Ultimately directors are responsible for the stewardship of the organisation.

The Banking Royal Commission has identified less than reasonable behaviour from a number of financial services organisations, subsequently resulting in the negative reputational impact which saw the CEO and a number of directors retiring, not to mention a very sharp decline in share price and the potential for litigation from various stakeholders.

Management should have effective internal controls such as policies, procedures and systems in place to effectively manage exposure to risk.

Such policies and procedures should cover the following:

Human Resources – including recruitment policies, conflict of interest, job descriptions, training, performance evaluations, remuneration and disciplinary procedures, investigations of workplace incidents, etc.

Risk & Compliance – including regular compliance certifications from responsible officers, breach and incidents registers, risk assessments and rating, etc.

Administration & Financial – including job responsibilities, segregation of duties, procedures for key administration activities, reporting relationships, financial authorities and access to assets.

Reporting – including regular review of financial and operational reports and controls, preparation responsibility, etc.

Systems – including security, system hardware and software, procedures for key activities e.g. procurement, business continuity, etc.

The starting point for any organisation is to identify and assess its risk. Generally, the Board/ management will conduct a risk assessment to identify the key business risks, assess their probability of occurrence and rate these risks.

A risk assessment assists management to focus on the key business risks. It is important for managers to regularly monitor, review these risks and the effectiveness of the internal controls.

As a guide, risks can be classified into broad categories, for example:

1. Asset

2. Financial

3. Operational

4. Regulatory/Compliance

5. Reputational

For a business with a high reliance and dependency on staff, Human Resources will be a key business risk and most employers would have a range of policies, procedures and systems in place. Employers may also bring in a consultant with subject matter expertise to ensure that they have adequate and effective internal controls.

Listed below is a limited selection of internal controls which your organisation may implement for risks associated with Human Resource:

Recruitment Policy

References to hiring procedures, such as anti-discrimination, legal compliance, police checks, type of employment contracts (full-time, part-time, casual), probationary period if applicable, safety ,induction etc.

Remuneration Policy

Identifying Fair Work, ordinary pay rates, overtime, time in lieu, providing payslips, submitting withholding tax to the ATO, payment of superannuation, worker compensation. LSL, annual & sick leave entitlements, etc.

Other Human Resources Policies

Bullying & Harassment, Workplace Health & Safety Policy, Dress Policy, Delegations, Performance Management, Conflict of Interest, Jury Duty, Social Media Policy, Confidentiality, Privacy, Domestic Violence, Ceasing Employment, etc.

To ensure the effectiveness of the relevant internal controls, staff need to be aware and regularly trained on the respective of policies, procedures and systems.

Compliance with respective legislative requirements should be identified as a regulatory risk for all orgnaisations. For example, the Fair Work Act sets out various obligations for an organisation, such as minimum pay rates, working conditions, unfair dismissal to name a few. In recent times, there have been a number of high profile employers who have received negative media exposure for underpaying staff. This has created a negative impact on their respective reputation, not to mention the potential financial impact.

For assistance with your organisations internal controls, please contact us today.