Building Effective Risk Cultures
In our first post we opened up the broad topic of effective risk culture, with a focus on the cardinal importance of communication and incentives.
This time we want to introduce an important question for any well-focused risk culture: Which activities require top-down, or centre-out leadership, and what depends on bottom-up or edge-in initiative?
As we suggested last time, culture can be framed as the behavior of individuals in a group, or setting. One thing you can rely on is that your people are already behaving in accordance with the priorities they perceive, and the incentives they actually feel.
But is the management of enterprise-level risks actually a perceived priority? What affects the organization as a whole won’t be felt by every team member, and not all parts of the broader team experience the same uncertainties.
So, INCENTIVES are primarily managed top-down with ERM, partly because the enterprise perspective is strongest at the top of the house, and partly because the authority to create real incentives tends to be concentrated. Question: Who sees the risks to the organization most clearly and are they able to materially incentivize those who can make a difference?
Conversely, with COMMUNICATION while priorities, protocols, and requirements tend to be transmitted top down, the more important part of risk communication may be from your people closer to the edge, be it in operations, finance, IT & cyber, and in market-facing roles. Question: How effectively do you gather risk insights from those outside the usual discussions and narratives?
Organizations that can establish and reinforce processes and tools to broaden the risk discussion, and match actons to well-aligned incentives will understandably manage risk more nimbly and more effectively.
Feel free to share your thoughts below and let us know what you would like us to discuss!
Miles Smit, PhD