Warning: Risk Ahead!

(Photo by: 

https://www.turnbullhill.com.au/wp-content/uploads/2014/05/shutterstock_201098414-680x498.jpg)

    Effective risk management doesn’t function in a vacuum and rarely survives a leadership failure. The risk management function can review, inform, advise, monitor, measure and even resign. It cannot control, decide or abort; that’s management’s job.

• Embed it in the organization – Risk culture should be effected through the firm’s overall risk governance process; otherwise, it becomes a nebulous appendage. To illustrate, accountabilities for risk management and desired risk management behaviors should be reinforced through committee charters, policies, job descriptions, limit structures, procedures and escalation protocols.

• Make it a priority at the highest levels – Executive management must support the desired risk culture by demonstrating the desired behaviors through their actions and decisions over time, as well as by periodically communicating value contributed by the organization’s risk culture. For example, promoting a warrior culture, fostering a “star system” with little or no accountability, shooting the bearers of bad news, ignoring the warning signs escalated by the risk management function and making decisions that everyone can see are inconsistent with the desired risk culture all send the wrong message.

• Undertake an integrated approach – Standing alone, such programs as periodic policy communications, awareness campaigns and training strategies are mere window dressings. When baked into a comprehensive program that aligns performance expectations, roles, responsibilities and compensation structures with appropriate risk taking, they reinforce critical aspects of the desired risk culture for employees.

Periodically evaluate progress – Monitor employee behavior for new trends, attitudes or perceptions requiring attention. Track quantitative and qualitative measures of an effective risk culture using indicators such as:

• Level of executive management sponsorship

• Line of business ownership of risk management

• Effectiveness of risk committee and governance processes

• Evidence of key business decisions, taking risk and solvency into consideration

• Quality of board discussions on risk issues and escalated matters

• Use of risk appetite statement and tolerances in decision making

• Alignment and incorporation of risk into strategic planning and direction

• Be alert for signs of change, for better or worse – As noted earlier, employee surveys and focus groups are examples of tools that can provide insights when evaluating risk culture. Reports from the independent risk management function and internal audit are other sources. Consider the effects of changes in strategy and the organization as well as the occurrence of external events, including regulatory developments, when evaluating whether changes are necessary to strengthen risk culture.

It must not be ignored!

    If a team player disregard and don't take actions to make risk management important as it was, they must be trained and oriented to risk culture. Risk culture is the “set of encouraged and acceptable behaviors, discussions, decisions and attitudes toward taking and managing risk within an institution.

    A team player must be advise by the following according to Corporate Compliance Insights (https://www.corporatecomplianceinsights.com/the-importance-of-risk-culture/)

    Once an initial assessment of the current risk culture is completed, executive management should consider whether any organizational changes are needed and take steps to implement those changes as directed by the board. In transitioning to a desired risk culture, executive management should try to achieve the following:

Every organization is different. That is why it is important to evaluate risk culture and make necessary adjustments to shape it over time in response to change.