Cultivating a Risk Culture | Part 2: Internal Factors

The events of 2020 made it clear that risk management must not only be a priority at the management level, but also interwoven into the culture of the whole organization. There are many factors to consider when building a risk culture within your organization, both internal and external. Part 1 of this series discussed the most critical aspect of this initiative, the people. In this article, we’ll dive into the other internal factors institutions need to consider.  

Internal Factors for Building a Risk Culture

Defining all the internal factors to review can be complex, as there are often hidden risks that are inherent to the relationships/interactions between the various factors. Taking a holistic and systematic approach will help you to determine how best to make this change.  

A good place to start is assessing your business activities and processes. Use enterprise/operational risk assessment data to evaluate how your business activities fit into the risk ecosystem. Ideally, as a part of that process, you’ve mapped technologies, third parties, partners etc. to help you unwind and pinpoint potential misalignments with the culture you’re working to develop. If you haven’t yet mapped these interdependencies, now is a great time to start.  

When assessing these internal factors, ask yourself:  

• Is risk consideration already a part of the process?  

• • If not, how can you ensure that risk is considered as this activity is performed? 

• Are the partnerships/relationships you’ve developed mature enough to enable clear communication about potential risks? 

• • If not, what can be done to enable this level of communication, or if that’s not an option,  what can you do to mitigate the risk? 

• Do the technologies/third parties your organization utilizes enable risk considerations? 

• •  If so, are you taking advantage of the options?  
  • If not, is there a way to incorporate risk consideration into the use of the technology/third party? 

Reviewing all your processes and the interdependencies may seem tedious; however, this is a great opportunity to uncover potential gaps and take stock of the data you collect. This level of review will set up your organization for success as it seeks to start cultivating a strong risk culture. Leave no stone unturned. Next, we’ll look at the external factors to consider.  

About the author:

Julia O’Connell is Quantivate’s senior vice president of product development and works with customers to define product requirements and determine ongoing development strategies.

Missed Part 1 on building a risk culture?

A risk-aware culture starts with the people. Get tips and considerations for engaging leadership, empowering employees, and sustaining success.

Read Cultivating a Risk Culture | Part 1: The People →