Risk and Compliance: Are the risks you're allowing worth the reward?
Blog title V2
null Risk and Compliance: Are the risks you're allowing worth the reward?
RISK AND COMPLIANCE: ARE THE RISKS YOU'RE ALLOWING WORTH THE REWARD?
I’ve recently found myself speaking with a number of organizations who do not have a centralized managed program for their contingent workforce or have chosen to manage it themselves. If they’ve chosen to manage it themselves, it’s about 50/50 chance whether they’ve invested in a technology (Vendor Management System) to support their efforts or not. Whether it’s a managed program, with a technology or without, or if it’s the “Wild West”, I’ve found that there are several crucial areas overlooked when it comes to risk and compliance.
We tend to look at risk and compliance in three categories, Financial, Reputational, and Contractual. There are multiple components to each, and to be honest, they’re closely related. A breach of contract often results in a financial and reputational impact, and a reputational impact often has a major impact on the finances of a business. Below are just a few of the major components.
The first half of this calendar year has certainly given us a lesson in why it is best to run a tight ship, you never know what may come up, and how you’ll need to handle it. Whether you’ve chosen to self-manage or not, it’s crucial that you have answers to the following questions.
This category of risk often rears its head in unapproved spend, initially. This can range from a hiring manager going outside of a defined process and engaging suppliers with budget or headcount they don’t have approval for. However, it’s more common that the manager did gain initial approval of a contractor for a specific time period or budget, but that has since lapsed without approval to extend. Suddenly, a contractor has been on assignment for an extra six months and you’re $40k over budget before anyone is the wiser.
The onboarding process, or lack thereof, can generate additional forms of financial risk. Is there a comprehensive process in place to capture onboarding documentation? For example, when engaging Independent Contractors, do you have agreements in place for Intellectual Property protection and proper insurance? Do you track what equipment is provided at the time of onboarding for all contractors?
While reputational risk can be difficult to quantify, it is quite easy to identify. Consider what types of press would be good and bad for your organization to receive from an employment and business standpoint.
Do you have a defined process in place that tracks what systems contractors have access to? How do you monitor that activity in systems with confidential or sensitive information? Do you have a process to shut down system access when it’s no longer required, or a project has ended?
Similar considerations must be made for physical access granted to contractors. Typically, when a contractor is onboarded and begins work, they’re given a key card to the office. Is the key card for the specific floor or department they need, or is it for the entire campus? What happens if the project or requirements change for the contractor and they now need to have access to a different floor or department? Will their old access be shut down? Do you have a process in place for how equipment is returned when someone leaves or is terminated?
Taking this a step further, with the global COVID-19 Pandemic, do you have a way to quickly and accurately identify all of your non-employee workforce? Which workers are active, which suppliers deployed them, what projects and departments do they work with? How can you effectively communicate with them about abrupt and hugely important changes?
This category of risk becomes critically important as you begin looking at the type of work that your contractors are performing. Are they working on anything that would affect client contracts or regulations like GDPR (General Data Protection Regulation) or PII (Personal Identification Information)? If so, it’s imperative that any agreements and regulations that you need to maintain are also maintained by your contractors.
This category also includes how you’re classifying contractors. If you’re engaging Independent Contractors or Self-Employed workers, it’s imperative that you have a process in place to validate the work and worker, to ensure they are properly classified. Are you building audit defence files, updating them, and keeping them for the appropriate amount of time?
At the end of the day, when it comes down to how you’re managing your contingent workforce, your business needs to make the best decision based on your specific goals and objectives. But when doing so, you should balance the value of a partner, and the strengths they could bring to the table, not only in mitigating risk but delivering workforce strategies.
At Hays, our objective is to deliver and enable workforce strategies to achieve those goals and objectives. We do this by delivering the right talent at the right time, at a fair price… regardless of source or classification.