Michael D. Moberly   June 22, 2010

A first, and very important step toward developing a ‘risk intelligent company’ is recognizing that risk is not solely an external phenomena, i.e., all risk emanates from outside the company. 

A second, and equally important step in developing a risk intelligent company comes from recognizing that company value can be favorably affected by integrating – merging risk management and human resource management.  The rationale for doing this lies in the reality that a significant percentage of (company) risk actually evolves from – is inherently embedded in employee behavior and actions, which includes the management team and board.

In other words, according to Deloitte’s, The People Side Of Risk Intelligence: Aligning Talent And Risk Management, risk touches virtually every aspect of employee (HR) management, and employees touch virtually every aspect of risk management.  Is there no better reason to develop a risk intelligent company culture?

Effective risk management (and a risk intelligent company) Deloitte suggests, executes at the point in which the following converge:

1. Risk Governance – how a company treats risk and assumes responsibility for risk oversight and strategic decision making…

2. Risk Infrastructure Management – how a company assumes responsibility for and understands how to design, implement, oversee, and sustain a risk management program…

3. Risk Ownership – employees knowing what their risk responsibilities are, i.e., they assume (some)  responsibility (ownership) for identifying, measuring, monitoring, and reporting risk…

In light of the economic fact that U.S. businesses lose an estimated 7% of their annual revenue to various forms of occupational fraud, a risk intelligent workforce can be a very valuable (intangible) asset for a company, because one does not have to look far to see the adverse strategic consequences – affects on companies when they rely primarily on ‘unwritten rules’ for how things get done and how, or if, risk is managed.

In a risk intelligent company (culture), management teams and boards assume an obligation to understand what those ‘unwritten company rules’ are and how they’re being interpreted-executed by employees.   A good starting point is (a.) to critically assess a company’s ‘unwritten rules’ by getting answers to the following  questions, and (b.) recognizing the questions’  relevance insofar as how they may serve to influence and perpetuate a company environment of unmanaged risk taking:

1. What (employee) behaviors are actually being rewarded?

2. Are company (employee) incentives (properly, effectively) aligned with the company’s risk management priorities?

3. Do all employees, including the management team and board, understand the companies risk management priorities, objectives, and the strategic reasons-rationales behind them?

Ultimately, becoming more intelligent (and objective) about company risk is an important and necessary prelude to creating a risk intelligent company culture wherein management teams and boards assume a responsibility for elevating and cultivating a company-wide awareness of risk that fosters risk intelligent behaviors at all levels.  It begins by:

1. Adopting a common definition of risk in accordance with national standards and best practices.

2. Clearly defining roles, responsibilities, and authority (for managing risk) with appropriate levels of transparency.

Lastly, it’s important to recognize, insofar as developing a ‘risk intelligent company culture’ that (a.) a change in (company) culture generally follows a (employee) behavior change, and (b.) culture and behavior changes are less a product of formal risk policies, controls, and pronouncements, than they are the result of effective incentives and rewards.

(This post was inspired by a paper produced by Deloitte titled ‘The People Side Of Risk Intelligence: Aligning Talent And Risk Management.)

The ‘Business IP and Intangible Asset Blog’ is researched and written by Mr. Moberly to provide insights and additional views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets.  I welcome and respect your comments and perspectives at [email protected].