The risk culture of an organisation has a major impact on its ability to mitigate threats, pursue opportunities and build resilience. Here, risk leaders share the practical steps they’re taking to better engage first-line business managers with risk management to foster optimised business decision making.
For many companies, engagement from employees with risk management is low, and this makes it difficult to foster the correct risk-taking behaviours across the business. However, by expanding managers’ involvement in the implementation of risk-related frameworks, and placing them at the heart of risk culture design, many organisations have improved overall levels of engagement.
This raises the question: how can organisations get first-line business managers more involved in the process of building – and embedding – risk frameworks? This is one of the many challenges covered by a series of member discussions and subsequent scenario-based training materials we have developed within the network, on the topic of risk culture, to help members learn from the practical experiences of other risk leaders.
Based on insights shared by members and captured in our training pack, here are four improvement initiatives you can implement to tackle the problem of low risk management engagement and build a stronger risk culture.
1. Apply “design thinking” to risk framework development
If risk management frameworks and processes are built through a top-down approach that fails to consider what first-line business managers need, and the day-to-day problems they face, it is harder to secure their engagement with those frameworks. This is where “design thinking”, an iterative, user-centric process for designing solutions, can help.
By bringing together stakeholders from different parts of the business – not just the executive layer – the needs of operational business units (and employees that sit within them) can be heard and addressed during the design stage. At the same time, the decision to give those employees a voice can build trust and a greater level of engagement down the line.
2. Contextualise risk training programmes
Delivering generic, one-size-fits-all training on the topic of risk and resilience may be useful for communicating basic risk management concepts to a wide audience, but learning that is not focused on the specific challenges faced by a business unit, or tailored to its level of maturity, will be difficult to engage with at best and, at worst, could alienate employees.
Applying context to training is incredibly important, then, for communicating the value of risk management and engaging first-line managers (and their teams) on the topic. According to risk leaders in the network, here are some key approaches to the task of contextualising training:
- Use real-life case studies involving the department or wider company
- Link training to your company's existing policies and processes
- Design a tiered training programme if you've identified various levels of learning needs
- Take time to identify maturity at the departmental level and adjust training accordingly.
|
Where does this insight come from? A Risk Leadership Network member was working on some scenario-based training, but found it was difficult to come across enough real-life examples. They also struggled to validate their causes and symptoms analysis. We held a series of meetings with a select group of members (risk leaders at large non-financial institutions) who had a shared interest in risk culture training, and together we created risk culture training series with 12 scenarios. To find out how Risk Leadership Network could support you in your specific risk priorities, book a 30-minute discovery call. |
3. Establish a risk culture champions network
It is very difficult for a risk team at the group level to convene with every part of the business on a regular basis, especially if the organisation has a centralised risk operating model and there are no full-time risk employees embedded within the first line. To boost risk engagement within the first line, it may pay to stand up a risk champion network.
But proceed with caution.
When recruiting for risk champions – which, for many companies, is an add-on role to someone’s existing responsibilities – there are number of important considerations. For example, how much additional work will being a risk champion require from those who take on the role, where will champions be positioned, and how can they be incentivised to drive the risk culture agenda below the enterprise level?
While your risk function would, ideally, work with department managers to outline the key competencies and characteristics required, here are a few suggestions from risk managers within our network:- Risk champions should be relatively senior and have the influence to speak to people at senior and executive levels.
- They should have held their position, or worked in a specific part of the business, long enough to know that department and its risks and opportunities extensively.
- They should value risk management and demonstrate the risk-taking behaviours that the business would like others to adopt.
4. Embed risk culture KPIs into employee appraisals
Employees who are recognised, and even rewarded, for helping the business to achieve risk culture objectives are more likely to be engaged on the topic of risk – they understand the net benefit of their efforts for the wider organisation but also appreciate that risk culture can be a driver of their future career aspirations.
The first step for embedding risk culture key performance indicators (KPIs) into appraisals is to consider the wider risk culture aims of the organisation and translate these into granular, actionable objectives for individual employees, especially first-line business managers. For example, there might a risk training completion rate (%) that the employee needs to achieve, or, for risk owners, an expectation that a high proportion of key risk indicators are kept within appetite.
The first step for embedding risk culture key performance indicators (KPIs) into appraisals is to consider the wider risk culture aims of the organisation and translate these into granular, actionable objectives for individual employees, especially first-line business managers. For example, there might a risk training completion rate (%) that the employee needs to achieve, or, for risk owners, an expectation that a high proportion of key risk indicators are kept within appetite.
|
Hold your own scenario-based training risk culture workshop In response to a priority of a Risk Leadership Network member, we created a scenario-based learning series. For each of the 12 real life scenarios, contributed by risk leaders at global institutions, we've provided both a training template that you can use in your own workshop and a causes and symptoms analysis. To give non-members a better idea of what we do, we're giving you the opportunity to download the resources from one scenario: "Placing first-line business managers at the heart of risk management design" Risk culture training template |
Are you an in-house risk leader who would benefit from collaborating with a global network of senior risk professionals to accelerating ERM better practice and forward-thinking strategy? Our collaborations are bespoke and tailored to our members needs - so let us know what your risk reporting priorities are, and we'll discuss how we can help you.
Share this
Developing risk culture training that packs a punch: five key solutions
Three key steps for setting accountability for risk
