Power of Culture…Power of People
When a child does something wrong, fingers point to the parents. When an organisation goes rogue, the Board gets questioned. As natural and normal as it sounds, how one conducts him or herself reflects on the values and culture of the organisation.
So, what is risk culture? Many managers feel they have an intuitive understanding of risk culture but may not be able to define this precisely and concretely. Without a clear and holistic understanding of risk culture however, organisations tend to address risk with narrow structural approaches and incentives. To quote KBC Group’s risk culture definition, “A powerful wheel of effective and efficient risk management that cultivates a shared perception among employees, including perceptions of risk-related practices and behaviours that are expected, valued and supported. Putting risk in the hearts and minds of everyone within the organisation, and working towards creating a common united goal.”
Deﬁning and quantifying culture is a real and current challenge facing most Australian companies and organisations as they ﬁnd that shareholders, customers, regulators and the public have no tolerance for businesses that cannot get it right. This challenge continues to escalate with new risk management and governance prudential standards from APRA (Australian Prudential Regulation Authority), and increased ASIC (Australian Securities and Investments Commission) monitoring and enforcement of regulations designed to protect investor and consumer interests.
Without succumbing to the challenges, the journey begins as Board members and senior managers embark on a culture risk assessment journey, fostering a common language and framework. A journey that is aimed at developing a successful risk culture model which accounts for all the meaningful interactions that happen inside organisations. The model is as follows:
Leadership and Strategy
- Integrity and values
- Mission and objectives
- Processes and controls
- Risk identification and assessment
People and Communication
- Commitment to competence
- Knowledge, information and communication
Accountability and Transparency
- Delegation of authority and responsibility
- Human resource policies and practices, and performance measurement
Underpinned by this model, Board members and senior management sought to understand and evaluate the risk culture practised within its organisations with the following questions:
- Is risk management valued throughout the organisation?
- Are risk issues and events proactively identified and effectively addressed?
- Are risk issues and policy breaches ignored, downplayed or excused?
- Is the immediate manager an effective role model for desirable risk behaviour?
With APRA and ASIC placing more scrutiny on organisations’ risk culture, Board members and senior management are embracing, evolving and regularly communicating the importance of a strong risk culture to ensure that a consistent message comes from the top echelons.
Lastly, organisations that continue to evolve and instil a healthy risk culture will set the new benchmark for effective and efficient risk management, the production of distinct results, and creation of a competitive advantage.