JUMO’s Enterprise Risk Manager Conrad Wilson, believes building a culture around risk and managing it well is the way forward for any organisation. But what does this actually mean? He unpacks the thinking and processes for us, in terms of why we should have a risk culture and what it is.
Before we jump into the why of a risk culture, let’s first understand the what:
What is risk culture?
Risk culture refers to the overall behaviours, attitudes, and awareness of an organisation’s staff concerning risk and the management thereof. It serves as a significant gauge of the extent to which an organisation’s risk management policies and procedures have been adopted.
So what is an intelligent risk culture?
A risk-intelligent culture exists in an organisation when its employees’ understanding and their attitudes towards risk lead them to consistently make appropriate risk-based decisions. The focus lies not on avoiding risks but on acknowledging the necessity of taking adequate risks to generate value.
Why do we care about risk culture?
Our current reality is characterised by an unyielding state of Volatility, Uncertainty, Complexity, and Ambiguity, commonly known as VUCA. Organisations face an ever-growing range of events that come at them with unrelenting speed, leaving little room for error. In this environment, only the most adaptable and resilient will survive.
In a highly competitive and unforgiving world, where the stakes are high, how can we equip ourselves? Should we simply brace for impact and endure the storm, or should we gear up and confront it head-on? How can we maintain business growth and innovation while navigating the risks of this changing environment? The key is around sustainable, proactive and effective management of risk.
Let’s look at the drivers of a risk culture
Knowledge
The extent to which employees understand the company’s risk appetite and material risks and how they can affect the company.
Accountability and risk ownership
How well do the company’s risk owners understand their roles and responsibilities?
Processes
The extent to which risk monitoring and identification, among other risk processes, are formalised and incorporated within policies and procedures.
Openness
How comfortable do your employees feel about raising concerns and reporting poor behaviour and potential risks?
Corporate Strategy
To what extent is risk management embedded within the company’s business strategy and objectives, and how well are these areas understood across the business?
How every employee can improve their company’s risk culture
Knowledge
Understand the basics of your company’s risk management framework, and be cognisant of material risks that can and will affect the business.
Accountability and risk ownership
Be 100% comfortable with your role and responsibilities and how it ties into risk management. Understand how your team/department can take individual and collective responsibility to manage risk.
Processes
Ensure that risk management principles are considered for key business processes, making it intrinsic to the business.
Openness
Talk openly and freely about risks and potential challenges and raise risk in a pro-active fashion. It’s important to make the risk team your trusted advisor.
Corporate Strategy
Take risks into account upon strategy and objective setting.
A positive risk culture is one that recognises that taking risks is necessary to drive growth, and that managing those risks is critical to long-term success.
– Jayne-Anne Gadhia