The pandemic has prompted a surge in people reevaluating whether their work and personal values align, leaving their jobs and seeking new opportunities. Norman Marks, retired CAE and CRO and thought leader in internal audit, risk management and governance, shares his thoughts on this emerging risk and what it means for risk managers.
While many are focused on issues like cyber, saying it is perhaps the greatest source of risk to an organization today, I believe there are greater sources of concern.
One of these has been in the news over the last months, called the Great Resignation.
Consider this set of survey results from ResumeBuilder.com.
In the article, they said:
"ResumeBuilder estimates that in 2022, as many as 32% of U.S. workers will leave not only their jobs but their careers behind to start afresh in new industries, especially in IT. Overall, a quarter of employed individuals will quit their jobs in 2022, and half will leave in the first half of the year.
In 2020 and 2021, employees left their job in record numbers in what we know as The Great Resignation. One would expect job security as the primary concern during the pandemic and because of its uncertainties. The trend arose as employers failed to accommodate the emerging needs and expectations of the workforce amid the switch to remote work.
In just the second half of 2021, approximately 20 million people quit their jobs, including 4.5 million in November. In these two years, non-essential businesses adopted remote work, forcing the workforce to come to terms with a rapid shift in the culture even as they struggled to maintain a healthy work-life balance.
But at the same time, this uncertainty has made employees rethink their prospects and presented employees opportunities to seek greener pastures. Career strategist and professional resume writer Carolyn Kleiman told ResumeBuilder, “As the pandemic continues, people continue to evaluate their lives, and work is a large part of that.”
What does this mean for risk and audit practitioners?
- Recognize the potential effects on the organization and its success of losing key employees. While risk disclosures may talk about the loss of the CEO and other top executives, we also have to consider the loss of:
- Customer relationships as sales personnel leave, perhaps to a competitor
- Innovation as top engineers and product designers abandon ship, again possibly to a competitor
- Momentum in the development and use of technology due to the loss of IT staff
- Revenue growth as the capacity of the organization to deliver products and services in impacted
- Key individuals in the performance of critical controls and security practices, with less capable individuals (or nobody) taking their place
- Leaders within the organization
- Risk and audit practitioners!
- We need to help management understand the level of risk to enterprise objectives, which can be in every nook and cranny of the organization.
- We also need to help management assess whether it is doing enough to stem the tide and respond to the waves breaching the storm wall.
- At the same time, we should consider whether management is taking advantage of the situation to upgrade its potential by hiring the best people now on the market.
There’s an interesting article in Smart Brief: Let’s call it a retention review. I recommend it.
Forbes says It’s Not The Great Resignation, It’s The ‘About Time’ Resignation.
Risk practitioners can work with management to understand the risk (and the opportunities).
Internal auditors can help by assessing whether that is sufficient, and perhaps suggest ways to improve retention and hiring.
Addendum
Writing this brings something to mind that I want to talk about for a minute.
Some have said that if an event or situation is certain, there is no risk. They are referencing the ISO 3100 definition of risk as “the effect of uncertainty on objectives.”
If there is no uncertainty, they assert, there is no risk.
My problem with that is that while an event or situation may be certain to occur or may even have happened, the effect or effects in the future may be uncertain.
I think we have to be careful to avoid traps like the rigid interpretation of definitions.
But – I will point out that we are talking about the “effect on objectives”. That part of the definition is critical; assessing a risk or opportunity in other ways is not necessarily always wrong, but I think it is questionable.
This article was originally published on Marks's blog: Norman Marks on Governance, Risk Management and Audit >>