Cybersecurity tops the list of top risks for many, but I contend that another source poses a greater risk to our organizations: the Great Resignation.
While many risk managers say that cybersecurity is the biggest source of risk for an organization today, I think there are bigger concerns. One of them was in the news last year and it’s called “The Great Resignation”.
Employees are looking for a fresh start
Consider these survey results from ResumeBuilder.com.
An article accompanying the survey results states: “ResumeBuilder estimates that by 2022 up to 32% of US workers will not only leave their job but also their careers to start fresh in new industries, particularly IT . A quarter of these employees will resign in 2022, half in the first half of the year.”
The numbers are sobering. In the second half of 2021 alone, almost 20 million people quit their jobs, 4.5 million of them in November alone. A number of factors are driving this trend, including a mismatch between employee needs and employer understanding, and a general reassessment of life prompted by the events of the past two years.
What does the big resignation mean for risk practitioners?
What does all this mean for risk and audit practitioners?
Recognize the potential impact the loss of key employees will have on the organization and its success. While risk disclosures can talk about the loss of the CEO and other top executives, we also need to consider the loss of:
- Leaving customer relationships as a seller, perhaps to a competitor.
- Innovation when top engineers and product designers abandon ship, possibly back to a competitor.
- Dynamics in the development and use of technology due to the loss of IT staff.
- Revenue growth is hampered by affecting the organization’s ability to provide products and services.
- Key individuals in performing critical controls and security practices, with less capable individuals (or no one) taking their place.
- leaders within the organization.
- Risk and Audit Practitioner.
We need to help management understand the level of risk to business objectives that can lurk in every nook and cranny of the organization.
We also need to help management assess whether they are doing enough to stem the tide and respond to the waves breaking through the storm wall.
At the same time, we should check whether management is using the situation to increase its potential by hiring the best people on the market.
I recommend reading the following article on Smart Brief: “Let’s call it a customer retention review.”
Forbes says, “It’s not the big resignation, it’s the resignation that’s about time.”
An opportunity for reflection for workers and employers
People are changing their relationship to the traditional workplace and re-evaluating the importance of career versus quality of life.
This provides employers with a long overdue opportunity to do the same by asking themselves four fundamental questions: What are workers looking for in this new work-life balance? How will companies provide what employees need for this balance? What does this new workplace look like? What can employees and employers do to help?
Risk practitioners can work with management to understand the risk (and opportunity).
Internal auditors can help by assessing whether this is sufficient and perhaps suggesting ways to improve employee retention and hiring.
What do you think?
Writing this reminded me of another point I would like to discuss: Some have said that when an event or situation is safe, there is no risk. They refer to the ISO 3100 definition of risk as “the impact of uncertainty on goals”. If there is no uncertainty, they claim, there is no risk.
My problem with this is that while an event or situation can certainly occur or even have occurred, it Effect or future effects may be uncertain.
I think we have to be careful to avoid pitfalls like rigid interpretation of definitions. But I will point out that we are talking about “impact on targets”. This part of the definition is crucial. Assessing a risk or an opportunity differently is not necessarily always wrong, but I think it is questionable.