Risk leaders are taking five steps to better engage their boards with risk culture

3 min read
Feb 17, 2022

Risk culture is hard to define and quantify, so ensuring the board and senior leaders at your company truly understand and support your organisation’s risk culture requires defined statements, internal and external research, and all-important monitoring and reporting.


Download now [Case Study]: Introducing risk culture to the board: turning theory into practice

Top down support is need to truly embed an effective risk culture across all levels of an organisation, a challenge that several organisations in the the network are prioritising and collaborating to address.

The board oversees strategy, risk and performance. Risk culture permeates all of these issues, but it is not always easy to corral leadership around a clear understanding of it.

As they are not always deeply involved in day-to-day operations, directors are likely to need help to really understand an organisation’s culture - it can be difficult to grasp something that is essentially intangible, particularly if you are not on-the-ground where the action is taking place.

The risk team has a role to play in guiding efforts to scope out, solidify and monitor risk culture on an ongoing basis. So, how can you do this?

During their conversations in the network, risk leaders have shared the practical steps they're taking - and finding success with - when it comes to gaining and retaining board and senior leaders' attentions for those difficult but vital culture conversations.

1) Position risk culture within the organisation’s overall culture

Although it is a subset of your organisation’s overall culture, risk culture is a significant element because it defines how and when an organisation addresses risks and opportunities.

Issues related to risk culture can impact company value and in some cases lead to the demise of the entire organisation, or even entire sections of an industry - the 2008 financial crisis is an extreme example of such a result.

2) Make risk culture a strategic objective

Some member organisations have made risk culture a group strategic objective for every team, including it on management scorecards in order to shift the dial on risk culture.

This encourages buy-in from senior leaders and typically leads to risk receiving the support they need to help deliver risk culture awareness throughout the organisation. The business retains the ownership of the plans and actions to make the necessary changes to align with risk culture aims.

Moreover, the organisation creates the conditions for people to be able to change their own behaviour to bring it in line with the company’s risk culture. Operationalised risk appetite statements can also support this

3) Provide senior leadership with opportunities to drive risk culture together

One method to do this includes getting the entire team of senior leaders into one room or virtual meeting to use a design-thinking approach to assess risk culture in their different parts of the business. They are presented with culture-related issues gathered via the risk team’s diagnostic efforts and asked to discuss root causes as a group.

By making sure risk encourages senior leaders to talk about “the elephant in the room” – real issues or problems – and then guiding them towards developing solutions, senior leaders take ownership of the culture issue and the solution.

4) Gauge senior leaders’ risk awareness

Risk appetite surveys with the board prove effective for many members. Some questions to ask your board members during risk workshops include:

  • What tone do we currently set from the top?
  • Do we establish sufficiently clear accountabilities for those managing risks and hold them to their accountabilities?
  • How do the organisation’s structure, processes and reward systems support or detract from the development of our desired risk culture? (To read the full list of questions members shared and benchmarked against during member meetings, find out more about Risk Leadership Network membership here.)

5) Bring ethics into the equation

Establishing an ethics committee to take an organisation-wide view of behaviour and conduct from an ethical and reputation perspective has proven helpful for some organisations. To effect change, some members taking this route have got buy-in from the top by including senior leaders and directors in this committee.


Are you an in-house risk manager who could benefit from collaborating with a global network of risk leaders? Find out more about how we enable collaboration here.

Get new posts by email