Risk Culture Maturity Framework: a bespoke solution to a member priority

4 min read
Mar 4, 2024

What does good risk culture look like? How do you know that your risk culture programme is in line with your peers? Is your risk culture framework as comprehensive as similar organisations?

In this article, we outline the process involved in creating a tailored solution for a Risk Leadership Network member who needed answers to these questions - but didn't have any extra budget. The solution was a peer-contributed and validated Risk Culture Maturity Framework which is now available to all members in our network.

Risk Culture Maturity Framework Incentives Alignment
Download an extract of the Risk Culture Maturity Framework
How does your Incentives Alignment stack up against your industry peers?

Member challenge

As with every collaboration that we facilitate, it started with a member organisation raising a specific priority with their dedicated network manager on our team.
“We're beginning to put together a new risk culture programme to implement across the organisation. But we're worried that our approach might not be in line with other listed organisations. Is our risk culture maturity on the same level as our peers? Has our framework covered all grounds? We don't have any budget to pay a consultant for a maturity model”
Risk Leadership Network member

CRO, ASX-listed technology company

Take a look at the full member case study, or read on to see the bespoke solution we provided for them.

Our solution - creating the Risk Culture Maturity Framework

risk culture maturity framework

The process

We have worked with risk culture experts and practitioners to develop the Risk Culture Maturity Framework, a practical assessment tool designed to give risk leaders a baseline to compare the strength of their risk culture against, and to help them prioritise and drive change.

It provides a high-level view of the overall landscape of risk culture, looking at key aspects from leadership and governance to capability and collaboration. 
The framework has undergone a rigorous iteration process with members at some of the world's largest organisations (including ASX 20 and FTSE 100 companies) providing suggestions on how it could be enhanced to deliver the maximum benefit.

How does it work?

We've broken risk culture into three broad dimensions:
Organisational Processes The effectiveness and alignment of organisational structures and processes designed to influence/drive risk culture and behaviours (e.g. via the implementation of policies, frameworks, processes, structures that set expectations and provide clarity, direction and boundaries regarding risk.
Intangible Aspects

Factors that both influence and reflect attitudes, mindsets and behaviours through their impact and reflect group dynamics (e.g. via effects on norms, implicit values, ethical outlook and biases).

Risk Culture Capability

The capability the organisation has to assess and influence risk culture and its connectivity with the rest of the organisation


And then each dimension is broken down into a number of key "Areas"  and then further into "Sub-Themes". For each Sub-Theme, we've given examples and descriptions for Immature, Improving and Optimised organisations in a 3-stage maturity framework.

Example: Organisational processes > Incentives alignment

Risk Culture Maturity Framework Incentives Alignment-1

Risk Culture Maturity Framework Incentives Alignment-1
Download the Incentives Alignment area of the framework
How do your incentives stack up against peers?

Example: Intangible > Psychological safety & transparency

Risk Culture Maturity Framework Psychological safety & transparency

Risk Culture Maturity Framework Incentives Alignment-1
Download the Psychological safety and transparency area of the framework
Is your framework in line with your ASX and FTSE peers?


 Why this is different to other risk culture maturity frameworks:

Created and validated by practising risk leaders

This isn't a theoretical framework delivered via consultants. It harnesses practical examples and expertise from risk leaders at some of the largest organisations in the world (including ASX 20 and FTSE 100 members).

No extra fees

We created this framework specifically for one member as part of their organisation's annual Risk Leadership Network membership fee. The Risk Culture Maturity Framework is available to all members, again, as part of their annual membership fee.

Continued support as you progress through the maturity levels

Once members have identified areas for improvement in their risk culture, we facilitate targeted collaborations to assist our members as they move through the maturity scale.

What's next for the member who raised this challenge?

We set up a series of in-depth discussions between the ASX-listed technology firm who raised the priority, and more mature organisations (in risk culture). The member could learn how CROs at these organisations had implemented risk culture improvements, successfully, within their business.

The member was able to hone in on certain aspects of their framework, learning from a risk leader who had practical experience in specific areas of weakness that they'd identified in the framework  (e.g. improving escalation processes).

Four precursors
Ever wished you could speak to a risk leader who has already implemented the exact project you're working on?
With Risk Leadership Network membership, you'll have a dedicated network manager who will facilitate knowledge-sharing opportunities with the best-placed risk leaders for your priority or challenge.
Find out more about membership

Harness the power of peer collaboration

Are you working on a risk priority or challenge that could benefit from targeted peer collaboration, facilitated by our dedicated team of network managers? 

Book an introductory call to discover more about how we could work with you, and other tailored solutions we've provided for our members.

Get new posts by email