You can take a horse to water but you cannot make it drink. You can take risk management to your business but you cannot make them do it. People, to be successful in anything they do, must have a desire to do it. This breeds passion which drives people to excel.
Getting the right culture to support risk management across your business is the most important ingredient for success.
So what does the right “risk culture” mean and how do we create and maintain it? Culture is embedded within people’s thoughts which then influence their behaviours and actions. Risk culture, is their thinking, behaviours and actions around risk and risk management.
In order to achieve a great corporate wide risk culture, we need to define what it is and then we embed it into our people. Let’s start with what it is.
This comes down to whether a person has the knowledge of what is “right” and “wrong” and then whether they choose to do the “right thing”. Corporate culture must be clear on defining what right and wrong is and then promote that across the organisation. This should come from corporate values, manifested in the risk appetite and policies, practices and behaviours of our senior management and board. The uncertain “grey” area between right and wrong should be minimised as far as possible.
We then need to motivate staff to do the “right thing”. This comes from explaining why doing the right thing is better: we will be more successful and we can all share in that, we will be positively recognised by our peers, we will create a great environment in which to work etc. Lastly we need mechanisms to recognise “wrong” behaviour, call it out and encourage staff to choose the right thought next time. Organisational creep occurs when staff push away from the “right” into the shade of grey and sometimes the plain wrong and no one notices and there are no consequences. They will continue to operate in the “wrong” and after time even encourage colleagues to join then on the “dark side”. Over time, our culture deteriorates.
Once our people’s thinking is right, they will behave accordingly. This will include typically strong risk culture behaviours such as:
When the right thinking and behaviours exist, we can move to developing specific actions for each staff member with respect to risk management. This will include:
Key elements to creating and maintaining a good risk culture
In order to foster the thoughts, behaviours and actions above, some key principles must be followed:
If you wish to learn more about how Protecht can help you in assessing and developing your risk culture through training, surveys and framework design, please email email@example.com.
Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. His career includes many years working with PwC, as well as two Australian banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB).