A part of the aftermath of the Global Financial Crisis was an examination of why there were unasked questions, ignored warnings, and systemic mismanagement of risk in many of the financial institutions involved. One of the outcomes of this examination was the realisation that many had corporate cultures in which effective risk management was secondary to profit goals and other business priorities.

Organisations outside the financial sector have also become aware of the important role an effective risk culture can play, with greater recognition that a robust risk culture supporting organisational decision-making can provide both competitive and financial advantages.

An effective risk culture is not about simply developing formal policies and procedures around risk management. To be successful, those policies and procedures need to be founded within an organisational culture in which people from Executive management to at-risk personnel are motivated and supported to integrate risk management into all decision-making processes undertaken as part of their roles.

In summary, an effective risk culture informs and empowers individuals and groups within the organisation to take the right risks for the right reasons.

Factors which can promote a poor risk culture include:

  • A lack of understanding of what risk really means.
  • Poor risk reporting and communication lines.
  • Unclear responsibility and accountability for managing risk.
  • Bonuses, KPIs or reward systems that place too great a focus on the bottom line or on achieving short-term gain.
  • Poor intra-organisational cooperation and communication (i.e. a ‘silo’ approach).
  • Failure to challenge or sanction inappropriate risk-taking.

Factors which can foster an effective risk culture include:

  • Management personnel that “walk the walk” and confirm the importance of risk management through their own example.
  • Regular provision of training in risk management to those personnel who have the authority to make decisions which have the capacity to create risk for the organisation.
  • Systems and management behaviours that demonstrate to employees that they can escalate problems and report risky or unethical actions without suffering negative consequences.
  • An accepted and regularly used process for actively learning from mistakes or near misses.

Assessing your organisation against both these sets of factors, and acting on your findings to reduce the first and develop the second, will help to maximise the benefits of risk management and the longevity and success of the organisation.

Please contact QRMC if you would like to have your corporate governance and due diligence process evaluated.