Your SlideShare is downloading. ×
Risk Culture – Under the microscope
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Risk Culture – Under the microscope


Published on

Slides from TPP Not for Profit's Autumn 2012 HR Seminar on risk management for charities

Slides from TPP Not for Profit's Autumn 2012 HR Seminar on risk management for charities

Published in: Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Risk Culture – Under the microscopeName: Ann McFadyen,Head Of Events and TrainingThe Institute of Risk ManagementDate: 16th October 2012
  • 2. An era of change and challenges• 1989 - ‘World Wide Web’ (www) is created and the Berlin Wall falls• 1995 – Collapse of Barings Bank• 2000 – Millennium bug• 2001 – World Trade Centre attacks and the collapse of Enron• 2004 – Indian Ocean tsunami• 2005 – Hurricane Katrina• 2008 – Global financial crisis• 2010 – Volcanic ash• 2011 – Middle East and North Africa - social and political change• 2012 – Collapse of the Euro ????
  • 3. What is Risk ?• The effect of uncertainty on objectives – positive or negative
  • 4. What isn’t Risk Management ?• Governance, risk and compliance• (nor is it Audit, Project Management, Health and Safety, Insurance, Disaster Recovery planning)• It’s both tangible – systems, processes, tools, registers• And intangible - culture
  • 5. Risk Culture thought leadership
  • 6. What do we mean by Risk Culture?Why is risk culture so important?How does culture affect risk management?What does a good risk culture look like?What can the board do about risk culture?How can you change a culture?
  • 7. What do we mean by risk culture?
  • 8. The culture of a group• Arises from its repeated behaviours• Behaviours are shaped by attitudes• Both behaviour and culture are in turn influenced by the culture
  • 9. So by risk culture we mean• The values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organisation or of teams or groups within an organisation
  • 10. Different types of organisation will have differentculturesAnd there can also be different cultures indifferent parts of the same organisation
  • 11. IRM Risk Culture Framework IRM’s risk culture framework looks at component parts making up an organisation’s risk culture
  • 12. Personal predisposition to risk The Risk Compass
  • 13. Personal ethicsMoral DNAProfiling…only 55% of all respondents could say definitively that they would not engagein insider trading if they could make $10m with no risk of getting arrested.”Labaton Sucharow survey 2012
  • 14. Organisational CultureGoffee & JonesDouble S Model –diagnosingorganisationalculture
  • 15. Why is risk culture so important?
  • 16. More regulations, codes and standards than everbefore…..
  • 17. ….but these are not sufficient in themselves forthe successful management of risk….
  • 18. …..the missing factor is how people behave inrelation to risk, at all levels of the organisation –the risk culture
  • 19. How does culture affect risk management?
  • 20. …..we surveyed IRM members to establishwhich organisational culture types would bestsupport successful implementation of riskmanagement…..organisations required both strong Solidarityand Sociability for achieving good quality riskmanagement results
  • 21. …..our survey established that the right kind ofrisk culture can actively help with riskmanagement and that the wrong type of culture,far from being neutral, actually makes it moredifficult to manage risk
  • 22. …..going back to our model of organisationalculture, we refined it further to focus on types ofrisk culture
  • 23. … how can we build solidarity and sociabilityin respect of risk management?
  • 24. …..we identified eight aspects of risk culture ofan organisation that could usefully be addressed
  • 25. What does a good risk culture look like?
  • 26. 10 Indicators of a successful risk culture• Distinct and consistent tone from the top• Commitment to ethical principles• Common acceptance of the importance of continuous management of risk• Transparent and timely risk information flowing up and down• Encouragement of risk event reporting and whistle blowing, actively seeking to learn• No process or activity too large or too complex or too obscure• Appropriate risk taking behaviours rewarded and encouraged and inappropriate behaviours challenged and sanctioned• Risk management skills and knowledge valued, encouraged and developed,• Sufficient diversity of perspectives, values and beliefs to ensure that the status quo is consistently and rigorously challenged• Alignment with employee engagement and people strategy
  • 27. What can the board do about risk culture?
  • 28. Sample from ’10 questions for the Board’• Are we providing consistent, coherent, sustained and visible leadership in terms of how we expect our people to behave and respond when dealing with risk?• How do we establish sufficiently clear accountabilities for those managing risks and hold them to their accountabilities?• Can people talk openly without fear of consequences or being ignored?• How do we acknowledge and live our stated corporate values when addressing and resolving risk dilemmas?• How do the organisation’s structure, processes and reward systems support or detract from the development of our desired risk culture?• Do we have sufficient organisational humility to look at ourselves from the perspective of stakeholders and not just assume we’re getting it right?• How do we satisfy ourselves that new joiners will quickly absorb our desired cultural values?• How do we support learning and development associated with raising awareness and competence in managing risk at all levels?• What training have we as a board had in risk?
  • 29. How can you change a culture?
  • 30. ….. the IRM Risk Culture Aspects Model showsthe key areas for consideration to change culture
  • 31. …..there are no quick fixes for changing cultureand no ‘recipe book’ solution
  • 32. …..Culture change is likely to be a programme inits own right
  • 33. The Institute of Risk Management (IRM)IRM is the world’s leading enterprise-wide risk education institute.
  • 34. About 5000 members worldwide
  • 35. Email: ann.mcfadyen@theirm.orgTel: +44(0)20 7709 9808Fax: +44(0)20 7709 0716Institute of Risk Management6 Lloyd’s AvenueLondonEC3N 3AXUnited