Risk Culture – Under the microscope


Published on

Slides from TPP Not for Profit's Autumn 2012 HR Seminar on risk management for charities

Published in: Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Risk Culture – Under the microscope

  1. 1. Risk Culture – Under the microscopeName: Ann McFadyen,Head Of Events and TrainingThe Institute of Risk ManagementDate: 16th October 2012
  2. 2. An era of change and challenges• 1989 - ‘World Wide Web’ (www) is created and the Berlin Wall falls• 1995 – Collapse of Barings Bank• 2000 – Millennium bug• 2001 – World Trade Centre attacks and the collapse of Enron• 2004 – Indian Ocean tsunami• 2005 – Hurricane Katrina• 2008 – Global financial crisis• 2010 – Volcanic ash• 2011 – Middle East and North Africa - social and political change• 2012 – Collapse of the Euro ????
  3. 3. What is Risk ?• The effect of uncertainty on objectives – positive or negative
  4. 4. What isn’t Risk Management ?• Governance, risk and compliance• (nor is it Audit, Project Management, Health and Safety, Insurance, Disaster Recovery planning)• It’s both tangible – systems, processes, tools, registers• And intangible - culture
  5. 5. Risk Culture thought leadership
  6. 6. What do we mean by Risk Culture?Why is risk culture so important?How does culture affect risk management?What does a good risk culture look like?What can the board do about risk culture?How can you change a culture?
  7. 7. What do we mean by risk culture?
  8. 8. The culture of a group• Arises from its repeated behaviours• Behaviours are shaped by attitudes• Both behaviour and culture are in turn influenced by the culture
  9. 9. So by risk culture we mean• The values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organisation or of teams or groups within an organisation
  10. 10. Different types of organisation will have differentculturesAnd there can also be different cultures indifferent parts of the same organisation
  11. 11. IRM Risk Culture Framework IRM’s risk culture framework looks at component parts making up an organisation’s risk culture
  12. 12. Personal predisposition to risk The Risk Compass
  13. 13. Personal ethicsMoral DNAProfiling…only 55% of all respondents could say definitively that they would not engagein insider trading if they could make $10m with no risk of getting arrested.”Labaton Sucharow survey 2012
  14. 14. Organisational CultureGoffee & JonesDouble S Model –diagnosingorganisationalculture
  15. 15. Why is risk culture so important?
  16. 16. More regulations, codes and standards than everbefore…..
  17. 17. ….but these are not sufficient in themselves forthe successful management of risk….
  18. 18. …..the missing factor is how people behave inrelation to risk, at all levels of the organisation –the risk culture
  19. 19. How does culture affect risk management?
  20. 20. …..we surveyed IRM members to establishwhich organisational culture types would bestsupport successful implementation of riskmanagement…..organisations required both strong Solidarityand Sociability for achieving good quality riskmanagement results
  21. 21. …..our survey established that the right kind ofrisk culture can actively help with riskmanagement and that the wrong type of culture,far from being neutral, actually makes it moredifficult to manage risk
  22. 22. …..going back to our model of organisationalculture, we refined it further to focus on types ofrisk culture
  23. 23. …..so how can we build solidarity and sociabilityin respect of risk management?
  24. 24. …..we identified eight aspects of risk culture ofan organisation that could usefully be addressed
  25. 25. What does a good risk culture look like?
  26. 26. 10 Indicators of a successful risk culture• Distinct and consistent tone from the top• Commitment to ethical principles• Common acceptance of the importance of continuous management of risk• Transparent and timely risk information flowing up and down• Encouragement of risk event reporting and whistle blowing, actively seeking to learn• No process or activity too large or too complex or too obscure• Appropriate risk taking behaviours rewarded and encouraged and inappropriate behaviours challenged and sanctioned• Risk management skills and knowledge valued, encouraged and developed,• Sufficient diversity of perspectives, values and beliefs to ensure that the status quo is consistently and rigorously challenged• Alignment with employee engagement and people strategy
  27. 27. What can the board do about risk culture?
  28. 28. Sample from ’10 questions for the Board’• Are we providing consistent, coherent, sustained and visible leadership in terms of how we expect our people to behave and respond when dealing with risk?• How do we establish sufficiently clear accountabilities for those managing risks and hold them to their accountabilities?• Can people talk openly without fear of consequences or being ignored?• How do we acknowledge and live our stated corporate values when addressing and resolving risk dilemmas?• How do the organisation’s structure, processes and reward systems support or detract from the development of our desired risk culture?• Do we have sufficient organisational humility to look at ourselves from the perspective of stakeholders and not just assume we’re getting it right?• How do we satisfy ourselves that new joiners will quickly absorb our desired cultural values?• How do we support learning and development associated with raising awareness and competence in managing risk at all levels?• What training have we as a board had in risk?
  29. 29. How can you change a culture?
  30. 30. ….. the IRM Risk Culture Aspects Model showsthe key areas for consideration to change culture
  31. 31. …..there are no quick fixes for changing cultureand no ‘recipe book’ solution
  32. 32. …..Culture change is likely to be a programme inits own right
  33. 33. The Institute of Risk Management (IRM)IRM is the world’s leading enterprise-wide risk education institute.
  34. 34. About 5000 members worldwide
  35. 35. Email: ann.mcfadyen@theirm.orgTel: +44(0)20 7709 9808Fax: +44(0)20 7709 0716Institute of Risk Management6 Lloyd’s AvenueLondonEC3N 3AXUnited Kingdomwww.theirm.org