HUMAN CAPITAL RISK REGISTER

EVENT OWNER GHIATH MOHD. JABER

AUDITOR INTERNAL AUDIT TEAM
AREA HUMAN CAPITAL

Inherent Residual Risk

Area Risk Description Potential Impact Risk Category Observation Current controls, if any Risk Response Recommendation

Risk Score

Risk Score
Likelihood

Likelihood
Impact

Increments Lack of defined and approved policy 1) Reduction in employees morale
2) Lack of employee appreciation
3) Possible impact of reputation in job seekers community
Operational It has been observed that the process followed for
Strategic increments in respect of blue-collar jobs was based on a
formula. This has been stopped as of now as the formula is
under review. Earlier besides the increment, there used to
be an incentive system as well. There is no incentive scheme
as of now, just the overtime. Increment for white-collar job
is not systematized as such and respective GM takes the
approval from the President for the employees who would
be given the bonus as per the recommendation of the GM.
There is not set criteria for finalising the empoyees or
defining the amounts in respect of increments for white-
collar jobs.
Almost certain Extreme There are no current controls as of now except the
fact that final approval for any increment for any
employee comes from the President.
Impact
Almost certain Extreme Company is advised to define and document a
comprehensive increment policy. The policy should cover
the eligibility criteria, market bechmark adjustments ,
cost of living increase, clear definition of key performance
indicators employee grade wise and others. This policy
should be approved by the President, uploaded on to the
intranet for easy access for all employees followed by a
one day training as to what is the new policy for
increments.

Bonus Lack of defined and approved policy 1) Decrease in motivation levels
2) Reduced team collaboration
3) Lack of feeling of being compensated adequately
Operational It has been observed that there is no system or policy for
Strategic bonus as well. If the bonus is to be given, then it is
recommended by the respective GM, approved by the
president at the team level and not at an individual level. The
discretion to bifurcate the bonus amount at the individual
level is left to the respective GM.
There are some cases for contract bonus but there is no
policy for contract bonus as well. The contract bonus is
agreed at the time of joining without any definition
objectives to be achieved, KPI’s ,targets and this is paid
anyways after the completion of a certain period without
meeting any criteria as such.
Almost certain Extreme There are no current controls as of now except the
fact that final approval for any bonus for any
employee or team comes from the President.
Almost certain Extreme Company is advised to define and document a
comprehensive bonus policy. The current pattern of
bonus recommendations and their payment is highly
subjective and without any clear definition of what is to
be achieved to be entitled to the bonus amount.
For the contract bonuses as well, company should be
documenting the criteria for the assessment of the
contract bonus and link it with the achievement of certain
defined objectives/targets/KPI's.

Promotions Lack of defined and approved policy 1) Possible decrease in employee retention
2) Loss of investment made in empoyees in terms of skills
and knowledge
3) Feeling of recognition among employees
Operational It has been observed that there is no set criteria or policy for
Strategic promotions.
There might not be any president approval required in all
the cases for promotions. The maximum approval is of the
GM only on the “change status” form and the maximum
second level check is from the HR which usually does not
work, if HR’s opinion is negative i.e. promotions happen
anyways.
Almost certain Extreme There are no current controlsas of now. Almost certain Extreme Company is advised to formulate and approve a
promotion policy. This is very critical as it has been
observed that HR involvement is very little and even if
the HR is against for any employees' promotion for some
specific reason, they do not get listened and promotions
happen anyways with the approval of the president. This
is highly subjective and there is a great amount of
favoritism.
The policy should define the acceptable criteria for
promotion, performance evaluations, HR involvement
and other parameters after bechmarking with other
companies in the similar industry.

Transfers Lack of defined and approved policy 1) Perceived favouritism Operational It has been observed that there is no policy for transfers as Almost certain Extreme There are no current controls as of now. Almost certain Extreme Company is advised to formulate and approve a transfer
2) Misuse of the transfer mechanism in absence of an Strategic well and transfers happen with the approval of the policy.
approved policy concerned department heads and the employee.

Employee Codes Lack of clear definition in approval matrix 1) Loss of valuable time Operational It has been observed that currently, as and when, a new Almost certain Moderate The control is in the form of receiving the Almost certain Low Company is advised to update the approval matrix and
2) Extra effort being spent employee code is generated by the payroll team after getting automated mails which means that if payroll team embed an approval mechanism in the HR portal form the
all the documentation from employee relations team, HR has created an employee ID without the knowledge HR manager and only when the HR manager approves the
manager receives an automatic mail notification and there is of HR manager, it can be tracked through the mail request for employee code generation, it is generated in
no further approval required for the same. notification. the system.

Employee Master Data Lack of controls for ensuring authenticity of
all additions/modifications.
Possibility of unauthorised changes
Operational It has been observed that currently there is no system of
double checking for ensuring that all modifications are
authentic and valid.
Possible Moderate There are no current controls as of now. Possible Moderate Company is advised to set up an internal control
mechanism whereby an independent check can be made
on a frequent basis to verify the authenticity and validity
of all additions/modifications and reporting any material
findings to the Audit Committee.

Pay Structure Lack of system controls for salary input per Possible inaccurate data in employee compensation Operational It has been observed that there is a grading system for
grade wise structure employees defining the upper and lower limits for salaries.
This structure is attached against the employee ID at the
time of creation of ID. There is no automated check to
control the input of salaries within the grade itself. The
upper and lower limits can be breached as the system does
not have the control to ensure the bracket and hence any
number can be given as input.
Almost certain Moderate The check is only to ensure that input is as per the Almost certain Low Company is advised to embed some updations in the
offer letter. system and ensure that the system does not allow the
input of salary number above the upper bracket and
below the lower bracket. Till the time this updation
happens, it is advised to have an independent check by
taking a large sample of employee ID's, their salary
structures and matching them with the saalry number
stated in offer letters to ensure that there is an accurate
input in respect of salary numbers.

Timesheets Lack of automated controls 1) Possibility of manipulation Operational Attendance is captured through the face recognition for Almost certain Low There are no controls as of now in respect of Almost certain Low Company should be developing a mechanism of ensuring
2) Possible increased outflow of cash Financial white collar and this system is linked with the payroll. ensuring the consistency, authenticity and valididty for the authenticity of labour hours submitted by the
3) Increase overtime hours For labour, timesheets are being sent through excel. Labour for the timesheets submitted by the operational operational enginners in respect of labour.
does punch in but their time sheets are considered from the engineers in respect of labour.
final excel sheet submitted. This is a manual exercise and
risky as well as the timesheet in excel can be manipulated.

Project Hours Lack of controls on chargeable project hours Inaccurate project cost and MIS Operational It has been observed that currently there is no control of Possible Moderate There are no current controls as of now. Possible Moderate Company should be modifying the IFS, if required, so that
Financial assignment of project hours to a particular project for the the hours spent by the white-collar employees are
time spent by the employees under the white-collar net. charged to on a project-to-project basis whether in
respect of engineering, estimation, contracting and
others. There has to be a concept of chargeable and non
chargeable hours basis the project codes defined.
Reimbursements Lack of controls for ensuring authenticity 1) Possibility of manipulation
2) Possible increased outflow of cash
3) Possibility of perceived favouritism
Operational It has been observed that reimbursements, if any, are not Possible High There are no current controls as of now. Possible High We recommend that the concerned manager not just
Financial cleared through payroll. It’s a part of GSD function. GSD after approves the reimbursement forms, but also signs all the
checking all bills, approves and submits to finance and bills for expenses submitted by the respective employee.
money is deposited in the bank account of the employee. Also the Company should be defining the entitlements
There are forms used for reimbursements which shall move limits per grade wise.
from line manager and ultimately approved by GSD,
submitted to finance and paid by finance. Bills are not
submitted to the line manager. This is manual as well and
not routed through IFS.

ERP Lack of access controls Possibility of manipulation in prior period data Operational It has been observed that the current ERP i.e. IFS allows the Possible High There are no current controls as of now. Possible High We recommend modifying the ERP for the same.
Financial opening of next month payroll cycle without closing the
current month's payroll cycle.
Full and Final Lack of ERP controls in respect of updation for Inaccurate data in employee maste data Operational When someone resigns, respective line manager’s approval Possible High There are no current controls as of now. Possible High We recommend embedding some changes as follows:
Settlement employees resignation Financial is required. The respective employee is taken out of any 1) Employee relieving date is fed in the system once his
increments or bonus sheets manually. Clearance is required resignation is accepted.
in terms of timesheets. Full and final settlement is done 5-6 2) Employee status is changed to 'Terminated' on his
days before the last day and only the last month salary is relieving date.
blocked. 3) On this status, expense booking and timesheet booking
gets blocked.

Trainings Lack of training programmes Less emphasis on ethical values, quality initiatives, Operational It has been observed that there is no formal training policy Possible High There are no current controls as of now. Possible High The Company should develop internal training
increasing the technical knowledge, customer service and or procedures. But case wise requests are entertained and programmes for the employees on a range of topis and
communications training is provided on an agreement basis and this usually should also link the training requirements with the KPI's
includes a bond period to be served by the employee. for the employees.