Embed Size (px)
Citation preview
Risk CultureRisk What?Risk culture for non-risk practitioners.
Author: Ian Rich CEng BEng (Hons) MIET
Risk Management...........
Contents
1. What is organisational culture?2. What is risk culture?3. Why is risk culture important?4. What does poor risk culture look like?5. What does good risk culture look like?6. Improving risk culture.
What is organisational
culture?
What is organisational culture?Dictionary definitions….
……….that which is excellent in the arts, manners, etc.
……..the behaviors and beliefs characteristic of a particular social, ethnic, or age group: the youth culture; the drug culture.
…………to grow (microorganisms, tissues, etc.) in or on a controlled or defined medium.
What is organisational culture?Culture is….
that which is excellent in the arts, manners, etc.
the behaviours and beliefs characteristic of a particular social, ethnic, or age group: the youth culture; the drug culture.
to grow (microorganisms, tissues, etc.) in or on a controlled or defined medium.
What is organisational culture?[Culture….the behaviours and beliefs characteristic of a particular social, ethnic, or age group]
Organisational Culture......
...........exists because of the repeated behaviour of its members; it encompasses values and behaviours that...
"contribute to the unique social and psychological environment of an organisation."
Needle, David (2004). Business in Context: An Introduction to Business and Its Environment.
What is organisational culture? Organisational culture shapes
the work environment in which performance occurs.
Ultimately, not paying attention to culture undermines sustainability.
A good, well-aligned culture can propel the organisation to success, the wrong culture stifles its ability to adapt to a fast changing world.
What is organisational culture?Organisational culture is shown in:
The ways the organisation conducts its business, treats its employees, customers, and the wider community.
The extent to which freedom is allowed in decision making, developing new ideas, and personal expression.
How power and information flow through its hierarchy, and
How committed employees are towards collective objectives.
http://www.businessdictionary.com/definition/organizational-culture.html
What is organisational culture?Sub Culture
“the cultural values and behavioral patterns distinctive of a particular group in a society”. **
Within any organisation, dynamic sub cultures will exist across business units and teams.
Understand who exerts the most influence over culture - this not always the most senior people in the organisation.*
*https://www.aonhewitt.com.au/Home/Hot-topics/Understanding-risk-culture
What is organisational culture?Wells Fargo Bank – (2016)
Wells Fargo employees secretly opened unauthorised accounts to hit sales targets and receive bonuses.
Bank employees opened over 1.5 million deposit accounts that may not have been authorised.
Employees submitted applications for 565,443 credit card accounts without their customers knowledge or consent.
5,300 Wells Fargo employees firedThe bank agreed to pay $185 million in fines, along with $5
million to refund customers.
http://www.wday.com/news/4111061-5300-wells-fargo-employees-fired-account-scam
What is organisational culture?Daimler and Chrysler – (1998 - 2007)
The Daimler (makers of Mercedes-Benz) Chrysler merger was called a “merger of equals.” A few years later it was being called a “fiasco”.
The German culture became dominant and employee satisfaction levels at Chrysler dropped off the map.
A joke circulating at Chrysler at the time was “How do you pronounce DaimlerChrysler?… ‘Daimler’—the ‘Chrysler’ is silent.
By 2000, major losses were projected and, a year later, layoffs began. In 2007, Daimler sold Chrysler.
http://www.globoforce.com/gfblog/2012/6-big-mergers-that-were-killed-by-culture/
What is risk culture?
What is risk culture?
“a term describing the values, beliefs, knowledge, attitudes and understanding about risk shared by a group of people
with a common purpose”.*
People fundamentally want to do the right thing. Therefore, organisations need to create a decent, open and respectful culture which allows employees to interact at work as they would in their home and social environment. This is the culture which mitigates risk and reputational damage, encourages higher performance and develops a sustainable business model.
* https://www.theirm.org/knowledge-and-resources/thought-leadership/risk-culture.aspx
What is risk culture?
The risk culture onion - reflecting the influences on risk culture, beginning with the predisposition to risk of the individual.
(2012) Risk culture - Resources for Practitioners (IRM)
What is risk culture?Subcultures
Risk subculture may, akin to organisational subcultures, have an overriding detrimental (or positive) affect on what is believed to be the dominant culture.
“Organisational cultures attract like minded people”*
Employees adopt the pervading culture within an organisation.
* Schneider, B. (1987), The people make the place. Personnel Psychology.
Why is risk culture important?
Why is risk culture important?1. Organisations need to take risks, it is not cost effective to
eliminate all possible risks. 2. An organisation will be exposed to risk irrespective of its
desire to take risks!
Organisations that want to be sustainable need to manage those risks.
The risk culture of an organisation will affect how these risks are managed and therefore risk culture clearly links to the ability to successfully execute strategy.
Why is risk culture important?Consider process failure/neglect.
Processes can be seen as ineffective/cumbersome.
Processes may be slow to change/adapt/create/implement.
Culture can work to protect organisations from process failure/neglect.
Why is risk culture important?Risk Culture gives effect to Enterprise Risk Management (ERM)
Effective risk management doesn’t function in a vacuum and rarely survives leadership failure.
The risk management function can review, inform, advise, monitor, measure and even resign, - however it cannot control, decide or abort; that’s management’s job.
Without an effective risk culture in place to ensure that adequate attention is given to protecting enterprise value,
‘entrepreneurial’ behavior can run amok.
http://corporatecomplianceinsights.com/the-importance-of-risk-culture
Why is risk culture important?“It is increasingly appreciated that a healthy risk culture can help support all sorts of management activities. Getting risk culture right is therefore a vital consideration for anyone seeking to integrate risk management within their organisation” Dr Alasdair Marshall (2016) Why Risk Cultures Needs Prudence
Why is risk culture important?Whilst there are a multitude of rules, regulations, codes, guidance documents, standards, audits, reviews, checks, processes, practises, etc., etc, blah, blah, blah.....
Bad things still happen!Mont Blanc Tunnel 1999 Savar building collapse 2013
Why is risk culture important?Risk culture should be viewed as part and parcel of organisational culture, just as risk management should be viewed as an integral part of Business as Usual.
What does poor risk culture look
like?
What does poor risk culture look like?
Pike River Mine – November 2010
“Managers never identified a major explosion as a potential risk. The worst case scenario was one they never thought about – let alone prepared for”
Nicholas Davidson QC – Pike River families Royal Commission representative.
What does poor risk culture look like?Ensuring an effective risk culture is an important task for Leadership.
Unfortunately, despite its importance, risk culture is often either given lip service to or simply ignored.
The wrong risk culture can have disastrous consequences.
Poor risk culture isn’t about behaving risky or about being risk adverse, poor risk culture is about a
failure to appreciate that risk exists and that it has an effect.
What does poor risk culture look like?
Kodak – (1888 – 2012)
Missed opportunity to adopt digital technology that it had invented in 1975 but was unable to capitalise on.
Had become highly inflexible, management ran a tight ship, rewarded for maintaining the status quo.
Not prepared to change direction, filed for Bankruptcy 2012.
Kodak’s failure was ultimately about its inability to take strategic risk.
(2012) Risk Culture Resources for Practioners (IRM)
What does poor risk culture look like?
What does poor risk culture look like?
What does poor risk culture look like?Traits of poor risk culture include:
Poor communications and a failure to share data A lack of clarity around risk appetite and risk strategy A lack of accountability Over confidence A fear to challenge Shooting the messenger Indifference Slow response time Process manipulation
What does good risk culture look
like?
What does good risk culture look like?
What does good risk culture look like?
Active (Global) RM function – providing policy, standards, oversight for safety & security, insurance and risk training, and the coordination and promotion of RM leadership
Risks captured across management levels, overseen by Risk Working Group, reported to Audit Committee
Major risks assigned to executive members All functional teams have risk registers, action plans and (risk)
performance monitoring RM is measured in terms of personal competence, hotel compliance,
team maturity and business performance.
4500+ Hotels, established in 2003, revenue (US)$1.8Bn (2015).
(2012) Risk Culture Resources for Practioners (IRM)
Intercontinental Hotels Group (IHG) – Hotels
What does good risk culture look like?
Some practical signals of what a good risk culture looks like:
Leadership invested in risk management and are communicating that enthusiasm
Strong flow of risk information throughout the organisation Organisation wide exposure to risk management practices Avoids leadership ”kow-tow” and sloppy group think Risk taking encouraged, knowing that sometimes it will go wrong Continuous learning attitude
(2012) Risk Culture Resources for Practioners (IRM)
What does good risk culture look like?
Valve Software (Steam)
Slow to hire – to ensure culture is maintained Staff encouraged to think carefully, and recognise and learn
when things do not go well Mutual sense of ownership across the organisation Actively seeks risk takers Decision are constantly tested and high distrust of
assumptions Employees are very well paid (compared to like
organisations), risk taking is rewarded and linked to performance management
Founded in 1996, 290+ employees, 35 Million on line subscribers.
What does good risk culture look like?
AstraZeneca – founded 1999 (merger of Astra AB & Zeneca plc)Identified need for change following 1999 issue of the Turnbull Guidance - Adopted ERM 2002
Recognised there were opportunities' created by deeper integration of risk and assurance functions/processes
Senior executives stated “internal controls were now aligned more closely with AstraZeneca values and the desired culture: effective control through empowerment and risk awareness rather than too much bureaucracy”
(2012) Risk Culture Resources for Practioners (IRM)
What does good risk culture look like?
AstraZeneca
Overall philosophy defined was “Enduring Shareholder value comes from creating opportunities and managing risks”, supported by five principles:
Delivering opportunities by managing risk is a key part of all our activities
In all our activities, risk should be understood and visible Approaches to managing risk will be simple, flexible and sustained Business context will determine the level of acceptable risk and
control Risk will be managed consistent with Company Values.
Revenue 2015 – (US)$24.7Bn, 50,000 employee
(2012) Risk Culture Resources for Practioners (IRM)
Improving risk culture
Improving risk cultureWhat does your risk culture need to
do?
Understand leadership team expectations
Recognise reality Seek out information and promote
discussion Promote fit for purpose risk
management Hold staff accountable Improve communication Promote better decision making
Improving risk culture4 steps to building a culture of Risk Management:
◦Lead from the front ◦Focus on personal accountability
◦Hold business units accountable
◦Refocus your RM function.
PWC (2010) reproduced at http://nkg.com.au/wp-content/uploads/2014/03/4-steps-to-building-a-culture-of-risk-management.pdf
Improving risk cultureOrganisations have two major hurdles to overcome with regard to improving risk culture:
building consensus amongst Leadership and,
sustaining attention over time.
patience and staying power are required; change takes time and real effort.
THE END
