How to Promote Risk Culture in Your Organization

Darren Jacobs
July 13, 2018

Risk culture is a term that encompasses your company’s attitude toward risk. Some risk is good in business, and risk is necessary in order to grow in the market. However, companies that take undue risks with product decisions, consumer information, and regulatory compliance face an enormous downside. Encouraging the members of your organization to be smart risk takers and reduce downside is a key to success in business, especially in today’s regulatory environment.

Culture Is Integral to Mitigating Risk

Every organization wants to minimize unnecessary risks, but that it can be difficult to accomplish risk neutralization when threats come from so many sides. In the modern technology age, data security and defence from cyber attacks are an enormous concern for many organizations.

On the other hand, out-of-date compliance methods for government regulations could trigger an audit, severely limiting your organization’s credibility and future access to growth opportunities. Even natural disasters and external risks outside your focus of control can negatively impact your organization if you don’t have agile response planning in place.

In order to combat risk on all sides, companies are realizing that risk management can’t be the job of one person or one department. Modern organizations and technology are simply too complicated for one person to understand how the whole puzzle fits together and where it’s vulnerable. Instead, everyone in the organization needs to pitch into the risk culture, raising questions and identifying weak points as they arise.

Creating an Effective Risk Culture

The key to developing risk culture at your organization is to evaluate the incentive structure inherent in how your company does business. Some of the highest risk schemes, from Enron to Bernie Madoff, came in organizations that prioritized taking risks and making money no matter the cost. Many would agree that poor incentive structures within banks led to the sub-prime lending crisis of 2009.

When looking to build a risk culture, evaluate your incentive structure. Do the people at the top of your organization encourage doing the right thing over making money? The example from the top is a prerequisite for healthy risk culture. At Deutsche Bank, they recently launched a “We are all risk managers” campaign to make it clear that the burden of risk management is on everyone and is a shared responsibility.

Behavioural Economics and Risk Culture

According to research from McKinsey, the field of behavioural economics gives us insight into how risk culture can grow or shrink within an organization. When a problem arises, the first idea that’s vocalized is overwhelmingly the one the group establishes a consensus around. This “follow the leader” bias favours the bold, instead of the thoughtful. The McKinsey research suggests that fighting back against such a bias is key to reducing risk liability in an organization.

As a result, the best way to start building a risk culture at your organization is to start with awareness. Simply acknowledging the incentives and biases for risk is enough to start to help members of your organization be more thoughtful about risk. According to Deloitte, building this baseline awareness is the key to changing your office’s risk culture and refining best practices.

Ready To Get Started?

Learn how your business can benefit from workflow driven software today.  Book a demo.


Transforming GRC Engagement & Interactions

Download this 15 page solution perspective and ensure that your governance, risk and compliance solution effectively engages employees across the organisation.

Download: GRC20/20 Solution Perspective

Subscribe by Email

No Comments Yet

Let us know what you think