RISK MANAGEMENT
“ Simply stating that you are a risk conscious organization is insufficient . Your entire organization , from the top down , must genuinely comprehend and embrace a risk conscious mindset . ”
Enterprise |
Risk |
Management |
( ERM ), |
nonexistent-ineffective |
or |
inefficient risk assessment and not |
integrating risk management with |
strategy-setting |
and |
performance |
management . |
|
|
The tone at the top sets an organization ’ s guiding values and ethical climate . Properly fed and nurtured , it is the foundation upon which the culture of an enterprise is built . Ultimately , it is the glue that holds an organization together .
Risk culture is described as a system of beliefs and behaviors existing throughout an organization that impact day-to-day risk decisions . An organization ’ s risk culture encompasses an array of behaviors , beliefs , attitudes and competencies associated with perceptions of risk and related decision-making . Risk culture is therefore a subset of broader organizational culture , or ‘ the way we do things around here ”. Risks are successfully managed by mature organizations , in other words , risk management frameworks , which include formal policies , procedures , systems , and processes , are welldeveloped in such organizations .
In the Risk Culture Framework by Institute of Risk Management ( IRM ) the component parts making up an organization ’ s risk culture are highlighted beginning with ( 1 ) an individual ’ s personal predisposition to risk , which then shapes ( 2 ) the individual ’ s personal ethics , followed by ( 3 ) that individual ’ s actual behavior ; and that person ’ s behavior combines with all other members of the organization to create ( 4 ) the organization ’ s culture ; which then shapes how willing people in the organization are to live in a ( 5 ) risk culture that either welcomes openness and information sharing or “ punishes ” people for identifying risks openly . If applied effectively , this and other similar frameworks can help influence the risk culture within any organization in a positive direction .
Building a Strong Risk Culture
We have become accustomed to media headlines dominated by a steady stream of corporate scandals , fraud , and other assorted conduct and risk management “ slipups ”. No industry , sector , or region appears to be immune to these incidents some of which include rogue trading , misleading sales practices , investment fraud schemes , dubious accounting practices , market / benchmark manipulation , outright theft and financial crisis resulting from strategic management errors .
Not surprisingly , these tragedies elicit a great deal of post-mortem analysis and opinion as regulators , boards , management , and other key stakeholders try to figure out what went wrong and how these insights might help prevent similar disasters from occurring .
A commonly recurring theme in much of the subsequent narrative and analysis is the fact that these incidents are often directly linked to some type
of material “ failure of ( risk ) culture ”.
“ What organizational practices or situations inhibit the formation of an effective risk culture , and hence our ability to prevent major losses ?” is the obvious question that this revelation poses or , to put it in more constructive terms , “ What organizational practices / conditions help to foster a strong risk culture , and thus increase our confidence in successfully achieving organizational objectives ?”
Simply stating that you are a risk conscious organization is insufficient . Your entire organization , from the top down , must genuinely comprehend and embrace a risk conscious mindset . So how can an organization build and promote a positive risk culture ?
Understand your organization ’ s current risk culture and how well it supports your approach to managing risk .
This is a critical step that we must get right to guarantee correct and meaningful progression to subsequent steps .
One way in which this can be done is to break down risk culture into more measurable attributes . The aim is to provide a baseline against which any attempts to shape the risk culture of an organization can be measured . An effective risk culture is one that enables and rewards individuals and groups for taking the right risks in an informed manner . The question then comes up how do you measure risk culture ?
Can risk culture be measured ? Assumptions and beliefs are difficult
60
MAL 47 / 22 ISSUE