Risk Culture Building and Management

Risk culture is closely aligned with a firm’s general risk awareness and an embedded risk culture is at the heart of human decisions that govern the day to day activities of the firm, but when it goes wrong the consequences can be devastating  (e.g. AIG, BP, CL Financial)  and even fatal (e.g. Police, Defense Force and Private Security Companies).Failures such as fraud, internal theft, project failures, natural disasters and operational failures have their origins in certain organizational culture that allowed particular risks to take root and grow.

Risk culture can be defined as the norms and traditions of behavior of individuals and of groups within an organization that determine the way in which they identify, understand, discuss, and manage the risks  the organization confronts

Client issues

  • What risks are taking root in my organization that can result in major financial or operational disasters?
  • How can we embed risk and compliance into the culture of the organization so that all staff systematically identify, respond, assess and address risks and opportunities to the organization as a whole and in their own work areas, increasing judgment, discretion and accountability
  • Is there a formal process to consider risks when making important decisions
  • Do we know what our major risks are and do we have the internal expertise to identify those risks.

A robust risk culture throughout the company is essential in addressing the above issues. This risk culture should be embedded in the way the firm operates and cover all areas and activities, with particular care not to limit risk management to specific business areas or to restrict its mandate only to internal control.

Organizations today are facing increased complexity and uncertainty, making it difficult to manage operational and business risks.  They are concentrating all their efforts on existing in this new world, by stemming losses, reducing cost and managing revenues. Where there is attention to risk management, the focus is more on improving their risk management framework rather than tackling the underlying culture.