HUMAN RESOURCES AUDITINGleadtraining.com.mt/wp-content/uploads/2016/04/HR-Audit-Presentat… · The...
Transcript of HUMAN RESOURCES AUDITINGleadtraining.com.mt/wp-content/uploads/2016/04/HR-Audit-Presentat… · The...
HUMAN RESOURCES AUDITING
What is Auditing?
The word “audit” comes from the Latin verbaudire, which means, to listen. Listening impliesan attempt to know the state of the affairs asthey exist and as they are expected/ promised toexist. Auditing as a formal process is rooted inthis feature of listening. Consequently, it is adiagnostic tool to gauge not only the currentstatus of things but also the gaps between thecurrent status and the desired status in the areathat is being audited.
Internal vs External Audits
External Financial Audits Internal Audits (HR Audit)
Obligatory Non Obligatory
External UsersInternal Users/Limited
External Users
Financial Focused Non Financial Focused
Appointed by Shareholders Appointed by Management
Outsourced Only Inhouse or Outsourced
What is Common
External Financial Audits Internal Audits (HR Audit)
Independence Independence
Professional Skepticism Professionals Skepticism
Systematic AuditingTechniques
Systematic Auditing Techniques
Value Add Value Add
Risk Based Risk Based
Evidence Evidence
Definition of Internal Auditing
Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations. It
helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes.
Source: Institute of Internal Auditors
Corporate Governance
The system of rules, practices and processes by
which a company is directed and
controlled. Corporate governance essentially
involves balancing the interests of the many
stakeholders in a company - these include its
shareholders, management, customers,
suppliers, financiers, government and the
community.
Business Objectives
• Set by the Board of Directors
• Reflected in the Business and Strategy PlanAdopted by Management and approved by theBoard
• Objectives are de-escalated throughout theorganization via functional objectives (such as HRObjectives) and targets documented withinpolicies and procedures
• Performance vis a vis Business Objectivesperiodically reported to Senior Management
Business Objectives or Not?
Engaging expert interviewing board for selection of new recruits.
Selecting the best candidates for our vacancies.
Installing the best payroll software in the market.
Calculating employee compensation accurately and efficiently.
You cannot achieve what you cannot writeWrite 5 objectives in relation to Termination of
Employment
1.
2.
3.
4.
Risk Management
Risk management is the systematic process of
understanding, evaluating and
addressing risks to maximise the chances of
objectives being achieved and ensuring
organisations, individuals and communities are
sustainable.
What to do when a risk is identified?
Attributes of Good Auditors
• Good Communicators (questioning, listening…face to face)
• Positive Attitude
• People Skills
• Vision and Instinct “Instinct is the nose of the mind”
• Ability to see the big picture
• Decision Making (What is relevant and what is not)
• Leadership “Don’t find fault, find a remedy – Henry Ford.”
HR Audit Definition
A process whereby HR related activities are
independently, objectively and systematically
assessed vis a vis their effectiveness and
efficiency in reaching corporate objectives and
legal obligations.
Why Conduct HR Audits?
To measure, assess and improve the efficacy
with which the HR function is contributing to
the overall attainment of business objectives.
Overview of HR Audits
The HR auditing process is or should be an independent, objective, and systematic evaluation that provides assurance that:
1) Compliance and governance requirements are being met
2) Business and talent management objectives are being achieved
3) Human Resource Management risks are fully identified, assessed, and managed
4) The organization’s human capital adds value.
HR audits are increasingly expected to look behind and beyond theorganization’s assertions of sound and proper HR management practices andto assess the assumptions being made, to benchmark the organization’sprocesses and practices, and to provide the necessary consultative servicesthat help the organization achieve its business goals and objectives.
HR Audit Considerations
• Possibly conducted annually
• Focus on different key area every year (Risk
Based Approach)
• Budget HR Audit Resources
• Audit Team Structure and Composition
(Inhouse or Outsourced)
Types of HR Audits
• Compliance
• Best Practices
• Strategic
• Function Specific
Key Challenges for HRMSource: Boston consulting Group Survey in Europe
Managing Talent
Managing Demographics
Becoming a learning organization
Managing Work Life Balance
Managing Change and Cultural diversity and Transformation
Key Challenges for HRMSource: Boston consulting Group Survey in Europe
• The HR Audit team must learn about these and
other challenges and discuss their applicability
and impact on the organisation with
departmental Managers (Senior and
Functional).
• Audit Tools: Research/Interviews
/Survey/networking etc…
HR Audit Cycle
Culture
Identify HR activities
and processes
Assess Risks for
every activity
Develop a Risk Based Audit Plan
Test and analyze results
Report
HRM Activities
• Structure – Chart
• Legal Compliance
• Union Relations
• Recruitment and Selection
• Employee Induction
• Compensation and Benefits
• Training and Development
• Transfer and Terminations
• Performance Management
• Disciplinary Procedures
• Employee Retention
• Payroll
• Health and Safety
• Succession Planning
• Records Management and Information Systems
• Budgetary Control
• Others…
HR Policy Manual
• Does it exist?
• Are objectives written in the policy and in line with higher level business objectives and risk appetite as set by the Board of Directors?
• Are identified activities/processes /people documented properly in an HR Policy Manual (organisational chart, process flow charts)?
• Are internal controls mitigating the risks well documented in the policy?
Policies and Procedures – Why?
• Framework for decision making and delegation
• Consistency of work practices
• Means of communication
• Continuity of work
• Internal Controls
What can’t be written, can’t be achieved
Policy Manual Contents
• Process objectives linked to higher Corporate Objectives and legal requirements
• Management Structure (Chart) and job profiles
• Sub-divided between activities/processes
• Roles and Responsibilities of process owners
• Define risks and identify risk owners
• Procedures and internal controls including flow charts
• Performance Measurement (KPIs)
Policy Manual Considerations
• Living document
• Updated regularly
• Simple to use
• Owned by everyone
• Training
• Policy workshops
Risk Identification and Assessment
Techniques
• Interviews with process owners to identify
risks and discuss their probability and impact
• Perform Process Walk through tests
• Identify and test internal controls
• Analyze and Discuss risk impact
• Document results in risk register
HR Audit Questioning
Organization and Structure
• Is there an organizational chart?
• Does the chart include both employees’
names and position titles?
• Does the chart show reporting relationships?
• Is the chart updated as changes occur?
• As the needs of the organization change, does
its structure change?
HR Audit Questioning
HR Department Organisation
• Is the department sufficiently staffed for the industry and the size of organization?
• Is the budget in line with other organizations of similar size and industry?
• Is there a job description for each position in the department?
• To what position does the top HR position report?
• Does the HR Department have an updated written policy and a mission statement?
• Are HR objectives set and documented in the policy?
• Is the HR mission statement and business objectives consistent with the vision and mission of the organization?
• Is their a documented risk register for the Department?
HR Audit Questioning
Recruitment
1.
2.
3.
4.
5.
6.
HR Audit Questioning
Resignations, Transfers and Terminations
1.
2.
3.
4.
5.
6.
Risk Assessment
RISK REGISTER
RISK LIKELYHOOD IMPACT RISK LEVEL RISK RESPONSE RISK OWNER
RECRUITMENT
Risk that company is employing people with wrong skills LOW MEDIUM LOW ACCEPT MANAGER
Risk that company is not employing in line with equal opportunities requirements MODERATE HIGH HIGH MITIGATE MANAGER
Risk that selection is not done objectively MODERATE MEDIUM MEDIUM MITIGATE MANAGER
Risk that job advertisements are not in line with legal requirements LOW MEDIUM LOW ELIMINATE MANAGER
Continuous Risk Management (CRM)
• Keep Risk Register a live register
• Continuous identification of new risks
• Follow up on mitigation actions
• Present quarterly updates through internal
workshops
• Joint effort by all HR personnel
• Enhanced Risk Culture
Risk Based Audit Plan
• Scope of Audit (which activities are being
audited) – Based on Risk Assessment.
• List optimal mix of audit tasks to be performed
(tests of controls, substantive tests, interviews
etc.) – Based on Risk Assessment
• Sampling techniques – Based on Risk Assessment
• Timeline of Audit
• Audit Resources/expertise needed (Audit Team)
Audit Testing
• Further Interviews with process owners
• Walk through of processes
• Audit Checklists/questionnaires/surveys (Based on company policy and best practice (research)
• Reviewing relevant Documentation
• Analyzing KPIs
• Onsite reviews, observations, informal enquiries with key personnel
• Reconciliations (example: Payroll)
Audit Documentation
• Documentation – What is not documented is
not done.
• Audit File and Working Papers
• Evidence copies
• Referencing – Start from Audit Plan
• Sign offs
• Review of file
Communication/Reporting
• All work goes to waste if audit reporting is not
done effectively
• Simplicity is key
• Make it interesting – focus on objectives and
highlight opportunities
• Involve Auditees in report via Management
Comments
Audit Report Structure
• Scope (refer to Risk Assessment Results)
• Limitation of Scope (if any)
• Background information
• Methodology
• Audit Findings and Risks (Key risk or Not)
• Recommendations
• Management Comments (action and time)
Integrity and Objectivity
Value Add
Professional Skepticism
Relationships & Communication
Culture