Cultivating a Risk Culture | Part 3: External Factors

  • April 19, 2021
  • Julia O'Connell

The events of 2020 made it clear that risk management is critical to an organization’s survival. There are many factors, both internal and external, to consider when cultivating a risk culture within your institution. In this series, we have discussed how to engage and empower your organization’s people in Part 1 and other important internal factors in Part 2. In this article, we’ll dive into the external factors you should consider for a risk-aware culture.

Creating a Risk-Aware Culture: 5 External Factors to Watch

External factors can have a profound impact on your organization’s culture. Because of this, it is important to effectively monitor these changes within your overall risk program so that your organization can anticipate and address any shifts that may impact your risk culture. As we look at external factors to consider, the scope will depend on your organization’s industry, size, and situation. Areas to consider include:

  • Regulatory requirements and the velocity and regularity of changes to those requirements (depending on how sharp the shifts in focus are) will require the organization to adapt. One example of this is data privacy. With GDPR, CCPA, and many other impending privacy requirements, organizations have had to build accommodations into their processes, procedures, and even organizational chart to ensure data privacy.
  • Technology changes can also cause shifts in an organization’s risk culture. For example, with the onslaught of cybersecurity risks, organizations are increasingly implementing new technologies to reduce these risks. However, new safeguards can come at the expense of the employees, who may feel the weight of so much oversight. This may cause reluctance to participate in risk identification and other processes.
  • Economic factors run deep and can have lasting impacts. One example from 2020 is the reduction of economic activity due to pandemic-related lockdowns. This economic environment had many cascading downstream impacts that touched nearly every factor on this list.
  • Geopolitical factors can also have an impact depending on an organization’s size and level of international engagement. Examples could include the tensions between the United States and China and the resulting downstream impacts of trade sanctions, supply chain shortages, etc.
  • Industry standards also change over time and influence culture. An example here is mobile banking, which was once a differentiating factor but is now an industry standard.

The above list should not be considered complete and will vary depending on your organization’s unique scenario, but is a good place to start as you consider your organization’s broader environment and associated risks. Taking the time to think through all the potential external factors will pay back dividends. In the next article, we’ll wrap up the series with a review of how to begin the process of cultivating a risk-aware culture.

About the author:

Julia O’Connell is Quantivate’s senior vice president of product development and works with customers to define product requirements and determine ongoing development strategies.