Occupational Safety and Health (NIOSH)
Originally part of Dept of Health and Human Svcs, now part of CDC created by the OSH Act. Charged with researching and evaluating workplace hazards and recommending ways to reduce the effect of those hazards on workers. Also supports education and training in occupational safety and health by providing educational materials and training aids.
equipment under the OSH Act
Employers are expected to take steps to minimize or reduce hazards; ensure that employees have and use safe tools, equipment, and personal protective equipment (PPE); and ensure that the tools and equipment are properly maintained
communication under the OSH Act
Employers are responsible for informing all employees about OSHA, posting the OSHA poster in a prominent location, and making employees aware of the standards that apply in the workplace. If employees request a copy of the standard, the employer must provide it to them.
potential hazards under the OSH Act
Appropriate warning signs that conform to the OSHA standards for color coding, posting, or labels must be posted where needed to make employees aware of potential hazards.
training under the OSH Act
Employers must educate employees about safe operating procedures and train them to follow the procedures.
records under the OSH Act
Businesses with 11+ employees must maintain records of all workplace injuries and illnesses and post them on form 300A from Feb 1 - April 30 each year.
hospitalizations and fatal accidents and OSHA
Within 8 hours of a fatal accident or an accident resulting in hospitalization for 3 or more employees, a report must be filed with the nearest OSHA office.
accident report log
Must be kept and made available to all employees, former employees, or representatives when reasonably requested.
retaliation under the OSH Act
When employees report unsafe conditions to OSHA, the employer may not retaliate or discriminate against them.
employer rights under the OSH Act
Employers have the right to:
- seek advise and consultation from OSHA
- be active in industry activities involved in health and safety issues
- participate in the OSHA Standard Advisory Committee process by writing or giving testimony
- contact NIOSH for info about substances used in work processes to determine whether they’re toxic
- Employers may apply for temporary waivers from OSHA standards as long as the standards developed by the employer meet or exceed OSHA standards.
employee rights under the OSH Act
- seek health and safety on the job without fear of punishment
- know what hazards exist on the job by reviewing the OSHA standards, rules, and regulations that the employer has available at the workplace
- Be provided with the hazard-communication plan containing information about hazards in the workplace and preventive measures employees should take to avoid illness or injury, and to be trained in those measures
- Access to the medical and exposure records employers are required to keep relative to health and safety issues
- Request an OSHA inspection, speak privately with an inspector, accompany the inspector, and respond to questions from the inspector
- observe steps taken by the employer to monitor and measure hazardous materials in the workplace, and access records resulting from those steps
- request information from NIOSH regarding the potential toxic effects of substances used in the workplace
- file a complaint about workplace safety or health hazards with OSHA and remain anonymous to the employer
OSHA enforcement
OSHA does inspections for complaints, fatalities, and referrals. There are large monetary penalties for noncompliance, but the penalty can also depend on the type of violation (willful, repeat, etc)
OSHA Form 300
Log of Work-Related Injuries and Illnesses. Must be retained 5 years.
OSHA Form 300A
Summary of Work-Related Illnesses and Injuries. Filed as an annual summary at the end of the year, which must then be certified by a company executive as correct and complete and posted in February of the next year. Must be retained 5 years. Lists totals from Form 300.
OSHA Form 301
Supplemental Injury and Illness Incident Report. Explains details of what is briefed on the Form 300. Must be retained 5 years.
Exemptions for OSHA Forms
Industries with low injury and illness rates - include retail, service, finance, insurance, and real-estate. Do not have to file reports unless informed otherwise.
What must be recorded on an OSHA form?
Any injury or illness to an employee on the employer’s payroll, regardless of how the employee is classified. Injuries must be work related, which means they occurred in the work place or while performing work-related duties off site, even if symptoms show up later (in the case of contagious diseases, which include basically anything but the cold or flu). Report any illness or injury that results in death, days away from work, restricted duty, medical treatment, loss of consciousness, or diagnoses by a physician.
privacy concern cases
It’s ok to substitute a case number instead of an employee’s name on the log in cases including injury or illness to an intimate body part or resulting from sexual assault, HIV infection, TB, or hepatitis, needle-stick injuries, or other illnesses where the employee ask their name not be included on the log.
OSHA Consultants
Free assistance from OSHA in learning safety standards, involving employees in the process, and correcting violations with a citation and penalty. If the employer doesn’t abate violations, the consultant will refer the violation to an OSHA inspector.
Safety and Health Achievement Recognition Program (SHARP)
recognizes small, high-hazard employers that have requested a comprehensive OSHA consultation, corrected any violations, and developed an ongoing safety management program. To participate, businesses must agree to ask for additional consultations if work processes change.
Strategic Partnership Program
A means for businesses and employees to participate in solving health and afety programs with OSHA.
OSHA Alliance Program
Provides a vehicle for collaboration with employer organizations interested in promoting workplace health and safety issues. Open to trade and professional orgs, businesses, unions, educational institutions, and gov’t agencies.
Voluntary Protection Program (VPP)
Open to employees with tough, well-established safety programs. Once they meet OSHA criteria, they are removed from routine scheduled inspection lists. Serves to motivate employees to work more safely, reduce workers’ compensation costs, and encourage further improvements to safety.
OSHA inspections
Focused on industries with higher hazard risks; mostly random. Some occur at the request of an employer or employee in an org.
health hazard evaluations
NIOSH inspections. Always occur in response to request of an employee, employer, or government agency.
When are OSHA inspections conducted?
Without notice by a Compliance Safety and Health Officer (CSHO).
imminent danger hazard - 1st priority in inspection
There is a reasonable certainty that immediate death or serious injury from existing workplace hazards will occur before normal enforcement procedures can take place.
catastrophes and fatal accidents hazard - 2nd priority in inspection
Employers must report fatal accidents or serious injuries resulting in the hospitalization of three or more employees within 8 hours. OSHA will inspect to determine whether any safety violations contributed to the accident.
complaints and referrals hazards - 3rd priority in inspection
employees may request inspections when they think violations exist that threaten physical harm; OSHA also investigates referrals about hazards from any other source.
programmed high hazards - fourth priority in an inspection
Based on statistical analysis, OSHA conducts planned inspections of industries or jobs that have high incident rates for death, injury, and illness
follow-up inspections - lowest priority for an inspection
CSHOs follow up on previously issued citations to ensure that the employer has taken action to correct violations.
procedures for OSHA inspection
- CSHO arrives at worksite and presents credentials.
- CSHO holds an opening conference during which the inspector explains why the site was selected, the purpose of the visit, scope of the inspection, and discusses the standards that apply to the worksite. CSHO requests an employee representative to accompany the inspection along with a management representative.
- Tour the facilities. The inspector determines the route and who to talk to. The CSHO may talk privately to employees.
- The inspector holds a closing conference where the inspector, employer, and if requested, employee representative discuss the observations made and corrective actions to be taken. At this time, the employer may produce records to assist in resolving corrective actions. The CSHO discusses possible citations or penalties.
- The OSHA area director reviews the CSHO’s report and makes final determinations on citations or penalties.
employer’s affirmative defenses for OSHA violations
- An isolated case caused by unpreventable employee misconduct. This defense may apply when the employer has established, communicated, and enforced adequate work rules that were ignored by the employee.
- Compliance is impossible based on the nature of the work, and there are no viable alternative means of protection
- Compliance with the standard would cause a greater hazard to employees, and there is no alternative means of protection.
Burden of proof is on the employer