No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

How to Promote a Risk-Aware Climate in a Risk-Averse Environment

by Matt Shinkman
February 16, 2018
in Featured, Risk
view of iceberg above and below water line

with co-author Chris Matlock

Making the Investment to Shift Risk Culture

Risk culture, though difficult to define, is one of the most mentioned topics by Fortune 500 executives and for regulators across several industries. However, despite this visibility in quarterly calls, creating, measuring and influencing risk culture continues to defy easy answers for organizations. Yet – as Matt Shinkman and Chris Matlock detail – it is this very challenge that makes tackling risk culture in 2018 a strategic opportunity that pays dividends beyond compliance.

Over the past decade, organizations have made great strides in improving their risk management processes and systems. While this has generally helped senior leaders understand their biggest risk exposures, progressive organizations are now turning their attention to the need for a cultural shift where employees embed risk management in their day-to-day workflows. Our conversations with heads of enterprise risk management (ERM) at over 300 large, global organizations have surfaced a multitude of questions; yet the question, “How do I define and improve risk culture?” is one of the most common. Moreover, it’s a growing concern and interest among financial regulators globally. However, despite this heightened visibility, defining and influencing risk culture continues to defy easy answers for many organizations.

To start, there is no clear sense for what risk culture actually is or how to influence it. Discussions on risk culture sound similar to the parable about the blind men and the elephant, where each person touches a different part of the animal and makes their own judgments about what it is. As a result, we end up defining risk culture in simple terms: the deeply held assumptions, beliefs and values shared by an organization’s employees with respect to risk management.

While it may go without saying, the benefits of a strong risk culture are many as it helps employees make the right decisions and mitigates poor outcomes. Despite companies putting processes, systems and rules in place to create guardrails within which they expect employees to act, employees develop their own decision-making frameworks based in their own perceptions of their environment, within which some behaviors are important and others are not. Consequently, no set of rules can ever account for 100 percent of the decisions employees will be faced with.

Although this is a critical challenge, there are real benefits to getting it right. According to our research, employees at organizations with a strong culture of integrity are 10 times less likely to observe misconduct while being 50 percent more likely to report misconduct when it does happen. When these positive, risk-aligned decisions accumulate, poor outcomes can be averted.

But in their absence, crisis develops. Take for example, the financial meltdown of 2008, which highlighted the role that poor organizational cultures can play in creating massive risk exposures. Or, more recently, the fake account scandals in banking have made obvious that stronger systems and processes would only have slightly improved the situation. In each of these instances, the major missing element was cultural — individuals perceived risk management to be a secondary (if not lower) objective compared to personal or short-term benefit.

So how does one observe or record a group’s deeply held assumptions, beliefs and values on any issue? Is it possible for executives to peer into the minds of their employees and understand their values? While risk culture evolves slowly over long periods of time (making it difficult to influence and change), there is another way.

Enter Risk Climate

Risk climate, rather than being the sum of employee values, is what employees perceive about risk management. Similar to culture, climate has a shared quality, but it is about the group’s perceptions rather than the individual’s. These perceptions are shaped by the events, policies and procedures that members of a group experience, along with the behaviors they see being encouraged, condoned or punished. Compared to risk culture, risk climate is much easier to observe, assess and influence.

Imagine an iceberg where risk culture is the area below the waves; it is harder to see and assess and, therefore, more difficult to gauge or inflect. Risk climate on the other hand, is above the surface and more easily manageable. Therefore, in an effort to affect the risk culture of the organization in a meaningful way, the best place to start is leading with changing the risk climate.

A Mandate for Leaders

Climate is in large parts driven by leaders, including the explicit messages and implicit signals they convey through their actions. In the effort to change risk climate, senior leaders must be mindful not only of articulating their philosophy and risk management approach, but also of communicating it to as wide an audience as possible. Moreover, leaders need to set crystal-clear expectations for how they want their employees to behave with respect to risk management, combined with specific coaching and training. While one-third of C-Suite leaders receive some kind of risk management training, only 10 percent of organizations provide risk management education to front-line staff; there’s a lot of opportunity to increase risk awareness throughout the organization.

Power of Words

Formal risk appetite statements can also be effective. For example: “We will assume reasonable strategic and operational risks in the pursuit of breakthrough innovation to bring new products to market.” These types of statements allow leadership to take a stance on the types of risk the company is willing to take in order to achieve organizational objectives, in addition to the types of behaviors they will not tolerate. Many companies still exercise restraint in communicating their risk appetite beyond the board and executive team, except for those with a regulatory mandate. However, this approach is often shortsighted. The potential downside of discoverability and leaks should always be outweighed by the benefits of broader awareness and understanding of the company’s risk appetite, which speeds up the decision-making process and prevents lengthy debates around strategic initiatives.

While defining and improving risk culture might seem like a daunting task, the potential payoff of more risk-aligned decision-making and crisis aversion offers substantial upsides that make the work a no-regret investment. Shifting the focus from culture to climate offers a faster venue for organizational change, creates a framework ripe for the positive contributions of senior leaders and empowers employees to make tough, but appropriate, choices based on culture, not just process.


Tags: Corporate CultureEnterprise Risk Management (ERM)
Previous Post

Business Innovation Could Accelerate Under a Friendlier CFPB

Next Post

10 Questions You Should Ask About Risk Management

Matt Shinkman

Matt Shinkman

Matt Shinkman is Practice Vice President for Risk and Audit at Gartner, where he counsels senior risk management and strategy professionals from Fortune 500 companies on the development of their risk management teams and processes. Gartner is a research and advisory company headquartered in Stamford, CT. Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions.

Related Posts

Fox_Incentives in Compliance_f

Incentives in Compliance

by Corporate Compliance Insights
January 23, 2023

Learn more about how compensation can reinforce compliance culture (or not) Encouraging Good, Discouraging Bad Incentives in Compliance What’s in...

best employees speak up

Why Our Best Employees Don’t Speak Up

by Courtney Sander
November 2, 2022

Are we conditioning our employees not to speak up? The traits present in our best employees might make them less...

quiet quitting well being

Why ‘Quiet Quitting’ Could Harm Ethics & Compliance Functions

by Lisa Beth Lentini Walker
September 14, 2022

Few compliance programs have tasks that are spelled out in the job descriptions of every person in an organization, and...

nfl main art_j

Touchdown or Fumble? What Compliance Can Learn From the NFL’s Disciplinary System

by David Bligh
September 7, 2022

Cheering for your favorite team (or against the one you hate), makes it easy to forget that NFL players are...

Next Post
10 Questions you should ask about risk management

10 Questions You Should Ask About Risk Management

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT