One common task for an HR professional is

interpreting and applying

risk management policies in the workplace.
In this video, you will review risk management and
learn how to create a formal risk management policy.
Along with many other tasks,
HR is called upon to do the following.
Promote employee health and well-being,
protect organizational assets from loss and liability,
identify and comply with laws,
and focus on preventing risks to stakeholders.
These tasks are called risk management.
As you'll recall, risk management is a process of
analyzing potential threats and
deciding how to prevent them.
Well, it is impossible to fully
eliminate risks in an organization.
Having a risk management policy that is easy to access
and understand can help lower the possibility of risk.
Let's review an example of
a risk management policy and how to write one.
Although risk policies are all different,
the components of them are similar.
A risk management policy
should include the following sections.
Purpose, scope, policy,
objectives, business planning procedures and definition.
Other sections may be included
and customized for each organization.
A policy can be as short as one page or as long as 50.
However, it is important to remember that employees are
more likely to read the policy
if it is short and succinct.
The purpose section at the risk management policy
should do exactly what it says,
state the purpose of the policy.
It should include essential information for
employees that is written clearly and concisely.
For example, Maryville University risk management policy
includes a purpose section.
As you might expect,
this section focuses on the intent of the policy.
In particular, this policy establishes the framework for
a formal risk management program by designating
responsibility for risk identification and analysis,
planning for risk mitigation,
and outlining program management and oversight.
It's important and helpful to
have a policy like this that
makes this information explicit
to everyone at the organization.
The scope subcategory is a quick statement that
explains who the policy
applies to and their responsibility.
It says this policy applies to
all university employees, departments,
and functions that deal with risk e.g.,
student organizations to the university
and its stakeholders in any form.
All university employees and functions should
consider their safety and
the safety of others while working.
Another important section in
the risk management policy outlines
who has oversight of the policy.
It is important for any risk management policy to clearly
define the roles and responsibilities for managing risk.
The oversight section explains who is in charge.
In this policy,
the University Risk Management
Office/officer, the controller,
is responsible for coordinating
the development and maintenance
of risk management policies,
procedures, standards, and forums for the university.
The controller is also
responsible for the ongoing evaluation
and day-to-day management of
the university risk management program.
A risk management policy should also
include the process for reporting risk.
In this policy, every employee of the university and/or
university function dealing with risk is
responsible for promptly reporting any property loss,
potential liability claim, and/or
potential criminal conduct or
other non-compliance to the controller.
The policy goes on to state who will
investigate any claims and who to call to make the claim.
Every organization will have varied
needs from their risk management policy.
This policy was designed with a university in mind,
but a factory or a restaurant or
a daycare will all have different risks to account for.
Even if the risks and policies change, the basic purpose,
understanding, mitigating,
and reporting risk will be the same.
Play video starting at :3:50 and follow transcript3:50
To review, risk management is a process
of assessing and preventing threats in the workplace.
Organizations should create and
distribute a risk management policy.
It should be written clearly and concisely and
it should be readily available to all employees.
Next, you will learn about
the common risk management policies.
Required
English

Help Us Translate

Previously, you learned about the risk management policies.

Now you are going to learn about common risk management policies for
business continuity.
A Business Continuity Plan is a prevention and
recovery system from potential threats to an organization's operations.
It ensures that personnel and assets are protected and
able to still function in the event of a disaster,
such as a cyberattack or natural disasters like tornadoes, hurricanes, or tsunamis.
These threats can mean a loss of revenue, higher costs, and a drop in profits.
Although insurance might help with recovery,
it does not cover all of the costs associated with disasters,
including customers who move on to the competition.
There are four main steps in preparing a Business Continuity Plan.
The first step to prepare a Business Continuity Plan is to conduct a business
impact analysis.
Every organization has unique conditions and
factors that affect the needs of the continuity.
Some of the factors that drive planned components are geographic location,
availability of response resources, industry, and
the specialized needs of customers.
The next stage is to create recovery strategies.
It is important for HR to work with internal and external experts for
this stage.
HR will drive the brainstorming sessions to identify strategies and
response to the business impact measures that were identified in step one.
Begin by identifying resources that can be used, then conduct a gap analysis and
explore recovery strategies.
Finally, implement the strategies.
The third step is to develop the actual plan.
This step involves all available resources and tools to use in case of a disaster.
To start, develop the framework.
Next, select and train recovery teams.
Then, write standard operating procedures.
Finally, get approval for the plan.
The fourth step is to practice the plan, which involves training the trainers in
conducting drills to evaluate what worked and what needs modification.
To do so, develop tests and exercise them.
Train response teams, conduct tests and document the results, and
update the plan based on the test outcomes.
It is important to periodically update the plan if needed.
Play video starting at :2:14 and follow transcript2:14
Having a Business Continuity Plan can help organizations navigate disasters
such as cyberattacks and natural disasters that can severely impact profitability.
Doing this can save your business in case of an emergency.
Coming up, you will examine risk management policies by reviewing examples.
In this video, we'll explore a real-world example of
an organization that develops risk management policies.
For this example we'll follow Niary,
an HR professional at Urban Attire.
Urban Attire is a mid-sized business that specializes in
casual wear for the modern metropolitan lifestyle.
There are many people working at Urban Attire and
the HR team is refreshing its
risk-management policies to apply
to all members of the organization.
Specifically Niary is working on
a business continuity plan for Urban Attire.
Recently, one of Urban Attire's competitors was
hacked by a group of cyber criminals.
The hackers accessed their system,
held their data ransom,
and prevented them from
accepting any credit card payments
online or in-store for two weeks.
This breach was a huge issue for the competitor,
and they ended up closing locations for the second week.
The competitor eventually reopened
after switching to a different system,
but they lost a lot of money and
impact to the brand credibility.
Niary was shocked by the hack and
realized that something similar
could happen at Urban Attire.
Niary decides it's time to create
a business continuity plan
specifically for cyber attacks.
First, Niary conducts an impact analysis.
In a retail setting,
the amount of money lost will depend on the time of year.
So Niary reviews, slow periods, average periods,
and the busiest periods of
the year to get an understanding of
what the loss of sales during each period would mean.
Niary also connects with the IT team,
the management team,
and third party cybersecurity experts to
determine the response resources that would be required,
especially if any critical information
or infrastructure was hacked.
Needless to say, handling these kind of attacks is
expensive and can be extremely time consuming.
Next, Niary begins generating a recovery strategy.
Initially, Niary works with the IT team
to understand what systems can be backed up,
stored externally, and reinstalled in case of a hack.
Niary is also contracted with
a cybersecurity firm that will proactively
probe the system for
weaknesses and assist if hacking should occur.
After that, Niary drafts the business continuity plan.
The plan includes standard operating procedures,
recovery teams, points of contact
and templating messaging that
Urban Attire can use in case of a cyber crime.
Niary presents the plan to
the HR department head as well as the executive team,
and after some small edits,
the plan is approved.
Finally, Niary works with
the third party cybersecurity firm and
the IT team at Urban Attire
to develop some practice scenarios.
Everyone involved in the hacking drills
is excited and interested in the sessions.
They can even find
some unexpected situations that
lead Niary to update the plans.
With the plan in place,
Niary feels confident that Urban Attire
is prepared for cyber attacks.
Of course, a risk like this can't be completely removed,
but having a plan in place will help
to mitigate at least some of the risk.
That's all from Niary for now.
Researching, writing, and practicing
risk management policies is a critical HR responsibility.
A good plan may even mitigate
tremendous and costly risks,
but they will take thought and effort to create.
Coming up, you'll wrap up this week with
information about other risk
management policies and procedures.

Overview: Risk Management Policies

and Procedures
Risk Management Policies and
Procedures
HR professionals are called upon to do many things, including prevent risk to all stakeholders.
Risk management is the process of analyzing potential threats and deciding how to prevent
them. Creating a risk management policy allows an organization to identify and respond to risk in
a way that minimizes impact on the organization. Organizations should also incorporate business
continuity plans to prepare for disasters.

Risk Management Policies

The purpose of a risk management policy is to provide guidance for the various risks an
organization may encounter. The policy helps support an organization’s objectives, protect
employees and business assets, and ensure financial sustainability for the organization. Once
risks have been identified, a risk management policy can be created.
Elements of Risk Management Policies
Risk management policies vary depending on the needs of each organization. Some risk
management policies can be short, while others need to be long. When creating a risk
management policy, it is important to personalize it to your organization’s needs. The most
common elements of a risk management policy are purpose, scope, policy, objectives,
procedures, and definitions.

Purpose: This section of a risk management policy should clearly state the purpose of the policy
in a clear and concise manner. It needs to include essential information for employees.

Scope: When including a scope statement, an organization should explain who the risk
management policy applies to, such as executives, management, employees, etc.

Policy: The policy section explains the overall risk management policy for the organization. It can
explain the specific risks an employee may face, such as electrical safety, working with
dangerous chemicals, carrying heavy objects, etc.

Objectives: The organization should include what their objectives are in relation to risk
management and what they hope to achieve.

Procedures: The procedures section should include who is responsible for taking action, as well
as important activities and roles in the procedure, such as how to report an incident, how the
organization plans to communicate risk management activities, etc.

Definitions: A definition section is important so employees can easily reference the key words in
the policy.

Business Continuity Plan in Risk

Management
While risk management focuses on mitigating external problems, business continuity plans
provide an outline for what an organization should do if disaster strikes. According to kuali™ a
business continuity plan is an essential part to risk management. The plan protects an
organization from disaster and allows it to quickly resume business operations. A business
continuity plan is a sub-category of risk management. Organizations should maintain both a risk
management policy and a business continuity plan to mitigate risk and be prepared for
emergencies.

Conclusion
Risk management policies and business continuity plans allow an organization to resume
operations quickly, while also caring for their employees health and safety.

If a new employee is hired and

simply given the employee handbook without any interpretation or support,
this is not an effective way to communicate safety plans and procedures.
In this video, you will learn about the importance of communicating all safety and
risk management policies with new hires during the orientation and
onboarding processes.
As you'll recall, orientation is a process for new employees to learn about policies,
features, benefits, and expectations of their new employer.
Orientation is typically completed in one or two days, and
includes routine tasks such as setting up payroll, printing employee IDs,
enrolling in benefits, and providing personal information.
However, orientation is also a great time to introduce safety and
risk management policies.
One of the many goals during the orientation process is to complete
required organization local or federal training.
Organizations can also choose to add introductory health and
safety training at this time.
It's important for employees to understand that health and
safety are taken very seriously in the organization, especially in
industries that have higher risk, such as manufacturing or construction.
For example, all employees at Slice U are required to take a basic food and
safety course on their first day.
This course typically takes less than an hour to complete and reviews information
such as cleanliness, food handling and proper cooking temperatures.
Onboarding, similar to orientation, is a process of welcoming people that have been
newly recruited into the organization.
Done correctly, the onboarding process should be a calculated method that lasts
anywhere from one month to a whole year.
An onboarding plan should include an easy to understand introduction to
an organization's procedures, including safety and risk management.
A positive and informative onboarding process is vital for employee retention.
To continue with the previous example, Slice U,s onboarding process continues for
two months.
It involves in depth virtual training about food safety, kitchen safety,
first aid, heat, illness, and customer service, and other important trainings.
New employees are also required to take an Ocha training called a Menu for
Protecting the Health and Safety of Restaurant workers.
This training uses a workbook that includes information on workers'rights and
common job safety hazards, such as working with sharp tools, preventing burns and
injuries from slips and falls, and more.
Slice U employees are required to complete the entire workbook,
including the scenario, prompts checklists, and other activities.
Play video starting at :2:30 and follow transcript2:30
It's a good idea to incorporate risk management practices through health and
safety training in both orientation and onboarding processes.
These trainings can be either formal or informal.
Overall, it is essential for new employees to understand that health and
safety is a priority within an organization.

Now that you know more about including

risk management in the orientation
and onboarding process,
let's discuss implementing on-going formal training
to minimize health and safety risks.
Training promotes an organization,
safety culture and reminds workers
at the organization's expectations.
As you know, training can take many forms: classroom,
on the job instruction, simulation and more.
Training can also be informal.
For example, inviting an employee
to join you for a safety work,
as you point out features or concerns,
trains them to be on the lookout
for the same or similar issues.
Safety works can occur daily,
weekly, or whenever needed.
Training sessions, both formal and informal provide
employees with tactical hands-on
knowledge of safety procedures,
and they also help minimize risk.
To illustrate, Slice you purchase
a yearly subscription to
an online restaurant trading platform.
Slice use HR team is able to
customize the training by choosing the topics,
frequency, and employ audience for each training.
Employees receive an email prompt,
and deadline each time a training is assigned.
Some training, such as code of
ethics training, is required yearly.
Others, such as health and safety,
are assigned monthly because new content is frequently
added and it's critical to keep employees up-to-date.
The virtual format gives employees
flexibility to complete the training
at their own convenience,
but within the required time frame.
Trainings include readings, videos,
discussions, quizzes and more.
The platform also maintains progress reports so
managers can easily see who is taking the training,
who is in the process, and who has not yet started.
Play video starting at :1:39 and follow transcript1:39
To summarize, ongoing training
is essential in any organization,
not only does it review expectations,
but it also helps to build a safety culture
and ensures employees are acting responsibly.
Up next, you will review
compliance training and how to effectively implement it.
Required
English

Help Us Translate

As you'll recall from previous videos,

there are many compliance trainings that are required by law.
In fact, many safety standards include communication and
training requirements for employers to follow.
As an HR representative,
you will be required to know what these requirements are, most importantly,
federal and state specific requirements and take steps to complete them.
This video will introduce you to those requirements.
Compliance training is any training that employees are required to take
as regulated by the state, industry or organization.
There are many types of compliance training.
The most common include the following, code of conduct or ethics training,
anti-harrassment or discrimination training, information security training,
health and
safety training, diversity and inclusion training, and management training.
These trainings can be conducted in a variety of formats, including classroom
instruction, virtual delivery, instructor led, self paced, and many other options.
Part of your job as an HR professional will be to know what compliance trainings
are required in your industry, location and company size.
You will also need to ensure all employees receive the training and
to document the completion or acknowledgment of the training.
If you hold in person training, it is important to remember that there will
be times when not every employee will be able to attend.
Illness, vacations meetings and
other work commitments may conflict with the training schedule.
Because compliance training is required,
it's important to have a backup plan in place, such as a makeup session.
If employees fail to complete a required training, you must also determine
a consequence, such as a disciplinary meeting with upper management.
As an example,
Urban Attire's workforce includes people from many different backgrounds.
The HR department at Urban Attire understands the importance of diversity
and inclusion initiatives, so they hire experts in the field to lead required
training for all employees each year.
The training, which is conducted in person at each store around the country,
incorporates short lectures, videos and roleplay scenarios, and more.
Although this is a large expense for Urban Attire,
they believe in person delivery is the most effective approach because employees
are more engaged than in a virtual setting.
Urban Attire also has yearly information security training because only a handful
of employees work with sensitive information, such as credit card numbers,
employee and customer information, and seller data.
There are two forms of the training.
The first is for those who work closely with the information, including upper and
lower management.
These individuals receive quarterly in person training from the organization.
Employees who do not work closely with the sensitive information,
such as sales associates, participate in a yearly all staff meeting led by managers
who attended the formal training.
Attendance is mandatory for both training sessions, and
makeup sessions are offered for those unable to attend.
Play video starting at :2:58 and follow transcript2:58
To review, employees are required by the state, industry or
organization to complete compliance trainings.
These include sexual harassment and
code of ethics trainings, which can be delivered in a variety of ways.
As an HR professional, you will be expected to organize these trainings and
ensure they are completed by all employees.

Overview: Formal Risk Management

Procedures
For any organization, risk management is an essential component to promote health and safety.
Risk management is the crucial process of analyzing potential threats and deciding how to
prevent or control them. Risk management consists of four essential stages, as follows.

Stage 1: Identify the Risks

The first stage is determining the risks an organization may face. These risks can take several
forms: legal risk; risk to the safety and health of employees; physical risk to property, plant, and
equipment; financial risk; risk to privacy and data security; risk to the organization’s reputation
and goodwill; and risk to the organization’s ability to continue in business. HR should place an
emphasis on identifying all possible risks. A regular and comprehensive audit of all functional
areas of the organization will support this task.

Stage 2: Assess the Risks

Organizations must determine the potential and likelihood for each risk by analyzing it and
determining its scope. For example, an organization that operates in manufacturing has higher
risk of bodily injury than an organization that primarily conducts business in an office. It’s also
important to consider the potential severity of the risk to determine how many business functions
it may affect. This evaluation is known as a risk assessment. A risk assessment is the process of
determining the likelihood that a particular risk will occur and the financial cost to the organization
if it does occur, including the cost of compliance with federal and state laws and regulations.
Stage 3: Mitigate or Eliminate the risk
Once an organization has determined which risks need to be addressed, it must develop and
implement strategies to address them. If possible, the risk should be eliminated or contained.
First, an organization can choose to avoid risky activity altogether. Second, an organization can
choose to modify the risk by adopting programs and plans to reduce the likelihood of a risk
occurring. A business can also choose to transfer the risk by either purchasing insurance or by
contracting out the risky activity to another vendor. Finally, an organization can accept the risk as
an essential part of doing business and plan to deal with the likely consequences. It is important
to understand that not all risks can be eliminated, such as the possibility of hurricane damage to
an organization that is located near a beach. A significant amount of risk mitigation involves
modifying risk through developing and implementing government-mandated safety and health
management plans, such as OSHA laws and regulations.

Stage 4: Monitor and Refine the Risk Management Program

An organization’s risk management program and policy must be monitored regularly. This
monitoring can be accomplished through employee feedback. Employees are involved in an
organization’s daily activities and can often identify the onset of risks. Open communication with
employees will encourage them to communicate possible risks. It is also essential to modify and
refine a risk management program and policy when the need arises. Remember—it is better to
be proactive with risk than reactive. A documented plan can save an organization a significant
amount of time and money.

Conclusion
Everything in business comes with risk. Organizations can make efforts to manage them, but
some risks will always be present. These four stages of risk management, however, can help
mitigate risk in your organization.

Take the aPR Exam

Congratulations on completing the HRCI Human Resource Associate Professional Certificate
program! A career in human resources is a rewarding career that will allow you to guide
others through their employment path and to help your organization thrive with a strong team
of employees. Throughout the course, you learned about talent acquisition, learning and
development, compensation and benefits, employee relations, and compliance and risk
management. All of this helped prepare you to take the aPHR exam! This reading will guide
you through how to sign up for the exam, as well as important terms and conditions.

Applying for the aPHR Exam

To apply for the aPHR exam, complete the following steps:

 Go to https://www.hrci.org

o Click “Apply Now” (in upper right corner)

o Create an account with HRCI when prompted

 Select “My Exam Applications” (under “Your Account”)

 o Click “Begin New Application”

o Complete the required information

o Click “Save & Continue”

 On the Exam Selection page

o Select the aPHR Certification Exam (Your Coursera coupon code is only
eligible for the aPHR Certification Exam)

o Click “Select” and then “Save and Continue”

 The "Build Your Own Bundles" page will pop up

o If you need additional resources like a prep course, practice exam or second
chance insurance, you will have the option to add those additional products at
this time.

 Click on “Add Promo or Voucher”

o Enter your unique Coursera coupon code

o Click “Apply”

 From here, you will see your discount applied to your cart

o Click “Proceed to Checkout”

 Read through the terms and conditions (which are available on the website and also
listed in the next section of this reading).

o Check the “I agree” box

o Select the boxes under “Additional Agreements”

o Click “Continue”

 If you need special accommodations, you can request accommodations on the next
screen.

o Click “Continue”

 The “Agreements, Special Accommodations & Preparation Preference” page will pop
up

o Please indicate in the text box how you prepared or plan to prepare for the
aPHR certification exam
  Complete your billing information

o Click “Submit Order”

o You can review and print your receipt, if needed

 After you have submitted your application

o You will receive an email communication from HRCI about the status of your
application and next steps

Terms and Conditions

A coupon is valid for 365 calendar days from the date of issue. During the 365 days,

coupons are non-transferrable and must be redeemed in a single transaction (no remaining
credit

if not used in whole).

Coupons cannot be combined with any other HRCI discount offer or promotions. Only one
coupon is permitted per person.

Additional items purchased that are not included in the coupon, must be purchased as part of

the exam application checkout process with a valid form of payment accepted by HRCI (e.g.

credit card, check, wire).

Exam candidates who redeem coupons for a portion of payment must follow all applicable
eligibility and exam rules. If a candidate does not take the exam within the application
eligibility period (180-

days), the candidate must reapply to take an exam and pay all applicable fees using a new

form of payment method (no new coupons will be provided after the initial coupon has been
redeemed).

Once candidates schedule an exam at a testing center, they may reschedule their exam date to

another date within their original 180-day eligibility time frame by contacting the test center
and

paying a fee.

The exam eligibility is valid for 180 calendar days from the application approval date. This
means

that the exam must be scheduled and taken within those 180 calendar days.
No refunds are issued to candidates who let the 180-day original eligibility period expire
without

taking an exam.

Candidates may extend their 180-day eligibility period by paying a $150 extension fee. This

provides a 60-day extension to the current eligibility period that you were provided when you

signed up. Limited to one extension per exam.

Any exam appointment must be canceled prior requesting an extension and must be
completed at least 10 days prior to the end of the original eligibility period.

No refunds are issued to candidates who are a “no show” for an exam scheduled at an exam

testing center.

Once an exam application is approved, neither exam-type changes or refunds will be made if
a

candidate no longer wishes to take the exam.

This coupon is only valid for the aPHR Certification Exam, it can not be transferred or used
on any other exam application offered by HRCI.

More Information
For more information regarding certifications, recertifications, training and development, and
more, please visit https://www.hrci.org/. Good luck on your exam! We wish you all the best
in your future endeavors.

If you need additional assistance with your aPHR Certification exam application or next
steps, please contact HRCI at info@hrci.org.

If you have additional questions about your Coursera course or unique coupon code, please
contact Coursera by:

 Logging into your Coursera account

 Under your profile, select “Learner Help Center” for additional support