The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Thought Leadership   /  Corporate Culture and Risk Culture: The Chicken or The Egg?

Corporate Culture and Risk Culture: The Chicken or The Egg?

Last week, the IERP held a Chief Risk Officer Networking Group (CRONG), where Mr. Khairul Azwa, director of risk and compliance at a prominent GLIC, spoke on his experiences developing the risk culture in his organization. With a background in banking, he had started as a treasury dealer, eventually going on to become a risk manager at one of the GLICs in Malaysia. One of the challenges that he faced was setting a new risk management department from scratch. A task that he gave himself three to five years to develop. At the company, he noticed two traits that were ingrained in their DNA, firstly they have a strong culture of service and secondly, they cannot afford to make mistakes as that will have repercussions on not only the company, but also on careers, stakeholders and the country.

In developing risk culture at his company, he had to start from the ground up; there was no strong base to begin with. With staff from various backgrounds (i.e. government service, banking, corporates), he had to begin with identifying the staff, top management and the environment of the company. And by that, Mr. KA needed to have a bird’s eye view of the company, as well as build on the core businesses. In order to achieve set goals, the staff in the company needs to be educated on risk management. Each staff member needs to know who will take ownership of the risks and/or projects and how that will be done within acceptable standards of behavior. Mr. KA emphasized that creating a culture is not a an overnight project. It will take years before culture can be part of a company’s DNA.

In the process, there were several challenges he faced. Firstly, the organization needed risk management but no one had any idea how that would look like. Often, there was disagreement in which ideas should be implemented, and how. Besides that, he had a lot of resistance from various levels in creating the risk culture in the company because of the different background, and how to get it done. No one would agree on what they are doing, the reason why they needed to do it.

In spite of the challenges, Mr. KA likened creating risk culture to planting a seed. Where there is no risk management strategy in place, simply start small. Through the risk management process, risk culture can grow organically from staff and interdepartmental cooperation. With risk management in action, an ideal result is that its positive impact will be recognised, creating a chain of positive feedback across the organisation. One successful case can lead the way for further risk management activities, and so on.

Usually, the instinct in facing risk is to avoid or prevent it, but as a risk practitioner, those risks should be seen as opportunities. Mr. KA drew from his experience at his company: before, there was no cohesive team, no solid corporate culture; he recognized these weaknesses and turned them into opportunities. With no firmly embedded corporate culture, there was the opportunity to embed a risk aware corporate culture into the DNA.

Development of good risk management is from focused corporate vision, mission and values. It should be formulated in an environment that is “Risk Aware”. The right culture is needed in order for effective risk management practices, and the role of the risk management department is to set the standards for acceptable conduct. Risk management should not overwhelm the corporate objectives. In the end good risk management is good management.

In Mr. KA’s view, there are several key factors to risk culture:

  1. Risk practitioners always need to interact and intervene at the ground level.
  2. Risk practitioners need to be good listeners and be willing to take action.
  3. Risk practitioners need to facilitate cooperation among staff. Lack of communication and a “silo” mentality is a major impediment to risk awareness and good risk management.

All in all, Mr. KA concluded that risk culture is neither egg nor chicken. Corporate culture is risk culture and vice versa. In order to create a good culture from risk management, risk practitioners need to be a good ambassador. To ensure an enduring legacy, a risk-aware corporate culture is vital so that both leaders and staff do what’s best for the organisation.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password