Risk culture is one of the key elements in an organization’s Enterprise Risk Management Framework. It influences, and is influenced by, the other ERM framework elements. In addition, risk culture influences an organization’s risk appetite and governance in a reciprocal manner. Recent research demonstrates that it is possible for an organization to evaluate its risk culture specifically and to measure the system of values and behaviours present throughout an organization that shape risk decisions.
The first step is to understand the existing risk culture and measure how well it supports the organization’s risk strategy and risk management approach. Our Risk Culture Framework and corresponding Risk Culture Survey provide a structure and process to help organisations in their efforts to achieve this.