Cultivating a Risk Culture | Part 1: The People

The events of 2020 highlighted risk management in a way that no other situation could. Organizations were tested from all fronts in many ways, be it internal challenges with migrating to remote work or external challenges such as increased cybersecurity and third-party risk. Not a single business was left unscathed. The most important thing is that we learn from these events.  

Why is risk culture important?

One important lesson we can take away is: we need to get serious about risk management. Risk management needs to be more than just a checkbox that is performed according to a set schedule. Risk must be so integral to the business, that it is a part of its culture. In an ideal scenario, a risk culture will enable superior sharing of data as more people are thinking about and considering the risks. This may also open up opportunities that would have otherwise been unseen.  

There is a multitude of factors that you need to consider when cultivating a risk culture, both external and internal. The most critical aspect of success is the people. The people within your organization need to understand risk and be able to contextualize it. They need to realize that risk crosses boundaries and impacts others within the organization. This cornerstone of knowledge will be the soil in which the seed of risk culture is planted.

So where do you start? Once you have your plan, including goals/objectives, measurements of success, etc., you should:  

Start with the leaders

The culture needs to be cultivated at all levels, and there should be a strategy for each level. Start with the leaders of the organization. They need to be equipped to lead by example, manage and set expectations, and welcome any disclosures despite how undesirable they may be. 

Empower the employees 

From there, the culture can begin to grow. Staff members at all levels should be empowered to bring up any risk. Everyone should be invited to participate in the risk management process. This level of involvement will bring meaning and purpose to risk management for those who have not previously been a part of the activity.  

Build sustainability 

To ensure your efforts don’t go to waste, you must create a risk culture that is self-sustaining. Consider what happens when there is turnover or role changes within the organization. Will the changes you’ve made carry on? As a part of this initiative, include the onboarding process and an ongoing program to build and maintain momentum and fill in any skills gaps within the organization. 

Changing the culture of your organization is no easy task, and no one can do it alone. Get the key people in your organization involved. Together, with the right goals and objectives, you can achieve a culture shift. But don’t expect it to happen overnight; changes of this magnitude take time. 

Read the rest of the series: Part 2 | Part 3 | Part 4

About the Author:

Julia O’Connell is Quantivate’s senior vice president of product development and works with customers to define product requirements and determine ongoing development strategies.

More Risk Culture and ERM Reads & Resources:

• What’s Your Risk Culture?
• Risk Management: Top 7 Risk Assessment Tips
• How to Make Risk-Based Decisions