People drive business success HR Risk: managing risks that matter A - - PowerPoint PPT Presentation
People drive business success HR Risk: managing risks that matter A meeting with IIA Orange County 13 September 2012 Discussion agenda People related risk in todays environment HR risk universe Hot topics How leading
HR Risk: managing risks that matter
A meeting with IIA – Orange County 13 September 2012
Page 2 HR Internal Audit Discussion
People related risk in today’s environment HR risk universe Hot topics How leading companies manage HR risk Questions
Page 3 HR Internal Audit Discussion
Megatrends in HR Risk affecting business success today
► Sub-optimal results due to misalignment of Talent and business
needs
► Ever-increasing retirement fund deficits ► Increased oversight and governance of remuneration ► HR compliance challenges from accelerating regulatory change ► Inability to implement a genuinely global business model ► Under-investment in HR systems and resources
HR Risk management creates a significant competitive
risk implement effective processes and controls to manage the risks that matter, anticipate the impact of a rapidly changing business environment and drive business success.
Page 4 HR Internal Audit Discussion
Market reach
surveyed had changed or expanded their suite of mobility policies within the last 24 months, and over half were planning to do so in the next six months**
left their employer within two years of repatriation **
* Source: EY - Managing today’s global workforce ** Source: EY Global Mobility Effectiveness Survey 2011. North America only
HR challenges Trends in successful organizations…
models collides with national and sub- national regulation
mobility
regionally or by business unit
and increased suite of mobility policies reviewed regularly
internal business functions, and heightened wider corporate awareness
The inability to deploy and compete in a global market will impede growth
Are the careers of internationally mobile employees managed on an enterprise-wide basis (as part of an
Page 5 HR Internal Audit Discussion
Operational agility
inadequate HR compliance risk as a major area
cited management HR compliance as
top three issues*
HR challenges Trends in successful organizations…
security reporting
processes and global compensation programs
costs resulting from additional employee tax levies
to respond quickly to local regulatory changes
requirements
etc.
compliance with internal audit procedures
both cost competitiveness and value to the employee is maintained
Tax Information Exchange Agreements have expanded rapidly during the last three years from 23 to over 378 agreements now in place globally The pace of legislative change is increasing risk and uncertainty
* Source EY Global Human Capital Conference Survey 2011 ** Source: EY Global Mobility Effectiveness Survey 2011
Massive increase in domestic legislative change around employee taxation EU Directive on Social Security OECD Article 15 changes New employment levies to supplement tax and social security
Page 6 HR Internal Audit Discussion
Cost competitiveness
HR challenges Trends in successful organizations…
strategic decision making across multiple systems
process costs globally
Pension underfunding can have a severe impact on business continuity
Long term bond yields have fluctuated by 2.5% since 2000 resulting in a 50% movement in liabilities Yield on global equities since 2000 has been 4.5% per annum against an expected return closer to 9%. Life expectancy in Western Europe has increased by 7 years since 1980 resulting in a 20% increase in liabilities*
Before center of excellence After center of excellence HR systems can be the last in line for corporate investment, compromising service delivery
* Source: Hewitt 2009 study
Mexico Switz Brazil Canada USA UK Sweden France Czech Germany Italy Australia Japan Mexico Switz Brazil Canada USA UK Sweden France Czech Germany Italy Australia JapanCenter of Excellence
Page 7 HR Internal Audit Discussion
Stakeholder confidence
HR challenges Trends in successful organizations…
remuneration
shareholder meetings and control possible reputational damage
shareholders and media scrutiny
executive remuneration regulation with associated compliance risk
and penetration of HR-related systems
disclosures and for annual meetings
performance and shareholder value
respond quickly to local regulatory changes
Influenced by shareholder interest groups e.g., ISS in UK, Australia, US
US: Dodd-Frank Act (2009) Germany: VorstAG (2009) Australia: 2 Strikes Law (2011) UK: Executive pay reform (2012)
Only 73% of IT professionals surveyed have a clear understanding of privacy laws impacting their
47% of companies cited their greatest challenge in managing compliance and risk was inefficient HR processes or lack
* Source: EY Global Human Capital Conference Survey 2011 ** Source: EY Global Information Security Survey 2011
Executive remuneration and data security are in the media spotlight
Page 8 HR Internal Audit Discussion Planning and Resource Allocation
► Training / Talent
Development
► Organizational Structure
and Design
► Deployment and Utilization
Global Workforce Management
► Employer Relations ► Health, Safety and Security ► Union Relations ► Policies and Procedures ► Employee Satisfaction ► Whistleblower
Governance
► Corporate Culture and
Social Responsibility
► Code of Conduct / Ethics ► Transparency of Pay
Programs
► Talent Management
HR Performance and Policies
► HR service delivery & risk ► Sourcing Strategy ► Vendor Contracts and
Service Level Agreements
► Vendor performance/fees ► Human resource data
Talent Management
► Role and competency
design
► Recruitment, sourcing and
► Performance management ► Career mapping,
succession planning and leadership development
► Learning and training ► Workforce analytics and
planning
Regulatory
► Employee Privacy and Data
Protection
► Labor law / Collective
Bargaining
► Pension / Retirement
Benefits
► HIPAA and PPACA policies
and procedures
Wage and Hour
► Determination of hours
worked and OT requirements
► Employee classification
(Exemptions, Independent Contractors, etc).
► Time and Recordkeeping
requirements
► State law considerations
Payroll
► Global and domestic
mobility compliance
► Payroll process ► Payroll tax and reporting
Executive Compensation Risk Review
► 409A, 280G, 162(m) ► Incentive Compensation
plan
► Executive Benefits and
Perquisites
► Equity compensation and
incentives
► Severance programs
Employee Benefits and Retirement
► 401(k) plan operations ► Pension/OPEB plan
► Pension plan terminations ► Health Care reform
readiness assessment
► Fiduciary requirements/plan
asset payments
Strategic Operations Financial Compliance
Page 9 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Misclassifying workers under the
Fair Labor Standards Act
►exempt vs. non-exempt ►independent contractor vs.
employee
►Not paying workers for all work
performed
►Improperly calculating overtime ►Not training employees and
supervisors on wage and hour practices
►Not responding to changes in
federal and state wage and hour laws
►Change in HR, Pay or Time
system results in incorrect calculations of overtime hours and rate
►Exposure to litigation and government
audits, potentially resulting in the following--
►civil and criminal penalties ►back wages ►liquidated damages (e.g., “double
damages”)
►attorney’s fees ►additional taxes ►Is the company periodically
reviewing its workers’ classifications and documenting these classification decisions?
►How does the company ensure that
workers are paid for all hours worked (e.g., for pre- and post-shift activities, work performed during meal breaks)?
►Are workers trained on wage and
hour practices and required to report policy violations?
►Are wage and hour issues part of
HR’s routine self audits?
►Have the HR, pay and time systems
been tested for compliance?
Wage and hour and employment law compliance
Page 10 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Mobility of global workforce as
expatriates or business travelers
►Entity restructuring, merger,
acquisition, divestiture
►Joint venture or contract
employment
►Expansion into new markets ►Permanent establishment in
foreign country
►Reduction-in-force, and/or
employment surge
►Not using workforce planning tools
to identify and fill talent shortages
►Failure to develop a dynamic
global workforce
►Noncompliance with foreign and
domestic tax laws and regulations—at a corporate, individual, and/or social tax level
►Double taxation (by host country and
home country)
►Failure to properly budget and allocate
costs
►Immigration risk, risk of prosecution,
and payroll risk
►Failure to drive global growth and
efficiency
►Reputational risk ►Poor organizational agility ►Are you monitoring and fully aware
business travel and their potential tax risk?
►Are you effectively managing the tax
costs of your mobile workforce?
►Do you have policies in place
covering all types of mobile employees?
►Do you monitor immigration status of
your employees in light of your tax and/or compensation reporting practices?
►Are you monitoring the changes in
laws and regulations of countries your employees are located in?
Global and domestic mobility
Page 11 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Payroll policies, procedures,
processes, and controls are inadequate
►Accurate workforce data not
readily available to help make strategic planning decisions
►Standardized and integrated
payroll processes across business units/organizations does not exist
►Lack of monitoring service level
agreements with payroll vendors
►HR data has errors resulting in pay
errors
►Over/underpayments to employees ►Incorrect income tax withholding ►Delayed remittances to third-parties
(including taxing authorities)
►Erroneous reporting ►Qualified plan (e.g., 401k)
disqualification
►Penalties and late fees ►Not receiving full value of vendor
services currently being paid for
►What calculation routines are
included as a part of your gross-to-net calculations?
►How often are your state level
garnishment policies reviewed?
►How is third-party remittance to
taxing authorities monitored?
►Does your organization use a
Shared Service Center to manage payroll?
►Does your organization selectively
►What roles do the Time and HR
system play in calculating pay and has the end to end scenario/data flow been examined?
Payroll operations, tax, and reporting
Page 12 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Pay programs and practices are
not periodically reviewed and benchmarked with appropriate industry peer groups
►Ineffective performance evaluation,
promotion practices, and leadership evaluation
►Failure to link pay programs and
practices to individual and corporate performance metrics
►Disparate training, deployment,
and utilization processes across different business areas, geographies
►Company does not have
infrastructure to develop skill sets needed in the next 3-5 years
►Lack of transparency of pay
programs
►Failure to develop talent globally ►Increased costs of
►Missed opportunities to put
the right person in right job and loss of top performers
►The company does not have
the resources and/or capacity to capitalize on business transaction opportunities
►Loss of Return on Equity
(ROE)
►Poor reputation both
internally and externally, including employee discontentment at perceived unfair pay practices
►Poor demographic diversity ►What are the company’s key performance
indicators (KPIs) for talent management purposes?
►Does the company have succession strategies
for areas affected by retirement or skill shortages?
►How close are middle managers to retirement? ►Is there a process in place to identify and
communicate with key talent?
►Is employee data currently accurate and
updated globally?
►Is short-term incentive eligibility limited to
those with a direct line of sight to how their performance/decisions affect outcomes?
►How large of a role does peer comparison play
into your company’s compensation strategy?
►Are recognition awards based on an explicit
program design or on recommendations?
Talent management
Page 13 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Need to change platforms as part
►Outsourcing the support of the
HRIS platform
►Acquisitions, divestitures or large
reorganizations are difficult to execute
►Systems bandaged together
through interfaces that are failing
►HRIS system of record is an older
model and does not provide integrated functionality with newer programs such as recruitment, talent management, performance or comp planning
►Ability to respond to changes to
federal and state law, OFCCP compliance, etc.
►Different data definitions in disparate
HR systems resulting in incorrect pay or program/plan coverage
►Plan qualification if compliance is
affected due to incorrect underlying HR data
►Pay errors from incorrect data or
interfaces from time keeping systems
►Financial misstatement because of
pay errors or payroll posting errors because of data issues
► Compliance with federal and state
record keeping requirements around new hires, terminations, changes
►Inability to pursue larger HR strategies
performance planning
►What is our long term HRIS
strategy?
►How does HR fit into my company’s
ERP strategy/choice?
► If I have outsourced record keeping,
is my vendor performing to the service level agreement? How can I know that?
►Do I have ready access to detailed
reports to audit my HR data?
►What key areas of functionality am I
missing from my current system?
►When is my system due for its next
major upgrade? What additional functionality comes as a part of that upgrade?
HR information systems
Page 14 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Misalignment of pay and company
performance
►Incomplete or inaccurate proxy
disclosures resulting in shareholder/institutional shareholder scrutiny
►Not anticipating the effect a
change in control has on parachute payments (§280G)
►Not planning for deduction limits
when granting non-performance based compensation (§162(m))
►Not evaluating a plan’s
compensation deferral and distribution election rules with respect to §409A
►Lack of corporate and employee
tax planning around global equity
►Poor employee or shareholder
relations and reputational consequences (e.g., failed say on pay
►Inability to take deduction for excess
parachute payments
►Non-deductible 20% excise tax on
recipient of excess parachute payment
►Inability to take deduction for certain
non-performance based compensation to top executives
►Excise tax on amounts ►Over/understatement of financial
reporting due to erroneous compensation accrual calculations
►Noncompliance, resulting in fines and
penalties
►How does executive pay align with
company performance?
►What has the company done to
address disclosures under the newly enacted Dodd-Frank Act?
►What type of equity vehicles does
the company use currently and why?
►How do the equity awards vest (time
based or performance based vesting)?
►Where are the executives based
receiving awards?
►How are compensation records
maintained?
►What is the process to review and
revise agreements affecting executive compensation?
Executive compensation
Page 15 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Failure to provide participant
notices in a timely manner
►Corrections are not performed
timely
►Plan violates IRS non-
discrimination requirements
►Incomplete or inaccurate data
feeds to third-party benefit providers
►Failure to effectively and timely
govern global pension plans
►Inadequate benefit plan design ►Plan disqualification ►Penalties, interest, and late fees ►Having to correct plan errors ►Exposure to government audits ►Civil and criminal penalties for
breaching ERISA duties
►Additional taxation when certain errors
not timely corrected
►Time-consuming reconciliations
between payroll and the third-party vendor(s) (e.g., trust, administrator, etc.)
►How often are your company’s
retirement plans reviewed?
►Is indicative employee data (e.g.,
level, hire date, financial data) gathered and submitted to your providers in the same manner across all business units?
►How are disbursement
errors/exception reporting monitored?
Employee benefit plan compliance
Page 16 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Misalignment of compensation
practices with the company’s strategic objectives
►Lack of integration of the risk
management function into the decision making process around compensation policies and incentive design
►Lack of a correlation between the
incentive period and the time horizon
►Ineffective use of risk mitigating or
incentivizing features
►Employees take risks beyond the
company’s risk profile (or vice versa)
►Poor employee or shareholder
relations and reputational consequences (e.g., failed say on pay
►Company performance and employee
engagement suffers
►Proxy disclosure noncompliance ►What is the company’s definition of
an acceptable risk threshold?
►Has the company reviewed and
identified the links between the key
compensation programs and policies?
►Do the current performance metrics
encourage excessive or inappropriate risk-taking by employees that could have a material adverse effect on the company?
►What risk mitigating features are
built into the current incentive compensation programs and policies?
►What controls does the company
have in place to mitigate the risks?
Incentive compensation
Page 17 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Split accountabilities and
responsibilities between local HR and corporate HR
►Current HR service delivery is
focused on transactions and administrative functions (back-office efforts) rather than serving as a strategic business driver
►Disconnect between HR service
business needs in their service areas
►Specialty support unavailable or
not centralized through corporate HR
►Inadequate communication of
benefit and retirement choices
►Lack of clarity around accountability
and delivery of HR services
►Inconsistent application and
understanding of central HR services
►Limited ability to expand and globalize
by providing appropriate HR support to new geographies
►HR service delivery model that is not
market competitive and does not provide business with a transparent method of cost management
►Excessive financial exposure,
coordination with overall business
service delivery model and/or sourcing strategy.
►Do formal reporting and functional
lines exist between local HR and corporate HR?
►Could your current HR delivery
model support international expansion
►Do various business units have
diverging demands and resources for HR services?
►Does corporate HR focus solely on
services that provide its business units with a competitive advantage?
►Has the company performed a
shared service analysis to determine whether it is cost effective or fits within the organization’s strategic initiatives?
HR service delivery
Page 18 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
► Performance issues resulting in
incorrect records or paychecks
►Unexpected or excessive fees
billed
►Sale of vendor to new organization
who has different technology, pricing, and processes
►Vendor upgrades or changes
technology platform
►Merger, sale, or integration with a
new company who processes in- house or with a different vendor
► Vendor is not performing to the level
►Vendor is not complying with state and
federal reporting and deposit requirements resulting in penalties and potential suspension of business activities
►Cost of outsourcing is higher than
expected due to hidden or unexpected fees
► Plan qualification is at risk due to
vendor operational errors with the data
administration
►Has the company experienced
service issues or fee concerns with its current HR outsourcing vendors (e.g., 401(k) administration, benefit calculations, HRIS, payroll etc.)?
► Have periodic assessments of
vendor performance been performed? Do you have the means to audit vendor performance?
►Has an audit of vendor fees been
performed?
►When is the vendor contract set to
expire? Is this a good time to go back to market for the outsourced services?
Vendor management
Page 19 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
►Failure to develop and implement
policies and procedures that are consistent with company values and that support the company’s commitment to compliance
►Failure to establish and maintain
an internal control environment which aligns stakeholders and regulatory expectations
►Disparate policies within the
corporate acquisition
►Internal controls and policies drive
behaviors and results inconsistent with company values
►Difficult to administer and
communicate multiple policies within the
►Changes to underlying tax or labor law
to which policies are associated
►Is there a process to audit HR
practices, transactions and processes for compliant with applicable laws and regulations (e.g., federal and state wage and hour laws, ERISA requirements, EEOC requirements, exempt vs. nonexempt employee classification, state and local garnishment rules, etc.)?
HR policies and controls
Page 20 HR Internal Audit Discussion
Common Triggers Risks Questions to consider
► Mergers, acquisitions, and/or
divestitures
► Leadership changes ► Reduction in force ► Technology implementation ► Changes to how employees
access HR benefits, payroll and all other HR programs
► Changes to the HR function ► Multiple organizational changes
happening at once
► Disengaged employees ► Higher than average attrition ► Failure to develop a process that
monitors and tracks feedback from employees
► Failure to develop an
understanding of what communication channels are most effective in reaching employees
► Organizational change initiatives do
not deliver their ROI
► Employees are unproductive or do
not perform at their highest level
► Rumors and misperceptions
dominate the communications environment
► Communication channels are
unutilized, insufficient or inappropriate for circumstances
► Formal and informal communications
are inconsistent
► Important key messages are not
understood by the audience
► Difficulty to implement process and
product/service improvements quickly
► Failure to effectively manage
integration issues associated with
programs, policies, and systems
► Strained employee relations ► Is there a formal communications
strategy and plan, updated on an annual basis?
► Is feedback from communications
being gathered to enhance messaging?
► Are your communication channels
effective for intended audiences?
► Are there opportunities to
standardize messages across locations and across functions to improve effectiveness and efficiency of communications?
► Are leaders and managers
prepared for the challenging employee question related to
► Is communications effectiveness
tracked on a consistent basis?
Communication and change management
Page 21 HR Internal Audit Discussion
Sub-optimal results due to misalignment of talent & business needs Ever-increasing retirement fund deficits Increased oversight and governance of remuneration HR compliance challenges under accelerating regulatory change Inability to implement a genuinely global business model Under-investment in HR systems and resources
Internal Audit, Compliance, IT Risk Management, Information Security, Legal, Tax, Transactions, SOX Compliance Strengthen risk governance and oversight Define risk strategy and oversight with accountability for risk management at the Board and Executive levels Improve controls and processes Integrate risk and performance management Embed an enterprise approach to risk assessment and monitoring into business planning and performance management Coordinate multiple risk functions Improve leverage across multiple risk functions to expand coverage, reduce cost and enhance value to the business Enhance business level performance Enable the organization to differentially manage key risks with optimized processes and controls at the business level Optimize risk management functions Embed risk management Enhance risk strategy Traditional risk management functions Enable risk management, communicate risk coverage
The RISK Agenda Executive visibility International Mobility Industry Geographic profile Emerging Markets Risk multipliers Global HR Mega Trends
Applying a broad “risk lens” to the business
Page 22 HR Internal Audit Discussion
Cathy Goonetilleke
►
Senior Manager
►
Ernst & Young LLP
►
Los Angeles
►
Office phone number: (213) 977-7758
►
Email address: cathy.goonetilleke@ey.com