Even without the disruptions and displacements caused by the COVID-19 pandemic and various responses to it around the world, companies are experiencing an unprecedented amount of challenges that were unheard of as recently as a decade ago.
Changing regulations, shifting consumer demands, rapidly evolving technology, and an overall uncertainty of what the future holds are a few reasons for these challenges.
Never has there been a time when companies have needed certain tools to address and overcome challenges like today. Companies who neglect developing these critical tools do so at their own peril and put themselves at increased risk of financial loss, displacement by more agile competitors, and a host of other potential consequences.
Fortunately, tools do exist for helping companies overcome these challenges and thrive in the long-term. The problem is that many executives consider enterprise risk management (ERM) as a bureaucratic exercise and wasted investment for satisfying regulators, auditors, and investors.
However, when done properly, ERM is a valuable tool in the toolbox for companies to ensure future success and provide a competitive advantage. Rather than the never-ending scramble, robust ERM ensures informed decisions are being made in pursuit of strategic goals.
Every organization performs risk management in one way or another, whether it’s purchasing liability coverage or taking basic safety measures. However, as I discuss in my cornerstone article comparing traditional and enterprise risk management, these efforts are often disjointed with no connection to strategic objectives.
To move beyond this “silo” approach, risk and opportunity must be embedded throughout the day-to-day activities of the company.
Ultimately, the success of any effort to integrate risk into strategic decision-making hinges, not on a given standard or process, but on company culture.
As McGill University management professor Henry Mintzberg succinctly states:
Culture is the soul of the organization – the beliefs and values, and how they are manifested. I think of the structure as the skeleton, and the process as the flesh and blood. And culture is the soul that holds the thing together and gives it life force.”
Now to be clear, when I discuss a performance-focused risk culture, I’m not talking about building some sort of separate ethos specific to risk topics, but rather a component within a company’s culture. This Great Place to Work article on great company culture lists 6 specific elements that make up that so-called great company culture. While “risk” is not one of those elements, I think it is spread out over those 6 elements.
For example, with fairness as one of the 6 elements, management must assess the risk of the employees having even the slightest perception of being treated unfairly; most management will deem the situation not worth the risk and make the decision that treats employees fairly. This thought process also builds trust in management, which is another element of great company culture.
A previous iteration of this topic includes many of the same steps outlined below, but the discussion framed risk culture in a “failure prevention” mindset instead of one focused on achieving objectives and ensuring long-term success.
Companies who only use ERM in the attempt to prevent failure will wind up suffering many of consequences outlined earlier, which is why developing a risk culture must also include an awareness of measured risk-taking for ensuring the company’s long-term success.
Six steps companies can start taking immediately to build awareness around risks and opportunities include:
- Start with the right tone at the top
For any risk-culture to take root, executives must absolutely take a leading role. A 2018 survey of readers of this blog indicated this as being a core challenge to implementing an effective ERM process. Without the right “tone at the top,” the company will, at best, struggle to meet its strategic goals.
- Collaborative leadership
Certain company cultures are very top down, or dare I say, authoritarian. Executives will hand down a directive and expect it to be done without any input from implementers of the new policy or approach. Instead, executive leaders should embrace a more collaborative approach and empower their managers and employees to make decisions and take action within intentional parameters that are communicated.
- Make sure culture reflects current or future reality, not the past
When a company is first starting out, approaches and processes will not be the same as they are for a more established firm with hundreds of employees. If your company is still operating as a start-up but has grown, it’s time to take a step back to and make across-the-board adjustments so the company can manage risks and seize opportunities as effectively as possible.
The other side of this is to also think about where the company wants to be in the next 3-5 years. The work being done on company culture should also take into consideration what the company wants to be, so that when that day becomes reality, you aren’t in catch up mode all over again.
- Be clear about where the company is and where it wants to go
Communication occurs one way or another, but is everyone from executives on down to mid-managers and employees clear on the company’s goals and their role in pursuing them? Clear and consistent communication from the top-down, but also from the bottom up and between departments, is a crucial component of building a performance-focused risk culture.
But before a company can communicate about the company goals, the executives must first take the time to focus on the deliberate and thoughtful identification of company goals, the initiatives and actions that must be taken to achieve those goals, and the expectations of leadership to the rest of the company.
- Develop or update corporate policies
This may seem a bit rudimentary, but it’s amazing how many companies I encounter who lack clearly articulated governance and other common internal policies. Without this sort of structure in place, companies will struggle to hold people accountable, which will create unnecessary risk to the day-to-day running of the business, the ability to achieve strategic and business objectives, and the company’s reputation.
- Follow-through on deadlines and other agreed-upon actions.
While we should always celebrate wins and milestones, there also must be mechanisms in place to address employees, managers, and even executives who do not fulfill their obligations. This doesn’t automatically mean termination, but if someone is not meeting expectations or violates the trust placed in them, steps will need to be in place to hold them accountable.
I believe the essence of a performance-focused risk culture is best summed up by risk consultant and trainer Horst Simon when he explains:
An effective risk culture is not a matter of risk assessment or level of compliance; it is a matter of individual ownership of risk and personal ‘conviction’ – a state of mind where human beings own the risks and the process of managing those risks through making well-informed risk decisions because they want to, not because they have to.”
That in the end is what separates companies who successfully integrate risk into decision-making from those who don’t – employees from top to bottom must want to do it.
The six steps outlined above are a great starting point for getting your culture to this place.
What other steps would you add to the list for working on risk culture?
It’s hard to point to a single example and say this is what needs to be done at your company, which is why it’s important to learn from as many as possible. To share your thoughts and experiences, please don’t hesitate to leave a comment below or conversation on LinkedIn.
Lastly, if your company is struggling to develop a cohesive performance-focused risk culture, feel free to contact me to discuss what may be happening and steps we can begin taking to get you and your company on the right track.
Sign Up For Our Newsletter
Sign Up For Our Newsletter
Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.
Most Recent Posts
Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…Read More
As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…Read More
Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…Read More
Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…Read More
On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…Read More
Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…Read More
Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…Read More
One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…Read More
It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…Read More
If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…Read More