Coronavirus (COVID-19), HR Management & Compliance

A Risk Management Checklist for HR as Businesses Plan to Reopen

HR professionals are finding themselves at the center of returning employees to work. Given the unprecedented times we are in and the fact there is the potential of a second wave of COVID-19 lurking in the fall, this entire process will be fraught with risks that need to be addressed.

Source: K.Wanvisa / Shutterstock

There is risk of negligence, lawsuits, and brand reputation impact if something goes wrong. HR professionals in this scenario are morphing into risk managers. The ones who do it right will enable a cross-functional set of tasks to ensure they establish the best processes and procedures, as well as document evidence.

While several other countries are seeing a steady decline in COVID-19 cases, the United States is experiencing an alarming increase, far surpassing the original peak back in April. Preserving business operations and keeping employees and customers safe are becoming increasingly difficult tasks.

What happens if you can’t keep employees and customers safe? The lawsuits have already begun. Any customer can claim negligence of any corporation for failing to provide evidence of adequate enforcement of its return-to-work policy and local, state, or federal guidelines.

Compounding this risk, shareholders have been shown to be not far behind in seeking protections from the fallout of this negligence. Paper visitor logs and employee temperature records won’t cut it—a sound enterprise risk management strategy is required.

The six categories below are essential elements to developing a business continuity and employee safety plan, both in the near term and accounting for the continued business disruptions coming:

1. Risk Assessment

Each company needs to consider its unique circumstances through a risk assessment to determine possible impacts of a second wave of the virus. Identifying and assessing risks to the organization from different root cause perspectives is the first step toward building a risk mitigation plan. Mobilize a cross-functional team of experts, with the mission of identifying all vulnerabilities. Pose these questions:

  • What happens if a large proportion (say, 40%) of the company’s staff are out sick at the same time?
  • Where are all our suppliers located? Where are their suppliers located? And which ones are critical?
  • What new distancing strategies does the company need to implement to ensure on-site protection?
  • What procedures are necessary to minimize litigation risk should an employee or a customer fall ill?

Identify all control measures the organization has put in place to manage and mitigate the risk of the virus. It must include information about who will monitor these control activities, and how, to ensure stakeholders are following specified policies at all locations.

Publish the details to demonstrate that you take the health of your workers, customers, and broader community seriously.

2. Jurisdiction Requirement Tracking

With jurisdiction requirements changing in a fluid manner as states experience setbacks, it is critical to maintain a library of guidelines to help you comply with federal, state, city, and agency jurisdictional requirements.

These requirements must also be incorporated into your own internal policy and facility considerations. Commercially reasonable mitigation and monitoring and company policy templates are also needed to help you keep your employees, customers, and vendors safe while maintaining evidence of your compliance in each of the jurisdictions you operate in.

3. Employee Well-Being and Incident Management

If customers and employees are returning to physical office and branch locations, implement and sustain your employee screening plans for both physical and mental health. Consider policies that address child care, underlying conditions, relocation tax reporting, or simply fear of return without violating discrimination, privacy, tax, or employment laws.

It is also important to automate the process. Leverage an encrypted web form to collect employee COVID positive test information with routing rules and workflows. This will ensure compliance with privacy laws on personally identifiable information (PII), personal health information (PHI), and General Data Protection Regulation (GDPR) requirements.

4. Alternate Workplace and Resource Allocation

If you are not returning to physical locations immediately and you’re considering shift work, flex work, or remaining fully remote, building the infrastructure for operating in your chosen model is critical.

Remember to stay flexible; plan ahead for risks associated with the second wave and the potential need to pivot to another model due to increased infections. Develop a process to manage real-time resource reallocation needs due to sickness outages and positive test results. It will be crucial to automate cross-department and cross-facility approvals.

Be sure to coordinate shift work, flexible work arrangements, new employee onboarding and training, and redeployment of employees.

5. Incident Reporting and Entry Log Requirements

Paper or e-mailed incident reporting and entry logs will not cover you from being found guilty of negligence should you be accused of not sufficiently protecting employees or customers.

Software can be leveraged to schedule reservation times online before on-site visits. This will allow you to limit vendor and customer interaction to maintain social distancing. It will also establish a clear customer agreement with your safety policies. You can also leverage software to collect entry log requirements for when contact tracing needs to be conducted.

6. Physical Workplace Procedures and Incident Reporting

Finally, once workplace safety procedures are developed and rolled out, it’s critical to set up a process to collect evidence that they are being conducted equally and at all locations. This may include taking records of daily workplace sanitation, employee attestations of workplace policies, evidence of social distancing being followed, inventory management, and distribution of personal protection equipment (PPE).

Steven Minsky is a recognized thought leader in risk management who led organizations through the 2007 recession, as well as the H1N1 pandemic of 2009, in his role of CEO and Founder of LogicManager.