The Risk Culture Building is one of the most talked about concepts in the business world nowadays. Many companies are spending a lot of time and money on formulating and implementing a correct risk management strategy either informally or formally in the shape of certain systems, policies and processes that everyone working in that organization has to follow. In this regard, there is nothing wrong in saying that such companies are more likely to survive in the event of a disaster as compared to those that do not pay much attention to risk management.
Therefore, it is a very good time to ‘appraise’ your risk management capabilities in order to understand where your organization stands. This first step of formulating a good risk management strategy is to get an accurate picture of the current level of risk culture maturity in your organization. You can start the task of risk culture building, once this assessment is complete.
Developing an Organizational Risk Management Culture:
Developing a risk management culture in an organization is a very hectic task. It takes a thoughtful consideration of the current situation, time and energy to accomplish the task successfully. It is actually the repeated behavior of the employees that give rise to the risk culture. It is a sorry fact that companies pay a lot of attention towards policies and procedures while implementing a risk management strategy, but pay no heed to attitudes, beliefs and underlying values of the individuals that shape behaviors. These beliefs and attitudes are partly inherent but the existing corporate culture of an organization also plays its part to shape them.
Risk management has become more of a quantitative model and less about a behavioral model in the last decade or so. However, the recent financial crises revealed that even the best of the quantitative model is not good enough to predict the result of a misguided behavior.
In the context of the above discussion, it can be rightly said that traditional risk management policies are not going to work in the modern “behavioral era.” It is important for you to change the way you think and see risk management in addition to equipping yourself with practical experiences and necessary knowledge on how to apply that transformed thinking in your organization.
In recent years, many companies have successfully gone much beyond their “risk appetite.” Although, these companies are making a lot of money yet they should have the courage to realize that if they take any additional risk, it will not add any value to their organization. They should also be courageous enough to admit that it is impossible for them to implement risk management in the absence of fully developed organizational culture.
Organizational Culture and Risk Management:
It is absolutely imperative for any organization to develop an organizational culture that can embrace risk culture management. Following are some of the important components of the organizational culture in this regard.
- Risk awareness that is, all the employees should have an accurate picture of the current situation of the organization.
- The common language that is, every member should have a common understanding to access the risk.
- Risk appetite that is, how much risk your organization is willing to take.
- Training and development.
- Communication and engagement that is, you should promote effective communication among employees and keep them engaged in the process of implementing risk management strategy.
- Performance and recognition that are, you should formulate an effective policy to check the performance of every individual and recognize their efforts as well.
The Era of Behavior and Risk Management:
There is a bit of human nature involved in risk management. When something bad happens, people try their level best to ensure that it doesn’t happen again. Therefore, the future of risk culture building lies in incorporating all types of human behaviors, those we want to encourage as well as those we want to discourage.
What is Risk Culture:
Before moving any further, it is also important to learn what actually the Risk Culture is. It is basically a term that is used to describe knowledge, beliefs, values and understanding of the risk that a group of people with a common goal such as a team of employees in an organization shares.
Why Change is Necessary?
As discussed above, it is necessary to change your thinking style as far as risk management is concerned because the traditional strategies have let everyone down in the case of a disaster. Now, the top management does provide better support, but most often, it has compliance perspective. You need to incorporate a new thinking style that focuses on value adding aspects. For instance, the modern risk management strategies can even have ROI. You should also be aware of all the new concepts and tools regarding risk management, such as OpRisk that is emerging as an important risk management level because it also covers all other risk disciplines as well.
The Future of Risk Management:
The biggest challenge organizations face while implementing a new risk management strategy is how to shift from a “rear view risk focus” which merely stresses on the importance of past data, historical events and modeling to a futuristic looking perspective of an effective risk culture which is based on risk optimization and pro-active risk mitigation scenario.
Following illustration explains 5 levels of Risk Management Maturity that will help you better understand the concept.
Capabilities and Risk Management:
It is also important to understand how capable your organizational culture is to successfully incorporate the modern risk management methods. In this regard, following are the capability building blocks.
- People and Organizational Design
- Management and Control
- Systems and Data
Again, there are 5 levels of capabilities at risk management. Following diagrams only explain the level 1. For understanding other levels, please go through the full webinar, “Risk Culture Building – The Future of Risk Management” by Horst Simon
You are Doing it All Wrong:
Even in the modern era, there are many companies who are doing it all wrong when it comes to risk management. They still mitigate risk in terms of organizational goals to determine whether it is good or bad. Similarly, the sole focus of many management initiatives is still the compliance. Executives narrowly focus on what can go wrong that creates a fear driven thinking. The prevalent frameworks also fail to engage the entire organization in the process of identifying and accessing risks. Risk management has yet not been linked to performance management and common language to understand the risk is also nonexistent.
The Risk culture building is the process of continues improvement and growth. This empowers everyone working in the organization to respond to any risk situation and to mitigate, control, optimize or transfer the risk for the benefit of the organization.
To learn more about “Building a Risk Management Culture in an organization”, please go through the original webinar.