In a recent discussion with a colleague on preparing for 'black swan' events, we concluded that regardless of the size, type and structure of an organisation, it was having the right risk culture that was the key success factor in preparing for and surviving an improbable event.
Our view is that getting the right culture to support risk management across the business is the most important ingredient for success. But what actually is this thing called 'risk culture' and where can you get it? We believe that risk culture is the system of values and behaviours that are present in an organisation and guides all the decisions related to risk, made by management and employees.
Having agreed and communicated values that are actually lived through behaviours is seen to be critical to successful organisations, departments within organisations, and teams within departments.
The starting point in establishing and maintaining the right risk culture is to have in place an appropriate system of values, shared beliefs and individual and group behaviour. The foundation of the values are an acceptance that the group (organisation, department or team) is a team with shared goals and objectives; they have a mutually agreed way of doing things and regularly meet to work out how to do things better. Read why is Risk Training Important?
But what does this really mean? Organisational values are used to indicate the type of conduct expected by individuals regardless of their position. Risk related values include such factors as risk taking is acceptable, as is acceptance of failure within set risk tolerance; and compliance with obligations is non-negotiable (e.g., zero tolerance to non-compliance with WHS).
Values relate to principles of behaviours and transcend specific situations. An example of a risk value statement could be "Employees will never engage in theft, fraud or embezzlement, or participate in deceptive or fraudulent activities towards the organisation, customers, suppliers or any other party with whom the organisation has business dealings".
With values in place, behaviours are identified that support and contradict the values so that all employees are clear about what is expected of them. Behaviours which bring to life risk values need to be reinforced while those that contradict the risk values need to be challenged and where appropriate, removed.
"Individuals and groups within successful organisations know their risk values and the appropriate behaviours that support those values. They use them in making risk based decisions and actions."
Organisation leaders have a crucial role to play in setting risk values and living the behaviours that demonstrate their commitment to the values.
To embed the right risk culture for your organisation, Protecht recommends that you understand and follow these SIX key principles:
If you wish to learn more about how Protecht can help you in assessing and developing your risk culture through training, surveys and framework design, please email firstname.lastname@example.org
Alf has established a number of risk management frameworks in financial services, real estate and property development, mining and exploration, and heavy engineering sectors. A Certified Compliance Professional, Alf has an impressive collection of qualifications, including a BSc in Pure Mathematics and Theoretical Physics, a Graduate Diploma in Commercial Bank Management and an MBA in general management. He is also a member of the Global Association of Risk Professionals, past President of the GRC Institute and past member of for-profit and not-for-profit organisations.