Building a Risk Aware Culture for Success
Presented by Mira Butler, Managing Director, Mira Consulting
Thank you very much Mira for your enlightening presentation at our BarnOwl info sharing event held at the BarnOwl offices in Bryanston on the 28th June 2018.
Enhance your organisation’s ability to effectively manage uncertainty. Today’s business world is constantly changing. It’s unpredictable, volatile, and seems to become more complex every day- by its very nature, it is fraught with risk.
Enterprise risk management is a comprehensive, systematic approach for helping the organisation to identify, measure, prioritise and respond to the risks challenging its most critical objectives and related projects, initiatives and day-today operating practices. But, does your organisational culture reinforce your strategy and help you take the right decisions on risks?
Mira’s session explored ways in which to create a culture that re-enforces risk management as value adding and not a ‘tick box’ compliance exercise.
It’s up to us as Risk Managers
Risk Management is about working alongside the business to help them achieve their objectives and strategy but where we as risk practitioners often fall short is that we fixate on the policy, framework and the process of risk management rather than how we can add value resulting in risk management becoming a ‘tick box’ exercise and reactive rather than proactive. It’s how we approach our organisation and how we instil risk management within our organisation that matters!
- For organisations to manage their risks and meet their strategic objectives, the behavioural element has to change and the way we behave affects how we manage risk.
- An integrated set of relationships influence risk culture: Individual level including personal perception to risk and personal ethics; Organisational culture including Sociability (people are doing things for each other because they want to) and Solidarity (high task focus, common tasks, shared goals and mutual benefits)
- The IRM proposes a simple A-B-C approach to risk culture:
- Risk attitude (position adopted by employees towards risk which is influenced by their perception and predisposition)
- Risk behaviour (risk-related actions, decision-making, processes and communication) and
- Risk culture (values, beliefs, attitudes and knowledge about risk)
Changing the Risk Culture
- The culture change should be treated as a change management project in its own right with appropriate allocation of board time and resources
- Successful change requires awareness that the board itself, and the Executive management are an integral part of the existing risk culture
- Sustained change in the risk culture needs to start at the top
Elements of good risk culture
- Distinct and consistent tone from the top
- Commitment to ethical principles
- Clear accountability and ownership for risks
- Transparent risk information communicated without fear or blame
- Processes and activities within an organisation must be clearly understood
- Appropriate risk behaviours- encouraged and understood
- Inappropriate behaviours- challenged and sanctioned
- Risk management skills and values valued and correctly resourced
- Status quo challenged
- Employee engagement and people strategy
Impact of inappropriate risk culture
- Hamper the achievement of strategic, tactical or operational goals
- Allow for activities that are at odds with policies or procedures
- Could lead to reputational and financial damage
- Often the root cause of organisational scandals and collapses
- Lead to uncontrolled risk taking- risk frameworks and policies that stifle risk-taking or innovation
Risk frameworks and polices are important however they are not sufficient in themselves. What is essential is the behavioural element; how people behave in an organisation and how they react and perceive risk. It is also essential for risk practitioners to engage with business as trusted advisors adding value to strategic and operational decision making. Get buy in from the top and build trust, build rapport, have conversations; explain the ‘why’ you need risk management and the ‘how’ becomes easier. Risk management is a day to day activity and needs to be instilled in the organisation. Optimal decision making is about balancing risk and reward successfully.
Written by: Jonathan Crisp
Director – BarnOwl GRC and Audit software
About Mira Butler:
Mira Butler has over seven years of Risk Management experience in the corporate environment. Mira’s area of focus is in Enterprise Risk Management (ERM), working with companies to establish risk governance and enhance ERM processes through identification, analysis and management of enterprise-wide and operational risks.
BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Australasia, Europe and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.