The strength of organisational culture determines how a company responds to risk. Risk culture is an invaluable aid in moving from a “have to do” compliance attitude to adding proper value for an organisation.
History is littered with corporate failures and risk culture is often a major reason. Company values and norms do change over time as the company matures and a perfect example of this is Uber. In late 2017, the Uber CEO publicly shared the new cultural norms including “We do the right thing. Period” and “We celebrate differences”. Former values included “always be hustling” and “toe-stepping” which although intended to encourage employees were often misunderstood and used as an excuse for bad behaviour.
Five core requirements for risk culture:
One definition of risk culture is “the values in a company that guides risk decision taking”, but this cannot be actioned without the equivalent personal employee norms and their relationship to risk. Employees must want to take informed risks and not have to. Ideally, new recruits are selected with culture in mind, however regular ongoing monitoring is always needed.
Risk culture is difficult to measure as is common with many soft skills, however regular staff surveys will provide valuable feedback and can be compared to industry norms. Interviews can be performed if indicated by the survey results. The main takeaway is that risk culture is an ‘all the time’ exercise and needs to be continually monitored and actioned.
How risk management can help:
Author – Warrick Asher
Acknowledgement:
Washington post – ‘Hustlin’ is out. Doing ‘the right thing’ is in. Uber has rewritten its notorious list of core values.