Building an effective Risk Culture is much more than changing your organizational culture in line with your Vision, Mission, corporate values and risk appetite—you must factor in the interests of competing national cultures, sub-cultures, Maslow’s theory on individual self- actualization and the informal groups in the company.
The interactions between all of these are not predictable and variables cannot accurately be isolated.
An effective risk culture is not a matter of risk assessment or level of compliance; it is a matter of “conviction” -- a corporate state of mind where human beings can take well informed risk decisions because they want to, not because they have to.
ERM Policies, systems and reporting dashboards are all part of the foundation for good risk management. Once you have all of these in place, you can start building an effective risk culture. Remember also that there is too much complexity and subjectivity in culture to assume that individual reactions and responses can be aggregated to reflect or give an accurate picture of the whole organisation’s risk culture. You cannot “pop” an effective risk culture in the microwave, it takes a lot of preparation, dedication and time to get it to perfection.
You can have the best staff retention rates in the industry; or the most long service awards, both of these can also indicate a high risk of employee fraud. According to the ACFE research: 53% of fraudsters have more than 5 years of service and the median loss for fraudsters with 6 to 10 years of service is $200 000-00. 52% of fraudsters are between 31 and 45 years old and older fraudsters tend to cause larger losses.
The Future of Risk Management is not just looking through the windshield; scanning the horizon might just be the most important thing to do, you cannot control or stop what is coming, you have to prepare to respond to it. So many organisations spend large amounts of money to focus and report only on what is happening inside the organization, where they actually have control. Your biggest risks are outside of the organization, where you have no control.
Key elements for the future of your risk strategy should include internal networking; you have to talk to the informal groups and their informal leaders just as much as you do talk to the executives and managers, maybe even more. The real business does not always get done in the formal “boxes & lines” structure.
Just as important are the aspects of desk research and external networking. To have a good risk management strategy and action plan, you have to know everything about your industry, markets, competitors, supply chain, alternative supply chain, Global risks in an interconnected world and many more. Failure to adapt your business model; which drives your “risk for reward” system, to the ever-changing internal and external risk environments will lead straight to the corporate graveyard.
The Future of Risk Management is just: “Risk Management through people” You can have the best systems, great models and scenario analysis with elaborate dashboards; at the end of the day a person will take a decision.
Are your employees aiming at more than one target; or do you have a clearly defined risk for reward strategy and risk appetite statement to guide them? Business strategy and Risk Culture are parts of an interdependent system.
Start working on your success by training every employee some basic risk management skills.
As my Moody's colleague, Sarah Tennyson wrote last year: “Enterprise-wide risk management requires a shift in the behavior and mindset of employees across an organization. To realize the full benefits of improved systems, tools, and analytical skills, people need to learn new ways of perceiving situations, interpreting data, making decisions, influencing, and negotiating”
Read Sarah's article at Moodys.com: https://www.moodysanalytics.com/Publications/Risk-Perspectives/2014/RP04/Risk-Perspectives-Integrated-Risk-Management/Approaches-to-Implementation-Integrated-Risk-Management/Training-as-a-Powerful-Tool-for-Evolving-Risk-Culture
Post a Comment
Community Comments (1)
Zawya encourages you to add a comment to this discussion. You agree that when you add content to this discussion your comments will not:
1.1 Contain any material which is libelous or defamatory of any person, is obscene, offensive, hateful or inflammatory or causes damage to the reputation of any person or organisation.
1.2 Promote sexually explicit material, violence, discrimination based on race, sex, religion, nationality, disability, sexual orientation or age or any illegal activity.
1.3 Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
1.4 Be threatening, abuse or invade another's privacy, or cause annoyance, inconvenience or needless anxiety.
1.5 Be used to impersonate any person, to misrepresent your identity or affiliation with any person, or be likely to deceive any person.
1.6 Give the impression that they represent Zawya.
1.7 Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.
- The content posted on www.zawya.com is created by members of the public. The views expressed are theirs and unless specifically stated are not those of Zawya. Zawya reserves the right to review all comments prior to posting and edit or delete any contribution, but Zawya is not responsible for and can not be held liable for any content posted by members of the public on www.zawya.com.
- Zawya is not responsible for the availability or content of any third party sites that are accessible through www.zawya.com. Any links to third party websites from www.zawya.com do not amount to any endorsement of that site by Zawya and any use of that site by you is at your own risk.
- By submitting your comment, you hereby give Zawya the right, but not the obligation, to post, air, edit, exhibit, telecast, webcast, re-use, publish, reproduce, use, license, print, distribute or otherwise use your comments worldwide, in perpetuity.