I am sure many audit functions tend to have certain unease when it comes to audit the human resources (HR) function. Obviously, auditing both the HR and the Payroll functions are critical to ensure adequate segregation of duties beyond all the other risk factors.

Looking and HR information is quite sensitive since internal audit would gain access to personal information. The evolution of data privacy laws such as: the introduction of GDPR in Europe reinforces this concern.

Auditing Human Resources – primary risk layers

Most human resources audits tend to define their scope focusing on some the following key risk areas:

• Risk of inadequate segregation of duties between the HR and Payroll functions
• Access rights to the HR database
• Data integrity of the human resources database
• Adequacy of the hiring practices, policies and procedure
• Employee background checks
• Employee performance evaluations
• Promotions and terminations etc.

These areas focus on the internal risk perspectives of the HR department. That is why, we identified them as part of the first layer of risk.

You might have guessed right; it has to do with the external risk perspective of the HR function.

Auditing human resources – secondary risk layers

If we look at the human resources function as a reflection of the company’s values then their projection of professionalism or the lack there of can have a reputational impact on the organization.

Let me give you a list of HR risks that are looked at from an external (potential employee, vendor etc.) perspective:

1. Job descriptions are vague, incomplete and potentially misleading

2. Inconsistent job requirements

3. Old job postings are not removed timely from the career site or job boards

4. Fake job postings just to test the market and build a candidate database

5. Job interviews are not conducted in a professional manner

6. Slumping Glassdoor ratings without HR’s monitoring and analyzing the trend

7. High employee turnover information spreading through social media

If the risks above are not systematically analyzed and managed by HR, the firm might face a negative reputational impact among potential future employees. This could result in a decline of candidate applications and ultimately a drop in the quality of the talent pool.

Overall, if the company’s internal audit function performs a deeper analysis including the secondary risk layers then the organization can mitigate and/or avoid potential negative perceptions within the talent pool.

Of course this type of analysis should not be performed in a vacuum but evaluated in the context of a corporate culture review.

Corporate culture problems and “Just for Show Activities”

Have you audited secondary risk layer within the HR function and if YES, how?

If you like my post, Do not forget to give Thumbs Up and post your Comments.

#humanresources #hiring #corporateculture #internalaudit #hrrisk #professionaltraining #professionaldevelopment #employeesurveys