In his recent popular blog post for Fast Company magazine, “Culture eats strategy for lunch”, Shawn Parr, gives one of the best explanations of the importance of organizational culture and why it is not something that is “intangible or fluffy” but “one of the most important drivers that has to be set or adjusted to push long-term, sustainable success”.
So what does that have to do with risk management? I’d argue quite a lot. Risk and opportunity awareness needs embedding as a major element of corporate culture.
A blinkered focus on GRC has led organizations down a dangerous dead end, fostering a tick-box mentality and the idea that risk is owned by the risk nerds down the corridor – not by every employee in the business. This can lead to a ‘walk on by’ culture with serious impacts. If people don’t think it’s their responsibility then they won’t share a risk that only they can see due to their unique knowledge, shout when they suspect a supplier is being bribed, report an incident or communicate an opportunity for the business.
Risk Managers have to be the champions of this risk-aware culture – but our “What Makes a Great Risk Manager?” survey has shown that you need the right mix of personality-types in the team for success. You need some people who can sell the concept to the business, others who love crunching the numbers and even some who are happy to knock down an occasional door to meet objectives.
Without executive support and the systems to hold and process the data, the team can get swamped by the admin and stressed by missing deadlines. CEOs need to provide the air cover but also invest in the risk team, create a credible career path for Risk Professionals and systems which give them time to focus on managing risks rather than just recording them.