Risk Culture

Risk Culture

Risk Culture Jonathan Poland

Risk culture refers to the values, attitudes, and behaviors related to risk management that are inherent in the culture of an organization. These elements of risk culture are not directly controllable, as they are shaped by the shared experiences and interactions of the group and influenced by factors such as leadership, communication, policy, procedure, and process. Risk culture is an important consideration in effective risk management, as it can impact an organization’s ability to identify, assess, and mitigate risks. The following are common types of risk culture.

Risk Tolerance

The risk taking spirit of an organization or team. In many cases, an organization specifically recruits talent for their risk taking prowess in areas such as innovation, design and sales.

Checks and Balances

A culture of balancing risk taking functions with control functions. This can include structural balances such as risk management teams and lower level balances such as segregation of duties. For example, a bank where no trader can take a risk that goes unobserved by teams with accountability for risk exposure.

Risk Awareness

The degree to which employees are aware of risks that are relevant to their job. For example, factory workers that know the common types of injury and health hazard associated with a production process and are well versed in risk reduction procedures.

Due Diligence

The expectation that employees perform due diligence in managing risk. For example, a firm where it is understood that no project is approved without sufficient risk identification and analysis.

Values

The values of an organization that are relevant to risk such as prioritizing safety, health, environmental and financial sustainability.

Tone at the Top

Leadership that serve as exemplary examples of the values and diligence required to manage risk. Where tone at the top is lacking values may be viewed as flexible.

Participation

The degree to which everyone in an organization is aware of risk and participates to identify and treat risk. An organization with low participation may see risk management consigned to an isolated team that is disconnected from operational realities.

Authority

The distribution of the authority to identify and treat risk. For example, a factory where any worker has authority to stop a production line for a safety issue versus a factory where such authority lies in an executive who is rarely on site. This is an element of culture because an employee may technically have authority that they feel they are unable to use due to norms and expectations.

Accountability

An organization that holds leadership accountable for unmanaged risk. In some cases, leadership is rewarded for risk taking but not penalized for a lack of due diligence in managing risk. This is mostly cultural as organizations simply get in the habit of rewarding successes and hiding failure.

Failure of Imagination

In some cases, an organization takes risk management seriously but has a lack of imagination in identifying risk and risk treatments. This can manifest itself as an obsession over minor risks whereby bigger risks are neglected such as a society that is focused on dread risks while ignoring large scale environmental risks. A failure of imagination can also cause a society or organization to over focus on recent events in identifying risk. For example, a banking regulator that focuses on the managing risks related to the causes of a recent financial crisis without managing emerging threats.

Resilience

Resilience is a society, organization or individual’s ability to withstand stresses. Risk management can be stuck in a reactive mode of identifying emerging risks to a poorly structured and designed system. Alternatively, risk management can drive the fundamental restructuring and redesign of a society or organization to reduce risk. For example, a city can develop an emergency response plan for a flood to reduce risks to life and property. Resilience would call for the city to avoid floods in the first place with techniques such as infrastructure and land use planning.

Learn More
Supply Chain 101 Jonathan Poland

Supply Chain 101

A supply chain is the network of organizations, people, activities, information, and resources involved in the production, handling, and distribution…

Alliance Marketing Jonathan Poland

Alliance Marketing

Alliance marketing refers to a strategic partnership between two or more organizations in which they agree to collaborate on marketing…

Strategic Advantage Jonathan Poland

Strategic Advantage

A strategic advantage refers to a position that gives a company an edge over its competitors and makes it likely…

Life Skills Jonathan Poland

Life Skills

Life skills are essential abilities that enable individuals to navigate the complexities of daily life and achieve their goals. These…

Post Sales Jonathan Poland

Post Sales

After a sale is made, post-sales processes kick in to fulfill the customer’s expectations and strengthen the relationship. This can…

Competitive Markets Jonathan Poland

Competitive Markets

In a competitive market, multiple participants exchange value without any single entity having control over the market. This type of…

Types of Win-Win Jonathan Poland

Types of Win-Win

Win-win, also known as mutually beneficial, refers to a situation or plan that has the potential to benefit all parties…

Digital Maturity Jonathan Poland

Digital Maturity

Digital maturity refers to an organization’s ability to effectively utilize information technology to achieve its goals and objectives. This can…

Alternative Hypothesis Jonathan Poland

Alternative Hypothesis

An alternative hypothesis is a hypothesis that proposes a relationship between variables. This can include any hypothesis that predicts a…

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Taxation Risk Jonathan Poland

Taxation Risk

Taxation risks refer to the potential for a business to face financial or reputational harm due to issues related to…

Data Infrastructure Jonathan Poland

Data Infrastructure

Data infrastructure refers to the hardware, software, and network resources that support the collection, storage, processing, and analysis of data.…

Barriers to Entry Jonathan Poland

Barriers to Entry

Barriers to entry refer to factors that make it difficult for new companies to enter a particular market. These barriers…

Program Efficiency Jonathan Poland

Program Efficiency

Program efficiency refers to the effectiveness with which a computer program uses resources such as time and memory. In general,…

Revenue Operations Jonathan Poland

Revenue Operations

Revenue operations, also known as RevOps, is the practice of overseeing and optimizing an organization’s core sales processes. This includes…

Project Management Skills Jonathan Poland

Project Management Skills

Project management skills are a combination of talents, knowledge, and experience that enable an individual to effectively plan and execute…

Business Efficiency Jonathan Poland

Business Efficiency

Business efficiency refers to the effectiveness with which a company or organization converts inputs, such as capital, labor, and materials,…

Camping Strategy Jonathan Poland

Camping Strategy

Camping strategy is the practice of a using a geographical location as a competitive advantage. It has several common applications:…

Examples of Respect Jonathan Poland

Examples of Respect

Respect is the recognition and understanding of the inherent value and worth of people, animals, and things. It is a…