Risk-Intelligent Culture shapes Digital Enterprise.
Risk-awareness culture, which in practice means a culture
where thinking about managing risk as part of "how things get done around
here”. What is the importance of risk-awareness culture in order to
successfully implement, support and sustain risk management? Without a strong
risk-awareness culture, you will be unable to accomplish much in the way of a
successful risk management implementation. Even step further, how can organizations capture opportunities from risk, and move up from risk-awareness to risk-intelligence?1. Tone at the Top
Tone at the top: This
is a make-or-break and goes straight to culture, the starting point would
always be to get an understanding of current attitudes to risk management at
all levels, from senior executive team to front desk, and use the results to
decide how to build a stronger risk-awareness culture.
The top issue is
having a strong, independent and inquisitive Board that has control over management not the other way around. The risk-awareness culture is indeed
important but it may not give you the full picture unless you also analyze the
risk attitude of the top management...
1) Oversight organizational culture and governance, risk
management
2) Clarity of the assessment structure and objectives
3) Ensure the sufficient resources to execute
3) Ensure the sufficient resources to execute
Fitting in the
culture gives different results than living it. Risk is too abstract a
concept for many to relate to. Try as one might, instituting a risk-awareness culture
is just one more silo and administrative requirement that people often feel
they need to deal with rather than embrace. Here must be awareness from all people
overall organization. Top management commitment is also important to build risk
awareness culture successfully. All people must support it if they want to
create risk management effectively in organization.
1) Senior management buy-in and sponsorship
2) Ownership and accountability at all levels
3) Non-retribution policy for risk identification and reporting
2) Ownership and accountability at all levels
3) Non-retribution policy for risk identification and reporting
2. Enterprise Opportunity
Management
Build Effective
Communication Strategy: The key is for the risk management team to
understand how different silos/departments are and manage the tailored
solutions. It’s important that risk managers compare their expert understanding
of organizational risk with what is known, not known, or misunderstood in
various silo/departments. Then effective communication strategies can be put in
place to bring different perspectives into greater unison, which is an
important part of improving communications and achieving risk-intelligent
culture. The "experts" often learn quite a bit about their
understanding of risk in this process as well.
Using Same Common
Language: A major part of the challenge in getting thinking about risk
management embedded in the culture is being able to help people at all levels
understand risk issues by using language that makes risk management clear &
relevant to each individual.
Tried & true WIFM principle: If you can't answer the
“What's In It For Me” question when trying to engage people in thinking about
risk, then it will continue to be regarded as "something done at
headquarter" or seen only as a
compliance issue at operational level. In fact, Risk Management needs to be well
embedded in all key business processes, and it becomes opportunity management, as
statistics shows that organizations with high mature risk management practices can
achieve 20%+ more revenue increase than laggards.
3. Risk-Awareness Culture Issues
Following are some of the other important risk culture
issues:
* Consistency of direction from management
* Employees' awareness of short and long-term objectives and strategies
* Alignment of objectives between business units and corporate
* Clarity of individual accountability for objectives
* Employees' understanding of policies
* Management's receptivity to messengers of bad news
* Employees' level of understanding of risk
* Management's emphasis on risk management and control
* Availability of processes to manage change
* Effectiveness of controls
More information on risk culture assessment
* Consistency of direction from management
* Employees' awareness of short and long-term objectives and strategies
* Alignment of objectives between business units and corporate
* Clarity of individual accountability for objectives
* Employees' understanding of policies
* Management's receptivity to messengers of bad news
* Employees' level of understanding of risk
* Management's emphasis on risk management and control
* Availability of processes to manage change
* Effectiveness of controls
More information on risk culture assessment
Culture is the collective mindset, behavior, and business brand;
therefore, it takes collective effort from top-down to bottom-up, effective
strategy and efficient mechanism to cultivate a risk-intelligent culture, which
is one of key factors in running a high performance business.
1 comments:
Risk management attempts to plan for and handle events that are uncertain in that they may or may actually occur. These are surprises. Some surprises are pleasant. We may plan an event for the public and it is so successful that twice as many people attend as we expected. A good turn-out is positive. However, if we have not planned for this possibility, we will not have resources available to meet the needs of these additional people in a timely manner and the positive can quickly turn into a negative.
Post a Comment