No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Building Risk Culture is Easier than Making Hot Dogs

by Alex Sidorenko
November 14, 2016
in Risk
On risk management and building a risk culture

Yes, building risk culture is that easy! Before I explain, let me first clear up a few weird misconceptions about risk culture that have been floating around in nonfinancial companies:

Making decisions under uncertainty is not natural

Back in the 1970s, scientists had a breakthrough in understanding how the human brain works, what influences our decisions, how cognitive biases impact on our perception of the world and so on. Daniel Kahneman and Vernon Smith received a Noble prize in Economic Sciences back in 2002 “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty.” I am amazed at how many risk managers and consultants continue to simply ignore this research. Identifying, analyzing and dealing with risks is against human nature. Stop kidding yourself. The sooner we, as a professional community, accept this, the easier it will be to integrate risk management into decision-making.

Managers do not take risks into account by default

One of the biggest deceptions floating around is that most business processes already take into account risks and decisions are made by management after careful consideration of those risks. Not so. Naturally, managers do consider some of the more obvious risks, and there are exceptional cases in which risk analysis is already integrated into the decision-making. For the other 95 percent of the companies, existing processes and management tools barely account for the inflation and ignore or purposefully hide significant risks. I bet, if risk managers, instead of running useless risk workshops, had a deep hard look, they would soon discover that budgets are overly optimistic, project plans are unrealistic and some corporate objectives are borderline naïve. But then again, they may not. Because the rest of the company is fine with how things are and will do everything to stop risk managers from getting involved.

Making risk management everyone’s responsibility is just wishful thinking

I don’t quite understand why, but there seems to be an idea that a strong, robust, risk-aware culture is the ultimate objective. It’s the end result. I mean it sounds great, but it is physically impossible. And this is why I think so many risk managers have failed and so many more are struggling to make an impact: They are trying to move the rock that is not meant to be moved. This is probably the most important point of this article:

The only person in the company who thinks strong risk culture is a positive thing is the risk manager. The rest of the organization sees risk management as a direct threat to their personal interests, their income and their position in the corporate world.

Let me repeat that. Most managers ignore risks and take uncalculated risks for a reason. Most, but not all managers, and not all the time. And that’s where the risk manager comes in, trying to change the culture of CERTAIN individuals SOME of the time.

Risk management culture is not about hearts and minds

Hopefully by now, after reading everything I’ve tried to communicate above, you realize that management doesn’t care about risk culture. I mean, they will still say the right words when the risk manager is present, but deep down, nobody will care. The only chance for risk culture to stick is if it makes business sense for the individuals. And I don’t mean soft things like transparency, corporate governance and other nonsense; I mean direct impact on the bottom line or the personal security of an individual. The best examples of managers suddenly becoming very risk aware were when I was able to show that by better managing risks, individuals could protect their role, avoid prosecution, have a better business case for investors, save on insurance, save on financing costs or to get higher bonuses.

So… shall we get a takeaway instead of hot dogs?

Despite everything I’ve said above, building risk culture is a piece of cake. Risk managers just have to realize that they won’t be able to convert everyone and some people are beyond help. There is also no single solution that will do the job. It’s all about finding what makes each individual tick. It’s time consuming, yes, but not difficult at all. Hence this can be equally applied by large corporations and small and medium-sized businesses.

Here are some practical ideas (make sure you click on the links in the article, each one leads to a short video explanation) to get you started:

  • Develop high-level risk management policy – It is generally considered a good idea to document an organization’s attitude and commitment to risk management in a high-level document, such as a risk management policy. The policy should describe the general attitude of the company toward risks, risk management principles, roles and responsibilities, risk management infrastructure and resources and processes dedicated to risk management. Section 4.3.2 of the ISO 31000:2009 also provides guidance on risk management policy.
  • Integrate risk appetites for different risk types into existing board-level documents, don’t create separate risk appetite statements.
  • Regularly include risk items on the board’s agenda
  • Consider establishing a separate risk management committee at the executive level or extend the mandate of existing management committee – no idea why, but this worked like a miracle for me personally
  • Reinforce the “no blame” culture by finding a number of arguments for different situations and different people on why it makes more business sense to disclose and account for risks
  • Include risk management roles and responsibilities into existing job descriptions, policies and procedures, committee charters, not into a risk management framework document
  • Update existing policies and procedures to include aspects of risk management
  • Review and update remuneration policies
  • Provide risk awareness training regularly
  • Use risk management games
  • And, most importantly, get personally involved in business activities.

You can find more ideas about integrating risk management into day-to-day operations and building risk culture in the book that will be available to download for free at http://www.risk-academy.ru/en/download/risk-management-book next month. The Russian version is available now at http://www.risk-academy.ru/download/risk-management-book and has already been downloaded more than 2,700 times.


Previous Post

Investors, Corporates and Bridging the Gap

Next Post

Tackling the Multijurisdictional Document Compliance Challenge

Alex Sidorenko

Alex Sidorenko

Alex Sidorenko is a risk expert with over 15 years of private equity, sovereign wealth fund risk management experience across Australia, Russia, Poland and Kazakhstan. In 2014, Alex was named the Risk Manager of the Year by the Russian Risk Management Association. As a VP at the Institute for Strategic Risk Analysis in Decision Making, Alex is responsible for risk management consulting, training and certification across Russia and CIS. Alex is the co-author of the global PwC risk management methodology, the author of the risk management guidelines for SME (Russian standardization organization), risk management textbook (Russian Ministry of Finance), risk management guide (Australian Stock Exchange) and the award-winning training course on risk management (Best Risk Education Program 2013, 2014 and 2015).

Related Posts

business person diving for answers

Diving Into the Deep End of ESG Reporting? Do You Even Know How to Get to the Pool?

by FTI Consulting
June 24, 2022

Companies are eager to establish their ESG programs, and it’s not hard to understand why. But as a trio of...

Stericycle FCPA Enforcement Action

Stericycle FCPA Enforcement Action

by Corporate Compliance Insights
June 23, 2022

Tom Fox dives into the details of Stericycle’s multinational bribery scheme in Latin America that landed the company millions of...

Ethisphere Launches The Sphere to Provide On-Demand Ethics and Compliance Benchmark Analysis

Ethisphere Launches The Sphere to Provide On-Demand Ethics and Compliance Benchmark Analysis

by Corporate Compliance Insights
June 23, 2022

Business ethics think-tank Ethisphere has launched a new product that aims to enable ethics and compliance leaders to efficiently benchmark...

Never the Same: 5 Ways Russia’s Invasion of Ukraine Will Impact Business Forever

Never the Same: 5 Ways Russia’s Invasion of Ukraine Will Impact Business Forever

by Thomas Fox
June 23, 2022

Tom Fox’s musings on the war following a recent chat with Exiger CEO Brandon Daniels; the pair discuss the ways...

Next Post
Tips to remain compliant in customer communications

Tackling the Multijurisdictional Document Compliance Challenge

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance Decision-Making DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring Ransomware RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT