Picture this: risk management stakeholders are at a round table reviewing the annual budget and not an asset valued at 50-70% of the operating budget. This asset is omitted as a priority for assessing vulnerability, expected likelihood, and risk reduction. Everyone gets coffee and the meeting is adjourned. Crazy, yes…likely no. With salaries, benefits, onboarding, and training expenses, it’s estimated that 50-70% of your operating budget is related to people. If you were spending 50% of your budget on a security measure or a risk control, what would you do to leverage that investment? In other words, how are you optimizing employee engagement as part of your enterprise security risk management (ESRM) strategy?
Full disclosure, I’m writing from the perspective of someone who is in Talent, also known as Human Resources, so I have a bias on the critical nature of employee engagement. My example above is, of course, a wildly improbable scenario, but I have observed a disconnect in how the engagement of “people” is perceived. I should clarify that employee satisfaction (“I’m happy”) is different than employee engagement (“I’m committed to the goals of the team and the organization”). With this, set all the targets you want, put all the controls needed into place, and think about the likelihood of a disengaged employee bringing these initiatives across the line. Further to this, organizationally viewing “people engagement” as a thread that runs through Strategic, Operational, and Financial risk is an opportunity to help remove silos and move risk to objectives.
I’ve had the opportunity to partner with teams throughout Canada, Australia, New Zealand, South Africa, and Asia, and the motivation to create a holistic, human capital strategy is a hot topic for business leaders around the world. There has been a shift in the approach of human resources (finite and/or depreciates when used or with time) towards human capital, which reflects investment and growth. With this comes the wide-view lens of people strategy and cross-functional organizational design to solve business challenges in new and interesting ways. Engagement is a critical business driver that not only impacts top-line revenue, but also bottom-line profitability, shrinkage, incidents, and accidents. If we include insider threats, data breaches, and the ease with which brand/reputation can be impacted by social media, the potential risk expands. Take a look at the State of the American Workforce (Gallup, 2017); they have a great body of supporting research if you’re looking for data to support the business case. From my perspective, this reiterates why employee engagement doesn’t just sit in the human resources department—It is a multifaceted business issue that requires attention from all levels, especially senior leadership.
So, what now? Many of you likely already have People Leadership sitting at the table but challenge yourself to think about how continuous improvement in your employee engagement strategy will facilitate your enterprise risk management strategy. Start with data. How regularly do you ask your employees about engagement (i.e., trust in leadership, alignment with business objectives, coaching from managers)? How often do you ask your employees how you can improve it? Annualized data is too far-out, think about conducting a quarterly (or even monthly) health check. Ideally, your employee feedback loop should match the speed of your business. These health checks can help you focus on tangible actions that will cascade into four key areas of employee engagement. We happen to like the Four Pillar Model (Davey, Gore, Parker, 2003) because it is broad while being specific. Each of these areas is robust and has wide bodies of research and content, so here are some initial points for consideration when looking to improve your employee engagement strategy:
4 Ways to Improve Employee Engagement to Help Mitigate Risks
1. Alignment
Do employees know how to make the organization successful?
- Leadership – how does the senior leadership of the organization communicate core values? How does your leadership articulate the importance of risk management? Do they live this value or do they regularly stand on ladders during lightning storms (literally and metaphorically)?
- Management – how does management communicate the impact that team members have on success? How do they coach their people to be successful and engaged? Management is the glue that brings the message of leadership into daily practice. Simon Sinek articles this well in Start with Why (2009).
2. Capability
Do people know what to do?
- Role Definition – have you defined the role? This may seem like an obvious one, but I’ve worked on a ton of coaching engagements where there was a complete lack of clarity regarding expectations. Think about the measures of success for your people, as well as the skills and competencies of the role. This isn’t trying to put people in a box, but rather help give them a roadmap to success.
- Hiring Process – what is your process to ensure quality hires? How do you measure the success of a new hire (within 3-6 months) to validate your process? What other metrics will help assess if your processes are working? Hiring is interesting because since most people have been interviewed or hired at some point, they have an opinion. Sprinkle some “gut feeling” in there, and hiring managers can miss out on why the science of recruiting is as important as the art. Most other HR initiatives fall down if you don’t have the right people. Jim Collins famously highlights the distinction between getting “people on the bus” vs. the “RIGHT people on the bus” in Good to Great (2001).
- Learning & Development – how do you manage the development of role-specific knowledge? How do you onboard people to ensure early knowledge integration? How do you use coaching to support mastery? Opportunities for learning and development consistently top the list of what drives high engagement across generational cohorts (i.e., Boomers, Gen X, Millennials). If you’re going to hire people with strong capabilities, they will look for opportunities to grow and progress. How will you create conditions to make people successful?
- Performance Feedback – how do you give feedback that focuses on improving performance? How regularly is feedback given? Research from Deloitte disrupted this space in 2015 and highlights the importance of regular quarterly feedback over annualized feedback. This comes with a shift to emphasize regular coaching to improve performance and engagement.
3. Resources
Do employees have the tools they need to be successful? Is a lack of tools/resources blocking success? If the cost of NOT achieving success is greater than the investment in the resource, start investing. Are there goals and resource allocation that are at cross-purposes? As an example, I worked with a customer who had a strong value around speed and quality, but would not invest in the right tech to allow their sales software to run quickly. Therefore, not only were hours wasted due to lack of speed, but eventually the salespeople would just stop entering data… so there was no quality or speed! This isn’t about spending massive amounts of capital on resources but having a hard look at what resources will have the most significant impact on job success. Technology has done amazing things to maximize efficiency in cost-effective ways.
4. Motivation
How do you facilitate employee motivation? How committed are your employees to organizational success? Are your people motivated toward intrinsic or extrinsic outcomes? The focus on purpose, autonomy, mastery, and impact versus image, statue, and money is important to understand. Daniel Pink does a great job of diving into this topic in Drive (2009). You’ll see how the other pillars interplay with motivation. Purpose and impact with alignment; autonomy and mastery with capability. Motivation then, is both a pillar of engagement and an outcome.
HR and Risk Teams have many things in common, they just see objectives through different lenses. You’re encouraged to start (and/or continue) the dialogue and focus on the commonalities versus the differences. A series of cross-functional conversations, with the right amount of frequency, will facilitate success. Start with this:
- Which pillar would have the biggest short-term impact on your ERM strategy?
- Which would have the biggest long-term impact?
- What steps can you collaborate on to facilitate the change?
You can’t force an employee to be engaged, but you can create all the conditions for them to do so. Engaged employees show up. They speak up about risks. They are proactive about prevention. And the best part about facilitating engagement? We can accelerate the focus on positive outcomes versus negative risk and allow employees to do great work. Everyone from employees and leadership to customers and shareholders, will thank you.