ThreatNG Security

View Original

Engagement and Retention HCM (SEC 10-K)

Threat NG Staff

While the SEC doesn't mandate a specific "Engagement and Retention" section within the Human Capital Management (HCM) portion of a 10-K filing, companies often discuss these concepts when outlining their workforce strategies. Here's how Engagement and Retention might be addressed in the HCM section:

Employee Engagement:

  • Focus on Employee Satisfaction: The HCM section might describe initiatives to increase employee satisfaction, which can correlate with higher engagement. It could involve work-life balance programs, recognition and reward programs, or opportunities for professional development.

  • Metrics for Engagement: Some companies might disclose metrics related to employee engagement, although this is a rare practice. Examples could include employee engagement survey results or retention rates.

Employee Retention:

  • Strategies to Reduce Turnover: The HCM section might outline the company's retention strategy. These could involve competitive compensation and benefits packages, career development opportunities, or positive work culture initiatives.

  • Retention Rates: In certain instances, businesses may reveal employee retention or turnover numbers in the HCM area. High turnover may indicate other problems in the workforce, such as low engagement.

Understanding the Link:

The HCM section should ideally demonstrate how the company's engagement strategies contribute to retention. A well-engaged workforce is generally more productive and less likely to leave the company.

Here are some additional points to consider:

  • Focus on the Overall Strategy: The HCM section should describe the company's overall human capital strategy and how engagement and retention fit into that strategy.

  • Limited Standardization: Companies' discussion of engagement and retention in their HCM sections can vary significantly. It's essential to read the specific language used by each company.

  • Look Beyond the HCM Section: Engagement and retention might also be mentioned indirectly in other parts of the 10-K filing, such as the Management's Discussion and Analysis (MD&A) section.

By analyzing how a company discusses engagement and retention within its HCM section (if present), you can gain valuable insights into workforce management practices and potential strengths or weaknesses in attracting and retaining talent.

The Human Capital Management (HCM) part of 10-K filings can include information regarding employee engagement and retention that ThreatNG can examine. This data can give indirect insights to improve supply chain risk management, security, and third-party risk management, even if it won't give direct security metrics. How to do it is as follows:

1. Potential Security Risks from Low Engagement:

  • Reduced Security Awareness: ThreatNG can identify companies with high employee turnover or lack of engagement initiatives within the HCM section. Disengaged employees might be less receptive to security awareness training, potentially increasing the risk of phishing attacks or social engineering attempts.

  • Insider Threats and Disgruntled Employees: Low employee morale can be a breeding ground for insider threats. ThreatNG can flag companies with concerning trends in the HCM section to prioritize further investigation.

2. Improved Third-Party Risk Management (TPRM):

  • Assessing Vendor Security Culture: A well-defined HCM strategy focusing on employee engagement can indicate a more robust security culture within a vendor organization. ThreatNG's insights from the HCM section can be a data point to consider when evaluating potential vendors.

  • Prioritizing Security Awareness Programs: Based on the HCM section, ThreatNG can identify vendors with potentially weak security awareness programs. This information can be used to prioritize security awareness training efforts directed toward your employees who interact with the vendor.

3. Stronger Supply Chain Risk Management:

  • Mapping Engagement Risks Across the Chain: ThreatNG can analyze HCM sections across multiple vendors within your supply chain. Low employee engagement or high turnover patterns can highlight potential security weaknesses due to a disengaged workforce.

  • Remediation Strategies and Diversification: ThreatNG's insights can help prioritize vendors that require additional security controls or where workforce engagement initiatives need to be addressed. It might also highlight the need to diversify your supplier base to mitigate risks.

4. Integration with Security, GRC, and Risk Management Solutions:

ThreatNG's 10-K filing insights can be combined with those from other solutions to produce a more thorough risk profile. Here are a few instances:

  • Security Awareness Training Platforms: ThreatNG can identify vendors with potentially disengaged workforces or weak security awareness programs based on the HCM section. This information can be used to tailor specific security awareness training modules for your employees when interacting with those vendors.

  • Security Ratings Platforms: ThreatNG can feed information about a vendor's potential security risks from low employee engagement into security ratings platforms, providing a more holistic assessment of their security posture.

  • Governance, Risk, and Compliance (GRC) Platform: ThreatNG can enrich the risk context within your GRC platform by incorporating information about workforce engagement risks from HCM sections in 10-K filings. It allows for a more effective risk management strategy considering internal and external human capital factors that impact security.

Example: A Retail Company and its Logistics Provider

  • A retail company uses ThreatNG to analyze the 10-K filing of its primary logistics provider.

  • ThreatNG identifies that the logistics provider's HCM section reveals high employee turnover rates within their warehouse staff and mentions limited investment in employee development programs.

  • This information is integrated with the company's GRC and security awareness training platforms.

  • The GRC platform flags potential security risks due to disengaged employees. The security awareness training platform develops training modules on data security and physical security best practices for the retail company's employees interacting with the logistics provider's warehouse staff.

  • The retail company can discuss these concerns with the logistics provider and request assurances about improving employee engagement and security awareness programs within their workforce.

By analyzing workforce engagement and retention discussions within the HCM section, ThreatNG empowers organizations better to understand potential security risks within their vendor ecosystem. It allows for building a more resilient security posture across the supply chain.

It's important to note that HCM sections are not mandatory and may not always be included in 10-K filings.