Risk Culture: What Drives It?
It may be just one word but it comes with many definitions. Risk means different things in different corporate cultures, so it really helps to understand as wide a range of cultures as possible.
The wider your horizons, the better your understanding of what makes people tick, and knowing what drives them is imperative to helping them realise their full potential – which ultimately benefits the business. But the most important culture to understand is the one you have to operate in here and now, and getting a handle on your organisational culture is a pre-requisite to making it work for you.
Even the best-run firms with the most effective SOPs will go under if they don’t have the right culture in place. But what drives this culture? And how do you make it work for you? A firm’s risk culture basically underpins its risk appetite, and its risk appetite determines how much risk it can tolerate, and how it plans to managed the risk that it will inevitably have to deal with. No such company has yet been established which does not have to deal with risk; the only way to completely avoid risk is not to get into business to begin with!
What will help a firm deal with its risks is an in-depth understanding of what risk is, as it pertains to the firm, and how to manage it given the resources and limits within which it must operate. This necessitates developing a culture of risk that everyone in the organisation understands and can deal with, at their respective levels. At the root of it all, developing a risk culture in an organisation entails developing everyone’s awareness that risk exists where they are. It means helping them recognise what constitutes a risk (and why), and how to mitigate it, so that it doesn’t prevent them from achieving their objectives.
An organisation’s people – its staff, management, Board, shareholders and stakeholders – need to feel invested in it. They need to see that it is in their best interest that the firm is well-run, compliant with regulations, and is a good corporate citizen. This makes it sustainable, and in turn is able to support them by providing stable jobs and returns on investment. But this is just the start; developing an organisational risk culture is not exclusively about compliance with regulations, or strict adherence to processes and procedures (although that is an important part of making things work).
Companies have a duty of care to shareholders, staff and stakeholders of the community in which they operate. They cannot afford to be negligent – and this is one of the factors that drives risk culture: being constantly on the lookout for where things could go wrong, and putting in checks and balances to ensure that if the untoward happens, recovery for the company and all other parties involved, will be as quick and painless as possible. All this points to another element: developing a risk culture cannot happen “in silo” – it cannot be cultivated by one unit or department independently of others because risk affects everyone.
As efforts get under way to establish a risk culture within the organisation, factors that prevent its development should also be identified and removed or modified to make them useful. But as all these elements are identified and a risk culture starts to take shape, who is responsible for ensuring that it remains workable and part of corporate strategy? The Board and Senior Management, of course. They must be seen to be as invested as everyone else (indeed, more so), and be willing to walk the talk, if they want others to step up and follow their lead.