Board-Level HR: Governance Frameworks That Protect Value

In the past, the Human Resources slide in a Saudi board deck was the shortest one. It usually contained a headcount chart, a recruitment update, and perhaps a budget request for a Ramadan event. The Board’s eyes would glaze over; this was "admin work."

Today, in the wake of Vision 2030 and the transformation of the Kingdom’s regulatory landscape, that indifference is a liability.

The modern Saudi workforce is a significant source of enterprise risk—and value. From the strict compliance mandates of the Ministry of Human Resources and Social Development (MHRSD) to the reputational stakes of Saudization and the financial weight of End of Service Benefits (EOSB) accruals, HR issues now sit squarely on the audit committee’s agenda.

For CEOs and Board Directors in the Kingdom, the question is no longer "is the payroll done?" but "is our human capital governance protecting our license to operate?"

Here is how world-class organizations in KSA are restructuring their HR governance to protect value, ensure compliance, and drive sustainable growth.

1. The Shift: From "Personnel" to "Human Capital Risk"

The first step in upgrading governance is reframing the narrative. In the Saudi market, HR governance is often confused with "HR Operations." Operations is about executing tasks (visas, salaries). Governance is about the controls, policies, and oversight that ensure those tasks are legal, ethical, and aligned with strategy.

Why has this shifted? Because the cost of failure has skyrocketed.

• Regulatory Risk: A drop in Nitaqat status due to poor planning can freeze government services, halting operations overnight.

• Financial Risk: Miscalculation of EOSB or non-compliance with the Wage Protection System (WPS) triggers automatic penalties and potential lawsuits.

• Reputational Risk: In a hyper-connected social media age, a poor offboarding experience or a labor dispute can go viral, damaging the employer brand essential for attracting top Saudi talent.

2. The Role of the Nomination and Remuneration Committee (NRC)

In many family groups and SMEs, the NRC (or RemCo) meets once a year to approve bonuses. This is insufficient. In a governance-first model, the NRC becomes the custodian of the organization’s "People Risk Profile."

The NRC’s mandate must expand to include:

• Succession Planning Audit: Not just a list of names, but a validated "readiness" assessment for critical C-suite and technical roles.

• Executive Compensation Alignment: Ensuring that executive pay is not just competitive but compliant with emerging governance standards and linked to long-term value creation, not just short-term profit.

• Saudization Sustainability: Overseeing the long-term nationalization strategy to ensure it meets the "Platinum" standard not just today, but in the 3-year forecast.

3. The "Shadow Liability": EOSB and Vacation Accruals

One of the most common findings in HR due diligence for Saudi IPOs or mergers is the "Shadow Liability" of unfunded employee benefits.

Under Saudi Labor Law, End of Service Benefits (EOSB) are a defined benefit obligation. If an organization has 500 long-serving employees, this liability can run into millions of Riyals.

• The Governance Gap: HR records the tenure, Finance records the provision, but often the data doesn't match. "Ghost" employees or incorrect salary bases (excluding or including allowances incorrectly) can lead to massive under-provisioning.

• The Board Fix: The Board must mandate an annual Actuarial Valuation of EOSB liabilities, backed by a data integrity audit between GOSI records, payroll, and the HRMS.

4. Nitaqat: A Board-Level Key Risk Indicator (KRI)

Nitaqat is often delegated to the Government Relations Officer (GRO). This is a strategic error. Nitaqat is a market access license.

A governance-focused Board views Nitaqat as a Key Risk Indicator (KRI).

• The Dashboard: The Board should see a "Nitaqat Forecast" that simulates the impact of planned strategic decisions. For example, if the company plans to hire 50 expatriate specialists for a new project, how will that impact the rating?

• The Policy: Governance requires a clear policy on "Buffer Ratios." Best-in-class organizations mandate maintaining a 10% buffer above the minimum required for their current color band to absorb sudden resignations without losing operational status.

5. Data Privacy and the PDPL

The implementation of the Personal Data Protection Law (PDPL) in Saudi Arabia has introduced a new layer of HR governance. Employee data—IDs, medical records, bank details—is sensitive personal data.

• The Governance Question: Does the organization know where every piece of employee data is stored? Is it on a local server (compliant) or a public cloud abroad (potentially non-compliant)?

• The Risk: Using unauthorized AI tools to process employee data (e.g., uploading resumes to a public GPT model) is a governance breach.

• The Fix: Boards must charter a "Data Privacy Steering Committee" that includes HR, IT, and Legal to govern the lifecycle of employee data from hire to retire.

6. The "Ghost Employee" Audit

A specific risk in the region is the "Ghost Employee"—an individual who is on the GOSI payroll to inflate Saudization numbers but does not actually work.

The MHRSD has cracked down severely on this practice, using digital detection methods.

• The Governance Protocol: Internal Audit must conduct random "Proof of Work" audits. Do the GOSI records match the physical access logs? Do the payroll files match the active directory users?

• The Consequence: The Board must make it clear that "Fake Saudization" is a zero-tolerance compliance violation, as the reputational damage of being flagged by the Ministry is irreversible.

7. Compliance as a Culture, Not a Checklist

Policies sit in drawers; culture dictates behavior. Governance fails when there is a disconnect between the Employee Handbook and reality.

For example, an "Attendance Policy" might state that being 1 minute late carries a severe penalty. While perhaps legal, is it culturally sustainable? Does it drive "Quiet Cracking" where employees disengage?

• Board Oversight: The Board should review "Grievance Trends" and "Exit Interview Themes." A spike in grievances regarding a specific policy or manager is an early warning system for cultural rot that can lead to legal exposure.

8. Managing the Vendor Ecosystem Risk

In a fragmented market, HR often relies on multiple third parties: recruitment agencies, payroll processors, insurance brokers.

• The Third-Party Risk: If your payroll provider messes up the WPS file, your company gets the block, not theirs. If your recruitment agency uses unethical sourcing practices, your brand suffers.

• The Governance Standard: Boards must enforce strict Vendor Risk Management. HR vendors must be audited for data security, financial stability, and regulatory compliance. Contracts must include clear indemnity clauses and SLAs.

9. The Role of Independent HR Audits

Just as Finance has external auditors, HR needs independent verification. An "HR Health Check" or "Compliance Audit" performed by an external party provides the Board with an unbiased view of the function’s maturity and risk profile.

This audit checks:

• Contract compliance with the latest Labor Law amendments.

• Alignment of job titles in Qiwa vs. reality.

• Fairness and consistency in performance management and bonus distribution.

Conclusion: Governance as a Competitive Advantage

In the Saudi market, robust HR governance is not red tape; it is a competitive advantage. It allows the organization to scale rapidly without fear of regulatory roadblocks. It attracts high-caliber talent who want to work for a professional, transparent entity. It gives investors confidence that the "S" in ESG (Social) is being managed with rigor.

For Boards looking to secure this level of assurance, Inclusive Solutions offers the partnership required to build and maintain these frameworks.

• HR Legal & Compliance Services: We conduct deep-dive Compliance Audits and Labor Law Advisory to identify and rectify risks before they become violations.

• HR Management & Consulting: We assist RemCos and Boards in designing Governance Structures, Policies, and Succession Plans that align with global standards and local realities.

• Employee Outsourcing & Operations: For ultimate risk transfer, we act as the legal employer for your operational workforce, managing Payroll (WPS/Mudad) and Government Relations under our proven governance umbrella.

Governance protects value. Let Inclusive Solutions help you build the fortress your organization needs to thrive in Vision 2030.

Website:https://www.inclusive.sa | Email: info@inclusivesolutions.com.sa