Attn. Small to Medium Businesses: Risk Knows No Size


By Stephanie Jenkins

When it comes to organizational risks, size doesn’t matter.  Companies of all shapes and sizes face endless challenges when it comes to effectively building a Human Resources programs that drive a culture of integrity and compliance.  Small and medium-sized companies, however, may face greater obstacles since they typically have a small dedicated HR team (or nonexistent), or lack other resources used by larger organizations.

Most employers with approximately 15 employees are governed by EEOC laws. In FY 2018 the EEOC’s data showed retaliation continued to be the most frequent charge filed with the agency, followed by sex, discrimination for disability, and race. Thinking that these risks don’t apply to you because of the size of your organization is a major error in judgment.  Organizational risks don’t simply go away if you ignore them.  Understanding your organization’s risks and taking a proactive approach to risk management is the first step toward a healthier culture and company.

Here are some tips on how to overcome some of your HR compliance risks:

  • Know your laws & regulations – make sure you are aware of all applicable local government rules, regulations and laws. If you are based in the U.S. and have employees working remotely, make sure you are aware of state laws, both where a remote employee is based, and also where your company is headquartered.  If you have limited resources or are new to the world of HR compliance, I recommend joining organizations like SHRM, SCCE and the ECI.  They are a great place to network and offer a wide variety of resources.
  • Provide anonymous reporting – Incidents of wrongdoing can have an unrecoverable impact on any company, but especially on smaller businesses where they may not have the resources to absorb the financial and reputational impact. This is why it is so critical to address concerns and issues as soon as possible.  Ideally, companies want their employees to feel comfortable reporting a concern directly to a manager, HR, Compliance, and Legal, but employees may feel vulnerable or uncomfortable when reporting an issue directly to another person within the company. Regardless of the size of your organization you want to provide an anonymous reporting mechanism.  And, no, having employees leave a voicemail on someone’s desk phone doesn’t count in my book.  I would challenge that even companies with very limited resources can afford to set up, at a minimum, a 3rd party hotline/whistleblower web portal that would allow employees to submit their concerns and remain anonymous if wanted.
  • Make educated decisions – Regardless of size or industry, every organization should be able to answer this one question very clearly, “How do you decide what training to provide and what policies require attestation?” I’ve worked at both a small and medium-size business and I know firsthand that compliance and HR training, whether purchased from a vendor or designed in-house, take both time and money. This is why it is crucially important to make informed decisions on what training your employees receive. Leveraging case management data is one of the best ways to make informed decisions about your company’s risk and training/policy needs. Regardless of intake method, by using a case management application as a centralized data repository to track issues and concerns, you’ll get a better understand of the issues your company is facing. Your case management system’s built-in trending and benchmarking reports will point out issues in your company and how you compare to your industry peers.  This will allow you to stop making socially driven or uninformed decisions around training and policy.