Managing Risk Through a Hiring Freeze?
C1Risk is a full governance, risk, and compliance suite on autopilot. Communicate policies, automate notifications and monitor and manage internal and vendor compliance, risk, issues, and incidents on an affordable, accessible, integrated platform…
We are all aware of the significant number of layoffs occurring, in particular in technology firms. Beyond this, many if not most companies are currently holding back and implementing a hiring freeze, waiting for the economy to stabilize. There was some good news this week with the earnings update showing the S&P up by almost 2.5% and overall GDP Q4 growth weighing in at 2.9%, higher than expected.
Nonetheless, most of us are still hunkering down…. So, what does this mean for companies from a risk management perspective? What are the associated risks of rollbacks and freezes and what can leadership do to protect the ship in stormy waters?
A hiring freeze can have a number of negative consequences for businesses:
Decrease in productivity/increase in errors.
Loss of knowledge and skills.
Decrease in morale and a loss of trust in management.
Need for prioritization
Need for Automation
If good governance begins with a comprehensive understanding of the “current” risks faced by the organization (where current is an ongoing factor), and, if compliance is equally enhanced by risk management - understand your risks and implement only the necessary controls -it would seem to correlate that these functions should be integrated, and visible.
Further, automation becomes critical in a time of austerity to enable all employees to engage in risk management. That co-existence and balance of People, Process and Technology becomes all the more important. We often talk about “building a culture of risk” in your organization. How do you engage employees in risk and compliance management whose roles may not be directly related to risk or compliance, and, at a time where everyone may be stretched, unless we provide them with a seamless efficient solution?
People
People are always the most important, and starting point, of the “PPT” equation. In leaner times, it becomes even more important to take care of your employees. Communication will be a key factor. It is important to maintain ongoing communication of core priorities and new priorities, policy changes and procedures to your teams, keeping employees up to date with any information that may impact the organization’s or individual’s ability to perform positively or negatively and providing training and tools to assist them and make them successful in their work.
Prioritize and Alleviate
What are the processes and tools that can be used to help teams focus on their top priorities, alleviate “busy-work”, unwarranted, necessary or otherwise and collaborate to improve efficiency? Some tasks are simply essential, but if there is a way to improve productivity either through policy, training or technology, shouldn’t the training time and/or financial ROI be justified?
Technology
Technology is, of course, integral to businesses of all sizes and can add immense value and create efficiencies in any size company. Adoption of technology is often one of the biggest hurdles to overcome in any organization, especially where there are extenuating circumstances leaving teams feeling already overwhelmed. However, automation can also vastly improve a team's ability to implement, to collaborate and to execute under the right circumstances which brings us to Risk Management.
(Integrated) Risk Management
If we agree that austerity most likely increases risk to an organization both from internal and external actors, then how does the same number of hands manage more risk?
Where identifying, monitoring and tracking risks, today, is the business of the entire organization, the likelihood of success increases if employees who sit outside of the security team are able to effectively engage and help protect the company without being diverted from their primary responsibilities.
Similarly, positive results come if the CISO’s and the risk and compliance team are enabled to monitor, prioritize and treat risk efficiently and effectively - this includes everything from managing policies and procedures to compliance (driven by legal, reputational, or sales requirements), and risk management.
The integration of vulnerability management, threat intelligence, and ‘GRC’ and a tool that enables communication, engagement and understanding of risk and compliance procedures may be the single most important factor in protecting your company in the economic downturn.