Risk culture is hard to define and quantify, so ensuring the board and senior leaders at your company truly understand and support your organisation’s risk culture requires defined statements, internal and external research, and all-important monitoring and reporting.
The board oversees strategy, risk and performance. Risk culture permeates all of these issues, but it is not always easy to corral leadership around a clear understanding of it.
As they are not always deeply involved in day-to-day operations, directors are likely to need help to really understand an organisation’s culture - it can be difficult to grasp something that is essentially intangible, particularly if you are not on-the-ground where the action is taking place.
The risk team has a role to play in guiding efforts to scope out, solidify and monitor risk culture on an ongoing basis. So, how can you do this?
During our series of member meetings as part of our ongoing risk culture cohort, risk leaders have shared the practical steps they’re taking – and finding success with – when it comes to gaining and retaining board and senior leaders’ attentions for those difficult but vital culture conversations.
1) Position risk culture within the organisation’s overall culture
Although it is a subset of your organisation’s overall culture, risk culture is a significant element because it defines how and when an organisation addresses risks and opportunities.
Issues related to risk culture can impact company value and in some cases lead to the demise of the entire organisation, or even entire sections of an industry - the 2008 financial crisis is an extreme example of such a result.
2) Make risk culture a strategic objective
Some member organisations have made risk culture a group strategic objective for every team, including it on management scorecards in order to shift the dial on risk culture.
This encourages buy-in from senior leaders and typically leads to risk receiving the support they need to help deliver risk culture awareness throughout the organisation. The business retains the ownership of the plans and actions to make the necessary changes to align with risk culture aims.
Moreover, the organisation creates the conditions for people to be able to change their own behaviour to bring it in line with the company’s risk culture. Operationalised risk appetite statements – discussed in this blog – also support this.
3) Provide senior leadership with opportunities to drive risk culture together
One method to do this includes getting the entire team of senior leaders into one room or virtual meeting to use a design-thinking approach to assess risk culture in their different parts of the business. They are presented with culture-related issues gathered via the risk team’s diagnostic efforts and asked to discuss root causes as a group.
By making sure risk encourages senior leaders to talk about “the elephant in the room” – real issues or problems – and then guiding them towards developing solutions, senior leaders take ownership of the culture issue and the solution.
Do we establish sufficiently clear accountabilities for those managing risks and hold them to their accountabilities?
How do the organisation’s structure, processes and reward systems support or detract from the development of our desired risk culture? (To read the full list of questions members shared and benchmarked against during member meetings, find out more about Risk Leadership Network membership here.)
5) Bring ethics into the equation
Establishing an ethics committee to take an organisation-wide view of behaviour and conduct from an ethical and reputation perspective has proven helpful for some organisations. To effect change, some members taking this route have got buy-in from the top by including senior leaders and directors in this committee.
To read the full eight-step paper on getting the board engaged with risk culture, and to read other content from our Risk Culture Better Practice Guidance, learn more about membership here.