Risk Culture: Embedding the Right Approach

  • The last few months have demonstrated the importance of risk culture and how vital it is to have this running seamlessly though the fabric of the organisation
  • Research suggests that an organisation with a risk aware culture is one that is more resilient to external influences and better able to adapt and survive
  • What steps can an organisation make to ensure risk management is an important part of their culture?

The last few months have demonstrated the importance of risk culture and how vital it is to have this running seamlessly though the fabric of the organisation. The benefits of an agile, inclusive risk culture have been a true positive and here we explore what is required to instill a strong, embedded collective risk culture.

Research suggests that an organisation with a risk aware culture is one that is more resilient to external influences and better able to adapt and survive. A strong risk culture enables agile decision making, fewer errors and an ability to bounce back and learn from previous risk events and mistakes. This agility and flexibility are directly linked to having a strong risk culture underpinned by an effective risk management framework.

What is a Risk Culture?

Risk culture can be best described as the collective behaviours of an organisation that influence risks and outcomes. Risk culture is usually set top down with senior and middle management effectively supporting, communicating and implementing the right behaviours. There are ever increasing expectations on organisations to “do the right thing”, demonstrate the right values are in place and manage by a code of conduct and ethics. Since the 2008 Financial Crisis, risk culture has gained more prominence at Board level and been a priority focus area for regulators, investors and stakeholders alike across many industries and economic sectors. Some sectors are more advanced in setting and routinely checking risk culture such as Housing and Finance, due to both external scrutiny and internal shifts to make significant steps in ensuring the right culture is embedded.

What are the steps to developing an effective risk culture?

  1. Firstly, you need to assess or understand the current organisational organisational culture – there are various methodologies and assessment tools available, however the risk team or function can support in evaluating the base position.
  2. Once the baseline has been established, plan a course of action with buy-in from the top table and key stakeholders. Ensure milestone steps and check points are in place. Re-evaluate and fine tune your actions.
  3. Gain the support of the senior leaders within the organisation to agree plans and actions.
  4. Benchmark against other organisations: what they are doing, how are they influencing and driving the right behaviours
  5. Ensure risk management is prioritised and that everyone in the organisation has a role to play in effective risk embedding
  6. Provide ongoing training and support – risk culture is a continuous improvement journey – like the risk environment, it will flex and change and reflect the continual shifting risk challenges
  7. Communicate and celebrate key milestones within the plan and successful embedding – measure and continuously check and challenge at board / colleague level. Use surveys internally and with customers to sense check progress and perception.

Why implement?

Risk culture often comes down to ‘what the staff do in your organisation when you are not observing them’; it is values-based and ethically driven rather than based on formal measurement by processes and governance. Coming out of the pandemic, many organisations are now developing self-assessment frameworks to measure and challenge their existing culture, by incorporating conduct data, customer feedback and behavioural policy compliance.

How can Zurich support?

Contact your Risk & Insurance Consultant who can discuss your requirements with a colleague from our Zurich Risk Engineering team. For more online information about our risk management guidance, click here.