5 Ways to cultivate a risk culture

April 27, 2022

April 27, 2022

|

Board Risk & Compliance

|

Sean McDonald

Whether you like it or not, change is perpetual – in the workplace, at home, in your community, everywhere. And with change come risks. For organisations to survive and thrive, they must cultivate a risk culture, understand how to deal with constant, new challenges and encourage employees and board members to be flexible and agile.

The COVID-19 pandemic epitomised this idea. No one ever predicted for a years-long global viral outbreak to occur, but businesses across the globe had to think quickly on their feet and decide how to approach and handle the consequences of the pandemic. Organisations experienced and learned first-hand the importance of being versatile in uncertain times and the ability to adapt to any possibilities in an ever-changing business environment. 

In the workplace, identifying and navigating new risks, especially ones as significant as a global health crisis, requires an all-hands-on-deck approach. After almost three years of the COVID-19 pandemic, organisations around the world are now practising risk intelligence, essentially the awareness of risk and understanding of how to handle risk, in their internal culture. 

Risk intelligence is an organisational ability to think in an all-encompassing approach to risk and uncertainty. It is the ability to speak a common risk language and effectively use forward-looking risk concepts and reforming tools to make smarter decisions, alleviate threats, capitalise on opportunities and create lasting value.

To incorporate risk intelligence, businesses are setting risk management as a fundamental part of all of their employees’ roles, not just the ones whose responsibilities revolve around risk management. Helping everyone in the organisation understand what risk is, how risk can impact the business and how individuals can help navigate risks, allows organisations, particularly key decision-makers to evaluate the situation much quicker as well as take the necessary steps to tackle each novel threat.

What does it mean to have a risk culture? First and foremost, your organisation’s risk management needs to be aligned with your business strategy in order to define its risk appetite and tolerance clearly. Once that is pellucid, then your organisation’s employees should be able to comprehend and manage risk. The end result you should be striving for is to achieve a point whereby all your employees feel empowered to always make a decision based on the situation. 

Learning how to increase risk intelligence and improve risk management at the workplace is an involved process that will take time. 

So to begin understanding how to cultivate a risk culture across your organisation, read the following five points created by the BoardPro team and implement them into your organisation’s processes.

1. Set the guidelines for risk management, but also remain open to challenges

The top priority is to assign your organisation’s Risk, Assurance and Compliance department to establish the values, policies, processes, guidelines and behaviours that structure the organisation’s risk identification checklist. To do so, it is very important to ask the following open questions that will help you identify risks:

  1. What could go wrong?
  2. What could prevent this problem from happening?
  3. What can harm us?
  4. What is the worst-case scenario?
  5. What threats do we face?
  6. What opportunities could we find?

It would be helpful to get multiple perspectives on the above questions. You may receive different responses from your stakeholders, different departments, board members, etc., so it is crucial to take all viewpoints into consideration. 

Once the Risk, Assurance and Compliance department has established a risk identification checklist, then these risk specialists need to remain open to challenges, input and feedback from others, such as key stakeholders and other departments. Given the ever-evolving world we live in, the risk identification checklist and risk management processes need to be open to change, and the Risk, Assurance and Compliance department needs to be ready and willing to review the risk management process in response to new emerging risks.

2. Improve the lines of communication

Building a risk culture within the organisation means distributing information, collaborating with and sharing a purpose with other departments. Your risk specialists should always be in sync with the greater organisation. Not only will this enable knowledge sharing, but it will also enable greater visibility and minimise negativity. And wherever risk metrics need to be integrated, the communication between the Risk, Assurance and Compliance department and respective departments must be two-way. 

This is where going digital can significantly improve your lines of communication. By centralising risk information in one platform, standardising data and revealing the relationship between threats, technology can seamlessly help create a common, understandable risk language. A shared risk language will allow fruitful conversations that can identify and manage all sorts of risks. 

Picture this: one of your organisation’s vendors brings up a new issue with you. So to address this challenge, all your managers – from third-party risk, compliance, claim and supply chain – quickly collaborate and propose a coordinated solution that mitigates the damage. Doesn’t going digital help make working together across your organisation much simpler and faster?

3. Encourage individual responsibility

Every person contributes to your organisation in important ways, so you must ensure that everyone completely understands the organisation’s approach to risk. That is the most important step to getting the whole company on the same page and moving towards cultivating a risk culture. Once people understand this approach, they should know how to take personal responsibility to mitigate risks in all the responsibilities and tasks, then also inspire others, both existing as well as new, to do so as well. 

To help with this procedure, your organisation’s symbols, management systems and behavioural norms need to all be in harmony so that they are comprehensible and easy to follow. In addition, they need to inspire your employees to make the correct risk-related decisions and model the appropriate risk management behaviours. 

Like everything else, it is extremely helpful and powerful to lead by example. By making sure that your organsation’s senior leaders are demonstrating risk-aware behaviour and making risk-aware decisions, the rest of your employees will be empowered and encouraged to follow suit.

4. Implement a culture of learning

To teach your employees how to manage and mitigate risks, you need to equip them with the fundamental knowledge of risk management in context of your organisation and goals and teach them the language of risk. 

This will not be a quick learning process. It takes time, and lessons are learned every day. Below are several methods you can create a culture of learning when it comes to managing risk at your business:

  1. Assess your current teaching and learning strategies for your employees and locate any learning gaps and weaknesses. Is there important information that your employees are not learning but should?
  2. Plan what you need and want your employees to learn.
  3. Empower subject matter experts to create learning content that will stimulate and captivate your employees’ attention.
  4. Make training easily accessible.
  5. Assign time for your employees to learn.
  6. Offer an easily-available library of resources.
  7. Make learning fun and social so that your employees will enjoy and look forward to learn ing.
  8. Develop a knowledge-sharing habit within your organisation.
  9. Provide feedback whenever possible.

These lessons need to be constantly reminded, incorporated into all training materials and also applied to relevant ongoing scenarios so as to train a risk managing mindset and develop a risk culture in your organisation. 

5. Highlight the benefits

So far, risk has only been discussed in the context of the organisation, but not in the context of individuals. Minimising risk is good for everyone. Your organisation can develop reward plans for your employees when they demonstrate risk-aware behaviours.

For example, using monitoring and metrics to show the advantages of having a risk identification checklist will reveal the results of your employees’ hard work. It is also a great idea to incorporate risk management incentives and expectations into performance plans. 

By doing so, risk will be in the front and centre of everyone’s minds, and the incentives will motivate people to mitigate any problems within their role. You could also reward the employees who help identify risks and come up with suitable solutions for them, and link annual bonuses to reaching specified risk-related goals.

An organisation that prioritises and emphasises risk-aware behaviours protects not just its customers and clients, but also its reputation and balance sheet. When everyone across the business – from top management to the greenest of interns – understands the risks involved in all of their decisions, then all potential threats and issues are more likely to be surfaced, explored and managed, well before they occur. Being versatile and prepared will lead to greater success in achieving any goals your organisation set out to achieve.

Webinar Transcript

Get your copy

Related Posts

Board meeting software for minute taking, assigning tasks & meeting agendas

Try BoardPro free for 30 days

Create an agenda, build the board pack, take minutes, assign actions, and load files to the secure repository.

Free Trial